During normal business activities, BQ collects stores and processes our customer’s personal information. We recognise our responsibilities to protect this data and embrace the current data protection legislation (GDPR).
This document is intended to inform you what information we collect, why we collect it and what we do with it. It also explains the rights you have to access and control personal data that is held on our system relating to yourself as an individual.
Our full Data Protection Policy is available on request.
What Information we collect
When placing orders, or opening an account with us we collect Identifying information from you such as your name, addresses, telephone numbers, email addresses and financial information in connection with a transaction.
You may also provide us with other information through web forms, by updating or adding information to your account, telephone conversations, online chats, or when you otherwise communicate with us regarding our products and services.
When accessing our websites our systems may be configured to collect limited computer and connection information such as browser type, statistics on your page views, traffic to and from our sites, referral URL and your IP address.
Why we collect it
It is our policy to only collect the information that we need to fulfil our contractual obligations to you as a customer. This allows us to provide you with the best possible experience in dealing with us.
It will normally be self-evident to you that you are passing us data when you request a quotation, open an account with us or place an order.
How we store the information
Your data is held electronically at our premises, behind our own firewalls, on our own secure servers. We only use external datacentres for our email.
Only highly secure, encrypted enterprise level services such as Microsoft Office 365 are used for the storage and transmission of email.
We follow all applicable regulations and accepted standards for storage, protection and transmission of the personal data we collect, including the use of encryption methods wherever appropriate.
What we do with the information
We primarily use your information to satisfy your requirements. Most commonly this would be responding to a request for a quotation, fulfilling an order and providing after sales services and support.
We may also use your information to improve our level of service. We regularly review the process and outcomes of specific orders with a view to understanding how we can continuously improve our own performance and that of our suppliers.
Who we share the information with
Products that you order from us are sometimes supplied direct from other sites. In these instances, it is necessary for us to pass enough information (for instance: delivery name, delivery address and products ordered) for our suppliers to deliver the products to you on our behalf. For most transactions it is also necessary to pass the delivery name, delivery address details and any special delivery instructions to couriers.
In the instances that we pass this information we only ever pass the subset of data that is necessary for the third party to supply the products and services on our behalf. We never pass data that is not needed.
We only pass data to suppliers who maintain strict GDPR compliance and with whom we have specific GDPR compliant Processing Agreements in place which prohibit them using, sharing or retaining your personal data for any purpose other than they have been specifically contracted to by us.
Retention and Destruction
We retain personal data only for as long as necessary in order to:
- Provide the services you have requested from us
- Facilitate a high standard of after sales customer support;
- Satisfy requirements mandated by law, contract or similar obligations applicable to our business operations including the requirement to maintain adequate and accurate business and financial records.
- Preserve, resolve, defend or enforce our legal/contractual rights.
We make a clear distinction between live data, normally accessible through our operational interfaces, and archived data which is not accessed easily and held only for specific legal or contractual compliance reasons. It is our policy to keep both classifications of personal data held to the minimum.
Your Right to know what personal data we hold for you
If you wish to know what personal data we hold on you, you should contact our Data Protection Officer at firstname.lastname@example.org. All personal data requests will normally be answered within 28 days. Please note it will be necessary for us to verify your identity before we can release this information to you.
We will be happy to provide you the details we hold on you and how your data has been processed in an easily readable electronic format with confirmation of the legal basis under which it is being held.
Personal Data Deletion Requests
We respect your “right to be forgotten” and will respond appropriately and promptly to all data deletion requests.
In the event that it is necessary for us to continue to hold your data to meet statutory compliance requirements we will explain the basis of this clearly to you and work with you to achieve, (say through archiving, minimising or anonymising your live data where possible) a satisfactory outcome.
If you have concerns or are not happy with how we process your personal data please email our Data Protection Officer at email@example.com. Who will be pleased to investigate your concerns and respond appropriately.