Information we gather
We never sell data nor do we harvest it for purposes that are not in your best interest. Unless you’ve consented to communications databases, we will only use your data for the essential running of our business functions.
Through web forms, purchase orders, email exchanges and telephone enquiries we may gather the following personal information:
- Names, employers and job titles
- Contact details (email address and landline/mobile when applicable)
- Correspondence and site addresses
- Products and services required, as well as information regarding existing units
- Payment details where applicable
When consenting to receive marketing and/or sales communications via signup forms and email request, we also gather:
- Communications preferences
Our use of gathered information
As a company with many business functions we use data in various ways, however (outside of opt-in databases) it can be broken into 3 essential components:
- Account management; data used in this way is key to organising deliveries, realising enquiries and generally the successful handling of projects. In this context, data may be shared with third parties (supply chain partners, logistics organisations) to further progress enquiries and fulfil our obligations. (Contract)
- Internal administration; in this process we use personal details for payment, credit checking and accounting. Personal data in this context will only be shared with third parties (banks, credit reporting agencies) when necessary to begin or finish account management processes. (Contract)
- Aftercare; following the completion of a contract, we retain and process personal data for quality assurance and ongoing maintenance purposes. Personal details will never be shared to third parties in this context, however if processing results in an enquiry, it will then become a matter of account management. (Legitimate interests)
GFSE also processes data in ways that are non-essential to its business functions:
- Marketing/sales communications; when opting-in to this database we will use data for the sending of tailored communications as defined by the preferences selected through the signup form or via reply to our ‘GFSE communications opt-in’ email. Personal details will never be shared to third parties in this context, however if processing results in an enquiry, it will then become a matter of account management. (Consent)
It is in the legitimate interests of both ourselves and our clients to keep their catering facility running efficiently and adhering to all legislation regarding the safe use of equipment, as well as extending the lifespan of the products we’ve provided. We require personal (namely contact, banking and delivery) details to fulfil orders and said details are therefore required from the client when entering into a contract with ourselves.
For a full breakdown of the lawful bases we rely on for the above uses of data, please see the Information Commissioner’s Office’s information page.
We have many systems in place to keep our information (and the personal data within) safe and secure.
Using cloud-based emails and backups means no data is stored on site, while the latest in endpoint anti-virus and firewall systems secure our information and make sure none can be easily accessed by those outside GFSE without permission, meaning all personal data collected by GFSE is as best protected as possible.
As the GDPR comes into effect, those who leave their information are given certain new rights (Rights of the Individual).
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
We will retain information only for as long as necessary, however if required we may extend the retention rates should the data be necessary to meet legal obligations.
- Order information; in line with HMRC guidelines, we keep all purchasing details for 7 years.
- Project and client information; we retain data necessary to fulfil contractual obligations for up to 12 years after completion or as long as required to meet insurance, contractual or legal reasons in the event of dispute.
- Enquiries prior to an order being placed; all phone and email enquiries are placed on a database to ensure accuracy of response. All such data is deleted 6 months after being recorded.
- Communications database; we retain all opt-in data on an online database which will be kept until consent is withdrawn or until the communications method is retired.
- Rejected applicants; information gathered during the recruitment process (such as contact details, CVs, covering letters, references, interview notes) is retained only for 6 months following the notification of rejection.