Privacy Notice

This privacy notice describes how the Company collect and use personal information about customers and suppliers during and after the contractual relationship, in accordance with the General Data Protection Regulation (GDPR). This document also satisfies our obligations under Article 30 of the GDPR. It applies to all customers and suppliers.

Data Controller Details:

Name: Llanelec Precision Engineering Company Limited
Address: Jenkins Road, Skewen, Neath SA10 7GA
Telephone Number: 01792 817676
Data Protection Office: Nicola Martin

Categories of Data Subjects:

We collect personal data from the following categories of data subjects:

  • customers.
  • suppliers.

Categories of Personal Data:

We collect the following categories of personal data about customers:

  • Personal details including name and contact information.
  • User activity details and user preferences.
  • Browser history details.
  • Location details.
  • Electronic identification data including IP address and information collected through cookies.
  • Financial details.
  • Credit card information and payment details.
  • Contractual detail including the goods and services provided.

We collect the following categories of personal data about suppliers

  • Name and contact information.
  • Financial and payment details.

Source of personal data:

Most of the information we obtain comes directly from the customer or supplier.

Purposes of Data Processing

We collect and process personal data about customers for the following purposes@

  • Maintaining and enhancing our products and services.
  • Providing products and services and customer management.
  • Account management.
  • Direct marketing.
  • Supporting network and system security.
  • Auditing.
  • Detecting and preventing fraud.
  • Complying with legal obligations.
  • Conducting web analytics.

We collect and process personal data about suppliers for the following processes:

  • To obtain products and services.
  • Vendor administration, order management, and accounts payable.
  • Evaluating potential suppliers.

Categories of Personal Data Recipients:

We disclose personal data to the following categories of recipients:

  • Business partners.
  • Auditors and professional advisors, such as lawyers and consultants.
  • Federal, state and local law enforcement officials.
  • Third-party service providers, such as providers of:
    • IT system management.
    • information security.
    • human resources management.
    • payroll administration.

Data Protection Principles

We will comply with data protection law. This says that the personal information we hold must be:

  1. Used lawfully, fairly and in a transparent way.
  2. Collected only for valid purposes that have been clearly explained and not used in any way that is incompatible with those purposes.
  3. Relevant to the purposes we have told customers about and limited only to those purposes.
  4. Accurate and kept up to date.
  5. Kept only as long as necessary for the purposes we have told customers about.
  6. Kept securely.

Personal Data Retention Periods

Except as otherwise permitted or required by applicable law or regulation, we only retain personal data for as long as necessary to fulfil the purposes we collected it for, as required to satisfy any legal, accounting, or reporting obligations, or as necessary to resolve disputes. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity or personal data, the potential risk of harm from unauthorized use or disclosure of personal data, the purposes for processing the personal data, whether we can fulful the purposes of processing be other means, and any applicable legal requirements.

We typically retain personal data obtained from customer and suppliers for 7 years after the completion or termination of the contract.

Technical and Organizational Security Measures

We have implemented the technical and organisational security measures to protect personal data, including:

  • Segregation of personal data from other networks.
  • Access control and user authentication.
  • Written information security policies and procedures.

Duty to inform us of changes

It is important that the personal information we hold about customers and suppliers is accurate and current. Please keep us informed if personal information changes during your contractual relations with us.

Customers’ rights in connection with personal information

Under certain circumstances, by law customers and suppliers have the right to:

  • Request access to personal information
  • Request correction of the personal information that we hold
  • Request erasure of personal information
  • Object to processing of personal information where we are relying on a legitimate interest (or those of a third party) and there is something about the particular situation which makes the customer want to object to processing on this ground
  • Request the restriction of processing of personal information
  • Request the transfer of personal information to another party.

If you wan to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the DPO in writing.

Changes to this Record of Processing Activity

We reserve the right to amend this Privacy Notice from time to time consistent with the GDPR and other applicable data protection requirements.