Types of data we collect:
We collect personal data about you and your organisation when:
To carry out our fulfilment services we also need to collect some personal data about your customers. The personal data we collect about your customers is provided by you via FTP and web sources, emails, telephone and visits in person. This information is used purely for the processing of orders on behalf of your company. We have strict procedures in place to ensure the information is kept securely whilst in use and we will only keep the information for as long as necessary. The information may be accessed (and only when necessary for the fulfilment of your orders) by trained members of our team at BOXstation, our warehouse management system providers and by our IT support team. The personal details of your customers will also be processed through the IT systems of carrier networks to allow the parcels to be delivered.
We do not offer guest Wi-Fi, however site visitors who maybe granted access to our business Wi-Fi may do so only with prior permission and once provided with our secure password.
When you use BOXstation Wi-Fi we may collect data about:
We use CCTV internally in our warehouses and on our yard to maintain the security of property and premises and for preventing and investigating crime. This information is stored securely on a password protected system only accessible by senior management. Whilst our staff can view live images to enable them to safely carry out their duties, recorded images will be accessed only by senior management and only where necessary. We will only share these images with a third party where required to do so by law or when the system is undergoing maintenance or repair. All images will be kept only for as long as is necessary.
We may use mailing lists to provide you with information about our services, to contact you to obtain additional information from you and check our records are right or to check every now and then that you’re happy and satisfied. We don’t rent or trade email lists with other organisations and businesses.
We use a third-party provider, MailChimp, to deliver our messages. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see https://mailchimp.com/legal/privacy You can unsubscribe to general mailings at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails or by emailing our data protection officer Joanna Sutherland on email@example.com
We share your information with third parties only in order to carry out our fulfilment services on your behalf. These include our warehouse management system providers and CRM, our IT support team and carrier networks. Where necessary and if required to do so by law, we share with HMRC, Trading standards, Environmental Health, The Food Standards Agency, Central Government and other debt recovery and enforcement authorities.
We do not transfer data outside the European Economic Area (EEA)
Protecting your data
We take the security of your data seriously. The organisation has internal policies and controls in place to try to ensure your data is not lost, accidentally destroyed, misused or disclosed and is not accessed except by it’s employees in the performance of their duties. Information is stored at the registered business premises using locked filing cabinets for paper copies of documents. Where information is kept on our IT systems we use; firewall and antivirus protection; user ID profile with password protection – with partition drives and cloud synchronised auto back up facilities.
Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
Retention of your data
We will only keep your data for as long as is necessary for us to carry out our fulfilment obligations for you. Certain information must be kept for 7 years for legal and financial obligations. This is archived in a secure manner and we have procedures in place to ensure that after this period, all information is shredded or deleted as appropriate.
Automated decision making
We do not use solely automated decision making processes in the course of our business.
Access to your personal information
You are entitled to view, amend, erase or restrict the processing of the personal information that we hold. If you would like to request this information, please email your request to Joanna Sutherland via firstname.lastname@example.org. If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.
Changes to this Privacy Notice
This privacy notice was last reviewed in May 2018. The policy will be reviewed again in May 2019.