You are on: Home > General Page Title
Customer Privacy Policy
Customer Privacy Policy
Wm Sugdens & Sons Limited is registered with the Information Commissioner’s Office and appears on the
Data Protection Register under registration number ZA206827.
At Wm Sugdens & Sons Limited, we are committed to protecting and respecting your privacy and complying
with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Wm Sugdens
& Sons Limited will never sell your personal data to third parties.
This Privacy Policy applies to all individuals whose personal data we process, including business customers,
representatives of organisations, suppliers, website users and private individuals who purchase products or
contact us directly.
This Privacy Policy explains why and how we collect information from and about you, who we may share this
information with and what rights you have regarding your personal data.
Please take the time to read and understand this Privacy Policy. It explains how we collect, use and protect
your personal data and the rights available to you under data protection legislation.
The Data Protection Relationship with Wm Sugdens
Depending on the nature of the services we provide to you, Wm Sugdens may act as either a data controller or
a data processor.
When acting as a data controller (for example, when providing services directly to you), we ensure that our
personal data processing activities comply with the obligations set out in the UK GDPR.
Where we process personal data on behalf of another organisation and under its instructions, we act as a data
processor and ensure that appropriate contractual and security arrangements are in place.
If you are unsure which data protection role Wm Sugdens is fulfilling in relation to the services we provide to
you, please contact gdprsupport@wsg.co.uk for further information.
Privacy Programme
Wm Sugdens has developed policies, procedures, controls and measures to ensure ongoing compliance with
the UK GDPR and its principles. These include staff training, documented policies, internal audits and regular
compliance assessments.
Ensuring and maintaining the security and protection of personal and special category data belonging to the
individuals with whom we deal is fundamental to our company ethos. Wm Sugdens & Sons Limited adheres to
the principles of the UK GDPR and all applicable data protection legislation.
Privacy by Design
Wm Sugdens has implemented the “Privacy by Design” methodology throughout the development of its
products and services to ensure that privacy requirements are considered from the outset.
Where appropriate, we carry out Data Protection Impact Assessments (DPIAs) to identify and minimise
privacy risks.
What Information Do We Collect?
We may collect and process the following information:
o Information provided when you place an order or enquire about a product or service. This may include
your name, job title, postal address, telephone number and email address.
o Records of correspondence if you contact us.
o Transaction information, including orders, invoices and payments.
o Information relating to your visits to our website, including traffic data and other communication data.
o Information received from third parties where you have given them permission to share your data with
us.
o Payment information required to process payments and issue receipts. Payment details are processed
securely through authorised third-party payment providers. We do not store full payment card details.
o Information collected from business cards received at trade shows and other industry events.
o Any other information you voluntarily provide to us.
How Do We Use Your Information?
We use your information for the following purposes:
o To fulfil our contractual obligations.
o To process, fulfil and maintain records of your orders and deliver your purchases.
o To contact you regarding your orders or account.
o For internal record-keeping.
o To send service communications, such as updates by email or text message.
o To issue invoices and process payments for goods supplied.
o To process payments and refunds through secure third-party providers.
o To respond to any questions, issues or complaints you raise.
o To respond to your interactions on social media, including using features such as “Like”, “Share”, or
“Re-tweet”.
o To notify you of changes to our products, services, website or this Privacy Policy.
o To analyse how our website is used and compile statistical information.
o To measure the effectiveness of our advertising and deliver advertising that is relevant to you.
o To send marketing communications where you have provided consent or where otherwise permitted
by law.
o To maintain customer and business relationships.
Where Do We Store Your Information?
Personal information is stored securely within Microsoft 365, including Microsoft OneDrive and Microsoft
SharePoint. No production data is stored on on-premises systems. System images and backup data are securely
stored in cloud infrastructure and protected through the organisation’s Backup as a Service (BaaS) solution.
Who Do We Share Your Information With?
We may share your information with:
o Third parties that help us provide our products and services, such as but not limited to payment service
providers and delivery companies. We ensure appropriate confidentiality and security measures are in
place.
o Companies approved by you, such as social media platforms. These companies control their own
platforms and are responsible for their own privacy practices. Please refer to their respective privacy
policies and terms of use.
o Credit reference agencies, banks and finance companies that assist with credit checking and fraud
prevention.
Our website may contain links to other websites. This Privacy Policy applies only to this website. When
visiting other websites, you should read their respective privacy policies.
How Long Do We Keep Your Information?
We retain your personal information only for as long as necessary to fulfil the purposes for which it was
collected and to meet our legal and regulatory obligations.
Retention periods vary according to the type of information and applicable legal requirements and are defined
within our internal Data Retention Schedule.
Once the applicable retention period has expired, we will securely delete or, where appropriate, anonymise
your information so that it can no longer be linked to you.
Legal Basis for Processing
We process personal information where necessary to:
o perform a contract;
o comply with legal obligations;
o pursue our legitimate interests; or
o where you have provided your consent.
For business customers, we may process personal data relating to individuals within an organisation, such as
names, job titles, business email addresses and telephone numbers, where necessary to manage our business
relationship, fulfil contracts, communicate regarding our services and maintain business records.
Where you purchase products or services as an individual, we process your personal data to fulfil your orders,
provide customer support, process payments, comply with legal obligations and communicate with you
regarding your purchases.
Your Rights
You have a number of rights relating to your personal information.
Your rights include:
o The right to be informed about how your personal information is used.
o The right to access the personal information we hold about you.
o The right to request correction of inaccurate personal information.
o The right to request deletion of your personal data or to object to processing where we rely on
legitimate interests.
o The right to opt out of direct marketing.
o The right to restrict the processing of your personal information.
o The right to request the transfer of your personal information (data portability).
o The right to lodge a complaint with the Information Commissioner’s Office (ICO).
Marketing Communications
Where you have opted in, we may send you newsletters and other marketing communications about our
products, services and company news.
You may stop receiving marketing emails at any time by clicking the Unsubscribe link or by contacting us
using the details below.
Cookies
We use cookies on our website. Where required by law, we will obtain your consent before placing non
essential cookies on your device.
For further information, please refer to our Cookies Policy.
Children
Our website is not intended for use by children under the age of 16 and we do not knowingly collect personal
data relating to children under the age of 16.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our data processing activities or
legal obligations.
Where significant changes are made, we will make these clear and, where appropriate, notify you so that you
remain informed about how your information is used.
Data Breach Notification
Wm Sugdens & Sons Limited will assess any personal data breach and, where required under the UK GDPR,
notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach.
We also ensure that any third-party data processors appointed to process personal data on our behalf are subject
to appropriate contractual obligations regarding data protection.
Contact Us
If you have any questions regarding this Privacy Policy or how we handle your personal data, please contact:
Email: gdprsupport@wsg.co.uk
If you are dissatisfied with the way we have handled your personal data, please contact us first, so that we
could have the opportunity to investigate your concerns. You also have the right to lodge a complaint with the
Information Commissioner’s Office (ICO).