FOLLOW  US


Data Privacy Policy

A clear view on how we use your personal data

Data Privacy Policy


This Privacy Policy explains what we do with your personal data, whether we are in the process of dealing with an enquiry, processing an order, continuing our ongoing customer relationship with you, receiving a service from you, requesting your feedback, or you are visiting our website.


It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.


This Privacy Policy applies to the personal data of our Customers, Potential Customers, Suppliers, Potential Employees. If you are a D McGhee & Sons Ltd. Employee you should refer to the Fair Processing Notice, Data Protection and Data Security Policy, found in the company handbook.


What kind of personal data do we collect?


Customer Data


In order to provide the best possible products and services to our customer’s we need to process certain information. D McGhee & Sons Ltd. only ask for details that will genuinely help us to deliver these products and services, such as your name, job role, and contact details; including but not limited to: Telephone number, email address, first and last name and in some instances your home address details. Where D McGhee & Sons Ltd. are required by you to process payments for goods and services by way of debit or credit card we will also process these details, but only for this purpose.


Supplier Data


We collect a minimum amount of data from our suppliers to ensure that we can easily process transactions. D McGhee & Sons Ltd. will collect contact details for the main contact and any associate contacts within the business that assist us in processing any number of transactions. We also need other information such as your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us).


How do we collect your personal data?


Customer Data


We collect customer data directly from you.


Supplier Data


We collect supplier data directly from you.


How do we use your personal data?


Customer Data


There are two main reasons for using your personal details. Firstly, details will be used to help D McGhee & Sons Ltd. process ongoing requests that you have made of us, i.e. raising a quote or processing an order, through to delivery of that.


Supplier Data


The main reasons for storing and processing your personal data is to ensure that we can complete the contractual arrangements between us and comply with any legal and binding requirements.


Website Users


If you send us an application form, your CV or contact us with personal information for employment purposes, we may store that information for 6 months. We do not share your information with any third parties and would only contact you within that 6 month period should a suitable post arise.


How do we safeguard your personal data?


We care about protecting your information. That’s why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your personal data.


Those processes include but are not limited to; encrypted server access, Laptop devices are encrypted, all antivirus and gateway security settings are up to date and monitored.


How long do we keep your personal data for?


Data stored and processed in our Sales Order Management system. If we have not had meaningful contact with you for a period of seven years, we will remove your personal data from our systems unless we believe another processing requirement, such as legal or contractual regulation requires us to retain it.


How can you access, amend or take back the personal data that you have given to us?


If we are holding or using your personal information, you may change your mind at any time by writing to the Data Protection Officer, D McGhee and Sons, 10 Keppochhill Drive, Glasgow, G21 1HX or emailing us at data@mcgheesbakery.co.uk. We will process the removal of your personal information within 10 days, sometimes sooner. Please note that we may keep a record of your communications to help us resolve any issues which you raise.


Right to object


If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.


Right to erase


In certain situations, you have the right to request us to “erase” your personal data. We will respond to your request within a maximum of 30 days and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will remove your data. We will assume that you would prefer us to keep a note of your name on our system as a person who would prefer not to be contacted by D McGhee & Sons Ltd. as this will ensure that we can minimise the future risk of your data being resubmitted and used in the future. If you would prefer that this is not the case please let us know.


Our legal basis for processing your data


Legitimate interests


Article 6(1)(f) of the GDPR states that we can process your data where it “is necessary for the purposes of the legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data.”


For legitimate business interests, we may pass your personal information to our preferred legal representative in order to collect any outstanding balance due to D McGhee & Sons Ltd.


Customer data


We think it reasonable that if you have communicated with us in the past or we have had meaningful contact with you within the past 5 years that there is legitimate interest that you will continue to benefit from our continued communication.


We want to provide potential customers with the opportunity to hear about our products and services and request additional information. We therefore deem it that if you operate in a sector that regularly benefits from our products and services and your information has been made available in the public domain that we can contact you to advise you of our products and services. We will have an upfront and honest approach to this and provide you with the opportunity to opt out of any further communications from us.
Personal details may be used to for administrative purposes including invoicing.


Supplier data


We store and process the personal data of individuals within your organisation in order to facilitate the receipt of services from you as one of our suppliers. We also hold your financial details, so that we can pay you for your services. We deem all such activities to be necessary within legitimate interests.


Contractual


Article 6(1)(b) gives us lawful basis for processing personal data where; “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”


In this context, a contract does not have to be a formal signed document, or even written down, as long as there is an agreement which meets the requirements of contract law. Broadly speaking, this means that the terms have been offered and accepted, you both intend them to be legally binding, and there is an element of exchange (usually an exchange of goods or services for money, but this can be anything of value).


Customer data


Where we and you have entered in a contractual agreement to deliver products and services we will process the appropriate and required information in order to do so. i.e. address details of the company.