GDPR Compliance - Protecting Your Data

Introduction

Brooks Seals collects and uses certain personal information. This information may pertain to customers, suppliers, business contacts, employees, and others with whom the organization has a relationship or needs to contact.

This policy outlines how personal data should be collected, handled, and stored to comply with the company's data protection standards and legal requirements.

Purpose of This Policy

This data protection policy ensures that Brooks Seals:

Complies with data protection laws and follows best practices.
Protects the rights of employees, customers, and partners.
Is transparent about how it stores and processes individual data.
Safeguards against data breach risks.

Data Protection Laws

The General Data Protection Regulation (GDPR) outlines how organizations, including Brooks Seals, should collect, process, and store personal information.

These rules apply regardless of whether data is stored electronically, on paper, or in other formats.

To comply with the law, personal information must be collected and used fairly, stored securely, and not disclosed unlawfully.

The GDPR is based on eight key principles. These state that personal data must be:

Processed fairly and lawfully.
Collected for specified, legitimate purposes.
Adequate, relevant, and not excessive.
Accurate and up-to-date.
Not kept longer than necessary.
Processed in accordance with the rights of individuals.
Protected appropriately.
Not transferred outside the European Economic Area (EEA) unless the destination country or territory ensures an adequate level of protection.

People, Risks, and Responsibilities

Scope of the Policy

This policy applies to:

The headquarters of Brooks Seals.
All branches of Brooks Seals.
All employees and volunteers of Brooks Seals.
All contractors, suppliers, and other individuals working on behalf of Brooks Seals.

It covers all data held by the company about identifiable individuals, even if such information technically falls outside the scope of the Data Protection Act 1998. This includes:

Names of individuals.
Postal addresses.
Email addresses.
Phone numbers.
Any other information relating to individuals.

Data Protection Risks

This policy helps Brooks Seals protect against significant data security risks, including:

Breaches of confidentiality, such as information being improperly shared.
Lack of choice, ensuring individuals can freely decide how their data is used.
Reputational damage, such as harm from hackers accessing sensitive data.

Responsibilities

Everyone working for or with Brooks Seals has a responsibility to ensure data is collected, stored, and handled correctly.

Each team processing personal data must ensure it is handled and processed in accordance with this policy and data protection principles.

Ultimately, Brooks Seals is responsible for ensuring compliance with legal obligations.

The Data Protection Officer (name to be filled in) is responsible for:

Keeping the board informed about responsibilities, risks, and issues related to data protection.
Reviewing all data protection procedures and related policies according to an agreed schedule.
Arranging data protection training and advice for those covered by this policy.
Handling queries about data protection from employees and others covered by this policy.
Managing requests from individuals to access their data held by Brooks Seals (also known as 'subject access requests').
Reviewing and approving contracts or agreements with third parties who may handle sensitive company data.

Brooks Seals is responsible for:

Ensuring all systems, services, and equipment used for data storage meet acceptable security standards.
Conducting regular checks and scans to ensure security hardware and software are functioning properly.
Evaluating third-party services considered for data storage or processing, such as cloud computing services.
Approving data protection statements in communications such as emails and letters.
Responding to data protection inquiries from journalists or media channels.
Collaborating with other staff as needed to ensure marketing initiatives comply with data protection principles.

General Staff Guidelines

Only those who need data for their work should have access to it.

Data should not be shared informally. Access to confidential information should be requested through line managers.

Brooks Seals will provide training to all employees to help them understand their responsibilities regarding data handling.

Employees must keep all data secure by taking reasonable precautions and following the guidelines below.

In particular, strong passwords should be used and never shared.

Personal data should not be disclosed to unauthorized persons, either within or outside the company.

Data should be regularly reviewed and updated if outdated. If no longer needed, it should be deleted.

Employees should seek advice from their line manager or the Data Protection Officer if they have doubts about any aspect of data protection.

Data Storage

These rules describe how and where data should be stored securely. Questions about safe data storage should be directed to the hosting company or data manager.

If data is stored on paper, it should be kept in a secure location out of sight of unauthorized persons.

These guidelines also apply to data usually stored electronically but printed for some reason:

Paper files should be stored in a locked drawer or filing cabinet if not needed.
Employees should ensure paper and print-outs are not left where unauthorized persons can see them, such as on a printer.
Printouts should be shredded and disposed of securely when no longer needed.

When data is stored electronically, it must be protected against unauthorized access, accidental deletion, and malicious hacking attempts:

Data should be protected by strong passwords that are regularly changed and never shared between employees.
Data should be stored on dedicated disks and servers and uploaded only to approved cloud computing services.
Servers with personal data should be in a secure location, away from general office spaces.
Regular backups of data should be made and tested according to the company's standard backup procedures.
Data should never be stored directly on laptops or other mobile devices such as tablets or smartphones.
All servers and computers with data should be protected by approved security software and a firewall.

Data Use

Personal data has value to Brooks Seals only if the company can utilize it. However, personal data is at high risk of loss, corruption, or theft:

When employees work with personal data, they should ensure that their computer screens are always locked when left unattended.
Personal data should not be shared informally. It should never be sent via email as this communication method is not secure.
Data should be encrypted before being sent electronically. The IT manager can explain how to send data to authorized external contacts.
Personal data should never be transferred outside the European Economic Area.
Employees should not save copies of personal data on their own computers. Always use and update the central copy of all data.

Data Accuracy

The law requires Brooks Seals to take reasonable steps to ensure data remains accurate and up-to-date.

The more critical it is that personal data is accurate, the more effort Brooks Seals will make to ensure accuracy.

It is the responsibility of all employees working with data to take reasonable steps to ensure data is as accurate and current as possible.

Data should be kept in as few places as necessary. Employees should avoid creating unnecessary additional datasets.

Employees should seize every opportunity to ensure data is updated, for example by confirming customer information when they call.

Brooks Seals will make it easy for individuals to update the information held about them, such as through the company’s website.

Data should be updated when inaccuracies are discovered. For example, if a customer is no longer reachable at their stored phone number, this should be removed from the database.

Access Requests

Individuals have the right to:

Request to know what information the company holds about them and why.
Ask how they can access this information.
Be informed about how to keep it up-to-date.
Be informed about how the company meets its data protection obligations.

When someone contacts the company to request this information, it is known as a subject access request.

Requests for access to data should be emailed to the data manager at [at] brooks-seals.com. The responsible person may provide a standard request form, although individuals are not required to use it.

join our Newsletter now

You may unsubscribe at any moment. For that purpose, please find our contact info in the legal notice.

contact info

customgaskets.co.uk
H.R. Holsterf 288
3315TK Dordrecht
Netherlands
[email protected]

Products

Our company

Your account

Functional cookies

Yes

Description and cookies

Functional cookies are strictly necessary to provide the services of the shop, as well as for its proper functioning, so it is not possible to refuse their use. They allow the user to browse through our website and use the different options or services that exist on it.


PHP_SESSID	customgaskets.co.uk	The PHPSESSID cookie is native to PHP and allows websites to store serialised status data. On the website it is used to establish a user session and to pass state data through a temporary cookie, which is commonly known as a session cookie. These Cookies will only remain on your computer until you close your browser.	Session
PrestaShop-#	customgaskets.co.uk	This is a cookie used by Prestashop to store information and keep the user's session open. It stores information such as currency, language, customer ID, among other data necessary for the proper functioning of the shop.	480 hours

Advertising Cookies

Yes

Description

These are cookies that collect information about the advertisements shown to users of the website. They can be anonymous, if they only collect information about the advertising spaces shown without identifying the user, or personalised, if they collect personal information about the user of the shop by a third party, for the personalisation of these advertising spaces.

Analytics cookies

Yes

Description

Collect information about the user's browsing experience in the shop, usually anonymously, although sometimes they also allow the user to be uniquely and unequivocally identified in order to obtain reports on the user's interests in the products or services offered by the shop.

Performance cookies

Yes

Description

These are used to improve the browsing experience and optimize the operation of the shop.

Other cookies

Yes

Description

These are cookies without a clear purpose or those that we are still in the process of classifying.