Privacy Policy
Privacy Policy
We take your privacy very seriously. The below policy explains how we use your information to ensure you and your orders are dealt with efficiently, without bias and giving you the best customer service we can offer.
What this Privacy Policy covers
We are committed to putting our customers (you) first and therefore we are transparent on how we collect, use and protect your details. We at Davern Work-Wear Ltd (T/A Bryn Valley Supplies) are data controllers and are referred to in this policy as "we", "us" or "our".
Here’s a breakdown of what our Privacy Policy explains:
• The data we collect and why;
• How we use your data;
• When and why we will disclose your data to other organisations;
• Why we process your data;
• The rights and choices you have when it comes to your data;
• How long we will hold your data for;
• Data Breach and how we will respond;
• How we protect your data and;
• How you can contact us.
What we collect and why
As a supplier of goods we ask for certain details (data) that enables us to function as a company in the completion of orders.
The data collected for customers and their orders is accessible by us at our offices in Wrexham, in addition to two data operational offices in Redruth, Cornwall, that host on premise servers for Sage 200. This is so orders can be completed in a satisfactory manner.
Below are details (data) we collect and then hold on you:
1. Your contact name of the person who conducts business with us, including the shipping contact name.
2. The contact name of the person responsible for paying invoices (if different from your above).
3. Your business address/es, including billing and shipping address/es.
4. Your contact telephone number/s, including shipping contact telephone number/s
5. Your contact email address/es, including when consent is given, the delivery email address.
6. Your web address (if necessary).
We collect no other personal data on you as a customer or in conjunction with your order. For card payments we process these in Opaya either online when supplied by you, or by our staff over the telephone to Opayo via Sage 200. No payment card details are stored by us at all.
Delivery email addresses and/or mobile telephone numbers will be entered on delivery instructions as these are used by our courier networks to inform you when your delivery may be expected.
Where orders are placed on your account we keep the following necessary information on transactions:
1. Detail of items ordered, quantities and values
2. Notes relating to your order and the person ordering, made up of:
i. Notes detailing the conversation with you when the order was placed.
ii. Notes detailing telephone or email contact with you.
iii. Notes detailing order queries and questions.
iv. Notes detailing the progression of order queries.
v. Notes detailing resolution of order queries.
vi. Any other correspondence in relation to orders placed.
Your data and other organisations
The data we hold for each customer and their orders also enables us to enquire on your behalf when the goods ordered may have been lost in transit by the delivery company, incorrectly picked in our warehouses or arrive damaged. Where goods are lost or arrive damaged, the data we hold will be passed to the delivery services used. This typically means the delivery full name, delivery company name (if applicable), delivery address and items ordered. This is essential to complete investigations for errors to be rectified.
Besides ourselves the data we hold on our servers is accessible by third-party data controllers – CF Systems who have access to your data but do not use your data as they provide our I.T. security and network infrastructure, Techsol for Sage 200, GoB2B for Sage 200. These third parties provide software and support used by us in our day-to-day operation as a company where orders are taken verbally and imported electronically. These third party organisations also have their own privacy policies and are not connected in any way to this privacy policy. Written confirmation of their privacy policies can be supplied on request by emailing wrexham@brynvalley.com.
If you have given your consent to receive email marketing, only your email address will be used by a third party email service called Campaign Monitor. No other personal information is kept on this website as it is not required. There Policy can be viewed online here https://www.campaignmonitor.com/policies/ (please refer to section 7 on their website).
When using our following e-commerce websites www.brynvalley.com use a third party provider and hosting company called GOb2B.com (GOb2B.com"). Data used on these websites falls under their privacy policy at the time of collection. When that data is passed to us for order fulfilment we then become the controller and your data will fall under our privacy policy. All Web Servers are located in the UK and therefore your data will not go outside the EAA.
We will also disclose your data for legal reasons to collection agencies and/or legal representatives if payment is outstanding on orders for goods purchased, which under our Terms and Conditions, still remain the property of Davern Work-Wear Ltd (T/A Bryn Valley Supplies) and their integrated divisions.
Your data will also be disclosed to legal authorities if required to do so by Law.
Why we process your data
We will only collect and use your data (as described above “What we collect and why” and “Your data and other organisations”) in accordance with data protection laws. Our grounds for processing your personal information are as follows:
Consent – Where necessary we will only collect and process your data if you have consented for us to do so in business operation or buying goods for sole use. For example, when you create an account with us for ordering purposes we will use your data to provide the services and goods as mentioned in “What we collect and why”. Company marketing correspondence via email to you will only be made with your consent. We will never assume you want to receive emails of which an order is not associated. Our websites will ask you for specific permission to receive marketing emails. Also our staff will ask you via the telephone if you would like to receive marketing emails and a record of consent is kept alongside customer data.
Legitimate Interests – We may use and process some of your details (data) where we have sensible and legitimate business reasons for doing so. Under European privacy laws there is a concept of "legitimate interests" as a justification for processing your data. Our legitimate interests for processing your data are:
a. to contact potential customers by telephone about our products and services that will not infringe their fundamental rights and freedoms.
b. to enable you to access and use our websites for ordering goods at www.brynvalley.com;
c. to fulfil orders placed either online (websites listed above) or by email and telephone contact with our sales office.
Use of children’s personal information
We do not knowingly collect or store any personal information about children under the age of 16. If you are aged under 16 please get your parent’s or guardian's permission before you provide any personal information to us.
Your rights and choices
You have the following data rights under GDPR legislation which will apply from May 25th 2018:
1. To request the data we hold on you at any time, whereupon we can supply you the data in an easily accessible format and easy to read, within a month (30 day period).
2. To request your data to be deleted at any time which will be replied to within a 30 day period (month). The request for deletion of data must be made verbally or in writing along with an explanation as to why you have requested it.
3. To complain to the ICO if you think we have used your data beyond the lawful basis of operation. For ICO contact information please visit https://ico.org.uk/
4. To be informed of any changes we make to the data we hold on you.
5. To rectify any data we hold on you.
6. To restrict processing of personal data we hold. This means that you have the right to request that we don’t use all or part of your data at your request when processing an order. If a request is made we aim to respond in a one month (30 day) period. In certain circumstances you can request a restriction of certain data and we cannot use this for processing orders, but we can still store your data. Any request can be made verbally or in writing. All requests are kept for policy regulation and our reference. In the case of legitimately lifting any data restriction, we will notify you prior to a restriction being lifted.
7. To have your data portable and its portability. i.e. if you want to use your data to share with someone else or another company. You also have the right to use our data for your own purposes. This is data portability. When asked we will supply that data to you in an easily readable format for use and within the space of one month (30 days). This data is supplied free of charge.
8. To object about the data we hold and how it is used. This includes using your data for marketing, profiling and research purposes. In such cases verbal and/or written consent is always obtained prior to any material being sent out either in print or electronically.
9. To refuse to be subject to automated decision-making including profiling. This often refers to data being handled by non-human automation. If we use any such profiling or automated decision making, you will be informed at the time so you can make the decision if you would like to take part or not. No assumed consent is taken and if no answer is given then no profiling or automated decision making will take place.
We have the right to refuse or charge for requests that are manifestly unfounded or excessive. Upon refusal we will explain fully to you why the decision was made. If this does occur you have the right to complain to the supervisory authority (ICO - https://ico.org.uk/) and to a judicial remedy which will be dealt with in the period of one month (30 days).
How long we hold your data for
We store and use your data while your account is active and it will remain live and be stored indefinitely, including archiving, unless you request it to be deleted permanently as long as there is a current and regular transaction history associated with you and Davern Work-Wear Ltd (T/A Bryn Valley Supplies) and its integrated divisions.
Your data will be archived at the end of each financial year (by 31st March) and on the seventh year of non-trading your data will be deleted permanently. Seven years is the amount of time we as a company have to keep financial transaction records (invoices) for HMRC retention purposes.
Data Breach and how we will respond
Any data breach will be dealt with immediately and if a breach occurs you will be notified at the time of the breach. If the breach will result in a risk to your rights and freedoms, the breach will be instantly reported to the ICO.
How we protect your data
Davern Work-Wear Ltd (T/A Bryn Valley Supplies) and its integrated divisions use a third party IT partner - CF Systems. As such CF Systems have the ability to access our electronic data through their role as an IT support partner. They do not and will never store this data on their servers or share outside of CF Systems. In addition, CF Systems have a robust security infrastructure and processes that protect against data breach, and they are Cyber Essentials certified and carry certification to ISO9001. Their work with Davern Work-Wear Ltd (T/A Bryn Valley Supplies) and its integrated divisions has included implementing a layered IT and data security system, which includes fully configured firewall protection and an end point anti-virus to help minimise the companies technical vulnerability to data breach.
How to contact us
If you wish to contact us regarding any Privacy Policy concerns or issues, then call 01978 644716, 8.30am – 5pm Monday to Friday and speak with customer services, or email wrexham@brynvalley.com.
Compiled by Davern Work-Wear Ltd (T/A Bryn Valley Supplies) – updated Feb 2024