Privacy Policy

Privacy Notice

Suppliers, Customers, Service providers and Visitors

This privacy notice is addressed to:

This notice applies to all current, potential and former suppliers, customers and service providers.

For the purpose of this Privacy Notice, “Whitworth Bros. Ltd”, “we”, or “us” refers to Whitworth Bros. Ltd based at Victoria Mills, Wellingborough, Northamptonshire, NN8 2DT.

We are a data controller.

It is important that you read this statement so that you know how and why we use information about you. It is also important that you inform us of any changes to your personal information during the time you or your employer is a supplier, customer or service provider with us so that the information which we hold is accurate and current. Should you have any further question in relation to the processing of your personal data, please contact the Data Protection Officer using the address details below.

  1. What information do we have about you?

The information that you provide to us is required in order for us to provide or procure goods and/or services and take/make payments from/to you. This information may either be directly provided by you or provided by our supplier, customer or service provider (i.e. the legal entity for whom you work).

We may collect various types of personal data about you, including:

  1. For what purposes do we use your personal data and why is this justified?

Legal basis for the processing

In accordance with the data protection laws, we need a “lawful basis” for collecting and using information about you. There are a variety of different legal bases for using personal data which are set out in the data protection laws. We will only process your personal data if:

Please note that, when processing your personal data on this last basis, we always seek to maintain a balance between our legitimate interests and your privacy. Examples of such ‘legitimate interests’ are data processing activities performed:

Purposes of the processing

We process your personal data for the following purposes:

  1. Sharing your information

We will share your personal information with third parties where required by law, where it is necessary to administer the contractual relationship with you or where we have another legitimate interest in doing so. This may include our auditors, banks or other financial institutions to facilitate payments and contractors who work on our systems. We may share your personal information with other third parties, for example with a regulator or to otherwise comply with the law. These third parties are obliged to protect the confidentiality and security of your personal data, in compliance with applicable law.

The personal data we collect from you may also be processed, accessed or stored in a country outside the UK. If we transfer your personal data to external companies in other jurisdictions, we will make sure to protect your personal data in the same manner as we are obliged to do set out here. You may request additional information in relation to international transfers of personal data and obtain a copy of the adequate safeguard put in place by exercising your rights as set out below.

  1. How do we protect your personal data?

We have put in place measures to protect the security of your information. Details of these measures are available upon request.

Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

  1. How long do we store your personal data?

We will only retain your personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal or regulatory requirements.

The retention period is the term of your (or your company’s) supply, customer or service contract, plus the period of time until the legal claims under this contract become time-barred, unless overriding legal or regulatory schedules require a longer or shorter retention period. When this period expires, your personal data is removed from our active systems.

  1. What are your rights and how can you exercise them?

You may exercise the following rights under certain circumstances:

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Data Protection Officer using the address details below.

  1. Changes to our privacy notice

We reserve the right to update this privacy statement at any time, and we will provide you with a new privacy statement when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.