AddressUnit 8, Atley Way, North Nelson Industrial Estate, Cramlington
Mobile+44 (0) 7956729465
Office01670 716811
Write usenquiries@cpfl-tvs.co.uk
Privacy Policy
1. Introduction
Cramlington Precision Forge Ltd. (CPFL) is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, store, and share personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Scope of the Policy
This policy applies to all personal data processed by CPFL, including that of employees, customers, suppliers, business partners, and website visitors.
3. Data We Collect
We may collect and process the following types of personal data:
• Identity Data: Name, job title, employer details.
• Contact Information: Address, phone number, email address.
• Financial Data: Bank account details, payment history.
• Employment Data: CVs, employment records, payroll details.
• Technical Data: IP addresses, browser type, and website usage analytics.
• Communication Data: Emails, phone call records, and correspondence.
• Health and Safety Data: Incident reports, medical records (where legally required).
4. How We Collect Data
We collect personal data through various means, including:
• Direct interactions (e.g., filling out forms, providing documentation).
• Business transactions (e.g., orders, contracts, invoices).
• Automated technologies (e.g., website tracking cookies, CCTV footage).
• Third-party sources (e.g., background checks, references, public records).
5. Purpose of Data Processing
We process personal data for the following purposes:
• Contractual Obligations: Managing business relationships, fulfilling orders, and processing payments.
• Legal Compliance: Meeting regulatory requirements, tax reporting, and employment laws.
• Operational Necessities: HR management, payroll, employee benefits, and safety procedures.
• Marketing and Communications: Sending updates, newsletters, and promotional content (with consent).
• Security and Fraud Prevention: Protecting CPFL premises with CCTV in all areas, External monitoring during non-working hours, external monitoring of our IT systems,
6. Legal Basis for Processing
We rely on the following legal bases for processing personal data:
• Consent: When individuals explicitly agree to data processing.
• Contractual Necessity: Processing necessary to fulfil a contract.
• Legal Obligation: Compliance with statutory requirements.
• Legitimate Interests: Processing required for business operations without overriding individual rights.
7. Data Sharing and Third Parties
CPFL may share personal data with:
• Service providers (e.g., payroll processors, IT support, security firms).
• Regulatory bodies and law enforcement agencies when required by law.
• Business partners in joint ventures or subcontracting arrangements.
• Financial institutions for processing payments.
• Auditors and professional advisors.
8. Data Storage and Retention
We store personal data securely and retain it only as long as necessary to fulfil the original processing purpose, in line with legal retention requirements:
• Employee records: Retained for three years after employment ends.
• Financial records: Retained for seven years for auditing purposes.
• Customer and supplier records: Retained for as long as business relationships exist.
• CCTV footage: Retained for a maximum of 6 weeks unless required for an investigation.
Cramlington Precision Forge Ltd. (CPFL) is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, store, and share personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Scope of the Policy
This policy applies to all personal data processed by CPFL, including that of employees, customers, suppliers, business partners, and website visitors.
3. Data We Collect
We may collect and process the following types of personal data:
• Identity Data: Name, job title, employer details.
• Contact Information: Address, phone number, email address.
• Financial Data: Bank account details, payment history.
• Employment Data: CVs, employment records, payroll details.
• Technical Data: IP addresses, browser type, and website usage analytics.
• Communication Data: Emails, phone call records, and correspondence.
• Health and Safety Data: Incident reports, medical records (where legally required).
4. How We Collect Data
We collect personal data through various means, including:
• Direct interactions (e.g., filling out forms, providing documentation).
• Business transactions (e.g., orders, contracts, invoices).
• Automated technologies (e.g., website tracking cookies, CCTV footage).
• Third-party sources (e.g., background checks, references, public records).
5. Purpose of Data Processing
We process personal data for the following purposes:
• Contractual Obligations: Managing business relationships, fulfilling orders, and processing payments.
• Legal Compliance: Meeting regulatory requirements, tax reporting, and employment laws.
• Operational Necessities: HR management, payroll, employee benefits, and safety procedures.
• Marketing and Communications: Sending updates, newsletters, and promotional content (with consent).
• Security and Fraud Prevention: Protecting CPFL premises with CCTV in all areas, External monitoring during non-working hours, external monitoring of our IT systems,
6. Legal Basis for Processing
We rely on the following legal bases for processing personal data:
• Consent: When individuals explicitly agree to data processing.
• Contractual Necessity: Processing necessary to fulfil a contract.
• Legal Obligation: Compliance with statutory requirements.
• Legitimate Interests: Processing required for business operations without overriding individual rights.
7. Data Sharing and Third Parties
CPFL may share personal data with:
• Service providers (e.g., payroll processors, IT support, security firms).
• Regulatory bodies and law enforcement agencies when required by law.
• Business partners in joint ventures or subcontracting arrangements.
• Financial institutions for processing payments.
• Auditors and professional advisors.
8. Data Storage and Retention
We store personal data securely and retain it only as long as necessary to fulfil the original processing purpose, in line with legal retention requirements:
• Employee records: Retained for three years after employment ends.
• Financial records: Retained for seven years for auditing purposes.
• Customer and supplier records: Retained for as long as business relationships exist.
• CCTV footage: Retained for a maximum of 6 weeks unless required for an investigation.
9. Data Security Measures
We implement robust security measures to protect personal data:
• Encryption and Firewalls: Secure storage of digital records.
• Access Controls: Restricted data access to authorized personnel only.
• Physical Security: Secure storage for paper records.
• Employee Training: Regular data protection and cybersecurity awareness sessions.
• Incident Response: Procedures for data breaches, including notification requirements.
10. Data Subject Rights
Under the UK GDPR, individuals have the following rights:
• Right to Access: Request copies of personal data held.
• Right to Rectification: Correct inaccurate or incomplete data.
• Right to Erasure (‘Right to be Forgotten’): Request deletion of data where legally applicable.
• Right to Restrict Processing: Limit data processing in certain circumstances.
• Right to Data Portability: Request transfer of data to another service provider.
• Right to Object: Object to processing based on legitimate interests.
• Rights Related to Automated Decision-Making: Challenge automated profiling or decisions.
11. Cookies and Online Tracking
CPFL’s website uses cookies to enhance user experience and analyse website traffic. Users can manage cookie preferences through their browser settings.
12. International Data Transfers
If personal data is transferred outside the UK, we ensure adequate safeguards are in place, such as:
• Data transfer agreements incorporating UK GDPR standards.
• Certification under relevant privacy frameworks (e.g., UK-US Data Bridge).
13. Complaints and Contact Information For questions or concerns regarding data protection,
Data Protection Officer (DPO)
contact: Judith Mcleod
Cramlington Precision Forge Ltd.
Unit 8 Atley Way,
North Nelson Industrial Estate
Cramlington
Northumberland
NE23 1WA
jmcleod@cpfl-tvs.co.uk
01670 594 101
If you are dissatisfied with our handling of your data, you have the right to lodge a complaint with the
UK Information Commissioner’s Office (ICO) at www.ico.org.uk.
14. Policy Updates
This Privacy Policy may be updated periodically to reflect changes in regulations or business practices. The latest version will always be available on our website.
