Customer Guidance Instruction
Social Spaces is a registered trademark of Dams Furniture Ltd. On May 25 2018, The General Data Protection Regulation (GDPR) became enforceable. This has been introduced by The European Union, who has taken a monumental step in protecting individual rights in regards to data privacy. Dams Furniture ensures data will be processed in accordance with the General Data Protection Regulation, as protecting your data is important to us. This is to safeguard the privacy of individuals who provide Dams with personal information. The compliance encompasses any activities carried out or on behalf of Dams by third party suppliers.
As part of Dams commitment to GDPR compliance, Dams has ensured that all third party suppliers approach the GDPR in a vigorous and unfailing manner in the management and security of personal data.
These requirements take the relevant data protection legislation into account, including but not limited to:
For the purpose of this document and our continuing relationship, Dams will be classified as the data processor, you as the customer will be the data controller, under GDPR regulations.
Where used, the terms in reference to “data subject”, “personal data”, “data controller”, “process”, “data processor” and “supervisory authority” will bear their corresponding meanings specified in the General Data Protection Regulation.
By purchasing a product from Dams, you as the customer, have agreed to enter into a contractual agreement with Dams. This will encompass the process of purchasing a product, through to the installation of a product. As part of our GDPR compliance, we will ensure that any supporting and/or secondary data processing activities, shall;
o Have had relevant training in data protection and security, integrity and confidentiality of personal data;
o Only use that data for the purpose of their job function;
o Will only process the data on strict instructions from you the controller and/or Dams the processor;
Dams will implement and maintain, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, applicable technical and organisational procedures to ensure a level of security appropriate to the risk.
This may include but is not limited to;
If any personal data in the control of Dams is rendered unusable, lost or corrupted, for any reason, Dams will contact you and promptly, restore the personal data back to its original state, using up to data backups and disaster recovery methods.
If you terminate your services with Dams we will immediately begin our process of collating your data in a machine readable format. We will arrange for the safe return of the data, or destroy the data, depending on the strict instruction given to Dams by you. We may refuse this service if the European Union, Member state and/or UK law requires access to the storage of your personal data.
A personal data breach means a breach of security leading to the unintentional or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
In the event of a data breach, Dams shall notify you without undue delay after becoming aware of a personal data breach. Dams will provide the nature of the personal data breach, including the approximate number of data subjects involved, number of personal data records compromised and time taken place. From this point it is then your responsibility as a controller to notify the data subject of the breach. Dams will provide the data subject, if instructed to do so by you, with as much information as possible. We will notify you, no later than 72 after becoming aware of a breach.
Dams will ensure its processes reduce the risk of internal data breaches (own employees) as practical as possible. However, in the event of an internal data breach, an investigation will commence to measure the severity and risk for the rights and freedoms of the data subject. If Dams Data Protection Officer deems the data breach is unlikely to result in a risk for the rights and freedoms of the data subject, we may choose not to notify you of the data breach.
Dams will immediately notify you upon receiving a notice from any regulatory or government body, including the Information Commissioner and any supervisory authority, which directly or indirectly relates to the processing of your personal data. We shall cooperate with any relevant European Union or Member State supervisory authority.
Dams will only process data to third party organisations if safeguards are in place to protect human rights and fundamental freedoms of data subjects, there are binding corporate rules in accordance with the GDPR, have approved codes of conduct in place and adhere to a standard of data protection clauses adopted by the Information Commissioner.
Dams Furniture will keep all documentation, where relevant, up to date and under the guidelines of the General Data Protection Regulation. Where necessary, Dams will provide you with documentation, relating to management system policies.