Logistic Freight Services Ltd.
LFS Ltd Privacy Statement
Last updated: 14/05/2018
This document is available at all times on the LFS homepage (www.lfslimited.co.uk/privacy). It outlines how we collect and use personal information, how we meet our obligations as a data controller and as a data processor. It may be updated from time to time. The online document will always be the most up to date version. You can contact email@example.com for any questions relating to our Privacy or GDPR Policies.
Is LFS a Data Controller or Data Processor?
LFS is defined as a data “processor” for the personal data that we use during our business transactions. As data processor we may collect end user name, address and other contact details that may be passed on to our own sub-contractors (e.g. independent drivers), as required to enable us to carry out our contractual commitments to our customers. This data will only be used by staff who have a business need to access the data, will only be shared with those 3rd parties who enable us to perform our obligations, will be secure in our online and offline systems and will be retained for a maximum of 7 years in order to enable us to comply with our legal obligations, after which time it will be deleted. Our use of sub-contractors or GDPR “sub-processors” is governed by an agreement that ensures they are also compliant with GDPR and that the data is dealt with accordingly.
Does LFS have a Data Protection Officer (DPO)?
Yes we do. Our DPO is always available via the firstname.lastname@example.org email address. The DPO is part of the Executive Team. The DPO is responsible for overseeing that LFS is meeting its obligations to Data Protection laws and regulations, including GDPR. The DPO is also a point of contact for Data Privacy related queries from staff, customers and suppliers and other third parties and a focal point for Data Access Requests and Data Breaches.
What personal data do we collect?
When customers register a trade account with LFS, we will collect some or all of the following personal data:
- Name, Email address, fax number, postal address, business contact and billing information
- Business information for credit applications including trade references, company registration number, VAT Number & trading period
When customers order from LFS we collect additional information including:
- Contact details for processing of the order
- Delivery details to enable delivery – including name, address and contact details
LFS does not collect any Special Category Data as defined by the GDPR.
How do we use this data?
When registering with LFS customers will be asked for consent for us to
use personal data for the purposes listed below:
- To enable us to confirm business details when setting up an account, for legal, financial and contractual purposes so that we may provide commercial services to our customers.
- To carry out basic checks for due diligence when setting up accounts to ensure all details are genuine and correct and to avoid fraudulent use of data.
- To allow us to comply with legal requirements placed upon us.
When ordering from LFS we will need customer and delivery address details for the purposes listed below:
- To enable the correct delivery of goods.
- To facilitate accurate billing.
We will keep data for the duration of our joint relationships. Data will be retained in accordance with legal requirements and be deleted after such requirements are met. For example if we end a business relationship, data will be retained for seven years and then destroyed.
Who has access to personal data?
At LFS we take care to ensure personal data is only accessible to those who have a business need. For example when setting up an account, the data used for that purpose is only accessible to employees involved in that process. Personal data is not accessible to employees for whom there is no business need.
Access decisions are taken by the Executive team including the DPO.
Who do we share personal data with?
LFS only shares your information with third parties as required to enable us to comply with the law, to setup and transact our business together or to deliver products to your customers, as follows:
- Credit agencies in order to confirm credit status of our customers.
- Drivers including sub-contractors in order to facilitate delivery
In each case, our sub processors will be obliged to follow GDPR and other relevant privacy regulations and guidelines in order to safeguard this data. The data will not be passed outside the European Economic Area.
How are corrections of data carried out?
If delivery details change then you can notify LFS by phone and we will update the details and documentation accordingly. If you believe we have any incorrect personal information, or if anything changes, you may request to change or to see this data, which we will provide within 30 days at no charge. If you are requesting more detailed data that requires an additional amount of resource, we may make a nominal charge to cover our costs.
Any relevant changes in your personal data should be notified to LFS by phone or to the email@example.com email address.
Does LFS have a central repository of data processing activities ?
Yes, LFS maintains a GDPR compliant data processing repository. It is reviewed and updated on an ongoing basis as required.
How does LFS manage Storage and Security of data including personal data?
LFS takes great care to keep data secure. There are both physical and electronic processes in place and management procedures ensure data is protected.
Data is physically stored in the UK at LFS owned facilities and is not passed outside the EEA. Precise location of the data and
backups is confidential in order to maintain data security. If you need more information please contact the firstname.lastname@example.org email address.
What is LFS’s Data Retention Policy?
Data including personal data is kept for up to 7 years to enable LFS to manage accounts, requests, compliancy requirements and legal requirements. After which time it is destroyed.
Personal data relating to prospective employees who are not successful candidates will be kept for 12 months and then destroyed.
Data is removed through standard deletion and overwriting processes to ensure restoration is not possible.
Data deletion and destruction is authorised via the management process and staff training and compliance checks.
How does LFS manage Data Access Requests?
Data Access Requests are monitored and logged via the management system which meets regularly. Data Access Requests are managed through this management process and documented accordingly. The DPO is part of this team and process and is responsible for managing it to completion.
How does LFS manage Data Breaches?
Should a data breach occur that would be logged and managed by the management system described above. The DPO is responsible for ensuring the correct processes and procedures are followed and documented, including reporting to any relevant third party.
Data breaches are understood by all staff and management and processes are in place to identify and report them through the management system. Training of all staff includes this subject and other GDPR related responsibilities.
Internal tracking and audits are carried out to ensure compliance by staff on all data privacy related matters.
Does LFS train staff on Data Privacy?
Yes, all staff are trained on Data Privacy and GDPR on an ongoing basis. For example prior to May 25th 2018 all staff
have been trained on the company and individual requirements and responsibilities. All staff are aware of and agree to the lawful requirement placed up on them individually and the company.
Training is delivered by various internal and external parties and is under the direction of the DPO. Refresher courses are
run on an ongoing basis as new staff join, regulation changes are made or to re-inforce as required.
Yes, cookies are used on our website. A clear notice appears to inform visitors and asks them to decline or accept cookies.
Is LFS registered with the ICO?
Yes, LFS are registered with the ICO.
How are changes to this statement & policy managed?
LFS may make occasional changes to this policy in order to ensure compliance and best practice. The latest version of this document will be available at www.lfslimited.co.uk/privacy and the date will reflect when the latest changes were made.
Who is the LFS Contact for Data Privacy?
Logistic Freight Services Ltd
66 Wraysbury Road
VAT No GB 417279146
Free Phone: 08007 563 695
Operations: 01784 460666 x 4 Lines
Accounts: 01784 466004
Fax: 01784 463282