The James Latham Group are committed to protecting your privacy and we comply with General Data Protection Regulations (GDPR) and other data protection laws applicable to the United Kingdom.
To this extent we endorse and will comply with the six principles of data protection as laid out in Article 5 of the GDPR.
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Who we are
The James Latham Group comprises James Latham plc (company registration number 65619) and Lathams Limited (company registration number 967247), including our James Latham branches, LDT and ATP. The registered office of both companies is Unit 3, Swallow Park, Finway Road, Hemel Hempstead, Hertfordshire, HP2 7QU.
Who this policy applies to
This policy applies to customers of and suppliers to the James Latham Group, and to visitors to our corporate websites.
What is personal information?
Personal information is any data relating to an individual which allows, directly and indirectly, identification of this individual. This will include data such as name, address, account number, email address and emails themselves. Corporate information will also be held including company addresses, bank account details and financial information. This information can be held electronically or in paper form. Much of the information held will be provided by you, but some may come from other sources such as credit reference agencies.
How your personal information will be used
A) Customers and Suppliers
As valued customers or suppliers to the James Latham Group we may hold and store information about your company and your employees to enable us to efficiently and effectively service your account. Using this data allows us to
- Process orders and to follow up orders not completed
- Answer queries about the orders
- To manage your account, including arranging deliveries, returns and refunds.
- Keeping historical information on transactions in order to manage rebates
- For general record keeping, accounts and insurance purposes.
- To protect and defend our rights
- To enable us to make payments to you. Where payments to us are being made by credit card, no card details will be stored on our systems.
We may sometimes need to process your data to pursue our legitimate business interests, for example to prevent fraud, administrative purposes or reporting potential crimes. We may share your corporate information with credit reference agencies and other companies for use in credit decisions, for fraud prevention and to pursue debtors. We may be asked to provide details to tax, customs and excise authorities, regulators, courts or the police.
We may provide personal information to organisations such as hauliers, customers, suppliers or processors in order to process orders received or placed with you. This information will be limited to that absolutely essential to efficiently process said orders.
Unless required by legislation or for efficient operation of our trading relationship, no information will be provided to a third party without your express consent.
You can browse our websites without needing to provide names or contact details.
You can delete cookies that are already on your device by deleting your browser history. You can also block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies.
You may choose to provide your contact details, via on line forms, if you wish to obtain brochures or any other information about our products. Mandatory fields are marked by an * on the form, other information does not need to be provided.
C) Social Media
The James Latham Group operates social media platforms including Facebook, Twitter and Pinterest. No information collected through these social media sites will be used other than to provide content on marketing and other items of interest under the normal terms of these platforms, and to provide anonymous statistics on member numbers and numbers of likes, retweets etc. Any posts or comments that you make to our pages may be publically available and we are not responsible for this type of sharing. You are responsible for ensuring that any comments that you post comply with any relevant policy on acceptable use of those services.
We will retain your personal information only for as long as is necessary for our legitimate business interests. For accounting, tax and insurance reasons, information will be held for at least 7 years, although information may be held longer than that if there are valid legal grounds for doing so. Details on prospective customers will be deleted if we have had no contact in the previous 2 years.
Security of your information
We take the security of this information seriously. Where information is held electronically, appropriate systems of firewalls and anti virus security are employed and regularly tested. Cyber security training is given to our employees and data protection is addressed regularly by our company board of directors. No information is transferred outside the United Kingdom for processing.
Suitable security measures are employed internally to ensure that personal information is only available to those employees who need it in order to service your account.
However, transmission of information by email or through the internet is not completely secure. Confidential information should be password protected. We cannot though assume responsibility for such information once it leaves our systems or before it arrives in our systems.
Marketing and promotional activities
The James Latham Group will undertake marketing and promotional activities in order to provide you with information on products and events that you may be interested in. However you will not be contacted by us by email unless we have obtained express consent from you to send this information. This consent can be withdrawn at any time. We may send such information through the post, and if you wish to opt out of receiving this information, then please contact your local depot, or email firstname.lastname@example.org.
- Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data. You have the right to request from us, access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.
- If you have provided consent for the processing of your data, you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
- You have the right to lodge a complaint to the Information Commissioners Office if you believe that we have not complied with the requirements of the GDPR or DPA with regard to your personal data.
Identity and contact details of controller and data protection officer
James Latham plc and Lathams Limited are the data controllers for the purposes of GDPR and DPA.
If you have any concerns as to how your data is processed you can contact David Dunmow (email@example.com), Finance Director and Company Secretary, at Unit 3, Swallow Park, Finway Road, Hemel Hempstead, Herts, HP2 7QU