This Privacy Policy explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe.

We know that there’s a lot of information here but we want you to be fully informed about your rights, and how Direct To Customers Limited Trading As MDF Direct uses your data. Simplicity and openness are key, but there are some important technical and legal terms!

New data protection called the General Data Protection Regulations (GDPR), came into force on 25th May 2018 in the UK and EU. GDPR broadens the scope of personal data. Data controllers must attempt to be more transparent about processing.

If your business data is held and listed on our Contact Relationship Management system, as Data Processor, we must tell you what personal data we hold, why we hold it and what we do with it.

We hope the following sections will answer any questions you have but if not, please do get in touch with us.

It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.

When you are using the Direct To Customers Limited Trading As MDF Direct website, Direct To Customers Limited Trading As MDF Direct is the data controller.

SECTION 1 – WHAT WE DO WITH YOUR INFORMATION

The data we hold may include your name, telephone and business email address. The GDPR classes your name as personal data. The email address, if it includes your name, is also classed as personal data. The telephone number may be classed as personal data. We would like to show you how you can take more control over this information.

The public sections of Direct To Customers Limited Trading As MDF Direct does not share your name or email address. We never share any part of your information with any third parties or external sources. We may have to share your data where required to do so by law.

Your information is kept and transmitted securely on our GDPR compliant data processor.

We may send you emails about our services, events, new products, other updates and relevant educational content. You will always have the option to unsubscribe from email marketing, within each email.

SECTION 2 – WHY WE HOLD THE DATA

The GDPR lists six lawful bases for processing data. We process your data based upon the following:

Legitimate Interest

For “direct marketing” this is generally the lawful basis we use for the processing we carry out. This is covered in the GDPR. The ICO say companies using this basis should conduct a “Legitimate Interests Assessment” (LIA), and we are in the process of completing this. The LIA balances your rights and our interests. The ICO consider direct B2B marketing as having a relatively low risk of causing harm, where their guidance is adhered to.
For example, we will use your engagement history to send you or make available personalised offers and information.
We also combine the behavioural history of many contacts to identify trends and ensure we can keep up with demand or develop new products/services.
We will also use your email address details to send you direct marketing information by email telling you about products and services that we think might interest you.

Consent

In specific situations, we can collect and process your data with your consent.
For example, when you tick a box to receive email newsletters.
When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service.

Contractual obligations

In certain circumstances, we need your personal data to comply with our contractual obligations.

Legal compliance

If the law requires us to, we may need to collect and process your data.
For example, we can pass on details of people involved in fraud or other criminal activity affecting to Direct To Customers Limited Trading As MDF Direct to law enforcement.

SECTION 3 – WHERE HAS THE DATA COME FROM.

Your details will have been obtained from several sources. These include; directly from yourself, GDPR compliant data providers, and online resources. Data in the public domain is also collated. You may ask us for the data specific to your records in the form of a Data Subject Access Request.

When you download, subscribe or purchase something from our online platforms, as part of the provision of information, subscribing and selling process, we collect the personal information you give us such as your name, address, contact numbers and email address.

When you browse our website, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.

SECTION 4 – YOUR RIGHT TO OBJECT AND YOUR RIGHT TO RECTIFICATION

You have the right to object to the processing of your personal data that we carry out. The quickest way to do this is to use the unsubscribe link contained in the emails we send you. If you wish, you can email us your objection – please see the details below. You may also tailor your preferences and update your details on your own profile page within our data processor. This allows you to rectify any errors.

SECTION 5 – ABOUT US

Direct To Customers Limited Trading As MDF Direct Company Registration Number12430657, is a retail company selling MDF cut and delivered in London, UK.

SECTION 6 – HOW WE PROTECT YOUR PERSONAL DATA

We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.

We secure access to all transactional areas of our websites and apps using ‘https’ technology. Access to your personal data is password-protected, and sensitive data (such as payment card information) is secured and tokenized to ensure it is protected.

We regularly monitor our system for possible vulnerabilities and attacks, we also identify ways to further strengthen security.

SECTION 7 – HOW LONG WILL WE KEEP YOUR DATA

Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.

At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

Some examples of customer data retention periods:

Orders

When you place an order or enter into a contractual agreement, we’ll keep the personal data you give us for five years so we can comply with our legal and contractual obligations.

Inactive accounts

If you’ve not engaged with us in any way for more than two years, it will be flagged as inactive and we’ll contact you to ask whether you want to keep receiving information from us. Unless you reply to say ‘yes’, we’ll close your record and delete or anonymise the personal data associated with it.

SECTION 8 – CHANGES TO THIS PRIVACY POLICY

This Privacy Policy is effective from 14/02/2020.

This Privacy Notice will be revised as needed to fully comply with changes in the law. This page will be updated to reflect such changes. You should check this page from time to time to ensure that you are happy with any changes.

SECTION 9 – ANY QUESTIONS?

We hope this Privacy Policy has been helpful in setting out the way we handle your personal data and your rights to control it.

If you have any questions that haven’t been covered, please contact our Data Protection Officer who will be pleased to help you:

Email us on enquiry@mdfdirect.co.uk