Introduction

We respect your privacy. This privacy statement explains what personal data we collect from you and how we use it. This policy is to enforce the compliance of data protection and to protect the rights and freedoms of natural persons. We only use your information to administer your account and we will not pass your information on to any third party (other than as part of processing your order). We will not send you “spam mail”. We will only send an occasional Newsletter to keep you up-to-date with Kingsfield, website and news and events. You can unsubscribe if you choose, instructions are in the newsletter.

Definitions

In this Addendum, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:

 

1.1  “Applicable Laws” means (a) European Union or Member State laws with respect to any Company Personal Data in respect of which any Company Group Member is subject to EU Data Protection Laws; and (b) any other applicable law with respect to any Company Personal Data in respect of which any Company Group Member is subject to any other Data Protection Laws;

1.2  “Company Affiliate” means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Company, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise;

1.3  “Company Group Member” means Company or any Company Affiliate;

1.4  “Company Personal Data” means any Personal Data Processed by a Contracted Processor on behalf of a Company Group Member pursuant to or in connection with the Principal Agreement;

1.5  “Contracted Processor” means Vendor or a Sub processor;

1.6  “Data Protection Laws” means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country;

1.7  “EEA” means the European Economic Area;

1.8  “Customer&” means the party identified as the customer in this agreement to whom Kingsfield may agree to supply products in accordance with these terms and conditions;

1.9  “Kingsfield” or “Kingsfield IT” means Kingsfield Computers or Kingsfield Computer Products Ltd, Kingsfield Centre, 8 Brookfield, Duncan Close, Northampton NN3 6WL;

1.10  “Products” means goods including but not limited to computer hardware and software items to be provided by Kingsfield to the customer in accordance with these terms and conditions;

1.11  “GDPR” means EU General Data Protection Regulations;

1.12  The term, “Commission”, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach”, “Processing” and “Supervisory Authority” shall have the same meaning as in the GDPR, and their cognate terms shall be contrasted accordingly.

Contract and Responsibilities

Kingsfield Computers agrees to process the Data only in accordance with Data Protection Laws and in particular on the following conditions:

 

2.1 Kingsfield Computers will only process the Data for completing the Services and only process the Data in the UK with no transfer of the Data outside of the UK;

2.2 Ensure that all employees and other representatives accessing the Data are aware of the terms of this Agreement and have received comprehensive training on Data Protection Laws and related good practice, and are bound by a commitment of confidentiality;

2.3 Kingsfield Computers have agreed to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, complying with Article 32 of GDPR;

2.4 We may involve third parties where necessary to ensure we are providing the best possible pricing and the right level of support. Such consent may be withheld without reason. If consent is given a further processing agreement will be required;

2.5 Kingsfield Computers will fulfil the obligation to respond to requests from individuals exercising their rights – rights to erasure, rectification, access, restriction, portability, object and right not to be subject to automated decision making etc;

2.6 Ensure compliance with the obligations pursuant to Articles 32 to 36 of GDPR – “ security, notification of data breaches, communication of data breaches to individuals, data protection impact assessments and when necessary consultation with the ICO etc, taking into account the nature of processing and the information available to the Processor;

2.7 Make immediately available to the controller all information necessary to demonstrate compliance with the obligations laid down under this Agreement and allow for and contribute to any audits, inspections or other verification exercises required by the controller from time to time;

2.8 Maintain the integrity of the data without alteration, ensuring that the data can be separated from any other information created and immediately contact the authorities if there is a personal data breach or incident where the data may have been compromised;

What Information is Collected and How is it Stored

3.1 We may collect basic user profile information from all our Visitors. We collect the following additional information from our Authorised Customers: the names, addresses, phone numbers and email addresses of Authorised Customers, the nature and size of the business, and the nature and size of the advertising inventory that the Authorized Customer intends to purchase or sell. This will be used for communication and order processing.

3.2 Data will be retained for 7 years. After this duration, data stored will be disposed of in an efficient manner through WEEE.

3.3 Personally identifiable information collected by Kingfield Computer products Ltd is securely stored and is not accessible to third parties or employees, except by responding to emails as instructed, or by contacting us at your email address.

3.4 We will maintain a record of their processing activities, covering areas such as processing purposes, data sharing and retention; we call this documentation.

may have been compromised;

Privacy Policy Changes

We will let our Visitors and Authorised Customers know about changes to our privacy policy by posting such changes on the Site. However, if we are changing our privacy policy in a manner that might cause disclosure of Personally Identifiable Information that a Visitor or Authorised Customer has previously requested not be disclosed, we will contact such Visitor or Authorised Customer to allow such Visitor or Authorised Customer to prevent such disclosure.

How to Handle Violations

5.1 Kingsfield Computers shall notify Company without undue delay upon becoming aware of a Personal Data Breach affecting Company Personal Data, providing Company with sufficient information to allow each Company Group Member to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws;

5.2 We shall cooperate with company and each company group member and take such reasonable commercial steps as are directed by company to assist in the investigation, mitigation and remediation of such personal data breach;

5.3 Kingsfield Computers agree to only collect the minimal amount of data required