In this policy we have set out the personal data that we collect from and about you, how it is used and to whom the information is disclosed. It is important to note that this policy is non- contractual
Larchtower Engineering (also known as Forge Motorsport) are leaders in aftermarket car parts. We are dedicated in applying our wealth of knowledge and technical expertise, gained through years of research and development, to create products that deliver the highest level of quality.
We are committed to protecting the personal data we have access to and process and have developed privacy policies to cover groups of individuals whose personal data we may hold. This particular policy relates to all the personal information of people that apply to, or are trading with us.
Personal data is information about an identifiable individual that could lead to them being treated differently. The types of personal data we process includes name, address, telephone, personal email address and purchase history. We may also hold any other information necessary for our business purposes and to administer your purchase orders.
What information do we process and where does it come from?
We collect and use personal data from individuals when they apply to trade with us and and enter into a purchase order, such as:
- Contact details including name, address, telephone number, personal email
- General letters, emails and correspondence sent to you
Generally, we collect personal data directly from you. If the personal information we collect comes from a third party we will obtain your permission before we seek out this information (permission may be given directly by you, or implied from your actions).
Sometimes we may collect information from organisations (such as banks) in the course of them providing services to us. In this case, we will take reasonable steps to ensure that they have the right to disclose your personal information to us.
The information is stored on our system and in emails as well as paper files.
Why do we collect the information?
Our lawful reason for processing your data is based on our legitimate business interests because we need to process your data to carry out our obligations under the contact of purchase and supply or because we need to comply with a legal obligation.Without it we cannot administer your purchase order properly and for customers, we need to administer a successful order process. We may use your personal information without your knowledge or consent where we are permitted or required by law or regulatory requirements to do so.
( e.g. supply of data to HMRC)
What do we do with the information?
We use the personal data for business purposes including establishing, managing and supplying an order. For example we need to:
- Determine suitability of a product we supply
- Administer payments and the supply contract in general
- Undertake processes such as shipping and delivery arrangements.
- Maintain accurate records
- Undertake any other reasonably related purpose
Special Categories of Data
We may also collect and process special categories of data. Our legal basis for processing this data is that we need to process this data for our legitimate business interests and to carry out your contract and at times, also to comply with law.
We need this data to perform or exercise our obligations or rights under consumer law, or in line with our data protection policy.
We may also process these special categories of data where we have your explicit written consent in which case, we will provide you with full details of the personal information we would like and the reason we need it, so you can properly consider whether you wish to consent or not. It is your choice and you can withdraw consent at any time. We would only collect and process this data if it is absolutely necessary and we ensure we have strict security around access to this data.
As part of your customer contract we monitor compliance with other policies, such as our IT policy, this is to ensure that any data is deleted as soon as we are required to.
Disclosing and Sharing Personal Data
We may share your personal information with our employees, consultants and other parties who require such information to assist us with establishing, managing or terminating our supplier relationship with you.
How long will we keep data for?
There are some legal and regulatory requirements which govern how long we should retain your personal data. Outside of these we endeavour to retain your personal information only for as long as we believe is necessary to fulfil the purposes for which the personal information was collected (including for the purpose of meeting any legal, accounting or other reporting requirements or obligations). We may, instead of destroying or erasing your personal information, make it anonymous so that it cannot be associated with or tracked back to you.
In general, we will keep sales enquiry data for up to 6 months after the initial process / campaign. For customers who have purchased from us, but no longer wish to do so, we will after 2 years just maintain enough data necessary for statutory reasons and for providing reference information should the individual authorise us to provide it.
The rights of individuals whose personal data we process
It is important that the information we process on you is accurate and up to date so please inform us of any changes. If we are processing your personal data you have the following rights:
- The right to be informed of what data we are processing, what for, how we obtained the data and to whom it is released.
- Subject to certain conditions as set out in ‘Access to your personal data’ below, you have the right to access the data we are processing on you
- The right to rectification of the data if incorrect or inaccurate
- The right of erasure (in certain circumstances such as where you gave your consent to process)
- The right to restrict processing (to request that we do not process data for certain activities in certain circumstances)
- The right to data portability (where appropriate)
- The right to object
- The right not to be subject to automated decision making
Access to your personal information
You can ask to see the personal information that we hold about you. To do so, please contact our Data Controller and your request must be in writing.
When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information that we hold about you.
We will ensure the request is responded to within a month. Your right to access the personal information that we hold about you is not absolute. In the event that we cannot provide you with access to your personal information, we will endeavour to inform you of the reasons why, subject to any legal or regulatory restrictions.
Updating your personal information
It is important that the information we process on you is accurate and up to date. Whilst we endeavour to ensure it is at the time we first collect it, we need you to ensure you keep us updated where the personal information we process on you changes.
Keeping your personal information safe and secure
We seek to maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal information in question. These safeguards are designed to protect your personal information from loss and unauthorised access, copying, use, modification or disclosure.
We train our staff in the policies and procedures and also design our IT systems processing personal data, based on a Privacy by Design principle. We have procedures in place to deal with a suspected data security breach and will notify the Information Commissioner’s Office (ICO) and you of any suspected breach where legally required to do so.
Transferring Data outside of the European Economic Area (EEA)
We will not transfer your personal information to countries outside the European Economic Area (EEA)
Questions or concerns
With regard to financial information, both ourselves and any payment processing gateways we may use, comply with the appropriate Payment Card Industry Data Security Standard (PCI DSS) compliance, and certification is available upon request.