Privacy Notice

What is this notice and why should you read it?

1. This privacy notice explains how and why Chelton Limited including each of its operating entities, subsidiaries and affiliates (also referred to as “Chelton”, “we”, “our” and “us”) uses personal data about those individuals who purchase goods or services from us, supply goods or services to us, visit our websites (collectively the “Website”), or otherwise communicate or engage with us (referred to as “you”).
2. You should read this notice, so that you know what we are doing with your personal data. Please also read any other privacy notices that we give you, that might apply to our use of your personal data in specific circumstances in the future.

Chelton's data protection responsibilities

“Personal data” is any information that relates to an identifiable natural person. Your name, address and contact details are all examples of your personal data, if they identify you.
The term “process” means any activity relating to personal data, including, by way of example, collection, storage, use, consultation and transmission.
Chelton is a so-called "controller" of your personal data. This means that we make decisions about how and why we process your personal data and, because of this, we are responsible for making sure it is used in accordance with data protection laws.

What types of personal data do we collect and where do we get it from?

We collect different types of personal data about you when you visit our Website, purchase something from us or otherwise communicate or engage with us. We also obtain some personal data from other sources and create some personal data ourselves.
If any of the personal information you have given to us changes, such as your contact details, please inform us without delay.
We collect your personal information from various sources. The different types of personal information that we collect and the sources we collect it from, can be reviewed in more detail in Schedule 1.

What do we do with your personal data and why?

We process your personal data for particular purposes in connection with your use of Website, the provision of services or goods from us to you, your communication or other engagement with us and the management and administration of our business.
We are required by law to always have a so-called “lawful basis” (i.e. a reason or justification) for processing your personal data. The purposes for which we process your personal data and the relevant lawful basis on which we rely for that processing, can be reviewed in more detail in Schedule 2.
Please note that where our processing of your personal data is either:
1. necessary for us to comply with a legal obligation; or
2. necessary for us to take steps, at your request, to potentially enter into a contract with you, or to perform it, and you choose not to provide the relevant personal data to us, we may not be able to enter into or continue our contract or engagement with you.
We may also convert your personal data into statistical or aggregated form to better protect your privacy, or so that you are not identified or identifiable from it. Anonymised data cannot be linked back to you. We may use it to conduct research and analysis, including to produce statistical research and reports. For example, to help us understand and improve the use of our Website.

Sensitive Information and Supplier data

Except in relation to certain suppliers, we do not process ‘special categories of personal data’ and/or sensitive personal data (together, “Sensitive Information” – as set out in Schedule 1). This refers to sensitive or special categories of personal data which we are required to process with more care, according to applicable laws.
In addition to the processing activities described above, for certain suppliers, we may conduct background checks for identity, fraud protection and money laundering purposes. Some of these checks may include the processing of personal data related to supplier directors or senior officers. These checks will either be conducted on the lawful basis of it being necessary to comply with a legal requirement or (where no such legal requirement exists), it being necessary for our legitimate business interests.
Where the processing of supplier data does include the processing Sensitive Personal Data, this will either be only on the lawful basis of having obtained explicit consent or that it is necessary to establish, exercise or defend a legal claim.

Who do we share your personal data with, and why?

Sometimes we need to disclose your personal data to other people.

Inside Chelton's Group:

We are Chelton Limited, which includes a number of companies and operations globally. Therefore, we will need to share your personal data with other companies in the Chelton group for our general business management purposes and, in some cases, to meet our customer needs where providing services across branches/locations and/or for authorisations/approvals with relevant decision makers, reporting and where systems and services are provided on a shared basis.
Access rights between members of the Chelton group are limited and granted only on a need to know basis, depending on job functions and roles.
Where any Chelton group companies process your personal data on our behalf (as our processor), we will make sure that they have appropriate security standards in place to make sure your personal data is protected.

Outside Chelton's Group:

From time to time we may ask third parties to carry out certain business functions for us, such as the administration of our Website and IT support. These third parties will process your personal data on our behalf (as our processor). We will disclose your personal data to these parties so that they can perform those functions. Before we disclose your personal data to these third parties, we will seek to ensure that they have appropriate security standards in place to protect your personal data. Examples of these third party service providers include our outsourced IT systems software and maintenance, back up, and server hosting providers.
In certain circumstances, we will also disclose your personal data to third parties who will receive it as controllers of your personal data in their own right for the purposes set out above, where the relevant disclosure is in relation to:
1. services provided to you or us by a third party acting independently to Chelton but which has a relationship with Chelton, for example certain payment fraud checking services;
2. the purchase or sale of our business (or part of it) in connection with a share or asset sale, for which we may disclose or transfer your personal data to the prospective seller or buyer and their advisors; and
3. the disclosure of your personal data in order to comply with a legal obligation, to enforce a contract or to protect the rights, property or safety of our employees, customers or others.
We have set out below a list of the categories of recipients with whom we are likely to share your personal data:
1. IT support, Website and data hosting providers and administrators;
2. payment processors in relation to purchases you make with us;
3. consultants and professional advisors including legal advisors and accountants;
4. courts, court-appointed persons/entities, receivers and liquidators;
5. business partners and joint ventures;
6. insurers; and
7. governmental departments, statutory and regulatory bodies including (in the UK) the Department for Work & Pensions, Information Commissioner’s Office, the police and Her Majesty’s Revenue and Customs.

Where in the world is your personal data transferred to?

As part of a global organisation, Chelton may transfer your personal data to recipients (either internally or externally, as set out above) that are established in jurisdictions other than your own. Please be aware that the data protection laws in some jurisdictions may not provide the same level of protection to your personal data as is provided to it under the laws in your jurisdiction.
If any disclosures of personal data referred to above require your personal data to be transferred from within to outside the European Economic Area, we will only make that transfer if:
1. the country to which the personal data is to be transferred ensures an adequate level of protection for personal data;
2. we have put in place appropriate safeguards to protect your personal data, such as an appropriate contract with the recipient;
3. the transfer is necessary for one of the reasons specified in data protection legislation, such as the performance of a contract between us and you; or
4. you explicitly consent to the transfer.

How do we keep your personal data secure?

We will take specific steps (as required by applicable data protection laws) to ensure we take appropriate security measures to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage.

How long do we keep your personal data for?

We will only retain your personal data for a limited period of time and for no longer than is necessary for the purposes for which we are processing it for. This will depend on a number of factors, including:
1. any laws or regulations that we are required to follow;
2. whether we are in a legal or other type of dispute with each other or any third party;
3. the type of information that we hold about you; and
4. whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.

How do we communicate with you?

We will use your personal data to communicate with you:
1. in relation to any purchases you make with us;
2. to administer our relationship with you;
3. to respond to any questions or complaints that you may have; and
4. to invite you to take part in market research or request feedback on our products and services.
From time to time and with your opt-in consent (if required), we will provide you with information about our products, services, promotions and/or offers which may be of interest to you. Such communications will be sent either by email, text, post or telephone.
If you do not wish to receive such communications, you can refuse to give your consent (where your consent is required) or opt-out at any time by either following the instructions within the communication or by contacting us using the details below..

Cookies

Find out about cookies here.

What are your rights in relation to your personal data and how can you exercise them?

Where our processing of your personal data is based on your consent (please see the tables above), you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know.
Where our processing of your personal data is based on the legitimate interests (please see the tables above), you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.
Where we are processing your personal data for direct marketing purposes, you have the right to object to that processing.
You have the right to (subject to applicable laws and certain limitations):
1. access your personal data and to be provided with certain information in relation to it, such as the purpose for which it is processed, the persons to whom it is disclosed and the period for which it will be stored;
2. require us to correct any inaccuracies in your personal data without undue delay;
3. require us to erase your personal data;
4. require us to restrict processing of your personal data;
5. receive the personal data which you have provided to us, in a machine readable format, where we are processing it on the basis of your consent or because it is necessary for your contract with us (please see the tables above) and where the processing is automated; and
6. object to a decision that we make which is based solely on automated processing of your personal data (however, we do not currently conduct any such decision making).
You also have the right to lodge a complaint with the relevant Supervisory Authority (which is the Information Commissioner’s Office in the UK, for example).

Updates to this notice

We may update this notice from time to time to reflect changes to the type of personal data that we process and/or the way in which it is processed. In the event of a material change which affects the processing of your personal data, we will notify you. We also encourage you to check this notice on a regular basis.

Where can you find out more?

If you want more information about any of the subjects covered in this privacy notice or if you would like to discuss any issues or concerns with us, you can contact us: using this form.

Schedule 1

Categories Of Personal Data

*Category*	Type of personal data	Collected from
*Contact Information*	Name Address Telephone number Email address Organisation details (eg your place of work, job title and organisation contact information) Your marketing preferences	You Publicly available sources such as LinkedIn
*Customer / Supplier Information*	Contact Information (see above) Individual Reference Number Digital signature Details of personal interests/hobbies/dietary requirements/entertainment preferences Order information for goods and services purchased or sold by you (or your organisation) Payment information You/your organisation’s banking details Fraud checks or flags raised about your transactions, payment card refusals Delivery details Communications we may have with you, whether relating to a transaction or not. Any additional information that you provide to us voluntarily or for account security, including (for example) date of birth or mother’s maiden name Responses to surveys or competition entries Sensitive information (see sub-categories below)	You Third party fraud checking service Your/your organisation’s bank
*Website Information*	Contact Information (see above) IP address and other online identifiers / web beacons User names, passwords (stored in encrypted form) and other log-in information Details of your online browsing activities on our website, such as the pages, products or areas of our website that you visit Your account settings including any default preferences, any preferences we have observed, such as the types of offers that interest you, or the areas of our website that you visit.	Device used to access the Website Our Website
*Sensitive Information (only in relation to certain suppliers)*	Racial or ethnic origin (including your nationality and passport information) Information relating to actual or suspected criminal convictions and offences (pursuant to anti-money laundering and identity checks)	You Third party systems used for our identity checks

Schedule 2

Processing Activities And Lawful Basis

	Purposes of processing	Lawful basis
	Purposes of processing	Your consent	To perform a contract with you	To comply with a legal obligation	For our legitimate interests
	Contact Information
a)	Responding to your enquiries and/or complaints		✔		✔ (It’s important that we can respond to you in relation to such matters)
b)	Confirming and processing orders for goods or services that you may make with us (either as customer or supplier)		✔
c)	Sending you information (including direct marketing) as set out in the section “How do we communicate with you?”, below	✔			✔ (It is important to keep you updated of orders made with us and notified of factual updates to our engagement with you)
	Website Information	PLEASE ALSO SEE THE COOKIES SECTION
d)	Ensure the operation and performance of the Website				✔ (We need to ensure the Website functions correctly)
e)	To improve the functionality of the Website				✔ (It is in our interest to keep the Website up to date and improve its functionality for the benefit of users)
f)	To enable you to create accounts and log-in to them via the Website				✔ (It is in our interests to grant you access to a private log-in where you can access information relevant to you and your relationship with Chelton)
	Customer / Supplier Information
g)	To take payment and deliver your goods to you or the recipient you indicate, to deal with any complaints or any after sales services, including for warranty purposes		✔
h)	To protect genuine customers and our business from fraud to minimise the risk of false details being used, and abuse of card details by fraudsters		✔		✔ (It is important that seek to limit incidents of fraud)
	All categories
i)	Establishing and enforcing our legal rights and obligations and monitoring to identify and record fraudulent activity			✔
j)	Complying with instructions from law enforcement agencies, any court or otherwise as required by law			✔
k)	For our general record-keeping and customer/supplier relationship management		✔		✔ (We need to store customer/supplier related information so we can refer back to it)
l)	Managing the proposed sale, restructuring or merging of any or all part(s) of our business, including to respond to queries from the prospective buyer or merging organisation			✔	✔ (We have a legitimate interest in being able to sell any part of our business)
m)	To keep records required by law or to evidence our compliance with laws, including tax laws, consumer protection laws and data protection laws.			✔
n)	Resolving any complaints from or disputes with you		✔		✔ (We need to be able to try and resolve any complaint or dispute you might raise with us)

Categories Of Personal Data

Processing Activities And Lawful Basis

Contact us

Quote basket

Add to basket

Get in touch