Privacy Policy
HBS Fuels is committed to ensuring your personal data is protected. This Privacy Policy sets out what information HBS Fuel and Gas Supplies Ltd (HBS Fuels) collects from you and why; how we use and protect this information given to us; and how you can access and manage this information. This policy has been recently updated in compliance with the General Data Protection Regulation (GDPR) legislation.
Data we may collect:
- Name and contact information including email address
- Geographical data such as postcode and delivery information
- Financial information such as card details and bank account details
- Other relevant personal information in the case of employees (e.g. date of birth)
- In the case of job applicants; CVs and references
Why we require this data:
- Providing you with the product/service you have requested from us
- Internal record keeping and account management purposes so that we can verify your identity and fulfil orders
- Contacting you for the purposes of processing and fulfilling orders, account administration and/or taking payments for such orders
- Reviewing job applications for potential employment
Security
Keeping your information safe and secure is priority to HBS Fuels. The Data is stored securely within our server and is protected using current, up to date security software and IT protection which contain firewalls. Our website holds an SSL certificate meaning that it is an HTTPS site; encrypting the line of communication between your browser and the web server secure. Should you choose to contact us via the Order Online or Contact Us page, the data you submit will be stored by this website and collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP server is protected by SSL meaning that the email is sent over an encrypted connection.
All paperwork is processed by employees at HBS Fuels, who are contractually bound by our data protection policy to ensure your data is processed and protected correctly. It is stored and then archived in our offices which are alarmed and monitored 24/7/365.
Bank account details are only held in the case of a standing order mandate where a Budget Account is set up with us and these are held with restricted access securely in our office. When processing card details, we use Verifone for payment security. Using Point-to-Point Encryption and a tokenisation service provided by Verifone, allows us to process payments without the need to store or handle sensitive card data.
How long we hold your information for
Unless there is a specific legal requirement for us to keep the information, we will hold your information for as long as it is relevant and useful for the purpose for which is was collected; normally seven years in line with relevant tax and contract requirements. You are entitled to request that we erase your personal information at any time, for example when you cease to be an active customer of ours. Whilst we will always seek to comply with these requests, please bear in mind that there may be circumstances where we are entitled to retain information in respect of legal claims or unresolved activity on your account.
Controlling your personal information
You may control the collection or use of your personal information in the following ways:
- If you wish for your personal data to be corrected or erased
- If you wish for us to pass on details to a third party or would like information held by us for you to pass on to a third party e.g. another provider
- If you have previously given consent for us to contact you for direct marketing or other specific purposes and you change your mind
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required to do so by law.
If you believe that any information we hold on you is incorrect or incomplete, please notify us as soon as possible and we will promptly correct it.
Data Protection Officer
A DPO is required under the GDPR if an organisation is a public authority, carries out regular and systematic monitoring on a large scale, or carries out large scale processing of special categories of data. Based on these criteria, HBS Fuel and Gas Supplies Limited does not require a DPO to be appointed.
Breach notification
In line with the GDPR, where a breach is known to have occurred which is likely to result in a risk to the rights and freedoms of individuals, the relevant Data Protection Authority (DPA) will be informed within 72 hours.
Changes to our privacy policy
HBS Fuels reserve the right to amend this Privacy Policy from time to time without prior notice. We will not inform our clients or website users of these changes, therefore we recommend that you check this page occasionally for any policy changes.