Menu
GDPR Compliance
GDPR Compliance
In line with the requirements of General Data Protection Regulation (GDPR), Central Business Equipment Limited (herein CBE) have made every effort to identify the Personally Identifiable Information (PII) we require as a company from our customers, in the course of doing business. Below is a list of the PII and the purpose for which we must seek and retain this information along with the legal grounds on which we do this.
| PII Description | Reason Collected and Maintained | GDPR Classification of CBE | Company Retention Period | Statutory Retention Period | Declared Legal Ground for Processing PII |
| Customer and Customer Employees Names | To allow us to contact you and/or the correct people in your organisation and conduct business | Data Controller | Duration of Contract / Supply of Services + 1 Year | None | Necessary in the pursuit of the legitimate interest of the organisation or a third party |
| Customer and Customer Employees Phone Numbers | To allow us to contact you and/or the correct people in your organisation and conduct business | Data Controller | Duration of Contract / Supply of Services + 1 Year | None | Necessary in the pursuit of the legitimate interest of the organisation or a third party |
| Customer and Customer Employees Email Addresses | To allow us to contact you and/or the correct people in your organisation and conduct business | Data Controller | Duration of Contract / Supply of Services + 1 Year | None | Necessary in the pursuit of the legitimate interest of the organisation or a third party |
| Customer and Customer Employees Biometric ID | Used to log into the EPOS system | Data Processor | Duration of Contract / Supply of Services + 1 Year | None | Necessary in the pursuit of the legitimate interest of the organisation or a third party |
| Customer and Customer Employees Photograph | Used to create the Employee Profile in the EPOS software | Data Processor | Duration of Contract / Supply of Services + 1 Year | None | Necessary in the pursuit of the legitimate interest of the organisation or a third party |
| Member of Public PII (aka CBE Customer’s Customer) PII on EPOS systems | To allow us to deliver the services as per the contract with the Customer who is the Data Controller | Data Processor | Duration of Contract / Supply of Services + 90 Days | None | Necessary in the pursuit of the legitimate interest of the organisation or a third party |
| Member of Public PII (aka CBE Customer’s Customer) on Rewards Points Systems | To allow us to deliver the services as per the contract with the Customer who is the Data Controller | Data Processor | Duration of Contract / Supply of Services + 90 Days | None | Necessary in the pursuit of the legitimate interest of the organisation or a third party |
IMPORTANT NOTES
- The legal grounds claimed for processing the PII identified above falls under article 6.1 f) of GDPR which states; ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party’.
- Where the company has been identified in the above table as the Data Processor, this infers that the customer is the data controller and as such has responsibilities for the methods and legal grounds for gathering, collating and transferring the data along with defining the intended purposes and any specific terms by which The Company must abide over and above what has been defined in this document.
- None of the above affects the rights of the data subjects in each case and we will ensure compliance and deal with all data subject requests as per the requirements detailed in GDPR.
- Member of Public PII related to the customers of CBE’s customers. Such PII may include any or all of the following, depending on the software products used: Name, Email, Phone, Address, Photograph/Video, Loyalty Card Number, Car Registration, Driver’s License Number
