Personal Data, Cookies & Data Processing
CKB Ltd and its group company brands obtain personal data from customers to fulfil an order by way of contract. We have a data protection officer who is the position holder of Company Secretary. We use systems to process orders and details of such systems and any third-party involvement are not detailed on our website for reasons of our requirement to protect our business knowledge and security. If such a third party is used the Company has undertaken checks to satisfy itself that they comply with relevant data protection regulations. If a data subject has a query concerning this, please contact our Data Protection Officer at Unit 5, Business Centre East, Fifth Avenue, Letchworth Garden City, Herts, SG6 2TS. You can also refer to our Company data protection policies for further information.
If you are in the European Union, you may address privacy-related inquiries to our EU Representative pursuant to Article 27 EU GDPR:
Website Data Processing Statement Concerning any Third-Party Engagement
This statement is relevant to all companies working with our business. For the purpose of this statement, a Data Controller and a Data Processor are as defined in Data Protection Legislation* A Data Controller refers to a person (Party) who (either alone or jointly or in common with other persons (Parties)) determines the purposes for which and the manner in which any Personal Data is or is to be processed. A Data Processor means a person (Party), other than an employee of the Data Controller, who processes the data on behalf of the Data Controller. Processing in relation to information or data means obtaining, recording, or holding the information or data or carrying out any operation or set of operations on the information or data, including:
- Organisation, adaptation or alteration of the information or data;
- Retrieval, consultation or use of the information or data;
- Disclosure of the information or data by transmission, dissemination or otherwise making available; or
- Alignment, combination, blocking, erasure or destruction of the information or data
CKB Ltd ® and its group brands including Lanyards Tomorrow ®, Gifts Tomorrow ™ and Bar Amigos ® (“the Company”), expects and warrants that all of its suppliers and any companies working with it perform their respective obligations in line with relevant Data Protection Legislation for the processing of Personal Data (e.g. customer or CKB Ltd employee data) by the Data Processor on behalf of the Data Controller. This includes but is not limited to the following (n.b. please note that a Data Processor shall not sub-contract any of its obligations or rights without the prior written consent of the Data Controller):
- Registering with appropriate regulatory bodies as necessary and adhering to both current and any additional regulatory stipulations in the event of new requirements.
- Providing details of their Data Protection Officer and EU Representative (if required)
- Securely processing, holding, storing, retaining, altering, transferring, disposing, and any other activities related to both electronic and paper-based Personal Data records, in line with Data Protection Legislation regulations and confidentiality requirements. This includes the amount of Personal Data required to be processed, etc., for a given purpose which shall not be excessive. No special category data is processed between the Parties (meaning ascribed as per Data Protection Legislation)
- Obtaining all necessary and appropriate consents and notices to enable the lawful transfer of Personal Data.
- Maintaining an adequate level of protection for any Personal Data that is transferred outside of the UK to the European Economic Area (all EU member states, plus Iceland, Liechtenstein, and Norway) (“EEA”). Also ensuring that the legislative obligations under the provisions applicable to transfers of Personal Data to third countries are adhered to.
- Ensuring appropriate technical and organisational measures are in place to protect against any unauthorised or unlawful processing, accidental loss or destruction, damage to, and alteration or disclosure of the Personal Data.
- Maintaining a security policy and ensuring security measures are to a standard appropriate to the nature of the Personal Data to be protected and the potential harm resulting from the unauthorised or unlawful processing, accidental loss or destruction, damage to, and alteration or disclosure of the Personal Data.
- Ensuring appropriate security safeguards are in place (e.g. passwords and restricted access) plus virus protection to protect the hardware and software which is used in processing the Personal Data in accordance with best industry practice.
- Prevention of unauthorised access to the Personal Data, and protection of the Personal Data using pseudonymisation where it is practical to do so.
- Ensuring the storage of Personal Data on any static and mobile devices (e.g. laptops or tablets if used) is secure.
- Maintaining a secure procedure for backing up all electronic Personal Data and storing back-ups separately from originals.
- Developing a secure method of disposal of unwanted Personal Data including for back-ups, disks, printouts, and redundant equipment.
- Deleting or returning all Personal Data from the Data Processor to the Data Controller at the end of the relevant term of working together as requested or to retain such Personal Data if required by law.
- Acting on the written instructions of the Data Controller by the Data Processor and notifying the Data Controller immediately if asked to do something infringing Data Protection Legislation.
- Co-operation by each Party, at its own cost, with the other Party in respect of complying with obligations under Data Protection Legislation including, but not limited to, input into any data protection impact assessments conducted, subject access requests and any dealings with regulatory/ external authorities.
- Either Party involved in a data breach is to inform the other Party and any regulatory authorities as necessary. Each Party shall provide reasonable assistance to the other Party in the handling of Personal Data breaches.
Any failure on the part of a Data Processor to comply with its obligations under Data Protection Legislation may render the Data Processor subject to fines, penalties, and compensation requirements as set out in Data Protection Legislation.
Nothing in this statement shall relieve either Party of, or otherwise affect, the liability of either Party to any data subject, or for any other breach of that Party’s direct obligations under Data Protection Legislation.
The essence of this statement can also apply as a framework for Data Sharing between 2 Parties as Data Controllers (as disclosing and receiving Parties).
The Company expects that all its suppliers and any companies working with it adhere to all applicable laws, statutes, regulations, and codes from time to time in force and obtain any necessary paperwork to demonstrate compliance. This includes but is not limited to Environmental, Social and Governance (ESG) stipulations in acting as a responsible as well as data conscious business.
This statement and all matters arising therefrom or associates therewith shall be subject to the exclusive jurisdiction of the courts of England & Wales.
*UK Data Protection Act 2018 and UK-GDPR (General Data Protection Regulation)