Somerset Solders GDPR Statement
Somerset Solders is a brand of Somerset Solders Ltd. This document is a brief statement of intent, to confirm and support the procedures extensively covered under the Somerset Solders Ltd General Data Protection Regulation Policy.
Somerset Solders Ltd is a company registered in England and Wales, registration number 7556658 and registered office at 124 High Street, Midsomer Norton, Somerset BA3 2DA. Somerset Solders Ltd regards the data protection, privacy and the rights of individuals and companies, whether customers and suppliers or any organisation or service provider that we have a business relationship with, as paramount, and endeavours to ensure that procedures are in place to protect all personal data.
All personal data supplied by the client (the controller) is held for the purpose of administering and processing by Somerset Solders Ltd (the processor) to fulfil the contract between both parties.
Control of personal data includes the following procedures:
a) All employees of Somerset Solders Ltd sign a confidentiality agreement as part of their contract of employment ensuring they abide by GDPR regulations.
b) Data is held in the following methods:
i) Web site personal data entry and order processing – www.somersetsolders.com is an SSL site which complies with TLS 1.2, has 128 keys and uses AES 128 GCM wSHA256 encryption. The data server runs Centos 7.4 with a CSF v12 software firewall.
ii) On-site Company personal data is held on a secure server with a BT business firewall. Sophos antivirus and malware package is present on the server and all PC’s within the Company and set for automatic virus updates. All e-mails deemed to contain personal information are sent by Cirius Secure Messaging Email Encryption service operating Bank secure 256bit AES encryption. This protection software is also responsible for secure file sharing and documentation requiring Secure Electronic Signatures.
The Company is committed not only to the letter of the law, but also to the spirit of the law and places high importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals with whom it deals.
GDPR Policy V1.0_010518