We are registered with the Information Commissioner’s Office (ICO) as a Data Controller for the personal data that we hold and process. We may act as a Data Processor on behalf of certain clients. Our registered address is 1 Loves Hill, Castledawson Road, Magherafelt, Co. Derry, Northern Ireland, BT45 8DP, our registration number is Z8690817, and our Data Protection Co-Ordinator is Kehly Lennon, who can be contacted at 028 7946 9564 and/or firstname.lastname@example.org.
All the information that we hold about you is provided to us by yourself when you seek to use our services. We will tell you why we need the information and how we will use it.
Our Lawful Basis for processing your information
The General Data Protection Regulation (GDPR) requires all organisations that process personal data to have a Lawful Basis for doing so. The Lawful Bases identified in the GDPR are:
- Consent of the data subject
- Performance of a contract with the data subject or to take steps to enter into a contract
- Compliance with a legal obligation
- To protect the vital interests of a data subject or another person
- Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- The legitimate interests of ourselves, or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.
Examples of legitimate interests include:
- Where the data subject is a client or in the service of the controller
- Transmission within a group of undertakings for internal administrative purposes
- Processing necessary to ensure network and information security, including preventing unauthorised access
- Processing for direct marketing purposes, or to prevent fraud and
- Reporting possible criminal acts or threats to public security
Our Lawful Basis is legitimate interests when the data subject is a current or past client. Our Lawful Basis is consent when the data subject has registered their information with us via our website, email or in person.
We use your information to:
- Provide goods, services, deliveries, quotations, and information, for example, catalogues and newsletters
- Process or support payments for goods and services
- Conduct data analysis, testing, and research (including for product development), and also to monitor and analyse usage and activity trends
- Maintain the safety, security and integrity of our services
- Direct your enquiries to the appropriate customer support staff
- Investigate and address your concerns
- Communicate with you about products, services, promotions, studies, surveys, news, updates and events
- Process promotions/competitions, including prizes, and send you information about our services and those of our business partners
- Investigate or address legal proceedings relating to your use of our services/products, or as otherwise allowed by applicable law
- Make statutory returns as required by HMRC
Personal data shall only be used for its intended purpose and will be shared with our Content Management System provider (Bidpath), whose purpose shall be to host and maintain our client database. Personal data is restricted to Mid Ulster Auctions employees with the appropriate access levels. We do not sell our data to third parties.
Moreover, we do not use automated decision-making in the processing of your personal data.
Mid Ulster Auctions collect and process both personal data and special categories of personal data as defined in the GDPR. This includes:
- Phone number
- Industry/ interest
- Payment or bank details (where applicable)
- Date of birth (where applicable)
- Passport number (where applicable)
- Driving licence number (where applicable)
- Vat registration number (where applicable)
- Vehicle registration number (where applicable) ▪ Location details
- Device IP address
We may share your personal data with:
- Delivery partners
- Our business partners
- Our subsidiaries
- The general public when you contribute to a public forum
- Our legal advisors in the event of a dispute or other legal matter
- Law enforcement officials, government authorities, or other third parties to meet our legal obligations
- In connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, refinancing, or acquisition of some or all of our business by another company
- Any other party where we ask you and you consent to the sharing
Transfers to third countries and international organisations
We do not transfer any personal data to third countries or international organisations.
We retain your personal data while you remain a customer, client and/or employee, unless you ask us to delete it. Personal data shall be held for as long as is necessary for the relevant activity or for a maximum of seven years after which all data shall be securely disposed of. Our Retention and Disposal Policy (copy available on request) details how long we hold data for and how we dispose of it when it no longer needs to be held. We will delete or anonymise your information at your request unless:
- There is an unresolved issue, such as claim or dispute
- We are legally required to
- There are overriding legitimate business interests, including but not limitedto fraud prevention and protecting customers’ safety and security.
The General Data Protection Regulation gives you specific rights around your personal data. For example, you have to be informed about the information we hold and what we use it for, you can ask for a copy of the personal information we hold about you, you can ask us to correct any inaccuracies with the personal data we hold, you can ask us to stop sending you SMS text messages or emails, or in some circumstances ask us to stop processing your details. Finally, if we do something irregular or improper with your personal data you can seek compensation for any distress you are caused or loss you have incurred. You can find out more information from the ICO’s website ico.org.uk/for_the_public/personal_information and this is the organisation that you can complain to if you are unhappy with how we deal with you.
Accessing and Correcting Your Information
You may request access to, correction of, or also a copy of your information by contacting us at The Data Protection Co-Ordinator, Mid Ulster Auctions, 1 Loves Hill, Castledawson Road, Magherafelt, Co. Derry, Norther Ireland, BT45 8DP. And/or email email@example.com.
Moreover, you can edit your personal data by accessing your user profile at our website www.midulsterauctions.com
You may opt out of receiving emails and other messages from our organisation by following the instructions in those messages.
- Validate users
- Remember user preferences and settings
- Determine frequency of accessing our content
- Measure the effectiveness of advertising campaigns; and
- Analyse site visits and trends