GDPR Compliance​

In line with the requirements of General Data Protection Regulation (GDPR), Central Business Equipment Limited (herein CBE) have made every effort to identify the Personally Identifiable Information (PII) we require as a company from our customers, in the course of doing business. Below is a list of the PII and the purpose for which we must seek and retain this information along with the legal grounds on which we do this.

PII Description Reason Collected and Maintained GDPR Classification of CBE Company Retention Period Statutory Retention Period Declared Legal Ground for Processing PII
PII Description Customer and Customer Employees Names Reason Collected and Maintained To allow us to contact you and/or the correct people in your organisation and conduct business GDPR Classification of CBE Data Controller Company Retention Period Duration of Contract / Supply of Services + 1 Year Statutory Retention Period None Declared Legal Ground for Processing PII Necessary in the pursuit of the legitimate interest of the organisation or a third party
PII Description Customer and Customer Employees Phone Numbers Reason Collected and Maintained To allow us to contact you and/or the correct people in your organisation and conduct business GDPR Classification of CBE Data Controller Company Retention Period Duration of Contract / Supply of Services + 1 Year Statutory Retention Period None Declared Legal Ground for Processing PII Necessary in the pursuit of the legitimate interest of the organisation or a third party
PII Description Customer and Customer Employees Email Addresses Reason Collected and Maintained To allow us to contact you and/or the correct people in your organisation and conduct business GDPR Classification of CBE Data Controller Company Retention Period Duration of Contract / Supply of Services + 1 Year Statutory Retention Period None Declared Legal Ground for Processing PII Necessary in the pursuit of the legitimate interest of the organisation or a third party
PII Description Customer and Customer Employees Biometric ID Reason Collected and Maintained Used to log into the EPOS system GDPR Classification of CBE Data Processor Company Retention Period Duration of Contract / Supply of Services + 1 Year Statutory Retention Period None Declared Legal Ground for Processing PII Necessary in the pursuit of the legitimate interest of the organisation or a third party
PII Description Customer and Customer Employees Photograph Reason Collected and Maintained Used to create the Employee Profile in the EPOS software GDPR Classification of CBE Data Processor Company Retention Period Duration of Contract / Supply of Services + 1 Year Statutory Retention Period None Declared Legal Ground for Processing PII Necessary in the pursuit of the legitimate interest of the organisation or a third party
PII Description Member of Public PII (aka CBE Customer’s Customer) PII on EPOS systems Reason Collected and Maintained To allow us to deliver the services as per the contract with the Customer who is the Data Controller GDPR Classification of CBE Data Processor Company Retention Period Duration of Contract / Supply of Services + 90 Days Statutory Retention Period None Declared Legal Ground for Processing PII Necessary in the pursuit of the legitimate interest of the organisation or a third party
PII Description Member of Public PII (aka CBE Customer’s Customer) on Rewards Points Systems Reason Collected and Maintained To allow us to deliver the services as per the contract with the Customer who is the Data Controller GDPR Classification of CBE Data Processor Company Retention Period Duration of Contract / Supply of Services + 90 Days Statutory Retention Period None Declared Legal Ground for Processing PII Necessary in the pursuit of the legitimate interest of the organisation or a third party
IMPORTANT NOTES
  1. The legal grounds claimed for processing the PII identified above falls under article 6.1 f) of GDPR which states; ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party’.
  2. Where the company has been identified in the above table as the Data Processor, this infers that the customer is the data controller and as such has responsibilities for the methods and legal grounds for gathering, collating and transferring the data along with defining the intended purposes and any specific terms by which The Company must abide over and above what has been defined in this document.
  3. None of the above affects the rights of the data subjects in each case and we will ensure compliance and deal with all data subject requests as per the requirements detailed in GDPR.
  4. Member of Public PII related to the customers of CBE’s customers. Such PII may include any or all of the following, depending on the software products used: Name, Email, Phone, Address, Photograph/Video, Loyalty Card Number, Car Registration, Driver’s License Number