Software As A Service, Internet Auction Services
Privacy, Data & Cookies Policy
We want you to know that when you use our organisation you can trust us with your information. We are committed to protect your rights as part of the GDPR and available as listed below should you have any questions or concerns. This Privacy Notice describes the information we collect about you, how it is used and shared, and your rights regarding it. We may update this policy from time to time and shall indicate on the website when changes have been made.
We are permitted to store cookies on your computer if they are essential to the operation of our website. We require your consent to use non-essential cookies on your computer. By consenting to our cookie settings you are consenting to the use of the data collected as set out in this policy.
You can stop cookies from being placed on your device. However, this will have an impact on the performance of our website. If you do still wish to know how to disable your cookies, please follow the guidance provided by your internet browser software.
Description of processing
The following is a broad description of the way Bidpath Limited works with our client organisations (Data Controller) to processes personal information. To understand how your own personal information is processed you may need to refer to any direct communications you have received or in the privacy notices the organisation has provided or contact that organisation directly to ask about your personal circumstances
Reasons/purposes for processing information
We process personal information to enable us to provide auction services to our client organisations and take direction from them as the Data Controller to maintain our accounts and records and to support and manage our services to the client.
All the information that we process about you is provided to us by yourself when you seek to use our services provided through our client organisations. This information may include name, address, email address, phone number, financial and credit card information. We will tell you why we need the information and how we will use it.
The General Data Protection Regulation (GDPR) requires all organisations that process personal data to have a Lawful Basis for doing so. The Lawful Bases identified in the GDPR are:
- Consent of the data subject
- Performance of a contract with the data subject or to take steps to enter into a contract
- Compliance with a legal obligation
- To protect the vital interests of a data subject or another person
- Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- The legitimate interests of ourselves, or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.
Examples of legitimate interests include:
- Where the data subject is a client or in the service of the controller
- Transmission within a group of undertakings for internal administrative purposes
- Processing necessary to ensure network and information security, including preventing unauthorised access
- Processing for direct marketing purposes, or to prevent fraud and
- Reporting possible criminal acts or threats to public security
Our Lawful Basis is legitimate interests when the data subject is a current or past client. Our Lawful Basis is consent when the data subject has registered their information with us via our website, email or in person.
Personal data shall only be used for its intended purpose and shared with only our employees, suppliers and vendors as needed to administer the services provided to you. Personal data is restricted to employees with the appropriate access levels. We do not sell our data to third parties.
We collect and process both personal data and special categories of personal data as defined in the GDPR. This includes name, e-mail, address, device IP address and other similar data elements as defined and required by our client organisations acting as the Data Controller.
We may share your personal data with:
- Delivery partners
- Our business partners
- Our subsidiaries
- The general public when you contribute to a public forum
- Law enforcement officials, government authorities, or other third parties to meet our legal obligations
- In connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, refinancing, or acquisition of some or all of our business by another company
- Any other party where we ask you and you consent to the sharing
We are not responsible for their data policies, content or the security of these linked websites. We do not have any control over the use to which third parties may put your data where you choose to purchase products or services or otherwise to contact them via our Site or materials.
Data Retention Policy
We retain your personal data while you remain a customer, client and/or employee, unless you ask us to delete it. Personal data shall be held for as long as is necessary for the relevant activity or for a period of seven years after which all data shall be securely disposed of. Our Retention and Disposal Policy (copy available on request) details how long we hold data for and how we dispose of it when it no longer needs to be held. We will delete (anonymise) your information at your request unless:
- There is an unresolved issue, such as claim or dispute
- We are legally required to
- There are overriding legitimate business interests, including but not limitedto fraud prevention and protecting customers’ safety and security.
BidPath Limited Employees
Data Controller / Data Processor
We are registered with the Information Commissioner’s Office (ICO) as a Data Controller for the personal data that we hold and process. Although, as a Software As A Service Internet Auction Services , we act as a Data Processor on behalf of our clients. We are Bidpath Limited, a company registered in England and Wales with Company Registration no. 08613187 and registered office at C/O Sagars Accountants Ltd Gresham House, 5-7 St. Pauls Street, Leeds, West Yorkshire, LS1 2JG., and our Data Protection Officer is Francis Juliano, who can be contacted at 44(0) 845 163 0584 and/or DPO@bidpath.com.
We reserve the right to notify any users of our services of any major change to our policies by email, except for users that have elected to opt out or revoke communications from us.
Last revised 24-May-2018