Privacy Policy

Website Privacy Policy 

  1. Introduction 

This Privacy Policy explains how Bendalls Engineering Limited (“we”, “us”, or “our”) collects, uses, and protects your personal data when you visit our website https://bendalls.co.uk/ . We are committed to safeguarding your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. 

 

By using our website, you agree to the practices described in this policy. 

 

  1. Key information 

This section summarises the key UK GDPR information about how we use personal data. More detail appears in the sections below. 

  • Purposes & lawful bases: we use your data to (a) respond to enquiries and provide support, (b) process orders and payments, (c) run and secure our website and prevent fraud, (d) send marketing communications where you have opted in, and (e) comply with legal obligations. 
  • Legitimate interests: where we rely on legitimate interests, these are typically to operate our business, keep our website secure, respond to requests, and improve our services. We consider and balance any potential impact on you, both positive and negative, and your rights under data protection law before processing your personal data on this basis. 
  • Who we share data with: trusted suppliers who help us run our website and business, for example, website hosting and support providers, IT support, email and communications providers, and payment providers, plus professional advisers, for example, accountants, insurers, and legal advisers, and regulators and/or law enforcement where required. 
  • International transfers: if any of our suppliers process personal data outside the UK, we use safeguards such as UK International Data Transfer Agreement (IDTA) and/or adequacy regulations, as applicable. You can request more information about the safeguards we use by contacting us using the details in the “Contact Us” section. 
  • Retention: we keep personal data only for as long as necessary for the purposes described in this policy, including to meet legal, accounting, and reporting obligations. Typical timeframes are set out in the “Data Retention” section. 
  • Marketing: you can withdraw consent for marketing at any time by using the unsubscribe link in any marketing email or by contacting us. 
  • Automated decision-making: we do not use automated decision-making that produces legal effects or similarly significant effects about you. 
  • If you do not provide data: where we need personal data to perform a contract with you or to comply with a legal obligation, and you do not provide that data when requested, we may not be able to provide our products/services or respond fully to your request. 

 

  1. Who We Are 

Company Name: Bendalls Engineering Limited 

Registered Address: Unit 46 Brunthill Road, Kingstown Industrial Estate, Carlisle, Cumbria, United Kingdom, CA3 0EH 

Company Number: 00426047 

Data Controller: Data Protection Officer – Sandi Coulter 

Contact Email: sandra.coulter@bendalls.co.uk or Info@bendalls.co.uk  

 

  1. Personal Data We Collect 

We may collect and process the following types of personal data: 

Data you provide directly 

  • Name 
  • Email Address 
  • Phone Number 
  • Postal Address 
  • Information submitted through contact forms or website registrations 

 

Data collected automatically 

  • IP address 
  • Browser type and version 
  • Device information 
  • Pages visited and time spent on the site 
  • Technical usage data such as pages visited, time spent on the site, and device identifiers 

 

Data from third parties 

  • Analytics providers 
  • Payment processors 
  • Advertising networks: we may receive technical identifiers and information about how users interact with adverts to help us measure and improve our marketing. Where required, we will obtain appropriate permissions before carrying out this type of marketing measurement. 

 

  1. How We Use Your Personal Data 

We may use your information to: 

  • Operate, maintain, and improve our website 
  • Process orders and payments 
  • Respond to enquiries and provide customer support 
  • Send marketing communications with your consent 
  • Improve website performance and user experience 
  • Comply with legal obligations 

 

  1. Legal Basis for Processing 

We process your personal data under one or more of the following legal bases: 

  • Consent: for example, when you opt into marketing communications 
  • Contractual Necessity: to provide services or responses you request 
  • Legitimate Interests: such as improving our website functionality 
  • Legal Obligation: where required by law 

We link purposes to legal bases as follows: (a) responding to enquiries and providing customer support – legitimate interests and/or contract (depending on the context of your request); (b) processing orders and payments – contract; (c) operating, maintaining, improving, and securing our website (including troubleshooting, fraud prevention, and network security) – legitimate interests and/or legal obligation; (d) sending marketing communications – consent (where you have opted in); and (e) compliance with legal obligations (for example, tax and accounting) – legal obligation. Where we rely on legitimate interests, we balance our interests against your rights and the likely impact on you. 

 

  1. How We Share Your Data 

We may share your personal data with trusted third parties that help us operate our website and business, including the categories below. 

  • Service providers, for example, website hosting and support providers, IT support providers, email and communications providers, and payment providers. 
  • Professional advisors. 
  • Regulators or law enforcement where legally required. 

We do not sell your personal data. 

 

  1. International Data Transfers 

Some of our service providers may be located outside the UK, or may access personal data from outside the UK, for example where a supplier uses overseas support teams or data centres. Where this occurs, we ensure that the transfer is protected by appropriate safeguards, such as adequacy regulations or approved contractual protections, for example, the UK International Data Transfer Agreement (IDTA) and/or the UK Addendum to the EU Standard Contractual Clauses, as applicable.  

 

You can request further information about the relevant safeguards by contacting us using the details in the “Contact Us” section. 

  • UK GDPR approved standard contractual clauses 
  • Adequacy decisions for approved countries 

 

  1. Data Retention 

We keep personal data only for as long as necessary for the purposes described in this policy. Retention depends on factors such as the nature of the data, why we collected it, whether we have an ongoing relationship with you, and any legal requirements. Where possible, we either delete personal data or anonymise it so it can no longer be linked to you. 

 

General retention periods may include: 

  • Enquiry and contact records, including contact form submissions and related emails – typically up to 24 months after our last interaction, unless a longer period is needed to deal with a complaint, dispute, or legal claim. 
  • Customer and supplier contract records, including orders, invoices, and related correspondence – typically 6 years after the end of the relevant financial year, to meet accounting and tax requirements. 
  • Marketing consent and suppression records, to record your preferences and ensure we respect opt-outs – until you withdraw consent or opt out, and then for a limited period afterwards to maintain a suppression list. 
  • Security and technical logs – typically up to 12 months, unless we need to keep them longer to investigate a security incident. 

 

  1. Your Rights 

Under UK GDPR, you have the right to: 

  • Access your personal data 
  • Correct inaccurate data 
  • Request deletion (“the right to be forgotten”) 
  • Restrict or object to processing 
  • Request data portability 
  • Withdraw consent at any time 
  • Lodge a complaint with the Information Commissioner’s Office (ICO) 

To exercise your rights, please contact us using the details in the “Contact Us” section. We typically respond within one month, subject to extensions where permitted. If you have a complaint about how we handle your personal data, we would appreciate the chance to deal with it first—please contact our Data Protection Officer using the details above. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at any time. 

Information Commissioner’s Office (ICO): Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Tel: 0303 123 1113. Website: https://ico.org.uk 

 

  1. Security 

We implement appropriate technical and organisational measures to protect your personal data from loss, misuse, and/or unauthorised access. However, no online transmission is completely secure. 

 

  1. Links to Other Websites 

Our website may contain links to third-party sites. We are not responsible for those sites’ privacy practices and encourage you to review their policies. 

 

  1. Changes to this Policy 

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date. For material changes, we may take additional steps to notify users. 

 

  1. Contact Us 

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at: 

Email: Info@bendalls.co.uk 

Address: Unit 46 Brunthill Road, Kingstown Industrial Estate, Carlisle, Cumbria, United Kingdom, CA3 0EH