Search
We Are Fulfilment, warehousing and fulfilment services, pick and pack services, scalable order fulfilment solutions

Privacy Policy

Privacy Notice

Privacy Notice We Are Fulfilment Limited (Company Number: 13804012) 

Registered Address – We Are Fulfilment Ltd, Station Park, Kirkby-in-Ashfield, NG17 7RB.  

Registered in England and Wales 

Data Protection Officer contact details – reporting@wearefulfilment.co.uk 

Your personal data – what is it? 

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”). 

Who are we?

We Are Fulfilment Limited is the data processor. This means that we process data on behalf of data controllers for the purpose of e-commerce fulfilment. 

How do we process your personal data? 

For the purpose of e-commerce fulfilment for parters and clients, your data may be obtained, retained and processed. The data processed may include your name, postal address, email address or telephone number.

We Are Fulfilment Ltd complies with its obligations under the General Data Protection Regulations (GDPR) by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

The purpose of the processing of the data is to process orders on behalf of the data controller in order to fulfil orders. Our lawful bases for processing data are; The processing is necessary for a contract which has been entered into by the data subject with the data controller as well as the contractual obligations of We Are Fulfilment Ltd with the data controller.

This relates to the provision of goods and services by the data controller and We Are Fulfilment Ltd whereby the processing of personal data is necessary for the purpose of delivery etc.

The processing is necessary to comply with relevant legal obligations. Where an order has been placed, we may obtain and store personal data relating to an order or purchase placed with the data controller.

Where personal data has been obtained, it will be held for sufficient time to enable We Are Fulfilment Ltd to carry out its duties under the contract formed with the data controller and for the provision of goods and services by the data controller and the data processor. We will only process your data for the purposes for which it was collected and for the purpose of satisfying any legal or accounting requirements.

By law, we are required to retain certain types of data for a period of 6 years. We do not sell,rent or exchange your personal data with any third party for commercial reasons. We follow strict security procedures in the storage and disclosure of information which has been provided to us by the data controller, to prevent unauthorised access in accordance with the General Data Protection Regulations. We do not collect sensitive information about you except when you specifically and knowingly provide it.

Your personal data may be shared with third party companies. This may include couriers and delivery companies as well as courier management systems. The sharing of such data to these third party companies is necessary for the fulfilment of orders and does not exceed any reasonable expectation of the processing of the data. Your personal data may be transferred out of the European Union to our US Fulfilment Centre or to third parties such as couriers where necessary for the performance of a contract between yourself and the organisation or for the performance of a contract made in your interests between the controller and another person.

Your rights and your personal data Unless subject to an exemption [under the GDPR], you have the following rights with respect to your personal data: – The right to request a copy of your personal data which We Are Fulfilment Ltd holds about you; The right to request that We Are Fulfilment Ltd correct any personal data if it is found to be inaccurate or out of date; The right to request your personal data is erased where it is no longer necessary for We Are Fulfilment to retain such data; The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), where applicable.

The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing; The right to object to the processing of personal data, where applicable. The right to lodge a complaint with the Information Commissioner’s Office. 

Please email us at reporting@wearefulfilment.co.uk (ensure you provide proof of identification when emailing) if 

  • you object to your personal details being processed, or 
  • you believe we hold the incorrect details for you and would like us to rectify the data we hold, or 
  • you would like us to delete the data we hold for you, or 
  • you would like to restrict how we process your data, or 
  • if you entered into a contract with us and would like a copy of the data we hold about you in a format which can easily be transferred to another provider. 

Please note that you have the right to request the above, however, when we receive your requests we may object to your request if we do not agree with it. However, if you do make the request we will tell you if the request has been granted or not. Contact Details To exercise all relevant rights, queries of complaints please in the first instance contact We Are FulfilmentFulfilment Limited by emailing reporting@wearefulfilment.co.uk, or by post We Are Fulfilment Limited, Station Park, Lowmoor Road, Kirkby In Ashfield, NG17 7RB. Alternatively, you can contact the Information Commissioner by calling the ICO Helpline 0303 123 1113 – www.ico.gov.uk/complaints.

We Are Fulfilment GDPR Policy

Introduction

We Are Fulfilment (WAF) is committed to ensuring the protection and security of personal data in compliance with the General Data Protection Regulation (GDPR). GDPR, which came into effect on 25th May 2018, establishes a legal framework for the processing and handling of personal data within the European Union (EU) and the European Economic Area (EEA). This policy outlines how WAF manages personal data, ensures compliance with GDPR, and implements cybersecurity measures to safeguard data. It also details our approach to GDPR methodologies and cybersecurity audits, ensuring that our business processes are aligned with the regulatory requirements.

1. Scope

This policy applies to all employees, contractors, and third-party service providers who process personal data on behalf of We Are Fulfilment Ltd (WAF). It covers all personal data, regardless of format, including data collected through websites, applications, fulfilment processes, and any other business operations. This policy is applicable to the collection, storage, processing, transfer, and destruction of personal data.

2. GDPR Compliance Principles

WAF adheres to the following GDPR principles, which guide our data protection practices:

  1. Lawfulness, Fairness, and Transparency: Personal data shall be processed lawfully, fairly, and in a transparent manner. WAF ensures that data subjects are informed of how their data is being used and the purposes of its processing.
  2. Purpose Limitation: Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes. WAF limits data processing to what is necessary for fulfilling our contractual and legal obligations.
  3. Data Minimisation: Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. WAF collects only the data necessary to achieve the intended purposes of processing.
  4. Accuracy: Personal data shall be accurate and, where necessary, kept up to date. WAF takes reasonable steps to ensure that inaccurate or outdated data is corrected or deleted promptly.
  5. Storage Limitation: Personal data shall be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the data is processed. WAF establishes retention periods based on legal and business requirements.
  6. Integrity and Confidentiality: Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.
  7. Accountability: WAF is responsible for, and must be able to demonstrate, compliance with these principles.

3. Data Subject Rights

Under GDPR, data subjects have the following rights concerning their personal data:

  1. Right to be Informed: Data subjects have the right to be informed about the collection and use of their personal data. WAF provides clear and transparent information on how personal data is processed
  2. Right of Access: Data subjects have the right to access their personal data and receive a copy of the information WAF holds about them.
  3. Right to Rectification: Data subjects have the right to request the correction of inaccurate personal data and to complete incomplete data.
  4. Right to Erasure (Right to be Forgotten): Data subjects have the right to request the deletion of their personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
  5. Right to Restrict Processing: Data subjects have the right to request the restriction or suppression of their personal data under certain conditions.
  6. Right to Data Portability: Data subjects have the right to obtain and reuse their personal data across different services, allowing them to move, copy, or transfer personal data easily.
  7. Right to Object: Data subjects have the right to object to the processing of their personal data in certain situations, such as for direct marketing purposes.
  8. Rights Related to Automated Decision-Making: Data subjects have rights concerning automated decision-making and profiling. WAF ensures that any automated decisions impacting individuals are made with appropriate safeguards.

4. Data Collection and Processing

4.1 Data Collection

WAF collects personal data directly from data subjects through various channels, including but not limited to:

•Online forms and surveys

•Registration processes for services

•Communication via email or phone

•Fulfilment service requests

The types of personal data collected may include:

•Contact information (e.g., name, email address, phone number)

•Payment details

•Delivery addresses

•Transactional data

•IP addresses and device identifiers

4.2 Data Processing

WAF processes personal data for the following purposes:

•Fulfilling customer orders and service requests

•Managing customer relationships and communications

•Processing payments and managing accounts

•Complying with legal and regulatory obligations

•Improving our services and user experience

•Conducting internal audits and fraud prevention activities

Personal data processing is based on one or more of the following legal bases:

•The data subject has given consent for one or more specific purposes.

•The processing is necessary for the performance of a contract with the data subject or to take steps prior to entering into a contract.

•The processing is necessary for compliance with a legal obligation.

•The processing is necessary to protect the vital interests of the data subject or another person.

•The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.

•The processing is necessary for the legitimate interests pursued by WAF or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

5. Data Security and Cybersecurity Measures

WAF is committed to ensuring the security and confidentiality of personal data. To achieve this, we implement the following cybersecurity measures:

5.1 Technical Measures

•Encryption: Personal data is encrypted during transmission and at rest to protect it from unauthorised access.

•Access Controls: WAF enforces strict access controls to ensure that only authorised personnel have access to personal data.

•Firewalls and Intrusion Detection Systems: We use firewalls and intrusion detection systems (IDS) to monitor and protect our networks from cyber threats.

•Regular Security Updates: All systems and software are regularly updated to protect against vulnerabilities and exploits.

•Data Anonymisation and Pseudonymisation: Where possible, WAF anonymises or pseudonymises personal data to minimise the risk to data subjects.

5.2 Organisational Measures

•Data Protection Officer (DPO): WAF has appointed a DPO responsible for overseeing data protection strategy and ensuring compliance with GDPR.

•Staff Training: Employees receive regular training on GDPR compliance, data protection practices, and cybersecurity awareness.

•Data Protection Impact Assessments (DPIAs): WAF conducts DPIAs to assess and mitigate risks associated with the processing of personal data, especially when new technologies or processes are introduced.

•Incident Response Plan: WAF has a detailed incident response plan to address and mitigate the effects of any data breach or security incident.

6. GDPR Methodologies

WAF employs GDPR methodologies to ensure that all data processing activities are aligned with regulatory requirements. These methodologies include:

6.1 Data Protection by Design and by Default

WAF integrates data protection into all business processes and systems from the outset. This involves designing and implementing appropriate technical and organisational measures to ensure compliance with GDPR principles. Our approach includes:

•Minimising the amount of personal data collected and processed

•Implementing strong security measures to protect data

•Ensuring that data is only accessible to those who need it for legitimate purposes

6.2 Data Protection Impact Assessments (DPIAs)

DPIAs are conducted for any processing activities that may result in high risks to the rights and freedoms of individuals. The DPIA process involves:

•Identifying and assessing potential risks to data subjects

•Evaluating the necessity and proportionality of the processing

•Implementing measures to mitigate identified risks

•Consulting with the Data Protection Officer (DPO) and, where necessary, regulatory authorities

6.3 Record Keeping

WAF maintains detailed records of all processing activities, as required by GDPR. These records include:

•The purposes of processing

•Categories of data subjects and personal data

•Data retention periods

•Details of any data transfers to third countries

•Security measures implemented to protect personal data

These records enable WAF to demonstrate compliance with GDPR and facilitate audits by regulatory authorities.

7. Cybersecurity Audits

WAF conducts regular cybersecurity audits to ensure that our systems and processes remain secure and compliant with GDPR. These audits include:

7.1 Internal Audits

•Frequency: Internal audits are conducted at least annually or more frequently if needed.

•Scope: Audits cover all aspects of data security, including access controls, encryption, data storage, and incident response procedures.

•Review: The results of internal audits are reviewed by senior management, and any identified vulnerabilities are promptly addressed.

7.2 External Audits

•Engagement with Third-Party Auditors: WAF engages independent third-party auditors to conduct external audits and provide an unbiased assessment of our cybersecurity posture.

•Compliance Verification: External audits verify our compliance with GDPR and other relevant regulations, ensuring that our practices meet the highest standards of data protection.

•Audit Reporting: Findings from external audits are documented and shared with relevant stakeholders, including regulatory authorities if necessary.

8. Third-Party Data Processors

WAF works with third-party data processors to deliver services to our customers. We ensure that all third-party processors comply with GDPR by:

•Conducting due diligence and selecting processors with strong data protection practices

•Establishing clear data processing agreements that define the responsibilities of each party

•Regularly monitoring and auditing third-party processors

UK Fulfilment Centre, Logistics, 3PL

We Are Fulfilment 1

Unit 4, Julias Way
Lowmoor Road
Kirkby-in-Ashfield
NG17 7RB

UK Fulfilment Centre, Logistics, 3PL

We Are Fulfilment 2

Mark St
Sandiacre
Nottingham
NG10 5AD

Menu

Legal

Request pricing here

We Are Fulfilment can help supercharge your eCom with tailored solutions designed for your needs.

Please fill out the information opposite, and we’ll have one of our fulfilment specialists get back to you shortly.

Complete the form or call:

01623 259 580

The We Are Fulfilment team are available weekdays 8am-5pm.

Main eCom platform :
Shipments per month:

Get In Touch

We Are Fulfilment can help supercharge your eCom with tailored solutions designed for your needs.
Please fill out the information opposite, so we can understand how best we could work with you.

Complete the form or call

01623 259 580

The We Are Fulfilment team are available weekdays 8am-5pm.

How many orders do you ship per month?
How are you currently fulfilling orders?
Are your products classed as hazardous or dangerous?
Do you currently sell:
How much storage do you require to house your stock?
How do you currently package your products?
Is there anything else we should know about your business?
How did you hear about us?