Supplier Data Protection and GDPR Compliance

Supplier Data Protection and GDPR Compliance: By processing any request for products or services, the Supplier agrees to process any personal data provided by Commercial Fuel Solutions Limited (the Purchaser) in accordance with UK GDPR and relevant data protection laws. The Supplier shall act as a Data Processor and process data only per the Purchaser’s written instructions:

1. Purpose: The data provided is solely for fulfilling deliveries or services requested by the Purchaser.

2. Data Categories: Only the name, address, and contact details shared in this request shall be used.

3. Security: The Supplier must implement industry-standard security measures, including encryption and access controls, to protect personal data from unauthorized access or use.

4. Retention: The Supplier will retain customer data only for the duration necessary to complete the delivery and comply with legal requirements, after which the data must be securely deleted.

5. Restrictions: The Supplier shall not use, share, or disclose the data for any purpose other than fulfilling the agreed-upon delivery, goods, or services.

6. Handling: The Supplier will implement appropriate technical and organizational measures for handling personal data and will not transfer data outside the UK or EEA without prior written consent from the Purchaser.

7. Breach Notification: The Supplier must notify the Purchaser promptly in the event of any data breach within 24 hours of identifying any such breach.