Privacy Notice (GDPR Compliant)

Data controller: CDW Systems Ltd, 1 Eastbrook Road, Gloucester GL4 3DB

The Company collects and processes personal data relating to its customers & suppliers to enable management of the business relationship. We are committed to being transparent about how we collect and use that data and to meeting our data protection obligations.

What information does the Company collect?

We collect and process the information we require to enable the business relationship to function. This includes:

  • your name, address and contact details, including email address and telephone number & financial information where applicable.

We collect this information in a transparent way and only with the full cooperation and knowledge of interested parties.

In some cases, we may collect personal data about you from third parties, such as references supplied by other businesses, information from credit reference agencies and information from criminal records checks permitted by law.

Data will be stored in a range of different places, including in the business management systems and in other IT systems (including our email system).

Why does the Company process personal data?

We need to process data in order that we can provide & manage your account appropriately, including:

  • Supply/receive products and/or services to/from you
  • Liaise with you by email/fax regarding your/our requirements
  • Administer the necessary processes regarding your account.
  • Maintain accurate records.

In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, we are required to check authenticity.

In other cases, we have a legitimate interest in processing personal data before, during and after the end of the business relationship. Processing data allows us to:

  • maintain accurate and up-to-date records and contact details, and records of contractual and statutory rights;
  • operate and keep a record of account activity;
  • operate and keep a record of performance and related processes, to plan for business development, and for succession planning and account management purposes;
  • ensure effective general and business administration;
  • provide references on request.
  • respond to and defend against legal claims.

Who has access to data?

Your information may be shared internally, including with members of the sales team, production managers/supervisors and IT staff if access to the data is necessary for performance of their roles.

We may share your data with third parties in order to obtain pre contract references and obtain company background checks from third-party providers. We may also share your data with third parties in the context of a sale of some or all of our business. In those circumstances the data will be subject to confidentiality arrangements.

We may also share your data with third parties that process data on our behalf, in connection with product procurement & deliveries.

We may also share your data with third parties that provide professional services such as our accountants.

We will not transfer your data to countries outside the European Economic Area.

How does the Company protect data?

We take the security of your data seriously. We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the performance of their duties.

Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and Company measures to ensure the security of data.

For how long does the Company keep data?

We will hold your personal data no longer than is necessary, but for the duration of the business relationship and any additional time as required to fulfil our administrative and legal obligations.

Your rights

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request;
  • require us to change incorrect or incomplete data;
  • require us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
  • object to the processing of your data where we are relying on our legitimate interests as the legal ground for processing.

If you would like to exercise any of these rights, please contact Angela Phillips the Data Protection Officer at

If you believe that we have not complied with your data protection rights, you can complain to the Information Commissioner.

What if you do not provide personal data?

You have some obligations to provide us with any amendments to personal information. Failing to provide the data may mean that you are unable to exercise your statutory rights.

Certain information, such as contact details and payment details have to be provided to enable us to enter a contract with you. If you do not provide other information, this will hinder our ability to administer the rights and obligations arising as a result of the business relationship efficiently.

Automated decision-making

Business decisions are not based solely on automated decision-making.

Security Breach Action

The Company is committed to handling personal data in line with best practice and have procedures in place to use when dealing with and responding to data protection breaches. This is to ensure that incidents are responded to promptly, risks are minimised, learning identified and remedial actions are implemented.


This notice may require updating periodically and a current copy will be available on our website,