Privacy Policy

GDPR COMPLIANCE STATEMENT


The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU) and will be enforceable from May 25 2018 and requires no enabling legislation so automatically becomes binding and applicable on that date.

The GDPR imposes new obligations on organisations that control or process relevant personal data and introduces new rights and protections for EU data subjects.

The GDPR applies to data processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

C Walton Limited places a high importance on information security, and within our Organisation we already comply with a number of standards that also focus on information data security.

C Walton Limited will be complying with the GDPR as a processor and controller of data and have been planning and developing a programme of works which will deliver what is required by the legislation. This will involve working with our suppliers and partner organisations to ensure they can meet these obligations.

As we work towards compliance, we have engaged an external advisor to ensure we deliver best practice in compliance, and our programme up to May 2018 falls into these areas:

  • Customer Contracts: will address GDPR compliance.
  • Policy Development: we are reviewing and developing our range of policies including (but not limited to) our Data Breach Policy, Business Continuity Plans, DPO appointment, Subject Access Requests, Individuals Rights, ICO Good Practice 
  • Website Data Collection & Consent, Privacy Policy: we will provide an updated framework and privacy policy to incorporate the GDPR obligations. This will include legal framework gap analysis arising from the reviews we undertake as the plan progresses. 
  • Data Impact Assessments & Data Inventory: we are undertaking a systematic review of the data we store, manage, maintain, collect, process and control. This includes offline storage and paper records. Assessments of the data will review information flow, any data transfers, risk reviews, and structural position in relation to Lawfulness, Purpose, Minimisation, Accuracy, Consent, Limitation, Integrity & Confidentiality, Record Keeping and Accountability. 
  • Training & Awareness: we will undertake training across the Organisation on the GDPR and its impact on the new policies, procedures, and responsibilities of staff & stakeholders in this new regime. 
  • Controls & Gap Analysis: running alongside the work already underway, we will be reviewing the controls in place, or required. 
  • Supplier & Partner relationships: where relevant and related, we will be using all reasonable endeavours to ensure that our third party and suppliers are complying with the GDPR. 
  • Technology: we will be reviewing our technology platforms to analyse their operation, security, compliance in order to ensure that they meet the standards we have laid down and identify any gaps and risks.
  • Outbound Marketing: GDPR mandates that the processing of personal data can only be undertaken when at least one of six criteria has been met. The most obvious choice for businesses already working with data is 'legitimate interests'. The legitimate interests basis has three elements: identify a legitimate interest; show that processing is necessary to achieve it; and balance it against the individual’s interests, rights and freedoms. C Walton Limited operate exclusively within 'niche' vertical sectors / industrial B-2-B markets. As such we acquire / build data for the sole purpose of highlighting the availability of our data capture / mobile computing solutions and promoting industry best practice to individuals with a defined job function operating within these sectors. We do not undertake mass / 'spam' broadcast marketing that targets non-relevant individuals or organisations with irrelevant information. That said, C Walton Limited recognise that not all target contacts that are relevant to it's operations will wish to receive information on the organisation's products and solutions. C Walton Limited provide an easy 'one button' unsubscribe process that enables email recipients to be automatically and permanently unsubscribed from its master mailing database. Should recipients prefer to contact C Walton Limited directly via other means, such as email or letter, with a request to be unsubscribed then these requests are processed within 24 hours and the requesting party notified directly of the deletion of the data. C Walton Limited maintain a stance of 'legitimate interest' with its customers which has been ratified by external GDPR consultants. 

Our Data Protection Officer, our Senior Management Team and advisors will continue to monitor the programme up to the target date in May 2018 and beyond.

QUICK
ENQUIRY

Bruntingthorpe in Leicestershire is the current home of C Walton Limited, Manheim Auctions, Big Thunder Events, Bruntingthorpe Proving Ground and the Bruntingthorpe Aerodrome, featuring the iconic Cold War Jets Collection as well as a number of other automotive businesses. All situated within the 670-acre site, there is something to meet the needs of each of our customers. Our wide range of facilities allow us to cater for any type of event, from the standard to the obscure, and thanks to our 3.2km straight, Bruntingthorpe still operates as an active airfield.

ISO 9001 Certified (BIAS)