Introduction of General Data Protection Regulations 2016

The data that we require to fulfil a customer order now falls under the framework laid out in the General Data Protection Regulations 2016. This requires Keen and Toms Holdings and all subsidiary companies to review data that it receives and holds from commercial partners that we have relationships with.

Keen and Toms Holdings do not require any personal information from any customers unless it is provided with the explicit reason of direct home delivery, to register a warranty or to undertake service work; then this information is classed as ‘Personal Data’ for the purposes of the General Data Protection Regulation 2016 and Keen and Toms Holdings will become the ‘Controller’ of that data when working with 3rd party service providers.

If unrequired ‘Personal Data’ is received, Keen and Toms Holdings shall redact, remove or destroy it as appropriate and in accordance with GDPR guidance.

In the cases of ‘Personal Data’ being required for direct home delivery, to register a warranty or to undertake service work, other than for anonymised analysis and profiling, Keen and Toms Holdings will only use ‘Personal Data’ for the purpose it was received for and hold it for the duration of the legitimate interest (ie length of warranty or required relationship with that individual), unless that individual has provided informed consent through opting in.

Any data breaches will be notified to affected parties and the ICO within 72 hours in accordance to GDPR guidelines.

Through continuing to trade with Keen and Toms Holdings and its subsidiaries, you agree to be bound by these Terms and Conditions.

1. Any ‘Personal Data’ received by Keen and Toms Holdings and Subsidiaries (Hypnos Beds Ltd, Hypnos Contract Beds Ltd) will be processed in accordance with General Data Protection Regulations and for the explicit reasons it was supplied to the company.

2. Any ‘Personal Data’ received that is outside of our requirements to fulfil our commercial obligations will be redacted at receipt and will not be entered into any system either within the holding company or any 3rd parties.

3. Any ‘Personal Data’ that is received from any customers or end consumers for the explicit reason of direct home delivery, to register a warranty or to undertake service work, we, Keen and Toms Holdings become the ‘Processor’ of the data.

4. Any ‘Personal Data’ that is received from any customers or end consumers for the explicit reason of direct home delivery, to register a warranty or to undertake service work and that data is passed to a 3rd party then, we, Keen and Toms Holdings would become the ‘Data Controller’.

5. Where we are the ‘Data Processors’ we will hold that data for the duration of the legitimate interest (ie length of warranty or required relationship with that individual).

6. Where we are the ‘Data Controller’ we will hold that data for the duration of the legitimate interest (ie length of warranty or required relationship with that 3rd Party)

7. No Personal Data will be transferred outside the European Union

8. In the event of a data breach within Keen and Toms Holdings the ICO and data subjects will be contacted directly within 72 hours as per GDPR guidelines.