Privacy Notice

1. Purpose and scope

CMS Distribution trading as Busbi is a distributor and reseller of IT products and services, headquartered in Ireland with affiliates all around the world. When we refer to ‘we’, ‘us’ or ‘our’ in this Privacy Notice we are referring to CMS Distribution and our affiliates (where ‘affiliates’ refers to other legal entities that we own or control).

This Privacy Notice explains how we collect, use, store, process, disclose, and delete personal data (as defined in this Privacy Notice) you provide directly to us or that we receive from your authorised third parties including, without limitation, that you provide to us via this website, or any website of our affiliates (all referred to as ‘website’) that post or link to this Privacy Notice, accessed through any medium, including via computer, mobile device, or other device. This Privacy Notice also outlines your rights in respect to your personal data.

We provide our customers with the ability to access a variety of product information and service offerings made available by us and various preferred providers (“offerings”) both directly from us and through resellers, distributors and vendors. Each offering may be subject to specific privacy policies which may supersede or complement the terms of this privacy policy. We encourage you to carefully read any specific privacy policy of the relevant offering before accessing or using that offering.

Although we encourage you to read this entire Privacy Notice, this is a summary of some of the more important aspects of the Privacy Notice:

• Each offering may include its own specific privacy policy. You should carefully read the privacy policy of any offering before accessing or using that offering.

• We may collect personal data and other information from you through a variety of sources, both online and offline. We may also combine it with information we receive about you from other sources, such as affiliates, publicly available information sources (including social media platforms), and other third parties.

• We will not use or share your personal data except as described in this Privacy Notice.

• Where applicable, we honour opt-out instructions from you for certain uses of your personal data under this Privacy Notice, for example, when you opt out of receiving marketing email communications from us or request us to delete your personal data.

• We use appropriate technical and organisational controls to secure and protect your Personal data and whilst we cannot ensure or warrant that your personal data will be completely secure from misappropriation by hackers or from other nefarious or criminal activities, we believe that our measures reduce the risk of such activities happening.

 

2. General principles for the processing of personal data

Personal data will be collected, stored, processed, and transmitted in accordance with our established policies and applicable local and international laws and regulations.

The principles that we respect to the processing of personal data are as follows:

1. Personal data will be processed fairly, lawfully, and transparently,

2. Personal data will be collected for specified, explicit, and legitimate purposes and not further processed for incompatible purposes.

3. Personal data collected by us will be adequate, relevant, and not excessive in relation to the purposes for which it is collected.

4. Personal data collected by us will be accurate and, where necessary, kept up to date to the best of our ability.

5. Personal data will be protected against unauthorised access and processing using appropriate technical and organisational security measures and controls.

6. Personal data collected by us will be retained as identifiable data for no longer than necessary to serve the purposes for which the personal data was collected.

7. If we engage in the processing of personal data for purposes other than those specified in this Privacy Notice, we will provide notice of these changes, the purposes for which the personal data will be used, and the recipients of the personal data.

 

3. Collection of information

We may collect personal data about you from a variety of sources, including, directly from you through the operation of the website.

'Personal data' collected by us includes:

• Your first and last name;
• Your address;
• Email address;
• Phone number;
• Purchase information and history;

 

Sensitive information (special categories of data)

Unless we specifically request or invite it, we ask that you do not send or disclose to us, any sensitive personal data (e.g. information related to racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background or trade union membership) on or through our website or otherwise to us. In those cases where we may request or invite you to provide sensitive personal data, we will do so with your explicit consent, which you may withdraw at any time.

 

Information you provide voluntarily

We may collect personal data directly from you when you voluntarily provide it to us. For example, when you communicate with us through the website, or by way of email, online chat, and web forms.

 

Information that we collect automatically

When you visit our website, respond to our emails or otherwise communicate with us, we may collect certain information automatically from you or your device. Specifically, the information we collect automatically from devices may include information like your IP address, device type, unique device identification numbers, browser-type, your Media Access Control (MAC) address, broad geographic location (e.g. country or city-level location) and other technical information.

We may also collect information about how your device has interacted with our website, including the pages accessed and links clicked. We may collect online behavioural data linked to online identifiers through tracking technology and this may be matched to personal data to improve our offerings to you. We will never process your personal data unlawfully and we will also ensure your rights and freedoms are protected.

We use this information for our internal analytics purposes and to improve the quality and relevance of our website to our visitors. Some of this information may be collected using cookies and similar tracking technology, as explained further under the Section 7 and 8 below.

 

From our vendors

We may obtain personal data about you from vendors that make offerings available through us.

 

From third -party information providers

We may also obtain personal data from third parties that have obtained or collected information about you and that have the right to provide that personal data to us. We will only obtain this personal data where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal data to us.

 

4. Use of information

We’ll use the personal data we collect to operate our business and provide you with information or offerings on this website and personalise your experiences. We may also use the personal data we collect about you through the Website to generate anonymised, aggregated data. When we do so, we ensure that the anonymised, aggregated data is no longer personally identifiable and may not later be used to identify you.

No personal data will be used in automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.

If you prefer not to provide Personal data, then in some circumstances we might not be able to process your request (e.g. purchasing an offering). If you feel it is unnecessary to provide the personal data, we are specifically asking for please contact us to discuss further.

 

5. Information sharing

We share your personal data as necessary to provide any information or offering you have requested or with your consent where appropriate.

We may also share personal data to respond to legal process, to protect our customers, to maintain the security of our business, and to protect our rights or property. You can contact us anytime around how we share your data.

 

Affiliates and business units

We may share your personal data with our affiliates regardless of whether these entities share our name or brand. We may also share your personal data with other business units that also offer products or services under our brand or one of our affiliates. Our affiliates and business units will use your personal data we share with them in a manner consistent with this Privacy Notice.

 

Law enforcement and safety

We may share your personal data with any competent law enforcement, regulatory or government agency, court, or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) in connection with actual or proposed litigation, (iii) to exercise, establish or defend our legal rights or interests or protect our property, security and people, or (iv) to protect your vital interests or those of any other person.

 

Sale or acquisition of assets

If we transfers ownership or control of any portion of our business or the website to an actual or potential buyer, whether in the context of an acquisition, merger, reorganisation, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings), we may transfer your personal data to that actual or potential buyer, provided that the use of your personal data by that third party remains subject to applicable law and regulations.

 

Other

If you have asked us to share data with third party sites (such as social media sites), their servers may not be secure. Note also that, despite the measures taken by us and the third parties we engage, the internet is not secure. As a result, others may nevertheless unlawfully intercept or access private transmissions or data.

 

6. Other important privacy information

Below you will find additional privacy information you may find important.

 

Your data protection rights

You can exercise your rights at any time by contacting us using the information in the ‘Questions and contact information’ section below.

You have the following data protection rights:

1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object

 

Similarly, if we have collected and process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.

You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority, we provide a selection of authorities below for your convenience:

• UK – ico.org.uk
• Ireland - dataprotection.ie
• France – cnil.fr
• Germany - bfdi.bund.de
• Netherlands – autoriteitpersoonsgegevens.nl
• Sweden – imy.se
• USA – ftc.gov

 

Security of personal data

We take what we consider to be appropriate technical and organisational controls and measures to secure and protect your personal data from unauthorised or unlawful processing and against accidental loss or destruction of, or damage to it, or its misuse, and disclosure. These include strong user access controls, segmented network architecture, security software and comprehensive employee policies and training. It is a priority of ours to ensure all personal data is protected and secured to the highest level.

While no system is completely secure, we believe the measures implemented by us reduce our vulnerability to security problems to a level appropriate to the type of data involved. We have security measures in place to protect our user database and access to this database is restricted internally.

We cannot ensure or warrant that personal data will be completely secure from misappropriation by hackers or from other nefarious or criminal activities, or in the event of a failure of computer hardware, software, or a telecommunications network. We will notify you in the event we become aware of a security breach involving your personal data (as defined by the applicable laws and regulations) in line with our Incident Management Process.

 

Legal basis for processing personal data

Our legal basis for collecting and using the personal data information described above will depend on the personal data concerned and the specific context in which we collect it. However, we will normally collect personal data from you only:

1. Where we need the personal data to respond to a request from you;
2. Where the processing is in our legitimate interests and not overridden by your rights; or
3. Where we have your consent to do so, which can be withdrawn at any time as mentioned above.

In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of another person.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. If we collect and use your personal data in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our platform and communicating with you as necessary to provide our products and services to you, and for our legitimate commercial interest, for instance, when responding to your queries, improving our platform, or for the purposes of detecting or preventing illegal activities.

When we process your personal data for such marketing purposes (and other activities) we consider and balance any potential impact on you and your data protection rights. We will not use your personal data for marketing and other activities where the impact on you overrides our interests (unless we are otherwise lawfully permitted to do so). We may have other legitimate interests, and if appropriate, we will make clear to you at the relevant time what those legitimate interests are.

You have the right to object to processing based on legitimate interests. (This will not always mean we need to stop using your personal data, although for direct marketing-related processing we must stop if you ask us to). See ‘Your Data Protection Rights’ above.

 

Accuracy

It is your responsibility to provide us with accurate personal data. Except as otherwise set forth in this Privacy Notice, we shall only use personal data in ways that are compatible with the purposes for which it was collected or subsequently authorised by you. To the extent necessary for these purposes, we shall take reasonable steps to ensure that personal data is accurate, complete, current and relevant to its intended use.

 

International data transfers

Your personal data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country.

Our primary data processing servers are in the United Kingdom whilst our affiliates and partners operate around the world. This means that when we collect your personal data, we may process it in any of these countries. However, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with this Privacy Notice and local laws and regulations.

 

Retention period

We retain personal data we collect from you in line with our business retention periods. For example, where we have an ongoing legitimate business need to do so (such as to provide you with a product or service, or to comply with applicable legal, tax or accounting requirements), we may retain the data for up to 7 years.

 

Children and vulnerable customers

We do not knowingly solicit or collect personal data from children under 18 years of age.

 

Third-party websites

In addition to providing access to offerings, the information on our website may include links to other websites and web services not necessarily under our control. This Privacy Notice does not apply to those websites and services and the privacy practices of those websites and web services may differ from those described in this Privacy Notice. We encourage you to carefully read the privacy policy of any website or web service you visit before either agreeing to their terms or using those websites.

 

Compliance

We use a self-assessment approach to verify compliance with this Privacy Notice and periodically verify that the Privacy Notice is accurate, comprehensive for the information intended to be covered, prominently displayed, implemented and accessible.

 

Revisions

We may from time to time revise this Privacy Notice in its sole and absolute discretion to reflect changes in our business practices. If we revise this Privacy Notice, we will notify you by posting the updated Privacy Notice on this website. We will always seek your consent for any changes in the way we process your personal data, as required by applicable data protection laws.

 

7. Cookies and other website usage information

The website may also monitor and collect information about how you access, use, and interact with the website automatically through 'cookies' and other automated tracking technology. A “cookie” is a small text file that is stored on a user’s device. Cookies allow us to collect information such as browser type and time spent on the website. For more information please see our Cookie Policy.

 

8. What about other tracking technologies, like web beacons?

Cookies are not the only way to recognise or track visitors to a website. We employ a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), that help us better manage the website, web services and our communications by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of users.

In contrast to cookies, which are stored on a user's device, clear gifs are embedded invisibly on website pages or in emails and are about the size of the period at the end of this sentence. We use clear gifs or pixels in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications, the usage of the website and our marketing campaigns.

 

Questions and contact information

If you have any questions or concerns about this Privacy Notice, our privacy practices, our collection or use of your personal data, or you wish to access your personal data, please contact us by email or post –

compliance@cmsdistribution.com

 

This Privacy Note was last updated 30^th May, 2022.