Data Protection Policy

Data Protection Policy

Effective from: 01.08.2025
Review Date: 01.08.2026

1. Purpose

This policy outlines how County Milk Products (“we”, “us”, “our”) protects and manages personal data in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant legislation.

We are committed to safeguarding the privacy, rights, and freedoms of all individuals whose personal data we process, whether employees, customers, suppliers, or other stakeholders.

2. Scope

This policy applies to:

  • All employees, contractors, suppliers, and partners handling personal data on behalf of County Milk Products

  • All personal data processed, whether stored digitally or physically

  • All processing activities relating to customer, supplier, employee, and website user data

3. Definitions

  • Personal data: Any information relating to an identifiable person (e.g. names, email addresses, IP addresses, job titles)

  • Processing: Any action involving data, collecting, storing, using, disclosing, or deleting

  • Data subject: The person whose data is being processed

  • Data controller: County Milk Products

  • Data processor: A third party processing data on behalf of County Milk Products

4. Legal basis for processing

We only process personal data when we have a lawful basis to do so. These include:

  • Contractual necessity: To fulfil our obligations in supplier/customer relationships

  • Legitimate interests: For internal administration, marketing, and business development

  • Legal obligations: Where required by law (e.g. tax, employment)

  • Consent: For marketing communications, newsletters, or any optional activities

5. What data we collect

Depending on the relationship with the individual, we may collect the following personal data:

Customers and suppliers

  • Name and business contact details

  • Job title

  • Company name

  • Communication history

  • Banking/payment details (business accounts only)

Employees and applicants

  • Personal contact details

  • CVs and employment history

  • Payroll and tax information

  • Emergency contact details

  • Health/disability information (where required for legal or HR reasons)

Website users

  • IP address and browser data (via cookies)

  • Enquiry details submitted via contact forms

6. How data is used

We process personal data to:

  • Respond to enquiries and manage client relationships

  • Fulfil contracts with suppliers and customers

  • Manage HR and payroll functions

  • Send newsletters (where consent is provided)

  • Monitor and improve website performance

  • Comply with regulatory or legal obligations

7. Data storage and security

All data is stored securely using protected systems. Depending on the nature of the data, this includes:

  • Password-protected cloud-based services

  • Secure local storage for internal files

  • Locked filing cabinets for any physical records

  • Encrypted emails for sensitive documents

We regularly review our security systems to ensure compliance with industry standards and best practices.

8. Data sharing

We will never sell or rent personal data.

We only share data with third parties where:

  • It is required to fulfil our contract with you (e.g. logistics, software platforms)

  • It is required by law (e.g. HMRC)

  • We use trusted, GDPR-compliant service providers (e.g. cloud hosting, CRM, payroll, or email services)

All third-party processors are contractually bound to comply with data protection legislation.

9. Data retention

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, including for legal or accounting purposes.

  • Customer and supplier data: 6 years after last transaction

  • Employee data: 6 years after end of employment

  • CVs: 12 months after receipt (unless retained with consent)

  • Marketing data: Until unsubscribed or request for deletion

  • Enquiry form data: Until resolved + 6 months for record-keeping

10. Data subject rights

Under the UK GDPR, individuals have the right to:

  • Access their personal data

  • Request correction of inaccurate data

  • Request erasure (‘right to be forgotten’)

  • Restrict or object to processing

  • Request portability of data

  • Withdraw consent (where applicable)

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To make a data-related request, email us at enquiries@countymilk.co.uk or write to us at our head office.

11. Data breaches

We have procedures in place to detect, investigate, and report personal data breaches. In the event of a breach that poses a risk to individuals’ rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay.

12. Roles and responsibilities

  • Managing director/Senior leadership: Ensures overall compliance

  • Team leaders/Line managers: Responsible for enforcing this policy within departments

  • All staff: Required to understand and follow this policy and raise concerns promptly

Training will be provided to staff handling personal data.

13. Review

This policy will be reviewed annually or in response to significant changes in legislation or our business practices.

Contact

If you have any questions about this policy or your data rights, please contact:

County Milk Products

Address: County Milk Products Ltd, Dean Court, 85 Adlington Road, Wilmslow, Cheshire, SK9 2BT
Tel: +44 (0)1625 586177
Email: enquiries@countymilk.co.uk
Website: www.countymilk.co.uk

We’d love to hear from you

Got a question, or need more information about any of our products or services?
We’d love to hear from you. Get in touch below.

Contact Us