We hold personal data about our employees, customers, suppliers and other individuals for a variety of business purposes.


This policy contains details of how we seek to protect personal data and ensue that staff understand the rules that apply to the use of personal data to which they have access to here at Rowlands and Co(Shrewsbury) Ltd


Why we collect and store certain personal data

Personal data may be used by us for Personnel, administrative, financial, regulatory, payroll and business development purposes

For Business purposes:

  • Compliance with our legal, regulatory and corporate obligations and good practice
  • To ensure business policies such as email or internet use are adhered to
  • Operational reasons, such as training and quality control, credit checking and scoring
  • Investigating complaints
  • Checking references. Managing staff access to systems and facilities.
  • Monitoring staff conduct and absences and dealing with disciplinary matters
  • Marketing the business
  • To improve the services we offer

Personal data:

  • Personal data we gather may include individuals contact details, educational background, financial and pay details, details of any certificates or qualifications, education, marital status, nationality and CV.

Sensitive Personal Date:

  • Sensitive personal data may include an individual’s racial or ethnic origin, physical or mental health conditions, criminal offences – any use of sensitive personal data should be strictly controlled in accordance with this policy



This policy applies to all staff. You must be familiar with this policy and comply with its terms

This policy supplements our other polices relating to confidentiality, internet and email use.

We may supplement or amend this policy with additional policies and guidelines from time to time.




We must process personal data fairly and lawfully in accordance with individual’s rights. This generally means that we should not process personal data unless the individual whose details we are processing has consented to this happening.

Data protection procedures and policies will be periodically reviewed and updated where necessary.

Data protection training and advice will be provided for all existing staff and going forward for all new staff members.


You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information please email [email protected] or write to us at the address below;


Rowlands & Co (Shrewsbury) Ltd

9 Knights Way

Battlefield Enterprise Park




The processing of all data must be:

  • Necessary to deliver a service
  • In our legitimate interests and not unduly prejudice to the individuals privacy
  • In most cases this provision will apply to routine business data processing activities


As part of our due diligence with regards to data protection customers/suppliers and employees are issued a consent form.

The form advises what information we require, why we need it, what we do with the data we receive and also allows access or removal of the information if requested by the individual




In most cases where we process sensitive personal data we will require the data subjects explicit consent to do this unless exceptional circumstances apply or we are required to do this by law (eg to comply with legal obligations to ensure health and safety at work).



We will ensure that any personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained originally. We will not use data collected for another purpose unless the individual concerned has agreed to this.

Individuals may ask that we correct inaccurate personal data relating to them. If you believe the information is incorrect because an individual has notified you of that fact you should report to the accounts department immediately.




You must take reasonable steps to ensure that any personal data we hold about you is accurate and updated as required. If your personal circumstances/details change please inform us so we can update your records.




You must keep personal data secure against loss or misuse.




  • If data is stored on printed paper it should be kept in a secure place where only authorised personnel can access it
  • Printed data no longer needed should be shredded
  • Data stored on a computer should be protected by strong passwords
  • Data stored on memory sticks must be locked away securely when they are not being used
  • Servers containing personal data must be kept in a secure location, away from general office space
  • Data should be regularly backed up in line with the company’s back up procedures
  • Data should never be saved to mobile devices such as laptops, tablets or smartphones
  • All servers containing sensitive data must be approved and protected by security software and strong firewall



Personal data is to be retained no longer than necessary. Each individual’s circumstances will determine the length of time we retain the collected data. Rowlands and Co will take into account the reason that the personal data was obtained when deciding the length of time the data is kept.



There are strict restrictions on international transfers of personal data. You must not transfer personal data outside of the UK.



Under the Data Protection Act 1998 an individual is entitled, subject to certain exceptions, to request access to information held about them. A written request will be required form the individual before information can be released.




An individual can request for their personal data not to be used for direct marketing purposes. If an individual lodges a request please direct them to the Accounts department so their request can be dealt with.

Do not send marketing material to someone electronically (E.G Via email) unless they are an existing customer/supplier.



All staff will receive training on this policy. The training will cover the law relating to data protection and our data protection policies and procedures.

New staff will receive training as part of the induction process.

Subject to substantial changes in the law or our policy and procedures further training will be given. Completion of training is compulsory.




Being transparent and providing accessible information to individuals about how we use their personal data is important to our company.

We will ensure any use of personal data is justified.

All members of staff who are responsible for processing personal data will be aware of the following details regarding data collection:


  • Why it is being collected
  • How it will be used
  • Who it will be shared with
  • Retention period




The data we collect and store is subject to a signed consent form from the individual. This consent can be revoked by the individual at any time as outlined on the consent form.




Your criminal record will be checked if you apply for certain roles within the business ie: Driving roles (as we deliver goods to schools)



All members of staff have an obligation to report actual or potential data protection compliance breaches. This will allow us to investigate and take the necessary steps with regards to the data breach.

A data breach incident form is available. Data Protection officers are Dawn Davies and Les Roberts.



We take compliance with this policy very seriously. Failure to comply puts both you and our company at risk.

The importance of this policy means failure to comply with any requirement may lead to disciplinary action which may result in dismissal.