ABERSTON WHOLESALE LIMITED is committed to protecting the privacy and security of your Personal Data.
This privacy notice describes how we collect and use your Personal Data during and after you enter an agreement with us to provide our services, in accordance with the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Acts 1988 – 2018 (together, Data Protection Legislation).
This Privacy Notice applies to all suppliers, retailers and other users of our Platform.
Aberston acts as a ‘data controller’ as defined in the GDPR in relation to your Personal Data. This means that we are responsible for deciding how we hold and use your Personal Data. We are required under Data Protection Legislation to notify you of the information contained in this privacy notice.
It is important that you read and retain this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing Personal Data about you, so that you are aware of how and why we are using such information and what your rights are under the Data Protection Legislation.
Personal Data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed.
We will collect, store, and use the following categories of Personal Data:
·       Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses, 
·       Payment details such as credit/debit card numbers;
·       Independent Retailer or Supplier.
We collect Personal Data directly from our clients and customers via:
·       Telephone calls, emails or the ‘Contact Us’ section of the Aberston website
·       Order Forms, Questionnaires
·       Debit/Credit Card Forms
·       Aberston Terms and Conditions

We will only use your Personal Data when the law allows us to. We have set out below a description of all the ways we plan to use your Personal Data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. We may process your Personal Data for more than one lawful ground depending on the specific purpose for which we are using your Personal Data. Please Contact Us if you need details about the specific legal ground we are relying on to process your Personal Data where more than one ground has been set out in the table below.

Purpose / Activity Type of Data Legal Basis
To complete our retailer/supplier onboarding process  Identity and Contact Data Performance of our contract with you
To receive payment for our services Identity and Contact Data, payment information Performance of our contract with you
To process your orders  Identity and Contact Data Performance of our contract with you
Quiz and competition Identity and Contact Data Legitimate interest/ Performance of Contract/ Explicit consent

Change of Purpose
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. 
Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may need to share your Personal Data with third parties, including third-party service providers. We require any such third parties to respect the security of your data and to treat it in accordance with the law.
We will share your Personal Data with third parties where required by law, where it is necessary to administer our relationship with you or where we have another legitimate interest in doing so. 
The following activities are carried out by third-party service providers: 
·       Cloud storage providers;
·       IT services
·       Customer relationship management platforms
·       Financial accounting platforms
·       Payment Services, Shipping Services
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your Personal Data in line with our policies. We do not allow our third-party service providers to use your Personal Data for their own purposes. We only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
Transferring Personal Data outside Ireland
Your Personal Data may be transferred, stored and accessed within the European Economic Area (EEA) or transferred to, stored in, and accessed from countries outside the EEA in order to fulfil the purposes described in this Privacy Notice. For transfers to countries outside the EEA, the data protection regime may be different than in the country in which you are located and will therefore be based on a legally adequate transfer method. 
Whenever we transfer your Personal Data out of the EEA, we ensure a similar degree of protection is given to it by ensuring at least one of the following safeguards is implemented:
·       Where the country has been deemed to provide an adequate level of protection for Personal Data by the European Commission. 
·       We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
We will provide you on request a list of the countries located outside the EEA to which Personal Data may be transferred, and an indication of whether they have been determined by the European Commission to grant adequate protection to Personal Data. Where applicable, you are entitled, upon request to receive a copy of the relevant safeguard (for example, EC model contractual clauses) that have been taken to protect Personal Data during such transfer.
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality. 
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. 
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your Personal Data changes during the course of your relationship with us via the Contact Us section below.
Under certain circumstances, by law you have the right to:
    ·       Request access to your personal data: You are entitled to receive a copy of the personal data we hold about you and to ensure that we are processing such data in a lawful manner.
    ·       Request correction of the personal data that we hold about you: You are entitled to have any incomplete, outdated or inaccurate personal data we hold about you updated and corrected.
    ·       Request erasure of your personal data: This enables you to ask us to delete or remove your personal     data where you believe that there is no good reason for us continuing to process it, where you have exercised your right to object to processing (see below), where we may have processed your personal data unlawfully or where we are required to erase your personal data to comply with law. We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
    ·       Object to processing of your personal data: In certain circumstances, you may be entitled to object to our processing of your personal data where we are relying on a legitimate interest (or the legitimate interest of a third party) as the legal basis for such processing, if you believe that such processing impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
    ·       Request restriction of processing of your personal data: You are entitled to ask us to suspend the processing of your personal data in the following scenarios: (a) if you wish for us to establish the accuracy of the relevant personal data; (b) if our use of the personal data is unlawful but you do not wish for us to erase it; (c) if you require us to retain the personal data (even if we no longer require it) as the personal data which we retain is necessary for you to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we are required to retain it in order to verify whether we have overriding legitimate grounds to process it.
    ·       Request the transfer of your personal data to you or to a third party: If requested to do so, we will provide you, or a third party you have chosen with your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use, or where we used the personal data to perform a contract with you.
    ·       Withdraw consent at any time: If and to the extent we are relying on consent as the legal basis to process your personal data, you are entitled to withdraw your consent to such processing at any time. This will not affect the lawfulness of any processing of your personal data carried out before your consent is withdrawn. If you choose to withdraw your consent, we may not be able to provide certain services to you. We will let you know if this is the case at the time you withdraw your consent.
    ·       Contacting the data protection supervisory authority: Data subjects have the right to make a complaint at any time to the applicable data protection supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach the data protection supervisory authority, so please contact us in the first instance using the information listed in Contact Us below.
 To exercise one or more of your rights in respect of your personal data, please contact us using the Contact Us details below. We will respond to your request(s) as soon as reasonably practicable, but in any case within the legally required period of time.
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please note that all requests will be forwarded on should there be a third party involved (as set out in this Privacy Policy) in the processing of your personal data.
If you wish to make a complaint about how your personal data is being processed by Aberston (or third parties as described above), or how your complaint has been handled, in the first instance please email your concerns tosupport@aberston.com. 
If you have any questions regarding the use of your personal data please contact us at support@aberston.com.