GDPR Policy.

1. Introduction

MS GOODS Ltd (“MS GOODS”, “we”, “our”, or “the Company”) is committed to protecting the privacy and security of personal data.

This policy explains how we collect, use, store, and protect personal data in accordance with the following legislation:

  • UK General Data Protection Regulation (UK GDPR)

  • EU General Data Protection Regulation (EU GDPR) (where applicable)

  • Data Protection Act 2018 (UK)

  • Privacy and Electronic Communications Regulations (PECR)

Our objective is to ensure that personal data is handled lawfully, fairly, and transparently.

2. Scope

This policy applies to:

  • All employees, contractors, suppliers, and third parties working with MS GOODS.

  • All personal data processed by the company, including that of clients, customers, suppliers, and employees.

  • All operations within the UK and any data processing involving EU citizens.

3. Definitions

Personal Data: Any information that can identify an individual directly or indirectly (e.g. name, email, address, phone number, IP address).

Processing: Any operation performed on personal data (e.g. collecting, storing, using, sharing, deleting).

Data Controller: MS GOODS Ltd — determines the purposes and means of processing personal data.

Data Processor: Any third party who processes data on behalf of MS GOODS (e.g. IT providers, marketing platforms).

Data Subject: The individual whose personal data is being processed.

4. Our Data Protection Principles

MS GOODS adheres to the following principles as required by Article 5 of the UK/EU GDPR:

We ensure personal data is:

  1. Lawfulness, fairness and transparency – Processed lawfully, fairly, and in a transparent manner.

  2. Purpose limitation – Collected for specified, explicit, and legitimate purposes.

  3. Data minimisation – Limited to what is necessary.

  4. Accuracy – Kept accurate and up to date.

  5. Storage limitation – Retained only as long as necessary.

  6. Integrity and confidentiality – Processed securely using appropriate technical and organisational measures.

  7. Accountability – We take responsibility and can demonstrate compliance with these principles.

5. Lawful Basis for Processing

We only process personal data where a lawful basis exists, as defined by Article 6 of the UK/EU GDPR. These include:

  • Consent (e.g. marketing communications)

  • Contractual necessity (e.g. providing services to clients)

  • Legal obligation (e.g. HMRC reporting)

  • Legitimate interests (e.g. business development, fraud prevention)

When consent is required, it will be freely given, specific, informed, and unambiguous.

6. Categories of Data We Process

We may collect and process the following categories of personal data:

  • Client Data: Name, address, contact details, billing information.

  • Employee Data: HR records, payroll, emergency contacts.

  • Supplier Data: Contact details, bank information.

  • Marketing Data: Email, phone number, preferences (where consent is given).

  • Website Data: IP address, cookies, and analytics data.

We do not collect special category data unless necessary and with explicit consent.

7. How We Use Personal Data

We use personal data for the following purposes:

  • To deliver our logistics and fulfilment services.

  • To manage contracts and relationships with clients, suppliers, and staff.

  • To comply with legal and regulatory obligations.

  • To send service updates, invoices, and relevant communications.

  • To send marketing updates (only with valid consent).

  • To improve our website, services, and customer experience.

8. Data Sharing and Third Parties

We may share personal data with trusted third parties, including:

  • IT and cloud service providers (e.g. email hosting, CRM systems).

  • Financial institutions and accountants.

  • Legal and regulatory authorities.

  • Subcontractors (where necessary to deliver services).

All third-party processors are required to:

  • Sign Data Processing Agreements (DPAs).

  • Use data only for authorised purposes.

  • Implement appropriate security measures.

We do not sell personal data to third parties.

9. International Data Transfers

Where personal data is transferred outside the UK or EEA, we ensure adequate protection through:

  • Adequacy decisions (countries approved by the UK/EU).

  • Standard Contractual Clauses (SCCs) approved by the UK ICO or EU Commission.

  • Additional safeguards to ensure data protection standards are met.

10. Data Retention

We retain personal data only as long as necessary for the purpose collected and to comply with legal obligations.

Typical retention periods:

  • Client records: 6 years (for HMRC compliance)

  • Employee data: 6 years after leaving employment

  • Marketing data: Until consent is withdrawn

After expiry, data will be securely deleted or anonymised.

11. Data Security

We take robust security measures to protect data, including:

  • Secure servers and encrypted storage.

  • Access controls and password protection.

  • Regular system updates and penetration testing.

  • Employee training on data protection and phishing awareness.

In the event of a data breach, we will notify the ICO (Information Commissioner’s Office) within 72 hours, and affected individuals where there is a high risk to their rights and freedoms.

12. Data Subject Rights

Under UK/EU GDPR, individuals have the following rights:

  1. Right to be informed

  2. Right of access (Subject Access Request)

  3. Right to rectification

  4. Right to erasure (“Right to be forgotten”)

  5. Right to restrict processing

  6. Right to data portability

  7. Right to object

  8. Rights in relation to automated decision-making and profiling

Requests should be sent to data@msgoods.co.uk. We will respond within one month of receipt.

13. Cookies and Website Tracking

Our website uses cookies for analytics and performance.
Users are informed via a cookie consent banner and may manage preferences or withdraw consent at any time.

See our Cookie Policy for full details.

14. Roles and Responsibilities

  • Board of Directors: Overall responsibility for compliance.

  • Data Protection Officer (DPO): [Y Evans / Head of HR] – oversees data protection activities.

  • Employees: Required to follow this policy and report concerns immediately.

15. Complaints and Contact

If you have concerns about how we handle your data, please contact:
contact@msgoods.co.uk

If unresolved, you may contact:
Information Commissioner’s Office (ICO)www.ico.org.uk

16. Review and Updates

This policy is reviewed annually or following significant regulatory or business changes to ensure ongoing compliance.

Approved by:


______________________________
Asim Khan
Director, MS GOODS Ltd
Review Date: 10/2025
Next Review Date: 10/2026
Reviewed By: Y Evans

Compliant With:

  • UK GDPR (Data Protection Act 2018)

  • EU GDPR (Regulation (EU) 2016/679)

  • PECR (Privacy and Electronic Communications Regulations)

  • ICO Guidance (2025 updates)

Connect

Reliable logistics solutions with real-time tracking.

Support

contact@msgoods.co.uk

01234 978014

© 2025. All rights reserved.

Terms & Conditions
Privacy Policy
Careers
Legal