GDPR Policy


General Data Protection Regulation (GDPR) May 2018

Concept Commercial Interiors is committed to ensuring the privacy and security of any personal data held and processed by us.

The General Data Protection Regulation (GDPR), which replaced the Data Protection Act of 1998, has adopted the same basic principles as the Data Protection Act, although GDPR is far more stringent in terms of accountability and penalties for non-compliance.

Customers/Suppliers/Established Contacts. It is obviously necessary for Concept to hold personal email addresses, telephone numbers, bank information and business details of our customers and suppliers, in order that we can fulfil our contractual obligations with them. Such personal data is securely stored on our Company’s IT system and is only accessible by key authorised personnel. Concept will only store the necessary data which has already been provided by our customers or suppliers, such as contact name/email address, site address, telephone numbers etc., and that we deem “necessary data” which is required in order to conduct business legally.

Marketing contacts. Concept Commercial Interiors Limited may hold personal data, such as names, job titles, business telephone numbers and business email/postal addresses of business related contacts, so that we may keep in touch with them from time to time, in order to remind them about the services that we are able to provide. This personal data is securely stored on our Company’s IT system and is only accessible by key authorised personnel. These individuals can request to unsubscribe from such communication by sending an email to

Concept will never pass on any personal details to any other companies or third parties, without express permission from the data subject – unless we are legally obliged to do so. However, at times, it may be possible that such data could be viewed by our IT support agents, should a problem with our software arise. They will not store that data and will abide by their own GDPR compliant policy.

The data subject has the right to request access to their data – this is called making a Data Subject Access Request (DSAR). In that event, they will be required to complete a request form and a reasonable administration fee may be chargeable.

GDPR provides the data subject the right to request the removal of their personal data, if they feel there is no compelling reason for its continued processing. In this event, they should email us at if they wish to know what information we hold relating to them or they require their data to be deleted.

If there is any objection to us processing their personal data, we will stop, unless

a. There are compelling legitimate grounds for the processing, which override their own interests, rights of freedom etc.; and/or

b. The processing is for exercise or defence of a legal claim.

The data subject has the right to complain to the Information Commissioner’s Office (ICO) if they feel that there is a problem with the way that we are handling their data.

No further action is required from the data subject, unless they do not accept Concept holding this data/information. In which case, they should contact us, in writing, if they do not wish their data to be held by Concept.

If any further information is required - please contact our Business Manager at the address above.

October 2019