Skip to content

GDPR Statement

CMS’ GDPR Statement

Data Protection at CMS Distribution

CMS Distribution and our affiliates (collectively “CMS”) have always taken the protection and privacy of our customer, supplier and employee data very seriously, and believe the GDPR regulations introduced by the European Union in May 2018 has been an important step forward in clarifying and protecting individual privacy rights.

CMS fully complies with relevant laws or regulations such as the UK Data Protection Act 2018, the Irish Data Protection Act 2018 and the EU General Data Protection Regulation (all collectively “GDPR”), considered some of the world’s strongest data protection regulations.

CMS are committed to the principles inherent in the GDPR and particularly to the concepts of (i) privacy by design, (ii) the right to be forgotten, (iii) consent, and (iv) a risk-based approach.

Our primary considerations are to ensure that: (i) the protection of any data entrusted to us is never compromised or misused, (ii) we are fully compliant with our legal and regulatory responsibilities, and (iii) we continue to provide our partners with the highest standard of services.

When is CMS Distribution a Data Controller or Data Processor?

We can confirm that for the provision of fulfilling purchase orders and providing products and services that customers buy, CMS is always the Data Controller. It is also the Data Controller for the internal staff data it processes.

On occasion CMS will act as the Data Processor. An example is where a customer purchases Third Party cloud services or other standard service (e.g. software support and maintenance) which are performed by the Third Party with CMS acting as an intermediary to pass along the necessary data to the Third Party provider. Any data processed by the Third Party as part of the products or services will be subject to the terms agreed directly between the customer and the Third Party, which is often contained in the End User License Agreement or similar terms.

Safeguarding measures

We have a multi-disciplinary GDPR team to manage our compliance, and we use what we consider to be reasonable and appropriate organizational, technical and administrative measures to protect information under our control. This includes regular training for all our employees.

Unfortunately, data transmissions over the Internet or any other network can not be guaranteed as 100% secure. As a result, whilst we endeavour to protect your personal data, we do not warrant the security of any information you transmit to us, as such any information is transmitted at your own risk.

Information Security

CMS recognises that ensuring the confidentiality, integrity and availability of information entrusted to CMS is vital. CMS maintains a formal Information Security framework that implements standards and controls aligned with industry standards and best practices to facilitate the proper measures of protection across the organisation.

Privacy Notice

Our Privacy Notice, details the way in which we handle and use personal data, and also applies to how we use contact information for marketing. If our customers’ individual employees consent to receive direct marketing from us, then they are free to change their preferences or opt-out of receiving further marketing communications at any time.


For any queries please don’t hesitate to contact your relevant point of contact within CMS, or email

Version 2.1 February 2022