1. Purpose and Scope
CMS Distribution is a distributor and reseller of IT products and services, headquartered in Ireland with affiliates all around the world. When we refer to ‘we’, ‘us’ or ‘our’ in this Privacy Notice we are referring to CMS Distribution and our affiliates (where ‘affiliates’ refers to other legal entities that we own or control).
This Privacy Notice explains how we collect, use, store, process, disclose, and delete Personal Data (as defined in this Privacy Notice) you provide directly to us or that we receive from your authorised third parties including, without limitation, that you provide to us via this website, or any website of our affiliates (all referred to as ‘website’) that post or link to this Privacy Notice, accessed through any medium, including via computer, mobile device, or other device. This Privacy Notice also outlines your rights in respect to your Personal Data.
Although we encourage you to read this entire Privacy Notice, this is a summary of some of the more important aspects of the Privacy Notice:
- We may collect Personal Data and other information from you through a variety of sources, both online and offline. We may also combine it with information we receive about you from other sources, such as affiliates, publicly available information sources (including social media platforms), and other third parties.
- We will not use or share your Personal Data except as described in this Privacy Notice.
- Where applicable, we honour opt-out instructions from you for certain uses of your Personal Data under this Privacy Notice, for example, when you opt out of receiving marketing email communications from us or request us to delete your Personal Data.
- We use appropriate technical and organisational controls to secure and protect your Personal Data and whilst we cannot ensure or warrant that your Personal Data will be completely secure from misappropriation by hackers or from other nefarious or criminal activities, we believe that our measures reduce the risk of such activities happening.
2. General Principles for the Processing of Personal Data
Personal Data will be collected, stored, processed, and transmitted in accordance with our established policies and applicable local and international laws and regulations.
The principles that we respect to the processing of Personal Data are as follows:
- Personal Data will be processed fairly, lawfully, and transparently,
- Personal Data will be collected for specified, explicit, and legitimate purposes and not further processed for incompatible purposes.
- Personal Data collected by us will be adequate, relevant, and not excessive in relation to the purposes for which it is collected.
- Personal Data collected by us will be accurate and, where necessary, kept up to date to the best of our ability.
- Personal Data will be protected against unauthorised access and processing using appropriate technical and organisational security measures and controls.
- Personal Data collected by us will be retained as identifiable data for no longer than necessary to serve the purposes for which the Personal Data was collected.
- If we engage in the processing of Personal Data for purposes other than those specified in this Privacy Notice, we will provide notice of these changes, the purposes for which the Personal Data will be used, and the recipients of the Personal Data.
3. Collection of Information
We may collect Personal Data about you from a variety of sources, including, directly from you, from other users, from resellers and distributors, from our vendors, from our service providers, from third party information providers, from our affiliates, and through the operation of the website.
“Personal Data” collected by us includes:
- Your first and last name;
- Billing or shipping address;
- Credit card or payment information;
- Email address;
- Phone number;
- Purchase information and history;
- Your account number;
- For employment purposes, your CV or professional information; and
- A combination of your username and password used to access the website.
Sensitive Information (Special Categories of Data)
Unless we specifically request or invite it, we ask that you do not send or disclose to us, any sensitive personal data (e.g. information related to racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background or trade union membership) on or through our website or otherwise to us. In those cases where we may request or invite you to provide sensitive personal data, we will do so with your explicit consent, which you may withdraw at any time.
Information You Provide Voluntarily
We may collect Personal Data directly from you when you voluntarily provide it to us. For example, when you communicate with us over the telephone, through the website, by way of email, online chat, social media, web forms, online account registration to obtain access to offerings, register for an event or training, purchase an offering, attempt to resolve any issues related to the website or offerings, submit a job application, or submit feedback and comments.
Information that We Collect Automatically
When you visit our website, respond to our emails or otherwise communicate with us, we may collect certain information automatically from you or your device.
Specifically, the information we collect automatically from devices may include information like your IP address, device type, unique device identification numbers, browser-type, your Media Access Control (MAC) address, broad geographic location (e.g. country or city-level location) and other technical information.
We may also collect information about how your device has interacted with our website, including the pages accessed and links clicked. We may collect online behavioural data linked to online identifiers through tracking technology and this may be matched to personal data to improve our offerings to you. We will never process your personal data unlawfully and we will also ensure your rights and freedoms are protected.
We use this information for our internal analytics purposes and to improve the quality and relevance of our website to our visitors. Some of this information may be collected using cookies and similar tracking technology, as explained further under the Section 7 and 8 below.
From Other Users
We may receive Personal Data about you from other users of the website when they provide information to us. For example, we may receive information when they communicate with you or with us through the website.
From Resellers and Distributors
We may obtain Personal Data about you from the resellers and distributors that purchase offerings available from us and provide such offerings to you.
From Our Vendors
We may obtain Personal Data about you from vendors that make offerings available through us.
From Third Party Information Providers
We may also obtain Personal Data from third parties that have obtained or collected information about you and that have the right to provide that Personal Data to us. We will only obtain this Personal Data where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your Personal Data to us.
4. Use of Information
CMS Distribution uses Personal Data we collect to operate our business and provide you with Offerings, which includes using this data to improve our Offerings and personalise your experiences. We also may use the data to communicate with you, for example, informing you about your account and product information.
CMS Distribution may use your Personal Data for a variety of purposes (the “Purposes”), including to:
- Provide you with the products and services you purchase. We provide these in line with our contractual obligations to you, either directly through us or through our partners;
- Provide, maintain and improve the Website and our Offerings, including to operate certain features and functionality of the Website;
- Understand user preferences to enhance users’ experience with CMS Distribution and its Affiliates, contractors, and business partners;
- Research and analyse the effectiveness of the Website and the marketing, advertising and sales efforts of CMS Distribution, its Affiliates, contractors, and business partners;
- Collect account receivables owed by customers of CMS Distribution;
- Process orders and payments made through the Website;
- Develop additional Offerings;
- Process job applications;
- Comply with a legal obligation or respond to lawful requests by public authorities (including national security or law enforcement requirements);
- Manage our everyday business needs;
- Prosecute and/or defend a court, arbitration or similar legal proceedings;
- Communicate directly with you by sending you newsletters, promotions and special offers or information about new products and services on an ongoing basis in accordance with your marketing preferences. You can unsubscribe from our marketing communications by clicking “Unsubscribe” at the bottom of any communication we issue, or by contacting us;
- Communicate directly with you by phone to respond to customer service inquiries or comments through the Website, social media or otherwise, to discuss issues relating to your account or the Website, and to provide customer support;
- Deliver advertising to you, including to help advertisers and publishers serve and manage ads on the Website or on third party sites, and to tailor ads based on your interests and browsing histories;
- Compile aggregated statistics about the operation and use of our Website and to better understand the preferences of the visitors of our Website; and
We may combine and enhance the Personal Data we collect about you with other information we receive from third parties to provide you with the best service possible.
We may also use the Personal Data we collect about you through the Website to generate anonymised, aggregated data. When we do so, we ensure that the anonymised, aggregated data is no longer personally identifiable and may not later be used to identify you.
If you apply to work for CMS Distribution, we may retain your details, or details of candidates who may be of interest to us on a central database, for a period of up to six months. Alternatively, if you would like to be removed from the database, you may request this. Our Job Applicant Privacy Notice can be found here.
No Personal Data will be used in automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.
If you prefer not to provide Personal Data, then in some circumstances we might not be able to process your request (e.g. purchasing an offering). If you feel it is unnecessary to provide the Personal Data we are specifically asking for please contact us to discuss further.
5. Information Sharing
We share your Personal Data as necessary to complete any transaction or provide any offering you have requested or authorised or with your consent where appropriate. We also share Personal Data with others when required by law.
We may share Personal Data internally with teams such as Sales, Customer Service, Finance, Marketing and Operations to ensure your products and services are delivered in line with your purchasing agreement with us. We may also share Personal Data to respond to legal process, to protect our customers, to maintain the security of our business, and to protect our rights or property. You can contact us anytime around how we share your data.
We may disclose your Personal Data as follows:
We may share Personal Data about you with the third party vendors that make offerings available through us. For example, we may share your Personal Data with a third party vendor if you purchase or access an offering through us, or a vendor requires verification of an offering purchase to register that offering.
Resellers and Distributors
We may share your Personal Data with the resellers and distributors that purchase offerings available through the website. For example, we may share your Personal Data if you purchase or access an offering through a reseller or distributor, and that reseller or distributor leveraged our reseller tools and services.
Affiliates and Business Units
We may share your Personal Data with our affiliates regardless of whether these entities share our name or brand. We may also share your Personal Data with other business units that also offer products or services under our brand or one of our affiliates. Our affiliates and business units will use your Personal Data we share with them in a manner consistent with this Privacy Notice.
We may share your Personal Data with other users when you elect to interact with those users (or request that we communicate with them on your behalf) through the website. This may include facilitating communications with other users or enabling posting of Personal Data to areas of the website accessible by other users. You should be aware that any Personal Data (or other information) you provide in these areas may be read, collected, and used by others who access them.
Law Enforcement and Safety
We may share your Personal Data with any competent law enforcement, regulatory or government agency, court, or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) in connection with actual or proposed litigation, (iii) to exercise, establish or defend our legal rights or interests or protect our property, security and people, or (iv) to protect your vital interests or those of any other person.
Sale or Acquisition of Assets
If we transfers ownership or control of any portion of our business or the website to an actual or potential buyer, whether in the context of an acquisition, merger, reorganisation, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings), we may transfer your Personal Data to that actual or potential buyer, provided that the use of your Personal Data by that third party remains subject to applicable law and regulations.
If you have asked us to share data with third party sites (such as social media sites), their servers may not be secure. Note also that, despite the measures taken by us and the third parties we engage, the internet is not secure. As a result, others may nevertheless unlawfully intercept or access private transmissions or data.
6. Other Important Privacy Information
Below you will find additional privacy information you may find important.
Your Data Protection Rights
You can exercise your rights at any time by contacting us using the information in the “Questions and Contact Information” section below.
You have the following data protection rights:
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
Similarly, if we have collected and process your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
You have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority, we provide a selection of authorities below for your convenience:
- UK – ico.org.uk
- Ireland - dataprotection.ie
- France – cnil.fr
- Germany - bfdi.bund.de
- Netherlands – autoriteitpersoonsgegevens.nl
- Sweden – imy.se
- USA – ftc.gov
Security of Personal Data
We take what we consider to be appropriate technical and organisational controls and measures to secure and protect your Personal Data from unauthorised or unlawful processing and against accidental loss or destruction of, or damage to it, or its misuse, and disclosure. These include strong user access controls, segmented network architecture, security software and comprehensive employee policies and training. It is a priority of ours to ensure all Personal Data is protected and secured to the highest level.
While no system is completely secure, we believe the measures implemented by us reduce our vulnerability to security problems to a level appropriate to the type of data involved. We have security measures in place to protect our user database and access to this database is restricted internally. However, it remains your responsibility:
- Where you have a user account for the website:
- To log off or exit from the website when not using it;
- To ensure no-one else uses the website while your device is logged on to the website (including by logging on to your device through a mobile, Wi-Fi or shared access connection you are using);
- To keep your password or other access information secret. Your password and log in details are personal to you and should not be given to anyone else or used to provide shared access for example over a network. You should use a password which is unique to your use of the website – do not use the same password as you use for another site or email account; and,
- To maintain good internet security. For example, if your email account is compromised this could allow access to your account with us if you have given those details and/or permitted access through those accounts. You should keep all your account details secure. If you think that any of your accounts have been compromised you should change your account credentials with us, and make sure any compromised account does not allow access to your account with us. You should also tell us as soon as you can so that we can try to help you keep your account secure and if necessary warn anyone else who could be affected.
We cannot ensure or warrant that Personal Data will be completely secure from misappropriation by hackers or from other nefarious or criminal activities, or in the event of a failure of computer hardware, software, or a telecommunications network. We will notify you in the event we become aware of a security breach involving your Personal Data (as defined by the applicable laws and regulations) in line with our Incident Management Process.
Legal Basis for Processing Personal Data
Our legal basis for collecting and using the Personal Data information described above will depend on the Personal Data concerned and the specific context in which we collect it. However, we will normally collect Personal Data from you only:
- Where we need the Personal Data to perform a contract with you (such as to fulfil your purchase of an offering);
- Where the processing is in our legitimate interests and not overridden by your rights; or
- Where we have your consent to do so, which can be withdrawn at any time as mentioned above.
In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. If we collect and use your Personal Data in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our platform and communicating with you as necessary to provide our products and services to you, and for our legitimate commercial interest, for instance, when responding to your queries, improving our platform, or for the purposes of detecting or preventing illegal activities.
When we process your personal data for such marketing purposes (and other activities) we consider and balance any potential impact on you and your data protection rights. We will not use your personal data for marketing and other activities where the impact on you overrides our interests (unless we are otherwise lawfully permitted to do so). We may have other legitimate interests, and if appropriate, we will make clear to you at the relevant time what those legitimate interests are.
You have the right to object to processing based on legitimate interests. (This will not always mean we need to stop using your personal data, although for direct marketing-related processing we must stop if you ask us to). See ‘Your Data Protection Rights’ above.
It is your responsibility to provide us with accurate Personal Data. Except as otherwise set forth in this Privacy Notice, we shall only use Personal Data in ways that are compatible with the purposes for which it was collected or subsequently authorised by you. To the extent necessary for these purposes, we shall take reasonable steps to ensure that Personal Data is accurate, complete, current and relevant to its intended use.
International Data Transfers
Your Personal Data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country.
Our primary data processing servers are in the United Kingdom whilst our affiliates and partners operate around the world. This means that when we collect your Personal Data we may process it in any of these countries. However, we have taken appropriate safeguards to require that your Personal Data will remain protected in accordance with this Privacy Notice and local laws and regulations.
We retain Personal Data we collect from you in line with our business retention periods. For example, where we have an ongoing legitimate business need to do so (such as to provide you with a product or service, or to comply with applicable legal, tax or accounting requirements), we may retain the data for up to 7 years.
Children and Vulnerable Customers
We do not knowingly solicit or collect Personal Data from children under 18 years of age.
Third Party Websites
We use a self-assessment approach to verify compliance with this Privacy Notice and periodically verify that the Privacy Notice is accurate, comprehensive for the information intended to be covered, prominently displayed, implemented and accessible.
We may from time to time revise this Privacy Notice in its sole and absolute discretion to reflect changes in our business practices. If we revise this Privacy Notice, we will notify you by posting the updated Privacy Notice on this website. We will always seek your consent for any changes in the way we process your personal data, as required by applicable data protection laws.
7. Cookies and Other Website Usage Information
The website may also monitor and collect information about how you access, use, and interact with the website automatically through “cookies” and other automated tracking technology.
A “cookie” is a small text file that is stored on a user’s device. Cookies allow us to collect information such as browser type and time spent on the website.
8. What about other tracking technologies, like web beacons?
Cookies are not the only way to recognise or track visitors to a website. We employ a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), that help us better manage the website, web services and our communications by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of users.
In contrast to cookies, which are stored on a user's device, clear gifs are embedded invisibly on website pages or in emails and are about the size of the period at the end of this sentence. We use clear gifs or pixels in our HTML-based emails to let us know which emails have been opened by recipients.
This allows us to gauge the effectiveness of certain communications, the usage of the website and our marketing campaigns.
Questions and Contact Information
If you have any questions or concerns about this Privacy Notice, our privacy practices, our collection or use of your Personal Data, or you wish to access your Personal Data, please contact us at:
Post to our headquarters: Compliance, CMS Distribution, Bohola Road, Kiltimagh, County Mayo, F12 TD82, Ireland.
This Privacy Note was last updated 28/02/2022.