Our Privacy Policy

Last Updated: 30/07/2025

POLICY STATEMENT & PURPOSE

Oil Direct NI Ltd T/A Killyfaddy Commercials takes the issue of compliance with GDPR very seriously and is committed to ensuring all activities carried out by the company and its employees adhere to the principles set out in the regulation. All members of staff will receive full training in respect of the regulation to ensure they are made aware of their obligations and responsibilities when handling personal data. The Directors fully support this policy and appropriate disciplinary action for non-compliance.

BACKGROUND

The Act

The previous Data Protection Act 1984 was amended in 1998 and has now been replaced by the GDPR which came into force on the 25th May 2018 in the UK. The main purpose of the regulation is to protect the personal data of Natural Persons residing within the EU and ensure that it is handled fairly and properly. It also provides individuals with the right to access personal data that is held in both computer and paper-based records.

This is done through setting out 6 Principles that must be adhered to when dealing with personal data; these are that Personal Data must be:

• fairly and lawfully processed;
  
• collected and processed for the specified purposes;
  
• accurate and, where necessary, kept up to date;
  
• not kept for longer than is necessary;
  
• limited to what is necessary;
  
• kept secure

It was in 1998, that an amendment to the original Data Protection Act led to the establishment of the Information Commissioners Office, which was given the responsibility of enforcing the Data Protection Act and now has the responsibility of enforcing the GDPR. It gained extensive legal powers allowing it to investigate and prosecute any individual, employee or organisation that it found to be in breach of the regulation, with many facing significant fines, a criminal record and imprisonment.

Use of Personal Data

Oil Direct NI Ltd T/A Killyfaddy Commercials may transfer personal data to other companies or to third parties acting on our behalf, for administrative purposes, processing or for the operation and maintenance of your employment with us. If the companies to whom we transfer personal data are not in the European Economic Area, we will ensure that those companies are bound by obligations to hold data securely and use it only for the purposes specified in the agreement with Oil Direct NI Ltd T/A Killyfaddy Commercials. Oil Direct NI Ltd T/A Killyfaddy Commercials may disclose personal details and/or transfer data to third parties to whom we propose to assign our rights under this agreement.

Associated Legislation

The Information Commissioners Office does cover other areas of legislation including:

• Freedom of Information Act 2000
  
• Environmental Information Regulations 2004
  

Privacy and Electronic Communications Regulations 2003 as amended (PECR)

Direct marketing may be conducted by electronic means such as email, SMS and social media. Any direct marketing via electrnc means conducted will comply with GDPR, PECR and any legislation that amends or replaces PECR.

DEFINITIONS

Data

Data refers to any information that can be held as a record. For Oil Direct NI Ltd T/A Killyfaddy Commercials, this includes all information held in our own records, whether electronic or part of a paper filing system. This covers information relating to Suppliers, Contractors, Customers, and Employees.

Personal Data

Personal Data refers to any information relating to a natural person who can be identified from that information. This also includes any expression of opinion and indications of intentions in relation to the individual by Oil Direct NI Ltd T/A Killyfaddy Commercials or any other person. This covers all information regarding Employees and Customers but not information specific to Business Customers.

Sensitive Data

Sensitive Data refers to personal data consisting of information such as:

1. the racial or ethnic origin of the data subject;
   
2. their political opinions;
   
3. their religious beliefs or other beliefs of a similar nature;
   
4. whether they are a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992);
   
5. their physical or mental health or condition;
   
6. their sexual life;
   
7. the commission or alleged commission by them of any offence;
   
8. any proceedings for any offence committed or alleged to have been committed by them, the disposal of such proceedings or the sentence of any court in such proceedings.

Oil Direct NI Ltd T/A Killyfaddy Commercials will not collect or store any ‘Sensitive Data’ relating to its customers or employees.

Processing

Processing refers to how the data is used. This includes obtaining information at the initial application stage for new employees, recording it manually and onto the system during employment, and deleting the information after the retention period has expired.

Natural Person

A Natural Person refers to an individual residing in the EU who is the subject of personal data. This includes all employees and sole traders who are individual people, but not companies or business entities.

Data Protection Officer

Whilst the business does not meet the requirements to appoint a specific Data Protection Officer, it recognises the importance of Data Protection and has assigned responsibility for it within the business to Mr Gavin Brannigan. Any questions relating to Data Protection should be referred to Mr Gavin Brannigan in the first instance.

Data Processor

A Data Processor refers to a person or organisation that processes or uses personal data on behalf of the data controller. For example, this could be a HR services provider or a payroll provider acting on behalf of Oil Direct NI Ltd T/A Killyfaddy Commercials.

Recipient

A Recipient refers to any person or organisation to whom data is disclosed by the data controller. For example, this could be a government body or police officer who has received information from Oil Direct NI Ltd T/A Killyfaddy Commercials.

Third Party

A Third Party refers to any person other than the data subject, the data controller, or any data processor or other person authorised to process data on behalf of the data controller or processor.

SECURITY OF PERSONAL DATA

Clear Desk Policy

Oil Direct NI Ltd T/A Killyfaddy Commercials operates a Clear Desk Policy with regards to all GDPR-relevant data to ensure all personal information is stored securely when not in use by employees. This applies to all personal information in hard copy—unless the documentation is in use, it must be locked away in the filing storage units provided. If you do not have access to secure filing storage units, please contact Mr Gavin Brannigan who will arrange access.

External Windows & Business Location

Due to the location of the Oil Direct NI Ltd T/A Killyfaddy Commercials business space and the nature of the business—being close to a residential area with lots of passers-by and buildings within close proximity of the ground floor—a significant risk of a data protection breach is posed by the high volume of non-employees passing through the building daily. Despite the main offices where data is stored being located away from the main business area (which prevents them from being viewed by visitors), it is not 100% effective. As such, it is essential that all employees ensure no personal information can be viewed through any external windows, whether in hard copy or on a computer screen. If you believe your computer screen is in view of an external window, please re-position your workstation.

Shredding

When disposing of paperwork that contains personal information, it is essential that it is disposed of securely to ensure there is no data breach once the documentation has left the premises. To prevent such a breach, Oil Direct NI Ltd T/A Killyfaddy Commercials has invested in a confidential waste facility that will shred all paperwork securely. Therefore, all paperwork—regardless of size or quality—that contains any amount of personal information (e.g. customer name, bank details, or address) must be disposed of using the confidential waste bin located in the main office. If you have any queries about the location of a confidential waste bin or what should or should not be disposed of confidentially, please contact Mr Gavin Brannigan for advice.

Computers & Passwords

All Oil Direct NI Ltd T/A Killyfaddy Commercials systems and files are password protected for each individual user to ensure accurate identification. It is important that all passwords used by an individual employee are not shared with other employees or with family and friends, as this may lead to a data protection breach. When using any computer to access company systems or files, you must log off or lock the computer before moving away from your workstation—no matter how short the distance.

Visitors

All visitors must enter through the showroom or main entrance. Upon entry, they should be greeted according to the Oil Direct NI Ltd T/A Killyfaddy Commercials process and directed to the reception. All visitors must be signed in and out at the main desk. Any visitors allowed access must be escorted and accompanied by an employee at all times.

Data Retention

As per GDPR principles, Oil Direct NI Ltd T/A Killyfaddy Commercials will not keep data longer than necessary. All personal data will be held for the minimum required time while ensuring compliance with legal obligations. While stored, all personal data will be held securely—either electronically or on-site in a secure storage facility. Once the necessary period has expired, all personal information will be securely disposed of. If an employee requests data removal, and legal retention periods have passed, all manual records will be destroyed confidentially, and electronic records will be archived.

Building Access

Due to the nature of the business, customers have unrestricted access to the main floor of the building. Therefore, it is imperative that all employees remain conscious of their responsibilities regarding personal data. All staff are responsible for securing both employee and customer data, and no personal data should ever be left unattended.

COMMUNICATION

When communicating with employees or customers via telephone, it is important that only the personal information relating specifically to them is disclosed. It is essential that you have performed sufficient identity checks with the individual you are speaking to before referring to any personal information. This applies to both incoming and outgoing calls.

The identity checks involve the individual confirming their identity — such as: name, address, employee number, payroll number, date of birth, etc.

REQUESTS FOR THE DISCLOSURE OF PERSONAL DATA

Subject Access Requests

Any individual whose personal data is held by Oil Direct NI Ltd T/A Killyfaddy Commercials in its role as a Data Controller has the right to access the data, be told for what purpose it is being held, and to whom it may be disclosed. To access their personal data, an individual must make a Subject Access Request to Mr Gavin Brannigan. Upon receiving this request, Oil Direct NI Ltd T/A Killyfaddy Commercials is required to respond within 30 days; otherwise, we will be in breach of the regulation.

When a Subject Access Request is received, it is the responsibility of Mr Gavin Brannigan to respond. Therefore, all requests must be referred immediately.

Oil Direct NI Ltd T/A Killyfaddy Commercials takes every necessary measure to ensure the accuracy of its data. However, if the individual submitting the Subject Access Request believes any data to be inaccurate, we will make every effort to correct the issue promptly.

Law Enforcement Agencies

There are a number of exceptions within the GDPR that recognise the need for disclosure of personal data when it is in the public interest, even if it would otherwise be in breach of the Act.

An example of this would be the prevention of crime and taxation fraud, which may require personal data to be disclosed to Law Enforcement Agencies to aid investigations. These agencies include the Police, NCA, HM Revenue & Customs, and the Department of Work & Pensions.

However, strict requirements govern what personal data can be disclosed by the Data Protection Officer to third parties requesting the information, to ensure that only relevant information is shared.

When Law Enforcement Agencies contact Oil Direct NI Ltd T/A Killyfaddy Commercials to request personal information, it will most likely be via telephone or email. In either case, it is essential that no information is communicated immediately due to the strict criteria governing personal data disclosure. It is the responsibility of Mr Gavin Brannigan; therefore, all such requests must be referred to him immediately.

INFORMATION COMMISSIONERS OFFICE NOTIFICATION

Notification is the process by which a data controller informs the Information Commissioner of certain details about their processing of personal information. These details are used by the Information Commissioner to make an entry describing the processing in a register that is available to the public for inspection.

The principal purpose of having notification and the public register is transparency and openness. It is a basic principle of data protection that the public should know (or be able to find out) who is carrying out the processing of personal information, as well as other details about the processing — such as the reason it is being carried out.

Oil Direct NI Ltd T/A Killyfaddy Commercials, as a data controller, has a legal obligation to notify the Information Commissioners Office that it is a data controller and to provide a general description of the purposes for which it processes that data. Oil Direct NI Ltd T/A Killyfaddy Commercials has informed the Information Commissioners Office that it processes data for the following purposes:

Crime Prevention and Prosecution of Offenders

The Information Commissioners Office will be made aware of any change of information within 28 days.

STAFF AWARENESS & TRAINING

The training of all staff will take place on a yearly basis and will be delivered through Catalyst DBC Ltd. The training material will include eLearning featuring sufficient information to ensure that staff are aware of what they need to do to comply with the GDPR. This will be followed by a multiple-choice test to assess employees’ understanding of the regulation and highlight any subsequent training needs.

COMPLAINTS

All complaints and potential breaches relating to the GDPR must be referred to Mr Gavin Brannigan as soon as possible. He will be responsible for conducting investigations into the incident, reporting the findings to Oil Direct NI Ltd T/A Killyfaddy Commercials’s Directors, and, if deemed necessary, reporting to relevant authorities.

EXPECTATIONS OF STAFF

In the course of their daily duties, Oil Direct NI Ltd T/A Killyfaddy Commercials expects its staff to remain compliant with GDPR at all times and to follow all guidance contained within this policy. This includes:

• To collect only the personal information that is required by Oil Direct NI Ltd T/A Killyfaddy Commercials
  
• To update records promptly – for example, changes of address
  
• To delete any personal information that Oil Direct NI Ltd T/A Killyfaddy Commercials no longer requires
  
• That you will be committing an offence if you release customer or employee records to third parties without consent from Mr Gavin Brannigan or the Directors of the business

DESIGNATED DATA CONTROLLER

Mr Gavin Brannigan is responsible for ensuring compliance with GDPR and implementing this policy. If any aspects of this policy or the GDPR remain unclear, please refer all queries in the first instance to Mr Gavin Brannigan, and in his absence, to the Directors of Oil Direct NI Ltd T/A Killyfaddy Commercials.

Contact Details for Data Protection Officer

📞 07739310549

Contact Details for Managing Director

📞 07739310549