Privacy Policy

At Kammac we deliver flexible, sustainable and efficient distribution solutions.

Kammac is committed to protecting the privacy and security of your personal information.

Kammac is a “data controller” referred to as “we”, “us”, “our” or the “company” in this privacy notice. This means that we are responsible for deciding how we hold and use personal information about you and are required under data protection legislation to notify you of the information contained within this notice.

This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR) and Data Protection Act 2018. We aim to give you information on how we use your personal data when you use this website, use or enquire about our products or services or if we decide to market our services to you. Data relating to prospective employees, current/former employees, self-employed contractors and agency workers are contained in a separate recruitment and employee privacy notice. Most of our interactions as an organisation are on a B2B basis.

It is important that you read this notice, together with any other privacy notice we may provide to you, This is so that you are aware of how and why we are using such data at the time we use it.

We will comply with data protection law. This says that the personal information we hold about you must be:

  • Used lawfully, fairly and in a transparent way;
  • Collected only for valid purposes that we have clearly explained to you and not used
    in any way that is incompatible with those purposes;

  • Relevant to the purposes we have told you about and limited only to those purposes;
  • Accurate and kept up to date;
  • Kept only as long as necessary for the purposes we have told you about;
  • Kept securely

If you have any questions about our policies on data protection or your rights and how you can exercise them please contact This policy was last updated May 2018.

The nature of information we hold about you

We may collate, store and utilise the following categories of personal information about you:

  • Personal contact details such as name, title, postal addresses, telephone numbers and personal email addresses;
  • Financial information such as credit reference checks, details of financial/payment transactions, bank account and payment card details;
  • Marketing information including contact details and your preferences in receiving marketing from us;
  • Cookies. These are small text files that are placed on your computer by websites that you visit. These are widely used in order to ensure websites work or work more efficiently as well as provide information to the owners of the site. We collect information about how visitors use our site and for extra security when submitting online forms. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form. Please see our separate cookie policy for more information
  • Feedback. We may gather feedback from customers on how to improve our products or services or gather some personal data in order to deal with customer complaints or enquiries about ongoing orders or deliveries;
  • Technical Data includes browser type and version, location (country and city), language, operating system and platform, ISP, screen resolution, device type (mobile or PC system), client ID (as assigned by Google Analytics not by Kammac)
  • Profile Data we do not routinely collate profile data though do collect some profile data when online forms are utilised on our and sites. This data includes details such as name, company name, telephone number and email addresses
  • Usage Data – we collect usage data to calculate the percentage of users accessing a specific website feature. We cannot identify you from the client ID assigned to you by Google Analytics.

We do not process any special categories of personal data or information about criminal convictions and offences from our website or from our customers or suppliers.

When our site includes links to other websites or applications, we would advise you to read the privacy and cookies policies of that website to assess how they use your personal data.

How do we collect your personal data?

We collect personal data about you in a variety of ways:

  • Direct from you – This could be when you make an enquiry about our products
    and services, enter into a contract with us to deliver our products and services,
    request marketing information or make a customer complaint or provide us with
    feedback. You may provide personal data by contacting us direct or by completing
    forms and forwarding them to us via post, email or using our online contact form.
    You may provide personal data over the phone or in person or by using social

  • From our website – We may collect some information from our website usage. Please see our separate cookie policy for more information
  • Third parties or publicly-available sources. We may also receive personal data
    about you from various third parties such as:

a) Publicly-accessible resources such as Companies House, the Bankruptcy and Insolvency register;

b) Credit reference agencies

c) Due diligence providers 

d) Insurers;

e) Your bank or another financial institution;

f) Local Authorities;

g) Analytics providers such as Google Analytics;

h) Advertising networks;

i) Financial and Transaction Data from providers of technical, payment and delivery services such as Paypal, Sagepay,Worldpay, Groupon, Paypal, Direct, Payaway IP, Bankline;


We may not be able to enter into or fulfil a contract with you (for example, the delivery of
products or services) if you do not provide data we may need either by law or to perform that
contract. As a result, we may have to cancel a contract or delay goods or services. We would
inform you if this occurs.


We will only use your personal data for a lawful reason. This will usually be in the following situations:

  1. In order for us to perform the contract we have with you;

  2. Where we need to comply with a legal obligation;
  3. Where it is necessary for our legitimate interests (or those of a third party) and your
    interests and fundamental rights do not override those interests;

  4. Where you have given consent


We may also use your personal information in the following situations, which are likely to be

    1. Where we need to protect your interests (or someone else’s interests)
    2. Where it is needed in the public interest (or for official purposes).



In the limited circumstances where you may have provided your consent to the processing of your personal data, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

We generally do not rely on consent as a basis for processing personal data though may do so in gaining your consent to direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us on or by opting-out or unsubscribing to any communications.


We need all the categories of information in the list above (see ‘The nature of the information we hold about you’) primarily to allow us to perform our contract with you or for our legitimate interests.

The situations in which we will process your personal information are listed below. We have
indicated the purpose or purposes for which we are processing or will process your personal
information, as well as indicating which categories of data are involved:

 Processing activityCategories of dataLawful Basis 

Customer administration and accounts

To register you as a new customer
on our internal systems

Identity, contact and financial details.

  •  Performance of a contract with you. 

Customer administration and

To process and deliver your order
including the management of
payments, fees, credit and debtor
accounts, dealing with customer

Identity, contact, financial and transaction details.

  • Performance of a contract with you;
  • Necessary for our legitimate interests
    (to recover payments/debts to us and
    manage and maintain customer

Business Development, Sales and Marketing

We may use your personal data to market our services to:

  • existing and former

  • third parties who may have
    expressed an interest in our

  • third parties with whom we
    have had no previous

We may also undertake customer surveys or monitor how you use our website.

Identity and contact details, data obtained from usage of and cookies on our website.

  •  Performance of a contract with you;
  • Necessary for our legitimate interests
    (to promote our products and services
    to our existing customers or those
    who we feel may have an interest in
    hearing from us about relevant
    products and services; to keep our
    records up to date and understand
    how we can meet and improve up on
    our service delivery to customers; to
    understand how users interact with
    our website in order to improve
    content; to understand our customers’
    or prospective customers’ needs so
    that may grow our business)

Managing premises, equipment

and facilities

Visitors to our premises will be
required to wear a pass for their
visit and will be asked to sign in
and out of reception. The
information is retained for 12
months. The purpose for
processing this information is for
security and safety reasons.

Closed-circuit television (CCTV) is
monitored to enable site security.
Images of visitors and their
vehicles (authorised or
unauthorised) may be used for the
prevention and detection of crime
and may be released to third
parties on request (such as the
Police force) or internally subject
to access controls and appropriate
protocols. This may be to
investigate a crime or an internal

We have Wi-Fi on site for the use
of visitors. We’ll provide you with
the address and password. We
record the device address and will
automatically allocate you an IP
address whilst on site. We also log
traffic information in the form of
sites visited, duration and date
sent/received. We do not ask you
to agree to terms.

Identity details, stills and video of visitors to site and vehicle registration details.

  • Necessary for our legitimate interests

    (For on-site security and protection of
    staff and assets; to allow you access
    to the internet when you visit our site;
    to prevent fraud)

  • Necessary for us to establish, exercise
    or defend legal claims.

To monitor, maintain and test the
website and other ICT.
Identity, contact and technical details.
  •  Necessary for our legitimate interests

    (For data security and protection of assets; to protect our IT network and prevent fraud)


We will only use your personal data for the purposes we outlined to you at the outset. We will continue to process your personal data for another reason if we consider that the revised reason is compatible with the original purpose. If the revised reason is for an unrelated purpose, we will notify you and outline the basis upon which we believe we have a lawful reason for continuing to process your data. We will not notify you of the change of purpose if the processing is required by law.


Your duty to update us

It is important that the personal data we hold about you is accurate. Please update us if this changes during your working relationship with us.

Your rights in connection with personal information

Under certain circumstances, by law you have the right to:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we collect about you and an outline of why we are using it;
  • Request correction of the personal data that we hold about you. This enables you to have inaccurate information corrected;
  • Request erasure of your personal data. This enables you to request the deletion or removal of your personal data in certain circumstances. You also have the right to request the deletion or removal of personal data where you have requested the right to object to processing;
  • Object to processing of your personal data where the basis for processing is a legitimate interest (or those of a third party) and you wish to object to processing on this basis. You also have the right to object where we are processing personal data for direct marketing purposes;
  • Request to restrict the processing of your personal data;
  • Request the transfer of your personal data to another party.

If you want to exercise any of the above rights, please contact


You will not normally have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request for access is unfounded, excessive or involves a repeat or duplicate request. Alternatively, we may refuse to comply with the request in such circumstances.

What we may require to process your request

We may need to confirm your identity and assess your rights to access the data. This is purely to ensure we comply with the requirements of the GDPR especially where there may be data that relates to another individual.


We may have to share your personal data with third parties including third-party service providers in order to administer our working relationship with you or where we have another legitimate interest in doing so.

We require third parties to respect the security of your data, treat it lawfully and as only as per our instructions.

Which third-party service providers process my personal information?

“Third parties” includes third-party service providers and other entities within our group. The following activities are carried out by third-party service providers

  • Staff and site administration where we provide onsite logistics;
  • Managing facilities;
  • HMRC, HSE and other regulatory bodies;
  • Insurance provision;
  • Legal Advice;
  • ICT services and applications;
  • Accountancy;
  • Credit reference agencies;
  • Interpretation of telematics and tracking information;
  • Marketing.

We may also share your personal information for example in the context of the possible sale or restructuring of the business or with a regulator or to otherwise comply with the law.

Transferring information outside the EU

Kammac hosts some of its applications in industry-leading Amazon Web Services, whose data centres are located within the EEA, which have been thoroughly tested for security, availability and business continuity.

All data is stored within the EEA and the data will not be processed outside of the EU by Kammac. However, Kammac uses multiple third-party providers as part of our business operations and architecture for the purposes of logging, billing and system monitoring. In connection with this, data might be transferred outside our EU data centre.

To ensure that your personal information does receive an adequate level of protection we have put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection. This is available on request from

Data security

We have put in place measures to protect the security of your information which include physical and application security. Details of these measures are available upon request.

Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure

We have put in place appropriate security measures to prevent your personal information from being lost or used in an unauthorised way. In addition, we have access controls in place to ensure information is kept secure and only relevant and limited individuals have access to it. Our staff are subject to a duty of confidentiality. Details of these measures may be obtained from

Protocols are in place to deal with suspected data security breaches. We will notify you and the ICO of a potential breach where we are legally required to.


We will only keep information as long as is necessary for the purposes we have informed you about. Details of retention periods are available by contacting To determine relevant retention periods, we consider a number of factors including business need, regulatory and legislative requirements, the nature and sensitivity of the data and the potential risks of unauthorised disclosure.


If you have any questions about this privacy notice or how we handle your personal information, please contact You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.


We reserve the right to update this privacy notice at any time. We will provide you with a new privacy notice when we make material updates or may notify you periodically about the processing of your personal data

If you have any questions about this privacy notice, please contact