General Data Protection Regulation (GDPR)


  1. FLAHAVAN & SONS LTD respect personal privacy and are committed to adhering to the applicable privacy and data protection laws and business guidelines.   This internal privacy and data protection policy ("Privacy and Data Protection Policy") describe how E. FLAHAVAN & SONS LTD handles the information collected and provided to us. This policy also outlines the procedures for securing and managing personal data relevant to the business with specific observance of the General Data Protection Regulation (“GDPR”) of the European Union.

This Policy applies to all E. FLAHAVAN & SONS LTD business units and all employees, employed in all business units.

  • EU General Data Protection Regulation

The Company is subject to the 1995 European Union (“EU”) Directive on Data Protection (“1995 Data Protection Directive”), which requires EU member states to impose minimum restrictions on the collection and use of personal data. The EU member state regulations establish several obligations that organisations must follow with respect to use of personal data, including a prohibition on the transfer of personal information from the EU to other countries whose laws do not protect personal data to an adequate level of privacy or security.

The GDPR comes into effect in 2018 and extends the scope of the EU data protection law to all companies processing data of EU residents. It provides for a harmonisation of the data protection regulations throughout the EU.   It imposes a strict data protection compliance regime with severe penalties, e.g. up to 4% Group worldwide turnover or €20 million for breaches or 2% Group worldwide turnover for lack of documentation, and includes new rights such as the “portability” of personal data.


“Data Protection” is defined as the protection of Personal Data relating to any living individual (“Data Subject”) whilst in the possession of an organisation (“Data Controller”). There are multiple legal and business requirements to keep this data ‘safe, secure and accurate’.

"Personal Data" means data relating to any living individual which is capable of being used to identify that specific Data Subject. Two pieces of non-personal data, when put together, may also become personal data, if it can lead to the identification of any Data Subject.   Personal Data may comprise special / financial data, e.g. bank account details, passwords, or information relating to age, sex, race, religion, disability, sexual orientation, trade union membership.

“Data Breach” occurs when personal data leaves the (direct or indirect) control of the Data Controller, e.g. lost / stolen laptop, phone or other electronic device, e-mail sent to incorrect person, unauthorised disclosure of database containing personal information, loss of data by authorised contractor, misplaced paperwork.

“Data Processor” is any person that uses the personal data under the control of a Data Controllers for any reason, e.g. hold, use, amend, delete.


Personal data should not be transferred out of the country of origin unless the receiving country or organisation can ensure an adequate level of protection for the data. The Data Controller remains legally responsible for the data, at all times.

Principles of Data Protection

  1. Obtain and process the information fairly;
  2. Keep it only for one or more specified and lawful purposes;
  3. Process it only in ways compatible with the purposes for which it was initially obtained;
  4. Keep it safe and secure, applying security measures against unauthorised access, alteration, disclosure or destruction of data;
  5. Keep it accurate, complete and up-to-date;
  6. Ensure that it is adequate, relevant and not excessive;
  7. Retain it no longer than is necessary for the specified purpose; and
  8. Give a copy of all personal data held, to the individual, upon request.

5.1       Personal Data must be kept: a) Safe; b) Secure; and c) Accurate.

  1. Safe = IT security, databases and electronic devices password protected and encryptions on all data (where possible) – secure from unauthorised access, disclosure or destruction.
  2. Secure = what was the purpose of originally collecting the data? Is that purpose still relevant? Is the personal data in current usage by the company? Has the individual given permission to the company to continue holding the personal data? Is it capable of being searched, retrieved and amended / deleted, if required?
  3. Accurate = up to date and in order, across all databases.

5.2       E. FLAHAVAN & SONS LTD employees may report any violations or direct questions regarding the policy to:

This policy may be amended at any time. We encourage you to regularly check this policy for any updates and changes. Any breach of this policy will be taken seriously and may result in disciplinary action up to and including termination of employment.


Cookies Policy

  1. Flahavan & Sons Ltd is committed to providing you with the best online experience while visiting the company’s website (the “Website”). To achieve this, we utilise our own and standard third party cookies to obtain data about your online behaviour while you are on the Website, and we also track how often you visit the Website.

If you do not wish to accept this Policy please do not continue to use the Website.

Cookie Settings

What we track

We do not use any intrusive cookies on the Websites to collect your personal information. We use industry standard third party cookies such as Google Analytics to track your behaviour online and gain statistical information at an aggregated level in the following ways:

  • We track the number of visits to the Website, where each visitor came from (i.e. the website you visited prior to coming to the Website) and where each visitor goes to from the Website (i.e. the website you visit after leaving ours).
  • A cookie is stored on your device for no longer than required which is linked to your IP address. Cookies are small text files that your web browser stores on your device. This allows us to track whether you return to the Website.

From time to time we also track conversions from Google Ad campaigns and use cookies to provide visitor targeted ads when they visit other websites.

The tracking cookies lose their validity after 30 days and are not used for the personal identification of the users.

How to manage cookies

If you do not wish us to track information through cookies you can configure your browser to reject cookies. If you wish to do so, please refer to your Internet browser’s user instructions to find out how to delete and reject cookies. Note that the rejection of cookies may impact your user experience on the Website and restrict you from utilising certain site functionalities.

Cookies used on website

The Website may contain links to third party websites. If you follow a link to any of these third party websites please note that these websites have their own privacy and cookie polices and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these third party websites.

Changes to this Policy

Any changes we may make to our Policy in the future will be posted on this page.

Contact Us

Questions, comments and requests regarding this Policy are welcomed  contact us »