MyToolkit's Data Retention Policy

Stapling & Nailing Ltd.

Data Retention Policy

 Privacy Statement - Cookie Policy- Data Protection Policy

Where personal data is held for more than one purpose, there will be no need to delete the data while it is still required for any or all of those reasons. However, personal data will not be kept indefinitely i.e. on a “just in case” basis or if there is only a small possibility that it will be used.

This does not mean that the information will be kept forever – it will be deleted

In the cases where personal data is contained in the body of an email from a customer, it will either be copied from the body of that email and stored on their electronic record card within our accounting system Xero (for on-going record keeping purposes) . Or it will be deleted as soon as the issue/ enquiry has been dealt with and closed. By way of deleting the communication, then erasing it from the recycle bin.

All other emails will be deleted in the same way as above and once the interaction is complete, in the case that the customer leaves the conversation open ended, Stapling & Nailing Ltd. will erase the email thread 8 weeks following the date of the last interaction. Exceptions are: when the relationship is ongoing and technical product information contained in the communications is key to customer satisfaction, customer guarantees, and/or a positive outcome. We utilise Helpscout for one to one email communications their privacy policy is here

All hardcopies of personal data is stored in a locked drawer and is reviewed on a once year basis in August (end of the company’s financial year) From there on in invoices only are boxed up and archived and kept for a further 6 years for reasons of VAT and book-keeping  as all records must be accurate, complete and readable.

Electronic personal data is stored within Xero our chosen accounting system which is pass word protected where only designated staff have access to limited segments. Xero are in compliance to (GDPR) and encrypt customer data. Link to their policy here

We use Stripe Payments to handle web credit card, debit cart, American express, google pay and paypal payments. This link points to their security policy. Any paper records of telephone orders are discarded by use of a shredding machine, immediately following processing.  

Prospects or/and customers who have opted in to receive written email communications from us. We use that personal data in automated decision-making processes. Via mailchimp (privacy policy here); for remarketing related specific consumables, technical specification, specialist knowledge, product and industry updates, safety, maintenance and special offers for related merchandise or consumables. The company is able to intervene at any stage to remove a contact or/and manually override any element of this automation. Prospects who wish to receive the aforesaid and similar content from us, once subscribed will be directed to a link to our privacy statement, where it is made clear how they can object to profiling for marketing purposes, how they can access their personal data and edit it for accuracy and how we only gather and we store the minimum personal data for retention purposes

All our 3rd party software application as mentioned in this document has been selected by us for their reliability and their careful practice of protecting data and security installations. To enhance security we use a central pass word manager where passwords are generated to a point where it is close to impossible to recall them. Details of Lastpass and their policies are here

Personal Data How it is Collected, Held, and Processed

The following personal data is collected, held, and processed by the Company (for details of data retention,

Data Ref.

Type of Data

Purpose of Data


Full name

The purchase of goods in order for the goods to be addressed to the correct person and/or if you register to receive our relevant offers and helpful advice. Or when you have proceeded to our checkout then abandoned prior to the payment stage.

We store your email address within Xero our chosen accounting system which is pass word protected. This company is highly respected, credible and comply with data protection (GDPR) they encrypt customer data. Link to their policy here

We pass on these details to enhance delivery process, once goods are despatched via 3rd party courier (DPD, Hermes, Post office or occasionally other. From leaving us to arrival with yourself, ensuring you are updated at each stage.

If you have opted in for our tool updates and special offers then see 5.4 where we will  address you by your name


Business/Company Name

Only if you are a business and  require a VAT  invoice: As above for 5.1



If you have registered to receive our tool information and relevant offers, you will be presented with a drop down menu to select the type of trade that you are involved in and therefore receive more relevant content. NB you have the option to select other.


Email addresses & telephone number

As above for 5.1 and 5.2.

We will also use your email address to communicate any offers and relevant useful information on tools, fastenings and industry news if you have registered to receive this service. By use of our designated email system Mailchimp who encrypt data and comply to GDPR laws see their policy here



Removal or amendment of Data:

Only in the case that the Company has reasonable grounds to refuse to erase personal data (effective processing), shall all requests for erasure be complied with and the data subject informed of such, within 4 week of the request. This period can be extended by up to 8 weeks if the request is complex in any way in which case the subject will be advised.

In the case of 3rd parties, being in procession of the personal data those parties shall be informed of the deletion (unless it is impossible or would require disproportionate effort to do so).