Privacy Policy
What personal data we collect and why we collect it
1. Introduction
We take Privacy seriously and fully endorse and adhere to the Principles of the EU GDPR. This Privacy Notice includes information about how we collect, use and disclose your personal data, and your rights in relation to the personal data we hold.
To help you further understand this policy, here are some terms used herein and in the data protection industry:
Personal Data
This is information that relates to and identifies living individuals, i.e. their personal information.
Data Subjects
These are the living individuals to whom the personal data relates.
Processing
This covers a wide range of operations on personal information, this includes its collection, use, disclosure and disposal.
Data Controllers
Data controllers are clients who supply us with their personal data (i.e. mailing lists) directly or are the clients we gather personal data on behalf of. We only become the data controllers if we are using any personal data for our own purposes or it is the personal data of our staff. For example, we are the Data Controllers of our own Mailing List.
Data Processors
These are individuals who are not employed by a data controller but who process personal data on behalf of and in accordance with the instructions of a data controller; in effect they could be referred to as subcontractors. We are the data processors for any personal data supplied by or gathered on behalf of our clients.
2. Who is collecting the data?
We handle personal data exclusively to provide services for our clients and also for our own marketing purposes.
In certain circumstances, we may use third parties to collect and supply data. Any third-party company used for this purpose will have been vetted by us to be fully GDPR compliant.
3. How do we collect your data?
We collect your personal data in a number of ways, for example:
during a meeting;
from information about you provided to us by your company;
from information about you provided to us by an independent referral;
when you communicate with us by telephone, email or other forms of electronic communication;
from publicly available sources.
4. What data is being collected?
For our day-to-day operations, we collect names, email addresses, postal addresses and/or telephone numbers, as appropriate. All data collected is the minimum required to successfully carry out specific operational needs. This data is kept as accurate and up-to-date as possible.
5. Where is the data stored?
We store all personal data in a secure Client Database.
6. What is the legal basis for processing the data?
We will only process data if it is necessary for the legitimate interests of the data subject unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. We use opt-in procedures for collecting your personal data, and opt-out services are clearly shown and available at all times.
The purposes for which personal data is collected include:
(a) responding to any enquiries you have made;
(b) Sending you materials and/or information you have requested or products/services which you have purchased;
(c) Performing our obligations in relation to any agreement you have with us;
(d) Conducting contests, competitions or promotions;
(e) Enabling you to submit contributions to us and/or to the Website;
(f) To customise and improve the content on the website to improve our products and services to respond to your current and future needs and interests;
(g) Contacting you if we change our products or services or terms or if we need to give you notice of such changes;
(h) for the purpose of marketing our other products and services to you unless you opt-out from receiving our News & Special Offers;
(i) For accounting purposes and internal administration and analysis;
(j) For the prevention of fraud; and
(k) For any purpose required by law or regulation.
7. Will the data be shared with any third parties?
We do not share, sell, rent or distribute personal data to or with third parties unless the transfer of such information to third parties is strictly necessary for providing a service you have commissioned and will not disclose personal information to third parties for their own marketing purposes unless you have consented to this.
8. How will the data be used?
The personal data is used solely for providing a service to our customers.
9. How long will the data be stored for?
Your personal data remains in our client database and mailing lists until you request erasure or/and opt-out of our Mailing list.
10. What are your individual rights?
You, as the data subject, have full rights under Chapter 3, Articles 12 to 23 of the General Data Protection Regulation (GDPR) which specifically deal with the rights of the data subject.
Therefore, you have several rights in relation to how SPR Carpentry & Construction uses your information. They are:
Right to be informed
You have a right to receive clear and easy to understand information on what personal information we have, why and who we share it with.
Right of access
You have the right of access to your personal information. If you wish to receive a copy of the personal information we hold on you, you may make a Data Subject Access Request (DSAR) by emailing info@sprcarpentry.co.uk
Right to request that your personal information be rectified
If your personal information is inaccurate or incomplete, you can request that it is corrected.
Right to be forgotten (request erasure)
You can ask for your information to be deleted or removed if there is not a compelling reason for us to continue to have it, for example, if you are an existing client and we need this information to contact you.
Right to restrict processing
You can ask that we block or suppress the processing of your personal information for certain reasons. This means that we are still permitted to keep your information – but only to ensure we don’t use it in the future for those reasons you have restricted.
Right to data portability
You can ask for a copy of your personal information for your own purposes to use across different services.
11. Cookies and IP Addresses
11.1 In addition to asking you to submit personal information, we may collect information about you automatically when you visit the Website. This information is not normally personally identifiable. Such information includes general information about your computer settings, your connection to the internet (i.e. your Internet Service Provider), your IP address (this is the number assigned to your computer by a web server when you are on the internet), your geographical location, your operating system, your browsing patterns, the pages you visit and documents downloaded. We analyse such information in the aggregate and will not use it for the purpose of identifying you (except that we may use such information to identify a visitor if we consider that there are or may be safety or security issues or to comply with relevant laws and regulations).
11.2 We may collect this information through the use of software technology called “cookies”. Cookies are small bits of information which are sent to your computer’s hard drive when you first visit the Website, and which allow us to identify your computer the next time you visit the Website. We may use the information collected in this way to (i) identify what technologies and internet services are being used by our visitors and (ii) track usage of the Website so that we can adapt the Website to ensure that it better suits your needs and interests.
11.3 Up to date Internet browsers give you the option to reject, accept, or erase cookies stored on your computer or be notified before a cookie is stored on your computer. If you install or update your browser after May 2018 you will be given clear options on managing your cookies. Your ease of use of the Website’s e-commerce functions may be reduced if you reject all cookies, such as retaining your cart content if you leave the site before making a purchase. Such cookies, for cart and sessions do not hold personal information.
12. Google Multi-device Remarketing Features
Where users have chosen to enable Google to associate their web and app browsing history with their Google account, and to use information from their Google account to personalise ads, Google will use data from its signed-in users together with our Google Analytics data to build audience lists for cross-device remarketing. In order to support this feature, two things will happen:
Google Analytics will collect Google-authenticated identifiers associated with users’ Google Accounts (and therefore, personal information) & Second, Google Analytics will temporarily join these identifiers to SPR Carpentry & Construction Google Analytics data in order to support our audiences.
13. How can you raise a complaint?
If you think your personal data has been misused, please contact us by emailing info@sprcarpentry.co.uk with details. After an investigation, you will be notified of the results, including if no evidence of a security breach or misuse is discovered.
You always retain the right under Chapter 3, Article 17 of the GDPR to have any personal data held by SPR Carpentry & Construction erased.
14. Contact details
For further information on any of the subjects covered in this document, please contact:
Sam Rigden
Director
01273583385
info@sprcarpentry.co.uk