We may have to collect and use information about you when you place and enquiry or order with us. This information must be handled and dealt with properly, however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by any other means.
We regard the lawful and correct treatment of personal information as very important to our successful operation and to maintaining confidence between us and those with whom we carry out business. We will ensure that we treat personal information lawfully and correctly. To this end we fully endorse and adhere to the principles of the General Data Protection Regulation (GDPR).
“Personal data” is information that relates to an identifiable person who can be directly or indirectly identified from that information, for example, a person’s name, identification number, location, online identifier. It can also include pseudonymised data.
“Data processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
C.) DATA PROTECTION PRINCIPLES
Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
a) processing will be fair, lawful and transparent
b) data be collected for specific, explicit, and legitimate purposes
c) data collected will be adequate, relevant and limited to what is necessary for the purposes of processing
d) data will be kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
e) data is not kept for longer than is necessary for its given purpose
f) data will be processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
g) we will comply with the relevant GDPR procedures for international transferring of personal data
D.) WHAT TYPES OF DATA DO WE HOLD?
We keep several categories of personal data in order to carry out effective and efficient processes. We collect your data when placing and order or creating a quote or enquiry. The data we collect includes details you provide to us such as your name, surname, telephone number or email address. We use this data for
– Marketing purposes in order to send regular mailshots via mailchimp.
– Registration purposes so that you can place orders via our door ordering portal.
– Provision of assistance via our customer services team.
– Making a payment via credit card for products provided.
If you have given us consent to do so, we may contact you by telephone, email, SMS or post to notify you or products or special offers that may be of interest to you. We will offer you the option to opt-in or opt-out of marketing communications and you can unsubscribe to these at any point.
The data is processed by DOORCO Ltd. We may also use the services of external suppliers to help meet our business needs and may share your data with these suppliers. They will process your data only under our instructions.
E.) HOW LONG WILL WE KEEP YOUR DATA?
We will not retain your personal data for longer than is necessary to fulfil the purposes for which you provided that personal data, unless the law permits or requires that we retain it for longer. The retention period varies depending on the purpose of the processing. For example, data collected during purchase of goods are retained in accordance with local tax laws (seven years in the UK), while those data used to send you our marketing communications are retained until you ask to be unsubscribed.
F.) WHAT ARE YOUR RIGHTS REGARDING PERSONAL DATA?
You have the following rights in relation to the personal data we hold on you:
a) the right to be informed about the data we hold on you and what we do with it;
b) the right of access to the data we hold on you.;
c) the right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
d) the right to have data deleted in certain circumstances. This is also known as ‘erasure’;
e) the right to restrict the processing of the data;
f) the right to transfer the data we hold on you to another party. This is also known as ‘portability’;
g) the right to object to the inclusion of any information;
h) the right to regulate any automated decision-making and profiling of personal data.
You can exercise these rights at any time by emailing email@example.com or calling 01625 428977.
G.) YOUR RIGHTS?
As stated above, you have a right to access the personal data that we hold on you. To exercise this right, you should make a Subject Access Request. We will comply with the request without delay, and within one month unless, in accordance with legislation, we decide that an extension is required. Those who make a request will be kept fully informed of any decision to extend the time limit.
No charge will be made for complying with a request unless the request is manifestly unfounded, excessive or repetitive, or unless a request is made for duplicate copies to be provided to parties other than the employee making the request. In these circumstances, a reasonable charge will be applied.
H.) DATA SECURITY
Your data will be protected with specific technical and organisational safety measures in place to prevent your personal data being used illegitimately or fraudulently. Personal information held in files used for marketing purposes will be held in password protected files with limited personnel access. Data held in computer systems will be secured using passwords, access control and other controls to ensure the resilience of the systems that contain the data and restore data in the event of a breach.
Personal customer data will not be kept or transported on laptops, USB sticks, or similar devices, unless prior authorisation has been received. Where personal data is recorded on any such device it will be protected by:
a) ensuring that data is recorded on such devices only where absolutely necessary.
b) using an encrypted system — a folder should be created to store the files that need extra protection and all files created or moved to this folder should be automatically encrypted.
c) ensuring that laptops or USB drives are not left where they can be stolen.
I.) THIRD PARTY PROCESSING
Where we engage third parties to process data on our behalf, we will ensure, that the third party takes such measures in order to maintain the Company’s commitment to protecting data.
J.) INTERNATIONAL DATA TRANSFERS
The Company does not transfer personal data to any recipients outside of the EEA.
K.) REQUIREMENT TO NOTIFY BREACHES
All data breaches will be recorded. Where legally required, we will report a breach to the Information Commissioner within 72 hours of discovery. In addition, where legally required, we will inform the individual whose data was subject to breach.
The Company keeps records of its processing activities including the purpose for the processing and retention periods in its HR Data Record. These records will be kept up to date so that they reflect current processing activities.
N.) CONTACTING US
M6 Motorway House