What this Policy covers
Mid Wales Windows & Conservatories Limited is committed to protecting the privacy and security of your personal information.
This Privacy Notice describes how we collect and use personal information about you, and how we protect your data on a day-to-day basis in accordance with your rights under the General Data Protection Regulation (GDPR) 2018.
This policy does not form part of any agreement or contract and may be updated at any time.
Identity of the Data Controller
Mid Wales Windows & Conservatories Limited
We are a data controller for any personal information that you provide to us. This means that we are responsible for determining how information relating to you is used, stored and shared.
Mid Wales Windows & Conservatories recognises the importance of protecting the personal information and the privacy of data provided by you (and that which may personally identify you).
Categories of Personal Data we process
We will collect, store, and use the following categories of personal information about you:
a) Contact Information
- Your full name
- Your address
- Your contact details such as phone numbers and email addresses
b) Information about the goods or services we provide to you:
- information needed to provide goods or services to you (including information on account opening forms, details of your order, order history, payment details, delivery address, delivery requirements and restrictions, trade references and tax information, employment status, salary and homeowner status for the purpose of processing finance applications);
- customer services information; and
- customer relationship management and marketing information
c) If you choose to use social media in order to contact us or find out about our products or services, your profile information (including your preferences and interactions with us on Facebook, Instagram and Twitter) and information which you post on message boards which are relevant to our business.
As part of our commitment to raising standards, we may monitor and record communications with you (including phone conversations, emails, text and webchat conversations) for quality assurance, legal, compliance and training purposes.
Sensitive Personal Data
There may be instances where it is necessary for you to share information with us containing special categories of personal information or ‘sensitive personal data’. This relates to things such as details of medical conditions which you may need to share with us so we are able to meet your specific requirements when providing our goods and services.
Due to the sensitive nature of this information, we will only take it from you if you have given us your explicit consent and it is necessary for us to do so. We will also inform you of what we will do with this information and who we will share it with. you enter your personal details on our website, we’ll ask you for your name, address, telephone numbers (mobile and land) and email address.
Sources of Personal Data
We collect personal information relating to you directly from you.
The legal basis we rely on
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data. We use Legitimate Interest. In the situations where we collect and process your personal data, we require it to pursue our legitimate interests in a way which might reasonably be expected as part of running our business.
Our purposes for processing your data
d) Performing the contract that we have entered in to with you by providing you with the products and services that you have ordered
e) To provide you with a quote and the details of all available payment methods when you have shown an interest in our products and services
f) To issue marketing material to you about the products and services we offer
g) To process a finance application for you
h) Where it is necessary for our legitimate interests or those of a third party and your interests and fundamental rights do not override those interests
i) To comply with relevant legislation and regulations
How we use this information
We collect, use and store your personal information for the following reasons:
- to allow our advisers, agents and sales representatives to follow up our service, either by email, telephone, text or mail, as part of our customer care procedure;
- to help us to understand your needs and provide a better service;
- to help us to improve our products and services;
- to enable us to occasionally contact you for market research purposes;
- to enable us to send you information about new products, special offers or other information that we think you may find interesting;
- to administer our websites;
- to facilitate our internal record keeping;
- to enable you to participate in our competitions and promotions;
- to help to prevent and detect fraud or loss;
- to process orders which you place for goods or services from us;
- to prepare before and after photographs of enhancements to your property to use for marketing purposes;
- to amplify an event to a broader audience and for internal presentation purposes, we may use your photograph or video footage from an event where it is in our legitimate interests for marketing and business development purposes or where we have your consent; and
- to contact you to invite you to write a news article about our products and services; to invite you to events, send you promotional material and for press releases if you are a journalist, where it is in our legitimate interests.
- to provide relevant goods or services to you or your employer (including, to confirm and process orders, for administration of your account with us, customer loans, tax and export, billing and debt collection purposes;
- to deal with any enquiries or issues you have about our goods and services, including any questions you may have about how we collect, store and use your personal information, or any requests made by you for a copy of the information we hold about you. If we do not have a contract with you, we may process your personal information for these purposes where it is in our legitimate interests for customer services purposes;
- to send you certain communications (including by email or post) about our goods and services such as service announcements and administrative messages (for example, setting out changes to our terms and conditions and keeping you informed about our fees and charges);
- to allow you to attend our events or participate in competitions and to send you photos that you have permitted us to take of you;
- for health and safety and quality assurance;
- to comply with any procedures, laws and regulations which apply to us – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others to comply, as well as where we are legally required to do so.
- to establish, exercise or defend our legal rights – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others, as well as where we are legally required to do so
- to process your information in accordance with your rights under the General Data Protection Regulation (GDPR) 2018.
Where appropriate, we will seek your consent to undertake some of these activities.
How we decide how long to retain your data
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or contractual requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and any applicable legal or contractual requirements.
Your contact details, measurements and products used are retained on our systems for the duration of your guarantee so that we can carry out necessary repairs. If you request that we delete this information it will impact on the repairs/replacements we will be able to offer.
Who has access to your data
We may share your personal information with third parties where required by law, where it is necessary to administer the contract we have entered in to you with you, or where we have another legitimate interest in doing so.
Recipients of your data may include third-party service providers, other related business entities, a regulator, or to otherwise comply with the law.
If you choose to fund your purchase with us using one of the finance products we offer to our customers as a credit broker on behalf of lenders, we will share your data with the relevant lender so they are able to process your finance application.
Where we do so, we will require third parties to respect the security of your data and to treat it in accordance with the law.
Security of your data
As required under the General Data Protection Regulation (GDPR) 2018, we have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
As defined by the Information Commissioners Office (ICO) under the General Data Protection Regulation (GDPR) 2018, you have the right to:
- Request access to, and a copy of, your personal information that we hold.
- Request correction of the personal information that we hold about you if you believe it is incomplete or inaccurate
- Request erasure of your personal information in specific circumstances, such as; if our processing of your personal information is based upon legitimate interests and you believe it is no longer necessary; or if you believe we have processed your personal data unlawfully or not for the purposes which it was intended.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
- Request to restrict the processing of your personal information in specific circumstances, such as; you have requested that your personal information is corrected and want to restrict processing whilst we correct it; where you believe our processing is unlawful but do not want us to erase your personal information; where we no longer need to store your personal information but you require us to do so to enable you to exercise or defend a legal claim.
- Data Portability in particular circumstances meaning that you can request for your personal information to be securely moved, copied or transferred from our IT environment to another. This only applies if our lawful basis for processing your data is consent or performance of a contract, and we are processing your data by automated means.
If you believe we have not complied with your rights, you can contact to the Information Commissioners Office (ICO) by visiting their website http://ico.org.uk/.
Automated decision-making & profiling
We do not conduct any automated decision-making or profiling activities whilst processing your personal information.
Cookies are stored on your computer’s hard drive and cannot be used to identify you personally as they contain no personal information.
Changes to this Privacy Notice
The Company reserves the right to update this privacy notice at any time. You can request the most up to date version from us at any time by contacting us on the contact details below.
Please do not hesitate to contact us regarding any matter relating to this Privacy notice in writing to Data Department
Mid Wales Windows & Conservatories Limited
9 High Street
Newtown, Powys SY16 2NY
Company No. 08410018