This notice is intended to inform all those individuals who visit our website www.afrenovations.co.uk (?our Website?). Use of our Website includes accessing, browsing, or registering to use our Website.
This notice describes how A F Renovations Ltd collect and use personal data about its private customers under General Data Protection Regulation (?GDPR?) which is now incorporated into the Data Protection Act 2018 together with any other national implementing laws, regulations and secondary legislation, as may be amended from time to time (?Data Protection Legislation?). Please read the following carefully to understand our practices regarding personal data and how we will treat it.
2. ABOUT US
A F Renovations Ltd (?we?, ?us?, ?our? and ?ours?) is a company registered in England and Wales under company number 12696202 and our registered office is at 91 Darnley Road, Strood, Medway ME2 2EY. We are a design, planning, project management and building company.
For the purpose of the Data Protection Legislation and this notice, we are a ?data controller?, processing data about our employees, customers, those who contact us for quotes or to make enquiries about our business and sometimes about people associated with customers, and other people with whom we have contact whilst running our business. A data controller is required under the Data Protection Legislation to notify people whose data has been collected about the matters contained in this privacy notice.
We have appointed a data protection manager (?DPM?) who will be the point of contact for matters relating to the way that we deal with personal information under the Data Protection Legislation. The DPM is responsible for assisting with enquiries in relation to this privacy notice or our treatment of your personal data. Should you wish to contact our DPM please ring the Office Administrator on 07725947646 or please email email@example.com.
3. WHAT PERSONAL INFORMATION WE COLLECT
Personal data is that information about a person that we gather in the course of our business. We gather it only because it is necessary for some reason connected with our work.
We need to know some information about our customers (whether they be householders or people representing business customers). We also collect personal information from other parties, such as our suppliers, sub-contractors, or various persons who may be involved in some way in the delivery of our work.
The amount of information that we gather about an individual will vary depending on the circumstances of our contact with them. However, by way of illustration we may gather the following information:
Contact details such as a first name, last name, telephone number or email address, home address and details of any enquiry made of us including questions, comments and feedback with regards to enquiries made Details of any quotes that we had created as well as supporting emails that helped create the quote Details of communications between us and other persons Payment details of customers or for paying suppliers Records of our work, our employees and sub-contracts lP addresses or cookie information from the computer of a person visiting our Website or communicating with us through some other computer based platform. We will never deliberately collect sensitive information such as racial, religious, sexual or political alignment and will only collect information relevant to any enquiry made to us, or work quoted upon or for work carried out by us.
We will not collect data about any minors (under 16 years of age) unless it is necessary in relation to the delivery of a particular project.
This notice is intended to inform all those persons with whom we may deal. The nature and extent of personal information we collect will depend on the needs of the customer in each case. We will usually collect all such personal information directly from the customer although it may occasionally be referred to us.
4. SPECIAL CATEGORY INFORMATION
Information (about health and physical wellbeing) is known as special category data. As with all personal information this will only be collected by us if it is needed for us to be able to provide services in any particular case.
Special category data will be kept for so long as is necessary for the purpose for which it was collected and to meet regulatory or legislative requirements.
5. RETENTION OF DATA
Personal information will be securely disposed of when it is no longer required.
We intend to keep transactional records for 6 years plus the balance of the current tax year before they are then destroyed. This is in line with our understanding of HMRC?s record keeping requirements.
In the case of personal information that was gathered for the purpose of providing a quotation, our policy is to keep the information for a period of 12 months from the date on which the last contact was had with the person whose information we had.
This is because we often commit a lot of time and expertise into the process of putting together a quotation for works. We understand that when a potential customer receives our quotation, it may be that circumstances dictate that they are not able to move forward with the works at that time. It is often the case that people return to us some months later and wish to go ahead with the works on the basis of the quotation previously prepared. It is clearly in the interests of such persons to keep that work rather than doing the quotation all over again.
For people who make contact with us through the Website or after seeing some advertising, we will only gather the minimum amount of information necessary to deal with the communication. If we do not pursue a relationship with the person making contact with us we will delete their personal information after [3 months].
In the case of other personal information, gathered in the normal course of our business, personal information is kept for three months from date of collection unless it is information gathered from a person representing a corporate body or some other form of business entity, in which case it will be kept for [3 years].
6. ON WHAT BASIS DO WE COLLECT DATA
We consider that the processing of a customer?s personal data is allowed under the law because we have a contract with a customer to provide the works. For persons who contact us for a quotation this will also be lawful as we may later enter into a contract with that person.
Where we need to know the details of a person associated with a customer, we will gather that information because it will have been necessary for some reason connected with our work. This means that we will have a legitimate interest in gathering that associate?s information.
When we deal with corporate and other business contacts, we will store the personal data of the person (usually restricted to a name, position and workplace details) that we deal with and will retain the data for at least as long as that corporate entity or business wishes to deal with us or until the people involved withdraw their permission for us to retain their data.
All those people whose personal information we have collected have the right to object to this processing if they wish, please see ?DATA SUBJECT?S RIGHTS? section below. Please bear in mind that if a person does object to our having their information this may affect our ability to carry out the works for our customer.
7. WHO WE SHARE YOUR INFORMATION WITH AND WHY
We only share information with third parties in limited circumstances.
We take photographs, video or other representations of works that we have carried out for our own marketing purposes and to retain in order to deal with any queries over work carried out. Such information, photos, videos or images may be posted on our website, in marketing literature or on one of the social media platforms that we use.
However, nothing we publish will reveal any personal information about a person or any associate. We do this unless you express to us in writing that you do not wish photographs to be used within our marketing.
We also publish testimonials and feedback given to us by customers.
It may be the case that there are other suppliers who are necessarily involved in bringing the works to a conclusion, such as sub-contractors, architects or local authority planning departments. We may share personal details with third parties who perform tasks for us and help us to continue our business of providing our services to customers. Even then this is not done as a matter of course.
From time to time there may a need for us to disclose information which may include your data to other bodies or regulatory authorities. These requirements can come about for a number of reasons such as the prevention and detection of fraud or in relation to obtaining planning permission amongst others.
We may also be obliged to disclose information if we are required to by law, or by court order or regulation. HMRC have powers to require the delivery up of information, which may include your data, in certain circumstances.
8. HOW WE KEEP YOUR INFORMATION SECURE
We take data security seriously and use appropriate technologies and procedures to protect personal information. We apply the controls detailed in the Payment Card Industry Data Security Standard to all environments when storing personal information. Payments are taken via Worldpay who are GDPR compliant and we do not store card payment details.
The standards mentioned above are applied and reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.
We are committed to ensuring the confidentiality of the personal information that we hold and we continue to review our internal security controls and related policies and procedures to ensure that personal information remains secure.
For example, we have measures in place to protect against accidental loss and unauthorised access to, use of, destruction of or disclosure of personal information.
When we contract with contractors and other third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal information is kept secure.
9. YOUR RIGHTS
A F Renovations Ltd tries to be as open as it can be in terms of giving people access to their personal information and therefore have outlined your rights below. Further information can be gathered by contacting us using the details below, or more information about your data protection rights can be found here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
10. INDIVIDUAL DATA RIGHTS AND REQUESTS
Where we retain data of a data subject, by law that data subject has the right to:
request access to their own personal data in order to know what details of the personal data we hold about that person and to check that we are processing it lawfully request correction of any mistakes in the personal data that we hold request erasure of their personal data and / or to ask us to delete or remove their personal data following the exercise by that person of their right to object to processing (see below) object to processing of their personal data where we are relying on a legitimate interest (or those of a third party) and there is something about that person?s particular situation which makes them want to object to processing on this basis object where we are processing personal information for direct marketing purposes request the restriction of processing of their personal data or ask us to suspend the processing of personal data whilst its accuracy or the reason for processing it is established request the transfer of their personal data to another if the processing is based on consent, carried out by automated means and it is technically feasible to do so.
If you are a person who wishes to exercise any of the above rights or to correct, restrict, delete or make changes to your personal information, or any of the data subject rights listed above, please email our DPM, [name], at [firstname.lastname@example.org] or telephone our DPM on [phone number].
You will not have to pay a fee to access your personal data (or to exercise any of the other rights) but we are entitled to charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
11. HOW TO COMPLAIN
If you wish to raise a complaint about how we have handled your personal data, you can contact The Office of Data Protection who will investigate the matter.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the regulator:
For more information 91 Darbley Road Strood Medway ME2 2EY