GENERAL PRIVACY NOTICE
GDPR General Data Protection Regulation
In accordance with the General Data Protection Regulation and related UK data protection legislation, we are committed to protecting the confidentiality and security of the information that you provide to us.
This Privacy Notice is designed to help you understand how we collect and use your information.
We may collect information from you about other people, for example, family members who may not be able to make their own appointments. Insurance companies or other businesses making a booking on your behalf. If you give us information about another person, it is your responsibility to ensure and confirm that:
• You have told the individual who we are and how we use personal information, as set out in this Privacy Notice.
• You have permission from the individual to provide that personal information to us and for us to use it.
Your personal data – what is it?
“Personal data” is any information about a living individual which allows them to be identified from that data (for example a name, photographs, videos, email address, or address). The processing of personal data is governed by legislation relating to personal data which applies in the United Kingdom including the General Data Protection Regulation (the “GDPR) and other legislation relating to personal data and rights such as the Human Rights Act.
Who are we?
This Privacy Notice is provided to you by ‘Refresh’ which is the data controller for your data.
Other data controllers the company works with:
We may need to share your personal data we hold with them so that they can carry out their responsibilities to ‘Refresh’. If we and the other data controllers listed above are processing your data jointly for the same purposes, then the company and the other data controllers may be “joint data controllers” which mean we are all collectively responsible to you for your data. Where each of the parties listed above are processing your data for their own independent purposes then each of us will be independently responsible to you and if you have any questions, wish to exercise any of your rights (see below) or wish to raise a complaint, you should do so directly to the relevant data controller.
A description of what personal data the company processes and for what purposes is set out in this Privacy Notice.
‘Refresh’ will process some or all of the following personal data where necessary to perform its tasks:
• Names, titles, and aliases;
• Contact details such as telephone numbers, addresses, and email addresses;
• Financial records
How we use sensitive personal data
• We do not process sensitive personal data.
We never share your information outside our organisation for any reason at all.
We will keep your information for as long as it is required to enable us to provide quotations, provide you with carpet and upholstery cleaning services. This will usually be a minimum period of seven years or otherwise as determined by law or regulation. Once we decide that we no longer need your information it will be securely and confidentially destroyed.
‘Refresh’ will comply with data protection law. This says that the personal data we hold about you must be:
• Used lawfully, fairly and in a transparent way.
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
• Relevant to the purposes we have told you about and limited only to those purposes.
• Accurate and kept up to date.
• Kept only as long as necessary for the purposes we have told you about.
• Kept and destroyed securely including ensuring that appropriate technical and security measures are in place to protect your personal data to protect personal data from loss, misuse, unauthorised access and disclosure.
We use your personal data for some or all of the following purposes:
• To process quotations and invoices for work carried out
• To keep you informed of the services and products available from ‘Refresh’ along with any help or advice you may ask for.
• ‘Refresh’ processes your personal data to carry out their legal responsibilities as a company.
Sometimes the use of your personal data requires your consent. We will first obtain your consent to that use.
What is the legal basis for processing your personal data?
*Contractual basis: When you book an appointment over email or the telephone you are agreeing to be bound by this Privacy Notice which forms the basis of our contractual relationship with you. Therefore, we may collect, hold and process your personal data on the basis that you have accepted our contractual Terms by agreeing to this Privacy Notice and the Terms.
Legal Obligation: We may use and process your personal data to comply with our legal obligations such as HMRC requirements, to identify you as an individual if you contact us, or to verify the accuracy of your data.
Vital interest : We may use your personal information to contact you if we reasonably believe that there is any urgent safety or product issue that we need to communicate to you because the processing of your personal data will prevent or reduce any potential harm to you. This type of notification is in your vital interest.
*Legitimate interest : We may collect, hold and process your personal data on the basis of legitimate interest where it is necessary in order for us to fulfil our needs as a business and to be able to provide you with our services, in the following ways:
• to send you information about ‘Refresh’ over telephone or through email
• to send you information when we have offers / promotions.
NOTE: if you do not want to continue to receive these types of emails / phone calls – notifications – you can opt-out at any time by sending an email to the following email address firstname.lastname@example.org
How long do we keep your personal data?
We will keep some records permanently if we are legally required to do so. We may keep some other records for an extended period of time. For example, it is currently best practice to keep financial records for a minimum period of 8 years to support HMRC audits or provide tax information. We may have legal obligations to retain data to defend or pursue claims. In some cases, the law imposes a time limit for such claims (for example 3 years for personal injury claims or 6 years for contract claims). We will retain some personal data for this purpose as long as we believe it is necessary to be able to defend or pursue a claim. In general, we will endeavour to keep data only for as long as we need it. This means that we will delete it when it is no longer needed.
Your rights and your personal data
You have the following rights with respect to your personal data:
When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases, we will need you to respond with proof of your identity before you can exercise these rights.
• The right to access personal data we hold on you
At any point, you can contact us to request the personal data we hold on you as well as why we have that personal data, who has access to the personal data and where we obtained the personal data from. Once we have received your request we will respond within one month.
There are no fees or charges for the first request but additional requests for the same personal data or requests which are manifestly unfounded or excessive may be subject to an administrative fee.
• The right to correct and update the personal data we hold on you
If the data we hold on you is out of date, incomplete or incorrect, you can inform us and your data will be updated.
• The right to have your personal data erased
If you feel that we should no longer be using your personal data or that we are unlawfully using your personal data, you can request that we erase the personal data we hold.
When we receive your request we will confirm whether the personal data has been deleted or the reason why it cannot be deleted (for example because we need it for to comply with a legal obligation).
• The right to object to the processing of your personal data or to restrict it to certain purposes only
You have the right to request that we stop processing your personal data or ask us to restrict processing. Upon receiving the request we will contact you and let you know if we are able to comply or if we have a legal obligation to continue to process your data.
• The right to data portability
You have the right to request that we transfer some of your data to another controller. We will comply with your request, where it is feasible to do so, within one month of receiving your request.
• The right to withdraw your consent to the processing at any time for any processing of data to which consent was obtained
You can withdraw your consent easily by telephone or email.
• The right to lodge a complaint with the Information Commissioner’s Office.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Information from other sources:
Some personal information may be provided to us by third parties such as insurance companies or other businesses. In some cases, you will have previously submitted your personal information to them and given them approval to pass this information on for certain purposes.
Such information will only be obtained from reputable sources which operate in accordance with the General Data Protection Regulation.
Children’s Privacy – Those Under 18 Years Old:
Our Website is not intended or designed to attract children under the age of 18 years old. We do not knowingly collect personally identifiable data from children under the age of 18 years old. If you are under the age of 18 years and would like to ask a question or use this site in any way which requires you to provide your personal information, please get your parent or guardian to use the site on your behalf. This shows our commitment to protect the privacy of children by making reasonable effort to ensure that a parent has authorised the collection of the child’s personal data.
In order to improve a user’s experience, cookies collect data pertaining to how they use this site. Cookies are small files, saved onto the user’s hard drive, which track, save and store information about how the user interacts with a website. This provides the business with the means to tailor the user’s experience of this website.
In the event that users wish to prevent the use and saving of cookies from this website to their computers, they are advised to visit their web browser’s security settings and block all cookies from this website and its external partners.
Changes to this notice
We keep this Privacy Notice under regular review and we will place any updates on www.refreshcarpet.co.uk
Please contact us if you have any questions about this Privacy Notice or the personal data we hold about you or to exercise all relevant rights, queries or complaints at:
The Data Controller, David Parker, ‘Refresh’
Telephone : 01606 892697