This Privacy notice explains what to expect when Westbury Garden Rooms Ltd, or Westbury Windows and Joinery Ltd (collectively termed “Westbury”) collects and uses your personal information. Please read it carefully. If you’d like to learn more about our Data Protection and Privacy Policies or get further clarification, please contact us at:
Westbury Garden Rooms Ltd
46 – 42 Cutlers Road
South Woodham Ferrers
Phone: 01245 326500
Westbury is committed to respecting your privacy and ensuring the personal information you have entrusted to us is processed in accordance with the General Data Protection Regulation (GDPR) during and after your working relationship with us.
We are committed to holding your personal information in accordance with data protection law which ensures that the data we hold about you must be:
(i) Used lawfully, fairly and in a transparent way.
(ii) Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
(iii) Relevant to the purpose we have told you about and limited only to those purposes.
(iv) Accurate and kept up to date.
(v) Kept only as long as necessary for the purposes we have told you about.
(vi) Kept securely
HOW WE COLLECT PERSONAL INFORMATION
We collect personal information directly from you when you contact us in relation to the delivery of our services/the purchase of goods and as necessary to allow us to provide our services and fulfil our obligations pursuant to our Terms of Business. We also collect personal information from information generated about you when you use our goods, products and services.
In addition, we may use third party organisations or websites to check the accuracy of the address we hold, and we may collect information made available publicly by Companies House, the Charity Commission, or information that has been published in newspapers and articles.
THE PERSONAL INFORMATION WE COLLECT
- Personal identifiers such as your title, name, year of birth and marital status.
- Contact details including postal address, postcode, email and telephone number.
- Financial information such as your bank or card details.
- Whether you are a UK tax payer.
- Records of your contact with us.
- Products and services you hold with us, as well as have been interested in and have held in the past and the associated payment methods used.
- The usage of our products and services, website and any claims or complaints made.
SENSITIVE PERSONAL DATA
GDPR recognises some information as ‘sensitive personal data’. This includes, but is not limited to, information which reveals health issues, race or ethnic origin, sexual orientation, and your religious or political beliefs.
If we are required to obtain this data, it will always treat any sensitive personal data we process with the greatest care and process the information in accordance with the GDPR.
WHY WE COLLECT YOUR PERSONAL INFORMATION
We collect your personal information for:
- Processing an order for a product or service, including considering the price and terms.
- Managing any aspect of the product or service.
- To perform and/or test the performance of our products, services and internal processes
- To improve the operation of our business and that of our business partners.
- To develop new products and services and to review and improve current products and services.
- To keep you informed about our products and services.
- To comply with legal and regulatory obligations, requirements, and guidance.
- To facilitate the sale of one or more parts of our business
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
We rely on the following legal bases to use your personal data:
1. Where it is needed to provide you with our products or services, such as:
a) Assessing an order or enquiry or request for a quotation for a product or service including considering the price, the payment methods available and any conditions attached.
b) Managing products and services you purchase from us.
c) Updating your records, tracing your whereabouts to contact you about your account and doing this for recovering debt (where appropriate).
d) Sharing your personal information with business partners and services providers where necessary to deliver the service or to help manage your product.
e) All stages and activities relevant to managing the product or service including enquiry, application, administration and management of accounts, illustrations, specifications, drawings, warranties and guarantees.
2. Where it is in our legitimate interests to do so, such as:
a) Managing your products and services, updating your records, tracing your whereabouts to contact you about your account and doing this for recovering debt (where appropriate).
b) To perform and/or test the performance of our products, services and internal processes.
c) To follow guidance and recommended best practice of government and regulatory bodies.
d) For management and audit of our business operations including accounting.
e) To carry out monitoring and to keep records of our communications with you and our staff.
f) To administer our good governance requirements such as internal reporting and compliance obligations or administration required.
g) For market research and analysis and developing statistics.
h) For direct marketing communications and related profiling to help us to offer you relevant products and services, including deciding whether or not to offer you certain products and services. We will send marketing to you by SMS, email, phone, social media and digital channels.
i) Subject to the appropriate controls, to provide insight and analysis of our customers to business partners either as part of providing products or services, helping us improve products or services, or to assess or to improve the operating of our businesses.
j) For some of our profiling and other automated decision making.
k) Where we need to share your personal information with people or organisations in order to run our business or comply with any legal and/or regulatory obligations.
3. To comply with our legal obligations
4. With your consent or explicit consent:
a) For some direct marketing communications.
b) For some of our profiling and other automated decision making.
c) For some of our processing of special categories of personal data such as about your health, if you are a vulnerable customer or some criminal records information.
5. For a public interest, such as:
a) Processing of your special categories of personal data such as about your health, criminal records information (including alleged offences), or if you are a vulnerable customer.
We will get your express opt-in consent before we share your personal data with any company outside the Westbury group of companies for marketing purposes.
We love sharing news about our business and goods, products and services.
This includes sending you information on what we do, our news and events.
Email and text marketing: We will ask for your permission to contact you by email and text for marketing purposes
Postal marketing: From time to time we may send you information about our goods/products/services unless you have told us you would refer not to receive this information by post.
Telephone marketing: We may call you to update you on our goods/products/services. If your number is registered with the Telephone Preference Service (TPS), we will only call you if you have given us permission to do so.
Westbury is committed to respecting your choice to receive marketing communication. You can update your permission and contact preferences at any time by contacting us.
HOW LONG WE KEEP YOUR DATA
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
AUTOMATED DECISION MAKING
We sometimes make decisions about you using only technology where none of our employees or any other individuals have been involved. For instance, we may do this to decide whether to offer you a product or service, to determine risk of doing so, the price we will offer, whether to offer you credit, what terms and conditions to offer you, business risks, or to assess what payment methods we can offer you.
We’ll do this where it is necessary for entering into or performing the relevant contract is authorised by laws that apply to us, or is based on your explicit consent.
YOUR INFORMATION RIGHTS AND CHOICES
Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not. The right of data portability is only relevant from May 2018.
- The right to be informed about the processing of your personal information.
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed.
- The right to object to processing of your personal information.
- The right to restrict processing of your personal information.
- The right to have your personal information erased (the “right to be forgotten”).
- The right to request access to your personal information and to obtain information about how we process it.
- The right to move, copy or transfer your personal information (“data portability”).
- Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you.
You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
YOUR RIGHT TO OBJECT
You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us using the details above to exercise these rights.
REPORTING CONCERNS OR COMPLIMENTS
Please contact us if you wish to raise a concern about Westbury’s handling of your personal information, or compliment what you think we have done well.
You also have the right to lodge a complaint with the Information Commissioner’s Office about how we manage your data.
WHO WE SHARE OUR INFORMATION WITH
Your personal information may be shared with third parties (such as structural engineers or subcontractors) and any group business. It may also be shared with Governmental and regulatory bodies.
We ensure that a third party has adequate levels of data protection safeguards when processing your personal information.
We may also share your personal information with trusted third parties where it is necessary to provide products you have requested from us or where they are contracted to develop or maintain our systems.
We monitor information security compliance and have written contracts which obligate our partners or third party providers to process your personal information only our instructions and in accordance with applicable data protection laws.
CHANGES TO THIS PRIVACY NOTICE
Westbury will review this privacy notice regularly and may update it at any time for example, in the event of changes in law or how we operate. Please do check our website from time to time. If there are significant changes in the way we process your personal information we will provide a prominent notice on our website or send you a notification.
Monitoring means listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the cases may be) of calls, email, text messages, social media messages, in person (face to face) meetings and other communications.
We may monitor where permitted by law and we’ll do this where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This information may be shared for the purposes described above.