DATA PRIVACY NOTICE
This Privacy Notice explains the types of personal data we may collect about you when you interact with us. It also explains how we store and handle that data and keep it safe.
1. WHO WE ARE AND WHAT WE DO
Digital Interiors Limited is a service-based company based at Unit G, Kingsholm Mews, 76 Kingsholm Road, GL1 3BD. We are a specialist design and installation company, supplying and installing multi-room audio visual, home cinema and home automation systems.
2. THE FIRST POINT OF CONTACT FOR DATA PROTECTION
If you have any concerns or queries about our data protection procedures, please contact us on 01452 416003 or email firstname.lastname@example.org.
3. WHY WE PROCESS DATA
As a company we process customer’s data including name and addresses in order to be able to arrange for an installation to be carried out. We also hold other data for purposes of sending our invoices and marketing, principally to our existing clients.
As well as customers data we also hold data about our suppliers – we do this to comply with legal requirements and to maintain a good working relationship.
4. LEGAL BASES FOR PROCESSING YOUR DATA INCLUDING ANY EXPLANATION OF LEGITIMATE INTERESTS
Data protection law (specifically GDPR) sets out a number of different reasons for which a company may collect and process your personal data. Some of these reasons, set out below, are the bases we have for processing your data:
In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive email newsletters.
When collecting your personal data, we always make clear to you which data is necessary in connection with a particular service.
We need to process your personal data for example your name and address to comply with our contractual obligations.
We need to collect and retain your contact details, so we can for example:
– deliver our service, or
– supply you with goods or
– when we provide a quote for our services and/or installation of equipment
– to enter into a contract with you to supply us with goods or services
– when we make arrangements to visit a client for installation of equipment
If the law requires us to, we may need to collect and process your data.
For example, we are obliged to retain certain information for HMRC reporting purposes or to comply with other legislative provisions
In particular circumstances, we process your data for our legitimate business interests. This is always in a way which you might reasonably expect as part of running our business and which does not materially impact your rights, freedom or interests.
For example, we retain customer, client and supplier information for 10 years and then we review it. We do this because we have many clients who return to the business and so it maintains a good working relationship with everyone we deal with as a business. The only exception is where we act as data processors under a data processing contract / arrangement when the terms of that contract will take precedence.
5. WHEN WE COLLECT DATA
– Our website collects information (a) when you fill out our contact form and (b) to enable us to report on analytics via Google analytics.
– When we enter into a contract with suppliers we will collect data to ensure that we can fulfil the requirements of the contract
– We collect information from customers at point of sale to enable us to provide the necessary service.
– When you request information or a quote for work we will also collect data to be able to provide a detailed quote
– When making an email enquiry we will collect the same data from customers as when contacting via other methods
– CCTV located externally and internally.
6. WHAT DATA WE COLLECT
– Contact information including: name, address, phone number, email address
– Bank details – such as account name, number and sort code to be able to process payments or invoices
– Our CCTV collects images
– In some circumstances we collect and process more personal details such as specific details relating to individuals in order to fulfil the specific needs of the installation
7. HOW WE USE YOUR PERSONAL DATA
We process data for a variety of reasons. Each of these relate to the running of the business and giving our customers or clients the best experience possible.
– To process orders and deliver contracts
– To reply to any queries or questions you may have
– To book appointments and installations
– To communicate with you where necessary and to send newsletters to customers
– To comply with legal requirements such as HMRC reporting
– To maintain good ongoing customer/client and business relationships
8. HOW LONG WE KEEP YOUR PERSONAL DATA
Whenever we collect or process your personal data, we only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will be deleted completely.
Some examples of our data retention periods:
Purchases and Services
When you place an order or buy one of our products or services we keep the personal data you give us for a minimum of 10 years, so we can comply with our legal, contractual obligations and retain a good relationship with you should you need any further product or services have any future queries.
We are also obliged to retain certain transactional information for 7 years to satisfy accounting rules.
For individuals who are supplying us with products or services we retain your personal information for a period of 10 years so that we can, if necessary, contact you again and continue our business relationship with you.
Part of our business is undertaking work on behalf of others. The data supplied under these contracts is held and retained only to the extent of that required by the specific contract including data processing terms.
For means of employee and customers security we operate internal and external CCTV recording. These recordings are kept for a period of 20 days after which it is over-written.
Some of our clients have CCTV monitoring in place. We have access to this, but do not control the data. On client instruction only we may (a) access to view, (b) download the data on their behalf. This footage is stored for as long as is necessary and we act at all times as the client instructs in relation to the data.
9. HOW WE KEEP YOUR DATA SAFE
We are aware of the need to maintain the correct and highest-level security when processing your personal information. We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way.
We take the following steps to maintain the security of your personal information:
– we keep all of your information in systems that are secure,
– We limit access to your personal information to those who have a genuine business need to know it
– we have strong password protected systems
– we maintain firewalls and anti-virus software
– any data which is accessed off site or on a mobile device is kept locked when not in use and never left in clear sight from within company vehicles.
Any documentation retained in paper form or kept in our offices is located in locked cabinets and or in secure offices which have both alarmed and monitored with internal cameras.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
10. WHO WE SHARE YOUR DATA WITH
We sometimes share your personal data with trusted third parties which act only on our instruction (known as “data processors”).
Data processors might be, for example, our 3rd party accounting apps or subcontractors or those companies who store data for us:
Where we share information with these companies or individuals we make sure that they also keep your data secure and that they also protect your rights. To this end we make sure that:
– We provide only the information they need to perform their specific services
– They may only use your data for the exact purposes we specify in our contract with them or where their terms and conditions of processing contain the correct data processor clauses under GDPR
Sharing your data with third parties for their own purposes (“joint controllers”) e.g. HMRC, accountants, legal advisors:
We will only do this in very specific circumstances, for example:
– With your consent
– Where we have a data sharing agreement in place with the other party
– Where we are obliged to share the information for legal reasons.
11. WHERE YOUR DATA IS PROCESSED
We do not transfer data outside of the EEA. Our servers are located in the UK (we use NAS drive for data storage which is kept securely at all times).
However, your personal data will remain in the EU or countries considered by the EU to have equivalent policies such as Jersey, Guernsey, Switzerland, New Zealand and Canada. Companies based in the USA that have certified with the EU-US Privacy Shield program are also considered to be permitted destinations by the EU (this includes popular US products like Google, Dropbox, Microsoft and Go Canvas.)
12. YOUR RIGHTS AND WHO TO CONTACT
You have the following rights, which you can exercise free of charge:
|Access||The right to be provided with a copy of your personal data|
|Rectification||The right to require us to correct any mistakes in your personal data|
|To be forgotten||The right to require us to delete your personal data—in certain situations|
|Restriction of processing||The right to require us to restrict processing of your personal data—in certain circumstances, e.g. if you contest the accuracy of the data|
|Data portability||The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations|
The right to object:
—at any time to your personal data being processed for direct marketing (including profiling);
—in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests.
|Not to be subject to automated individual decision-making||The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you|
If you would like to exercise any of those rights, please contact us by emailing email@example.com
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. You can do this by contacting firstname.lastname@example.org
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
We will then stop processing your information unless we believe we have a legitimate overriding reason to continue processing.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We will always comply with your request. To ask us to stop direct marketing please contact: email@example.com.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.
For us to check your identity please:
– let us have enough information to identify you [(e.g. your full name, address and client or matter reference number)];
– let us have proof of your identity and address (a copy of your driving license or passport and a recent utility or credit card bill); and
– let us know what right you want to exercise and the information to which your request relates.
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
If we choose not to action your request, we will explain to you the reasons for our refusal.
Your right to contact the ICO
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113.
Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites).
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
You also have the right to seek a judicial remedy.
The policy was last modified on 24th May 2018