This Policy sets out the following:
- About Timber Windows
- What information we collect
- Our website and cookies
- Keeping your information safe
- International transfers
- Your rights
- Updates to this Policy
1. About Timber Windows (and how to contact us)
For the purposes of data protection law we will be a controller of your personal information (this means we make decisions about how and why your information is used, and have a duty to ensure your rights are protected).
2. What information we collect
In order to operate our business and provide our services, we need to use personal information about actual and prospective customers. Without this information we would not be able to enter into a contract with you or provide our products or services.
The information we collect will include personal information such as your name and contact details provided when communicating with us or signing up to a mailing list. If you place an order, we will also process financial information to take payment for that order. How we use your information
We will only use your information with your consent, or because we need to in order to:
- enter into, or perform, a contract with you
- comply with a legal duty
- for our own (or a third party’s) lawful interests, provided your rights do not override these
- to protect your vital interests
In any event, your information will only be used for the purpose(s) we collected it for (or else for a closely related purpose, such as record keeping).
We will never sell or trade your personal information. We do share information with our supply chain partners, and this may include personal information in some cases, but these suppliers will only be allowed to use the information for a specific purpose and there will be a written agreement which makes sure your information is protected.
We do not normally collect or process sensitive personal information about our customers (such as information about someone’s health or beliefs). In the unlikely event that we do (for example, details if an accident occurs involving one of our products), we will ensure that this information is kept private and secure.
We collect information about individual customers in order to fulfil orders. This information will include:
- basic personal information and contact details
- information about the products they have ordered, their preferences and limited information about their homes
- financial data (such as bank account details) which we require to process payments.
4. Our website and cookies
We do not collect or process personal information about visitors to our website unless they choose to provide information (such as when signing up to a mailing list).
We may collect non-personal information about visitors to our website as this helps us optimise and improve the website. This information might include your internet protocol address, the browser being used to connect to our site, the device (e.g. its operating system) and the connection type (e.g. the Internet service provider used). However, none of this information will directly identify you.
Our website also uses Google’s AdWords remarketing service. This means that if you visit our website, you may see adverts for Mumford & Wood when you visit other websites. This happens because Google places a cookie on your machine based on which pages you visit on our site, and then uses that cookie to show you relevant advertisements when you visit other sites. This remarketing process does not involve us collecting or storing any of your personal data (although Google will have recorded the fact that the device you are using has visited our website).
Hyperlinks to other sites
We may contact you by email, telephone or post with information about products or services that might interest you (see ‘Marketing’ below), updates or information, or to notify you of changes to our terms of business or this Policy.
If you are an existing customer, we will send you marketing communications about similar products or services that may be of interest, unless you have asked us not to or decide to unsubscribe.
We will only contact an individual personally with email marketing communications if that individual is an existing customer or if he or she has asked to receive marketing or enquired about a particular service. If you would like to opt-in in to marketing you can do so on our website.
Our marketing emails will always tell recipients why they are receiving that email and give them the option to unsubscribe.
Mailings and leaflets
If you have not dealt with us before, but receive a leaflet through your door advertising our products, this will be because we have been leaflet dropping in your area. We don’t use any of your personal data in these situations, instead we arrange for leaflets to be dropped in all houses in a particular area (e.g. all postcodes with the CO5 prefix).
If you receive specific mailings (addressed to you) and you wish to stop these, please contact us (see ‘Changing your preferences or unsubscribing’ below, or register with the Mail Preference Service https://www.mpsonline.org.uk/).
We may record telephone conversations, video calls or any other electronic communication and retain copies of them, as well as any transcripts and any written or electronic communication we have with you. These will be used for the purpose of administering your account, training, evidencing compliance with regulatory requirements, evidence in the event of a dispute, or as evidence in court.
If you wish to stop receiving telephone calls from us, you can unsubscribe using the details set out below or you can register with the Telephone Preference Service (http://www.tpsonline.org.uk/tps/index.html).
Changing your preferences or unsubscribing
You can change how you hear from us or unsubscribe from marketing at any time. You can do this by clicking the “unsubscribe” link on any of our emails, or by writing to 84a Shrivenham Hundred Business Park, Watchfield, Swindon, SN6 8TY; emailing email@example.com or telephoning 01793 847811 with details of your request. You can also contact us using these details if you wish to complain about a marketing communication you have received in error.
6. Keeping your information safe
We employ a variety of physical and technical measures to keep your personal data safe and to prevent unauthorised access to, or use or disclosure of it. Electronic data and databases are stored on secure computer systems and we control who has access to them (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection procedures which personnel are required to follow when handling personal data.
We cannot absolutely guarantee the security of the internet or external networks or your own device, accordingly any online communications (e.g. information provided by email or through our website) are at your own risk.
We only store personal information so long as it is required for the purpose(s) we collected it for (or for a related compatible purpose, such as keeping a record of a transaction). We regularly review what data we have and delete that which is no longer necessary. In certain situations you have the right to request that your data be deleted (the right to be forgotten), please see paragraph 10 for further details.
If you believe that any information we are holding on you is incorrect or incomplete, please contact using the details set out in paragraph 1.
We offer long product warranties (for details of our warranty, together with its limits and exclusions, please see our Terms and Conditions) which can be up to 30 years from installation. In order to provide you with the benefit of these warranties we will need to store information about your order and contract with us (which will include information which identifies you) for the duration of the warranty period. We can only remove this information if you agree to waive your warranty rights under the contract.
8. International transfers
Except as set out below, we normally only store personal information within the European Economic Area (EEA). If one of our subcontractors (such as a payment processor) needs to transfer it outside of the EEA then we will take steps to make sure adequate levels of privacy protection, in line with UK data protection law, are in place. These safeguards will usually be contractual and/or the result of a European Union decision which allows the transfer (for example, a US organisation which is certified under the EU-US Privacy Shield framework).
We use Adobe Business Catalyst, an email services platform based in the USA, to manage and send email communications. If you receive emails powered by Adobe, this may mean your information has been transferred to the USA. However, the Adobe group is certified under the EU-US Privacy Shield Scheme, meaning it has taken steps to ensure your information is adequately protected. If you would like to learn more about the Privacy Shield scheme and Adobe please visit https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active.
9. Your rights
We want you to remain in control of your personal information. Part of this is making sure you understand your legal rights, which are as follows:
(a) where data is processed on the basis of consent, the right to withdraw that consent
(b) the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of the personal data
(c) from 25 May 2018, the right to have certain information provided to you in a portable electronic format (where technically feasible)
(d) the right to have inaccurate data rectified
(e) the right to object to your data being used for marketing or profiling, or on the basis of our or a third party’s legitimate interests
(f) the right to restrict how your personal information is used
(g) the right to be forgotten, which allows you to have your data erased in certain circumstances (though this is not an absolute right and may not apply if we need to continue using the information for a lawful reason)
If you would like further information on your rights or wish to exercise them, please contact us by writing to 84a Shrivenham Hundred Business Park, Watchfield, Swindon, SN6 8TY; emailing firstname.lastname@example.org or telephoning 01793 847811. Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so (for example, because the information no longer exists or there is an exception which applies to your request).
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner’s Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
10. Updates to this Policy
We may update this Policy at any time. When we do, we will post a notification on the main page of our website, revise the updated date at the bottom of this page. We encourage users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect.
This policy was last updated on 25th April 2018