GDPR Customer Privacy Notice
About this document
- This template is aimed at UK retail businesses operating in the home improvement market who are working towards GDPR compliance.
- This means that when you take any personal data relating to your customers to provide a quote, arrange an appointment, or process a sale, you will need to issue a customer with a privacy notice at that point.
- This document is a template privacy notice aimed at your customers.
- All of the content is suggested wording only and you should review it and amend it accordingly to meet the needs of your business.
- You will then need to embed the privacy notice in to your existing processes to ensure that every customer receives it when you capture their data.
- It’s important to bear in mind that you need to issue a privacy notice to all individuals whose data you process, therefore you will need a separate notice for your employees and any other individuals whose data you process. This template can be used as a basis to create other necessary notices.
Customer Privacy Notice
What this Notice covers
Advanced Hot Tub and Swim Spas Ltd are committed to protecting the privacy and security of your personal information.
This Privacy Notice describes how we collect and use personal information about you.
This notice does not form part of any agreement or contract and may be updated at any time.
Identity of the data controller The data controller is the business which captures the data from individuals and/ or decides how it is to be used and processed. For your customer and employees, you will be the data controller.
We are a data controller for any personal information that you provide to us. This means that we are responsible for determining how information relating to you is used, stored and shared.
Categories of personal data we process
We will collect, store, and use the following categories of personal information about you:
- Your full name
- Your address
- Your contact details such as phone numbers and email addresses
- Your employment status, salary and homeowner status
- List any other categories of personal information which you take from customers that may be included on order forms, quotes, entered in to your systems etc
Sources of personal data
We collect personal information relating to you directly from you. If any customer information is obtained from other sources these must be stated here.
Our lawful bases for processing your data
We will use your personal information in the following circumstances:
- Where we need to perform the contract we have entered into with you
- Where it is necessary for our legitimate interests or those of a third party and your interests and fundamental rights do not override those interests
- To comply with relevant legislation and regulations
Our purposes for processing your data
- Performing the contract that we have entered in to with you by providing you with the products and services that you have ordered
- To provide you with a quote and the details of all available payment methods when you have shown an interest in our products and services
- To issue marketing material to you about the products and services we offer
- To process a finance application for you
- If you use customer data for any other purposes then these must be listed here
Sensitive Personal Data
There may be instances where it is necessary for you to share information with us containing special categories of personal information or ‘sensitive personal data’. This relates to things such as details of medical conditions which you may need to share with us so we are able to meet your specific requirements when providing our goods and services.
Due to the sensitive nature of this information, we will only take it from you if you have given us your explicit consent and it is necessary for us to do so. We will also inform you of what we will do with this information and who we will share it with.
Cookies are stored on your computer’s hard drive and cannot be used to identify you personally as they contain no personal information.
Who has access to your data
We may share your personal information with third parties where required by law, where it is necessary to administer the contract we have entered in to you with you, or where we have another legitimate interest in doing so.
Recipients of your data may include third-party service providers, other related business entities, a regulator, or to otherwise comply with the law.
If you choose to fund your purchase with us using one of the finance products we offer to our customers as a credit broker on behalf of lenders, we will share your data with the relevant lender so they are able to process your finance application.
Where we do so, we will require third parties to respect the security of your data and to treat it in accordance with the law.
Security of your data
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How we decide how long to retain your data
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or contractual requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and any applicable legal or contractual requirements.
You have the right to:
- Request access to, and a copy of, your personal information that we hold.
- Request correction of the personal information that we hold about you if you believe it is incomplete or inaccurate
- Request erasure of your personal information in specific circumstances, such as; if our processing of your personal information is based upon legitimate interests and you believe it is no longer necessary; or if you believe we have processed your personal data unlawfully or not for the purposes which it was intended.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
- Request to restrict the processing of your personal information in specific circumstances, such as; you have requested that your personal information is corrected and want to restrict processing whilst we correct it; where you believe our processing is unlawful but do not want us to erase your personal information; where we no longer need to store your personal information but you require us to do so to enable you to exercise or defend a legal claim.
- Data Portability in particular circumstances meaning that you can request for your personal information to be securely moved, copied or transferred from our IT environment to another. This only applies if our lawful basis for processing your data is consent or performance of a contract, and we are processing your data by automated means.
If you believe we have not complied with your rights, you can complain to the Information Commissioner by visiting their website https://ico.org.uk/.
Automated decision-making & Profiling
Automated decision making is where a decision is made by a computer without human intervention. In instances where this happens, individuals have the right to request human intervention and review. It is unlikely that you are conducting automated decision-making activities, but if you are then amend this section accordingly.
We do not conduct any automated decision-making or profiling activities whilst processing your personal information.
Changes to this Privacy Notice
The Company reserves the right to update this privacy notice at any time. You can request the most up to date version from us at any time by contacting us on the contact details below.
Please do not hesitate to contact us regarding any matter relating to this Privacy notice via email