What is Personal Data?
“Personal Data” means any information relating to an identified or identifiable natural person, known as a “data subject”, who can be identified directly or indirectly. It may include names, addresses, email addresses, telephone numbers, IP addresses, location data and other similar information. It may also include “special categories of personal data” such as racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union memberships, genetic data, biometric data for the purpose of uniquely identifying a data subject, data concerning health or data concerning a natural person’s sex life or sexual orientation. 2
The information we collect from you and how we collect it
We will collect and process the following Personal Data about you: 2.1 Information you give us This is information about you that you give us, either about yourself or other data subjects e.g individuals whose details are included in any materials provided by you to us, by filling in forms on our site www.gplan.co.uk (our site) or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you complete an enquiry form, order a swatch or correspond with us and if you report a problem with our site. The information you give us may include your name, address, e-mail address, phone number.
2.2 Information we collect about you With regard to each of your visits to our site we will automatically collect the following information: Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number. 3
Uses made of the information
In this section we have set out: •
The general categories of Personal Data that we may process;
The purposes for which we may process that Personal Data; and
The legal basis for the processing of that Personal Data.
Service Data – we may process your Personal Data that is provided in the course of the use of our services. The Service Data may include your name, address, email address, and telephone number. The Service Data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases, notifying you about changes to our service, and communicating with you. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. Where we are processing Personal Data for the purpose of marketing our current or future products or services to you, the basis for this is consent. Enquiry Data - we may process information contained in any enquiry you submit to us regarding services. The Enquiry Data may be processed for the purposes of offering, marketing and selling relevant products and/or services to you. The legal basis for this processing is the performance of a contract between you and us and/or taking
steps, at your request, to enter into such a contract. Where we are processing Personal Data for the purpose of marketing our current or future products or services to you, the basis for this is consent. Transaction Data - The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract
Disclosure of your information
We may share your Personal Data with: 5.1 any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006, insofar as is reasonably necessary for the purposes set out in this policy. 5.2 our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance cover, managing risks, obtaining advice and managing legal disputes.
5.3 our business partners, third party suppliers and sub-contractors for the performance of any contract we enter into with them or you; 5.4 analytics and search engine providers that assist us in the improvement and optimisation of our site; 5.5 any prospective buyer of our business or assets, or any prospective seller of another business or business assets that we are interested in buying. We may transfer your Personal Data to a third party to process on our behalf in countries outside of the European Economic Area (EEA) in accordance with the purposes set out above. Such countries do not have the same data protection laws as the UK or EEA. If this is the case, we will ensure that your privacy rights are adequately protected by appropriate technical, organisational and contractual means and any such transfer is made in compliance with the GDPR (or any national implementing law) requirements for external transfer. Please contact us by emailing firstname.lastname@example.org if you would like further details of the safeguards we have in place. In addition to the specific disclosures of Personal Data set out in this Section 5, we may also disclose your Personal Data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. 6
Where we store your personal data
The hosting facilities for our website are situated in the EEA. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. 7
In this section we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summary. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights. Your principal rights under data protection law are: â€˘
the right to access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to object to processing;
the right to data portability;
the right to complain to a supervisory authority; and
the right to withdraw consent.
You have the right to request information as to whether or not we process your Personal Data and, where we do, access to the Personal Data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of Personal Data concerned and the recipients of the Personal Data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your Personal Data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. Provision of such information will be subject to you supplying us with appropriate evidence of your identity. You have the right to ask us not to process your Personal Data for marketing purposes. You can exercise your right to prevent such processing by unsubscribing at any time. You can also exercise the right at any time by contacting us at email@example.com. We do not share your Personal Data with third parties for marketing purposes. Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. 8
Retention and deletion of Data