As part of our obligations to your organisation, whether formally contracted or otherwise, we wish to inform you of the various types of personal information that is held by us, the nature and purpose of this holding, the basis by which this information is reviewed and the actions we may undertake in regards to the data we hold.
1. Our Obligations
The General Data Protection Regulation enshrines in law, our obligations to you and your data. Ecotile Flooring Ltd is committed to upholding these rights as well as our legal and professional duties, and have established a single point of contact for all data protection enquiries at firstname.lastname@example.org
1a ) We hold a GDPR risk register which identifies the type of personal information that is held by us, an evaluation of that data, including any consequences of a breach, a description of the purpose of that holding and information on the duration of that holding.
2. Identified Data Holdings
2a ) Customer DataFor the purposes of contacting you with regards to responding to request for information on our products or services, placing an order, or working with us as a supplier we will hold the following details (where provided);
a) Full name and title of any designated contact.
b) Your invoice and shipping addresses.
c) Organisational positions (if applicable).
d) Your email address.
e) Your contact telephone number (included where provided, any personal mobile/cell phone numbers, home address numbers or any other contact number you may have provided when establishing contact).
f) Historical details of any calls, emails or communications you have made in relation to our product, service or any orders you have placed (unless requested otherwise). These will often be associated with a formal reference number along with the nature of communication. Holding this information ensures that we are able to find information that may be used to help us resolve any issues that may arise or any further requests you have. This information is accessible by our office administration team and may be shared by your account manager with other employees of Ecotile Flooring Ltd.
g) If you have become a client of ours through a shared contact, or a referral from another party, or you have referred a client to us, we may also hold details of this relationship in your client record details.
h) Invoices, proformas and quotations containing your information may be stored on file against your customer records. Paper copies are kept in a safe physical location at our registered business address Unit 15 North Luton Industrial Estate, Sedgwick Road, Luton, LU4 9DT.
The above Information is only held for as long as required by the business and parties involved. Should you place an order with us, your contact information will be stored on our system for the duration of your warranty period. If you do not decide to place an order with us, your information may be kept for a period of up to 2 years following your most recent activity or communication with us. We believe this to be a reasonable sales cycle in our industry.
2) Credit Card Information
In circumstances where credit card or other financial details are supplied during the payment process; a) Credit card information is only used during the payment process and is safely discarded immediately after payment. This information is never kept on file. Subsequently, you will need to supply your credit card information again if you wish to place an additional order with us.
3) Marketing Services
a) If you are a designated primary contact in your organisation, then we may use your contact information to send you details of changes to our service, prices or any other information that we believe would be of use to you, but wholly within the context of our existing trading relationship. We do not subscribe any of our clients to unsolicited marketing based emails unless you have given us formal permission to do so.
b) We frequently use MailChimp to send emails to those on our database. MailChimp® is a registered trademark of The Rocket Science Group and is a marketing automation platform used most commonly to send marketing email. To join our mailing list, a double opt-in process is required. Marketing based email will not be sent to any individual or company who has not given us the prior permission to do so.
3a) Telephone Systems
a) Ecotile Flooring’s telephone system automatically saves all incoming and outgoing caller IDs and numbers. Names and other contact information are not recorded in our telephone system. b) Phone call audio is not recorded and calls cannot be replayed by any of our employees or external sources.c) Your telephone number is never passed on unless consent is given (or details are required by a third party listed in the exceptions below.
3b) Website Enquiry Forms
a) When you fill out a website enquiry form, your information is sent in an email format directly to our exchange mailbox. From there, your information is entered into our CRM system where the above conditions apply.
4. Subject Access Requests
a) All customers and suppliers have the right to request a copy of any personal information in our systems that relates directly to them. We must honour this request free of charge, by law, within 30 days.
b) Requests can be made to rectify or remove the personal information in question if we are not required by law to store it in our system.
5. Backup Data & Suppliers
a) None of the information above is kept anywhere off site. Although it may be accessed by the exceptions listed below, your information is not copied or stored anywhere other than our registered business address.
6. Third Party Exceptions
Within the context of information held; your information may be reviewed or visible to the following parties, for the purposes described below;
a) Certification or Registration bodies for the purposes of auditing and compliance regulation to nominated standards (ISO, SOX,etc).
b) Law enforcement and/or other Governmental agencies, for the purposes of complying with relevant legislation and information requests.
c) Management bodies appointed by our organisation from time to time, including but not limited to, accountancy organisations, management consultants, legal and/or human resource consultants.
d) Financial institutions or organisations who are responsible for your credit account and may need to contact you regarding an overdue payment.
All information disclosed or visible to them is covered by non-disclosure agreements that we hold with the respective parties and for the purposes of legitimate commercial activities only. We only hold and make visible, customer details that are within the context of our business and trading relationship and are proportional and necessary to hold in order to carry out our contractual obligations to you or your organisation.
7. Breaches To Your Data
a) Security has been deployed across all of our servers and databases to ensure your data is as safe as possible. Should there be a breach in our system that compromises your personal data, you will be notified no later than 72 hours after Ecotile Flooring Ltd become aware of it. The breach will be reported to the supervisory authority without delay and you will be notified of the subsequent investigations.