GRANT & STONE LIMITED

GENERAL DATA PROTECTION & PRIVACY POLICY

 

Date of policy: 4th July 2019 v2.0

 

1.0 INTRODUCTION

Grant & Stone Limited (“The Company”, “we, “us”, “our”) is committed to protecting your privacy and conducting its business in accordance with all applicable Data Protection laws and regulations.

This policy aims to inform you how The Company, its employees and associated third parties collect, use, retain, transfer, disclose and destroy any personal data provided to us. It also tells you about The Company’s responsibilities as a Data Controller as well as your rights and how the law protects you, as a Data Subject, when you supply us with personal data.

Grant & Stone Limited, it’s leadership, employees and third-party associates should at all times aim to uphold this policy, and the associated General Data Protection Regulations (GDPR). Any breach of this policy or the GDPR will be taken seriously and may result in disciplinary action or business sanction.

Our GDPR representative can be contacted directly by emailing gdpr@grantandstone.co.uk.

2.0 POLICY SCOPE

This policy applies to the whole of Grant & Stone Limited, including all its offices and branches where a Data Subjects’ personal data is collected and processed.

This policy supplements the applicable notices, terms and conditions attached to the use of our websites, apps, staff and customer accounts, and is not intended to override them.

Where the law or additional notice imposes a requirement, which is stricter or more comprehensive than that imposed by this policy, the relevant law or notice must be adhered to. If you believe there are conflicting requirements with this policy and other notices or the law, please contact us.

Grant & Stone Limited employees are not considered within this document and those employed by The Company, wishing to understand how their data is collected and processed, should refer to the ‘Data Protection for Employee Data’ policy. Such information is not within the scope of this general policy.

3.0 SOURCES OF PERSONAL DATA

Personal data refers to any information about a Data Subject from which an individual may be identified. It does not include data where the identity of the person has been removed or anonymised.

Grant & Stone Limited may collect personal data and information about you when you, or your business:

  • contact us (or we contact you);
  • request information, quotations or sales from us;
  • use our websites or apps;
  • connect with us via social media or external link;
  • apply to set up an account with us;
  • visit our branches or premises;
  • enter competitions with us;
  • participate in our promotional, charity or special events;
  • purchase goods or services from us; and
  • when you otherwise engage with The Company.

(Continued.)

We may also obtain personal data and information about you from our associate company, Trading Depot UK Ltd, from other third-party companies, and from public information shared via social networks. In such circumstances, we will endeavour to inform you of our source.

4.0 TYPES OF PERSONAL DATA COLLECTED AND PROCESSED

The Company may collect, use, store and transfer different kinds of personal data about you and/or your business, as follows:

  • Identity Data, including a copy of formal identification documents, title, name, username or unique identifier, marital status, title, date of birth, gender and signature.
  • Contact Data, including your email address(es), telephone number(s), billing address, delivery address, place of residence and employers address.
  • Financial Data, including your payment card details and, where you or your business have applied for a credit account with us, bank account details and information held by credit referencing and fraud prevention agencies.
  • Sales and Account Data, including details of transactions with us, payment history, returns history, account credit limits, payment terms, account passwords and special instructions.
  • Technological Data, including internet protocol (IP) addresses and cookies, social media profiles, website usage and traffic, location data, weblogs, device type, browser type and version, time zone settings, browser plug-in types and versions, operating systems and platforms.
  • Video and Geo-location Data, including images and information captured by CCTV, delivery receipts and vehicle tracking devices. 
  • Communications Data, including your marketing and communication preferences, feedback and survey responses.
  • Biographical Information, such as golf handicap score, skiing ability, charity preferences and family size, interests and friend lists where specific consent has been obtained or provided through social media interactions.

We also collect, use and share aggregated statistical and demographic data at will. In such instances The Company is committed to ensuring all identifiers are removed, and personal data is anonymised. If there is a possibility that a person’s identity may be inferred from aggregate data, Grant & Stone Limited will treat this data in accordance with this general data protection and privacy policy.

From time to time criminal records and county court judgements will be supplied to the Company through credit references and fraud checks. This assists us with decision making, account management and legal claims.

Grant & Stone Limited does not intend to collect “special categories of personal data” or sensitive information about you. For clarification, through the normal course of business we do not hold records on your physical or mental health, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data.

5.0 PURPOSE OF PERSONAL DATA COLLECTION

Grant & Stone Limited uses personal data for the following purposes:

  • Account administration, including opening accounts, verifying your identity, undertaking credit and fraud related checks, invoicing, managing credit limits, managing payments, dealing with refunds, and dealing with legal ramifications and recovering overdue funds. 

(Continued.)

  • Managing and performing our contracts with you, including answering queries and performing general customer service activities, organising sponsorship, providing quotations, creating plans and agreeing specifications, placing orders, amending orders, delivering goods to you or your customers, managing returns, assisting with warranty claims and supplier or product issues.
  • Marketing and public relations, including analysing transactions, feedback, location and biographical data to ensure communications inform you of relevant offers, competitions, public announcements, charity and special events.

6.0 DISTRIBUTION AND TRANSFER OF PERSONAL DATA

Where it is within our legitimate interests we will distribute and transfer your personal data with our associate company, Trading Depot UK Limited and with third parties. Particularly:

  • To suppliers, service providers and subcontractors, such as credit referencing agencies; suppliers of computer software, cloud storage and technical support services; vehicle tracking and CCTV service providers; advertising and marketing consultants; insurers; debt collectors; legal advisors; auditors and other professional advisors.
  • To payment processors, banks and building societies.  
  • To fraud prevention agencies if false, incorrect or misleading information is presented to us and where fraud is identified or suspected. 
  • To authorities or relevant government bodies to meet our legal obligations or societal duties, including reporting crimes, enforcing contract terms, and protecting the rights, property and safety of workers, customers, and visitors.
  • To the new owner or shareholders of The Company and/or its assets, should Grant & Stone Limited be re-structured, sold, or merged with another organisation. 
  • To charities and event organisers when generating promotional, charity and special events and product offers if you have opted to partake in or receive communications about these events.

Third parties with whom we share your personal data will only provide data perceived as necessary, and are limited in their ability to use your personal information. They are not permitted to use your personal data for any purpose other than to provide services to us, or to act on our behalf by providing a service to you. We will always ensure that any third parties with whom we share your data with are subject to privacy obligations, practices and/or laws consistent this policy.

In some circumstances, third parties will store, process or access your personal data outside the European Economic Area. Whenever we are aware that this will be the case, we secure contractual assurances that your data is adequately secured and protected and cannot be used for any purpose other than that for which it was provided. This is in line with our obligations under the GDPR.  

 

 

7.0 STORAGE OF PERSONAL DATA

The length of time data is stored will vary depending on the purposes for which it was collected. However, Grant & Stone Limited endeavour to keep your personal data for no longer than is necessary.

In some circumstances, such as in the case of tax and legal claims, your data will be kept for up to seven years to ensure we comply with applicable laws and professional requirements.

In all circumstances, we are committed to ensuring your data is kept safely and securely.

More information on storage of your particular details is available upon request.  

8.0 MARKETING

Unless you have indicated otherwise, Grant & Stone Limited will use your personal information to contact you with promotional offers, special or charity events from time to time using post, email, text messaging, or telephone or alternate communication channels.

We may also use your personal data to ensure these communications are tailored and appropriate for you.

If you do not wish to be contacted by Grant & Stone Limited for marketing, events or public relations purposes, we will make every reasonable effort to ensure future communications are ceased, however, if you wish to opt out of communications from our associate company you will need to contact them directly.

From time to time Grant & Stone Limited will purchase a list of potential customers from an external database. If we have acquired your details through these means, we will provide you with the option of opting out of future communications from us by unsubscribing or contacting our GDPR representative.

In limited circumstances, you may be asked if you would like to share your personal data with a third party such as an event organiser, supplier or charity for the purpose of receiving their marketing material. In these circumstances, your personal data will then be covered by their privacy policy, and you will need to contact them to opt out of future communications.

9.0 YOUR RIGHTS

Under the GDPR, individuals have a number of rights, including:

  • a right to be informed of how we collect and process your personal data;
  • a right of access to your personal data;
  • a right to have incorrect personal data completed, amended or rectified;
  • a right to be forgotten;
  • a right to restrict how we process your personal data;
  • a right to withdraw your consent;
  • a right to receive your data in a portable format;
  • a right to object to the collection and processing of your data; and
  • special rights in relation to automated decision making and profiling.

Not all of these rights apply automatically and, in some cases, we may have a legal basis for overriding your request. However, unless there is a legitimate and lawful reason for doing otherwise, we will take reasonable steps to comply.

There is normally no charge for exercising these rights, and if you would like to do this please contact our GDPR representative who will endeavour to respond within 30 days.

Please be aware that if you contact us about your personal data, we may request proof of identity. If we request this information our response may be delayed until proof is received.

10.0 POLICY CHANGES AND REVISIONS

The General Data Protection & Privacy Policy is subject to review on an annual basis; however, we reserve the right to alter the policy at an earlier date for legal or clarity purposes, or in the event of internal changes. Therefore, we advise you to periodically check that you are in possession of the most recent version.

11.0 HOW TO CONTACT US

If you have any queries or concerns about your personal data, the way we process your data or this policy please email us at gdpr@grantandstone.co.uk.

Alternatively, you may call us on 01494 430 348 or write to us at Grant & Stone Ltd, GDPR, Unit 2 Mill End Road, High Wycombe, HP 12 4AX.

12.0 COMPLAINTS

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). However, we would appreciate the chance to deal with your concerns so please contact us using the specified email address, phone number or postal address in the first instance.