1. About this policy and our role
www.poliformuk.com (the “Site”) is operated by Poliform UK Limited (registered in England and Wales with company number 04216083) (“Poliform UK”, “we” or “us”). Poliform UK is the data controller in respect of any personal data collected when you use the Site and when you interact with us, whether online, in-store or by telephone.
We respect your privacy and are committed to protecting your personal data. This policy will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.
2. When and what personal information we collect and what we use it for?
Information we collect:
When you visit our Site, we will collect certain technical information about your visit, such as your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Site. We collect such data for administrative and statistical purposes and to help us improve our Site. It also allows us to provide certain functionalities on our Site, such as saving products to your wish list or remembering your login details. You can find more information about the technical information we collect and how we do so in our Cookies Policy.
Information you provide to us:
We will need to gather more personal information from you when you wish to buy our products, or if you simply make an enquiry. The information we collect during our interactions with you for such purposes allows us to respond to your requests and provide our products to you. For example if you make an enquiry via our Site or by telephone, we will need to collect your contact details in order to respond to your enquiry and keep records of our interactions. If you wish to purchase one of our products in store, we will need to collect your payment card or bank details, which we will use to process payments. If you request home delivery of our products, we will need to ask you for your address, and if you purchase our products on finance, we will ask for additional details necessary to arrange the financing of your purchase.
Certain functionalities on our Site are available to registered business users only. When you register on our Site we will ask you to provide your name, surname, address and the business you represent, your login details and your marketing preferences. We will use this information to administer your account and communicate with you, including to send you our newsletters, if you have specifically requested this during your registration.
Information we obtain indirectly:
Your personal information may be shared with us by third parties. For instance we may receive it from your builder or architect, if this is necessary in connection with the installation and/or delivery of our products.
We may also receive personal data about you from various other third parties, such as from our analytics providers (Google analytics), advertising networks and social networking sites (only if you interact with us on such sites).
In addition to the purposes mentioned above, we will also process your personal information to manage our business, including for accounting and auditing purposes, to conduct our regular reporting activities on the performance of our company, including in the context of a business reorganisation or group restructure, to maintain our IT systems, to deal with legal disputes involving you, our agents and/or our suppliers, and to comply with our legal obligations.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Special categories of data
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If you do not wish to provide any personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you our products). In this case, we may have to cancel your order but we will notify you if this is the case at the time.
3. Lawful processing
We are required to rely on one or more lawful grounds to collect and use the personal information that we have outlined above. The following are applicable, depending on the context:
Generally we do not rely on consent as a legal basis for processing personal data other than in relation to certain direct marketing activities.
Where the processing of your personal information is necessary for us to comply with a legal obligation to which we are subject.
Where it is necessary for us to process your personal information in order to perform a contract to which you are a party (or to take steps at your request prior to entering a contract), for example to provide our products to you.
We rely on this basis where applicable law allows us to collect and use personal information for our legitimate interests and the use of your personal information is fair, balanced, and does not unduly impact your rights. For instance, it is in our legitimate interest to process personal data of any person who contacts us with an enquiry, in order to respond to such enquiry, or process data for the purposes connected with the administration of our business, for developing our business strategy and monitoring the performance of our business.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
4. Communications and marketing
You will receive marketing communications from us if you have signed up to our newsletter, requested information from us or purchased products from us or if you provided us with your details when you registered for a promotion and, in each case, you have not opted out of receiving that marketing.
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product purchase, warranty registration, product experience or other transactions.
5. Sharing your personal data
We will never pass your personal data to anyone else, except for any successors in title to our business and associated group companies or to suppliers that may process data on our behalf as part of providing a service to you – e.g. applying for finance and carry out credit checks, performing warranty and service work. We may also need to share your personal information for auditing purposes, with our advisers, if we are under any legal obligations or in connection with any legal proceedings, in order to establish, exercise or defend our legal rights.
We will not sell your personal data, but we cannot be held responsible for the actions of any third party sites from which you may have linked or been directed to our Site.
6. International transfers
We are aware that certain countries outside the UK or European Economic Area (EEA) have a lower standard of protection for personal information, including security protections.
We do not currently transfer and store any personal data outside the EEA. If in the future we decide to use suppliers based outside the EEA or who would require transfer of personal data outside the EEA, we will do so only if we can be satisfied that the recipient implements appropriate safeguards (as required by UK data protection laws) designed to protect your personal information.
Keeping your data secure
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Any payment transaction will be encrypted.
8. How long do we keep your personal information?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. For example, by law, we are required to keep basic information about our customers for tax purposes (including contact details, identity and transaction information) for six years after they cease being our customers. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Once you are no longer our customer, we will retain and securely destroy your personal information in accordance with applicable laws and regulations.
9. Your rights
If you have an account with us, it is important that the personal information we hold about you is accurate and current. Please let us know if your personal information changes during your relationship with us.
Under certain circumstances, by law, you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a confirmation from us as to whether we process any of your personal information or not, and if this is the case, to receive a copy of such personal information and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information (often referred to as “the right to be forgotten”). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object if we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it, or if we no longer need your data for our legitimate interests but we need to hold some of it for the purpose of legal proceedings.
- Request the transfer of your personal information to another party.
If you would like to exercise any of the above rights, please:
- email, call or write to us (see our contact details below);
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill). This is to allow us to verify your identity and prevent disclosure to unauthorised third parties; and
- let us know the details of your request, for example by specifying the personal data you want to access, the information that is incorrect and the information with which it should be replaced.
10. Contacting us or the ICO
You can email us: email@example.com
You can write to us at 278 King's Rd, Chelsea, London SW3 5AW
You can also contact the Information Commissioner’s Office on 0303 123 1113.