General Privacy Policy
Privacy Notice and Policy: August 2020
This Privacy Policy sets out the basis upon which we process personal information, whether that information is provided to us by you directly or via a third party.
This Privacy Policy does not apply to our employees, contractors, candidates for employment or engagement for whom we have a separate privacy notice provided directly to them at the time of engagement.
This Privacy Policy (also referred to as Privacy Notice) is issued on behalf ofAmalfiiHeating (South Midlands) Limited, when we mentionAmalfiiHeating,we, us, or our, we are referring to the relevant companyAmalfiiHeating (South Midlands) Limited asbeingresponsible forprocessing your information. We,atAmalfiiHeating,respect your concerns about privacy.
Our Data Protection Officer (DPO) is Karen Brighton (Director)
Our Privacy Promise
1. The protection of your privacy and personal information is important to us. We make sure that not only do we have appropriate security measures in place, but that any other organisation we work with to provide a service also meets the same standard as us.
2. We will respect your privacy and your marketing preferences, and we will not sell your information, or share it with other organisations for marketing purposes without your consent.
3. We will make it clear at the point when we request your information, what we are collecting it for, how we are going to use it, and how long we will keep it.
4. We will collect and use your personal information only if we have your permission or have a lawful basis for doing so.
5. We will minimise the amount of information we collect from you to what we need to deliver the product and services you have requested.
6. We will be clear in our dealings with you as to what information about you we will collect and how we will use it.
7. We will use your personal information only for the purposes for which it was originally collected and once that purpose has ended, we will delete or anonymise it, so that you can no longer be identified.
8. When other parties provide us with information about you, we will perform reasonable steps to confirm that the other party has a lawful basis to share your information with us, for the purpose given, or we will delete that information.
Our Contact Details
These are the registration details for our companies and the contact relating to data protection.
AMALFII HEATING (SOUTH MIDLANDS) LIMITED
Our company number is 11164596
Our web address is https://www.amalfiiheating.co.uk
Email: privacy@amalfiiheating.co.uk
The above company are registered in the United Kingdom and can be contacted,
via post to our registered address:
Office 7
The Civic Centre
Martins Way
Stourport-on-Severn
DY13 8UJ
Or, to our home address:
16 Laxton Avenue
St Johns
Worcester
WR2 6EQ
The type of information we collect:
We may collect and process the following information about you:
Personal identifiers, contacts, and characteristics (for example, name, contact details and physical address, email address, job title i.e. Dr, geographic location, all stored within our job management software which also has its own data protections in place.
Website usage data (for example, Internet Web browser type and version, operating system, referral source and pages visited)
Payment details via accounting software with its own data protections
Purchase history and trends.
How we obtain your personal information
Most of the personal information we process is provided directly by you for one or more of the following reasons:
When you request a quotation or estimate for products and services.
When you or your organisation applies for an account to purchase a service plan and from our company.
Where we or your organisation have assigned you an account to access any of our interactive online systems, or mobile applications.
When you communicate with us in the context of an employee or worker representing an organisation which we supply services to or consume products or services.
When you communicate with us directly as an individual, or as a customer of an organisation that has procured our products and services.
When you communicate with us as an individual to exercise your rights.
Because of your usage of any of our online services or mobile applications.
We may also obtain your personal information from other sources or organisations for one or more of the following reasons:
Because of our procurement of a mailing list from any supplier, where you have previously consented for that supplier to share your personal information with others for marketing purposes.
One of our partners provides us with your information, in accordance with the terms and conditions of a product or service which you have obtained from them.
Your next of kin has notified us of important information about you.
Your employer is in partnership/business with us and is required to notify us about your employment, or you are working on a project, or providing services to us.
A delegated authority has communicated with us.
A legal authority, or body has provided us with information about you, because of a lawful enquiry.
An insurance company made an enquiry about a product or warranty claim to us.
A financial institution making lawful enquiries.
How we use your personal information
If you are a customer, we use your personal order information to:
Provide you with a quote or estimate for products or services and to inform our engineers with the relevant information they require.
Keep you informed about our products and services.
Respond to your enquiries, complaints, or rights requests.
Process orders, and to follow up on orders that are not completed.
To arrange visits to your home or premises to carry out a survey, quote, repair or installation.
Manage your account, including verifying your identity if necessary.
Notify you about important changes or developments to our site or services.
Manage deliveries, returns and refunds.
Process competition entries.
Deal with product liability issues.
Deal with enquiries and complaints.
Manage claims and for insurance purposes.
Manage record keeping.
Conduct market research.
Publish trends, and/or to improve usefulness, and content to our website.
Track activity on our site and to provide a more personalised online experience.
Link with social media sites and services, for example, for advertising purposes.
Manage our online systems and mobile applications that you have access to.
Store and retrieve your preferences.
Send you notification of system maintenance activities.
Confirming a supplied email address is valid.
Send you service consumption reports or other information you have requested.
Respond to communications from you relating to products and services we provide to an organisation you represent, directly to you as an individual or as a customer of an organisation.
Examine and identify website and mobile application usage patterns by third party professionals, to enable us to improve our products and services.
Detect and prevent criminal activity and assist in claim management.
If you are a supplier, we use your information order to:
Process and manage orders.
Manage deliveries, installations, returns and refunds.
Deal with product liability issues.
Notify you about important changes or developments to our websites, services, and policies.
Handle rights requests, enquiries, and complaints.
Manage claims and for insurance purposes.
Manage record keeping.
Conduct Market Research.
We may record and/or monitor some telephone calls
For example, calls to our customers
We do this for the following purposes:
Training and quality control.
As evidence of conversations.
For the prevention or detection of crime.
We may share your personal information with your consent
We do not sell or otherwise share personal information, except as described in this Privacy Policy.
Your information may be shared withinAmalfiiHeating to:
Manage your current service needs or service plan or product order which you have placed with us.
To comply with the terms of a promotion, or other activity which you have consented to.
To perform marketing activities for our other products and services which you have consented to.
We engage service providers to assist us in ensuring our business runs smoothly and our ability to provide continued services. We work with a large number of suppliers who provide products and services to us and depending on which organisation, or product, or service you use, we may share your personal information, with consent, with one or more of these suppliers, so they can provide the services to us, or your personal information, or may simply be held in their systems, as a consequence of services they provide to us. For example, having heating supplies delivered directly to your home or business.
Third parties provide many services to our organisation including:
IT service hosting, providing the physical locations where some of our IT systems reside.
Software as Service providers, providing the actual cloud software which we use to deliver part of the services to you, or our administration functions, for example, our websites and online diaries, mobile and tablet applications.
Courier service providers, to collect and deliver the items you have ordered.
Our own marketing activities, where you have consented to participate in marketing activities on our behalf.
Card payment services, to facilitate our card payments.
Financial management providers, identify duplicate or payments owed.
Debt recovery agencies, chase or manage debtors.
Social media platforms, to match your email address with their customer records, to enable them to perform marketing activities which you have consented to.
We will only provide these third parties with the minimum information they need to deliver the service we have engaged them for, and they are prohibited from using that information for any other reason.
Your personal information may also be disclosed to third parties where we are required to by law, or other statutory obligations, including:
Tax, customs, and excise authorities
Regulators, courts, and the police
Insurance companies
Legal or professional advisors
We may also disclose your personal information if we believe that the disclosure is necessary to enforce, or apply our terms and conditions, or otherwise protect and defend our rights, property or the safety of our customers and other users of our websites, systems, and mobile applications.
We may disclose and/or transfer your personal information, in connection with a reorganisation of all, or part of our business, ifthe majority ofour shares are bought by another company, or if we transfer all, or some of our assets to another company.
Links to other websites
Links may be provided on our websites to other websites that are not operated by us. If you use these links, you will leave our websites. You should note that we are not responsible for the contents of any third-party websites.
External sites will have their own privacy policies which you should read carefully.
What legal basis do we use to process this information?
Under the General Data Protection Regulation (GDPR), including the UK adopted post Brexit version, the lawful basis we rely on for processing your (data subject) information will vary depending on the context of how the information was collected, or provided to us, and the purpose for which the information was provided. Article 6 of the GDPR states that processing shall be lawful only if, and to the extent that at least one of the following applies:
a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which the data subject is party orin order totake steps at the request of the data subject prior toentering intoa contract;
c) processing is necessary for compliance with a legal obligation to which the controller is subject;
d) processing is necessaryin order toprotect the vital interests of the data subject or of another natural person;
e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data,in particular wherethe data subject is a child.
In the above context we are the controller, and you are the data subject, the GDPR further states that point (f) shall not apply to processing carried out by public authorities in the performance of their tasks.
To explain this in as clear a way as possible:
When you sign up to something like the receipt of marketing emails, this is done with your consent, therefore our lawful basis would be consent.
Where you provide data to us so that we can fulfil a service, e.g., set up a service plan, provision of a quote, repair, installation, or an order, or a contract, therefore our lawful basis would be contract.
If we need to process your information, because other laws and regulations tell us to, we do so under a legal obligation, therefore our lawful basis would be legal obligation.
Additional contact with you, after you have made a purchase, for example telling you about another closely related product, we do so because we have a legitimate interest to, therefore our lawful basis would be legitimate interest.
Where the use of our or third-party systems required your consent, prior to the collection and processing of your information, our lawful basis is:
(a)Consent.
You can remove your consent at any time, and you can do this by contacting: privacy@amalfiiheating.co.uk
This may arise for example, when you are completing online forms, using our mobile applications or webchat system.
Where we provide services directly to you, our lawful basis is that:
(b)Contract.
This may arise for example, when you sign up for a service plan.
Where your information is provided to us by an organisation whom we provide products and services to, our lawful basis is:
(c)Legitimate Interest.
This may arise for example when, we inform you of another closely related product or service, where we identify suspected criminal activity, such as fraudulent claims, or the use of stolen payment card details.
Sensitive information
The GDPR classifies some data as ‘special category’ and this requires particular protection. As a rule, we do not collect this type of data for customers, visitors to our websites, or suppliers, for example if we have been informed of a health and safety claim, which may include medical information, or if we do need to process ‘special category’ data, we will obtain explicit consent to do so, or other legal method.
Children’s information
We do not knowingly collect or store any personal information of children under the age of 16, because the mechanisms whereby we collect personal information are not applicable to this age group.
Our marketing activities
You may receive direct marketing from us, if you have signed up to this, or where we have a previous relationship, e.g., if you have bought products and services from us before.
If you need to update and/or correct your personal information, including your marketing choices, please contact us on privacy@amalfiiheating.co.uk
You can opt out of receiving emails, or text marketing at any time, by using the unsubscribe option in any email message you receive.
You can opt out of postal and telephone marketing by contacting us at privacy@amalfiiheating.co.uk
We will ensure that prior to conducting any marketing activities, we will screen all proposed marketing recipients against our preference and marketing suppression lists and only perform marketing activities to recipients which we have a lawful basis to do so, have opted in, and have not withdrawn their consent to marketing.
Prior to conducting live telephone marketing calls, we will ensure that the marketing campaign telephone numbers have been screened against the Telephone Preference Service (TPS), and Corporate Telephone Preference Service (CTPS), the telephone preference lists (TPL) which are published 28 days prior to the date of the marketing activity, and we will not call any number present on the TPL for marketing purposes.
Profiling
We may use direct, or anonymised information to engage in data analysis, data matching and profiling activities for a variety of purposes, including, but not limited to:
Website Activity (cookie history).
Business conduct.
Investigation and identification of fraud, money laundering and other potential unauthorised activities.
Financial Viability analysis / reports.
Business partner/client portfolio position, performance, risk positions.
Tax reporting.
Credit defaulting / exposure.
Cookies
Cookies are little packets of data that sit on our website, in some cases to make it work, and in some cases to add additional services. For more information about cookies and how to look after them, including how to turn them off, please visit our cookie policy on the relevant website.
International transfers of personal information
We will very rarely need to use services that may be located outside the United Kingdom. This means your personal information may be transferred outside the UK.
If we transfer your personal data out of the United Kingdom, we ensure a similar degree of protection is afforded to it, by ensuring at least one of the following safeguards is implemented:
the destination country has been deemed to provide an adequate level of protection for personal data by the UK’s Data Protection Authority; or
we may use specific contracts approved for use in the UK, which give personal data protection equivalent to that required by the UK data protection laws.
How we keep your information safe
We take great care to use appropriate administrative, technical, and physical safeguards designed to protect against accidental, unlawful, or unauthorised destruction, loss, alteration, access, disclosure or use.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of information you submit via our website, and any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organisational measures to safeguard your personal data against loss, theft and unauthorised use, access, or modification. Any devices used out in the field and in the office will be covered by password protection and VPN security measures.
Access to personal data is restricted to those within our business who have a legitimate business need, and data processed by third parties is only done so under strict instruction from us, as per the terms of their contract.
We contractually require service providers and processors to safeguard the privacy and security of personal information they process on our behalf in line with data protection obligations and authorise them to use or disclose the information, only as necessary to perform services on our behalf, and under our instruction, or to comply with legal obligations and requirements.
How long we keep your information for
We only keep your personal information for as long as the purpose for which your information was provided exists, or as required to comply with a legal, or statutory obligation. For example, we are legally obliged to retain purchase records for seven years.
When the lawful reason to keep your personal information no longer exists, we will erase your information or change it, so that the information no longer identifies you.
Making changes or getting access to the information we hold about you.
You have the right to request the following:
Request details of and have copies of your information.
Request us to correct or rectify your information.
Request us to erase your information.
Log an objection to a part of, orall ofthe ways in which we are processing your information.
Request that we restrict the way your information is processed.
Request that we provide your information in a portable form, so it can be transferred to another organisation.
Object to an automated decision-making process.
If you withdraw your consent, this will not affect the lawfulness of the processing of your personal data prior to the withdrawal of your consent.
If we are unable to process any part of your request you will be informed of this, along with the reasons as to why your request cannot be carried out.
You can exerciseall ofyour rights, which includes accessing your personal data, having your information erased, or to opt out of marketing material by contacting us on: privacy@amalfiiheating.co.uk
Exercise my rights or, use the contact details at the beginning of this policy to communicate with us
If you are making a request on behalf of someone else, please note that we will need to verify the identity of the person whom it is for, and the authority of the requester before disclosing any personal data. You can submit the request, by contacting us on: privacy@amalfiiheating.co.uk
We have an obligation to respond within one month of receiving your request or when we have confirmed your identity if needed. If your request is a complex one, the response time can be extended by up to two months. If we need to extend, we will let you know about the extended response date, and the reason, but we will do so within the original one-month time frame.
If required, identification may be requested within the one-month time frame and only limited to what is necessary for identity confirmation. We might require a copy of your driving licence, passport, or a utility bill.
If we are not able to comply with a request, we will inform you of this within the one-month time frame and provide an explanation outlining our justification.
Your right to complain
If you do not agree with our reasoning, you can contact our Data Protection Officer at privacy@amalfiiheating.co.uk who will action your complaint onreceiptor you can lodge a complaint with the supervisory authority:
Information Commissioner’s Office
https://ico.org.uk/make-a-complaint/
Telephone: +44 303 123 1113 (local rate) or 01625 545745 (national rate)
