Privacy policy

Cookie Policy

Cookie Policy

In accordance with the General Data Protection Regulation (GDPR), we have implemented this privacy notice to inform you (the Customer*) of the types of data we process about you. We also include within this notice the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.

Definitions: Please note, that the term ‘Customer’ may be applied to both our Direct Customer and where applicable the End User. The End User is defined as the party for whom our product and/or service order is ultimately for. For example, where the Customer is a high street kitchen showroom and the End User is the private householder who has purchased our worktop product through that kitchen showroom.

  1. A) DATA PROTECTION PRINCIPLES

Under GDPR, all personal data obtained and held by us must be processed according to a set of core

principles. In accordance with these principles, we will ensure that:

  1. a) processing is fair, lawful and transparent
  2. b) data is collected for specific, explicit, and legitimate purposes
  3. c) data collected is adequate, relevant and limited to what is necessary for the purposes of processing
  4. d) data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
  5. e) data is not kept for longer than is necessary for its given purpose
  6. f) data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
  7. g) we comply with the relevant GDPR procedures for international transferring of personal data
  1. B) TYPES OF DATA HELD

We keep several categories of personal data about our Customers in order to carry out effective and

efficient business processes. We keep this data in a file relating to each Customer and we also hold

the data within our computer systems, for example, our accounts systems or Material Requirements

Planning (MRP) system.

 

Specifically, we hold the following types of data:

  1. a) personal contact details such as name, address, phone numbers
  2. b) bank account details
  3. C) COLLECTING YOUR DATA

Customers provide several pieces of data to us directly during any commercial and operational activity.

For example Customer name and address and phone number, and subsequently upon the start of the

engagement, for example, Customer bank details.

Personal data is kept in files or within the Company’s IT systems.

Please note that, although we often secure payment through credit/debit cards, we do not record or

retain any credit/debit card information and have never done so.

 

  1. D) LAWFUL BASIS FOR PROCESSING

The law on data protection allows us to process personal data for certain reasons only. In the main,

we process personal data in order to comply with a legal requirement, in order to perform the contract we have with our Customers or in pursuit of our legitimate interests. The information below categorises the types of data processing we undertake and the lawful basis we rely on.

Activity requiring personal Customer data Lawful basis

Carry out the contract that we have entered into with you e.g. using your name, contact details

Performance of the contract

Ensuring payment transactions are processed Performance of the contract

Making decisions about who to enter into a contract with

Our legitimate interests

Business planning and restructuring exercises Our legitimate interests

Dealing with any legal claims that involve us Our legitimate interests

Preventing fraud Our legitimate interests

Ensuring our administrative and IT systems are secure and robust against unauthorised access

Our legitimate interests

 E) SPECIAL CATEGORIES OF DATA

As part of the performance of the contract and our legitimate interests, we do not require or collect

Special categories of data relating to Customer, such as:

  1. a) health
  2. b) sex life
  3. c) sexual orientation
  4. d) race
  5. e) ethnic origin
  6. f) political opinion
  7. g) religion
  8. h) trade union membership
  9. i) genetic and biometric data.
  10. j) criminal conviction data

 

  1. F) FAILURE TO PROVIDE DATA

Your failure to provide us with key personal data may mean that we are unable to fulfil our

requirements for entering into a contract with you or performing the contract that we have entered

into.

 

  1. G) WHO WE SHARE YOUR DATA WITH

Employees within our company who have responsibility for carrying out the performance of the

contract order procedures and activities and the administration of payments and invoices will have

access to your data which is relevant to their function. All employees with such responsibility have

been trained in ensuring data is processing in line with GDPR.

Data is shared with third parties for the following reasons: (administration of payments, accounts etc.)

We share a minimal amount of your data (eg your name, address and work email address) with bodies outside of the European Economic Area, namely in the USA. The reason for sharing with these

countries is to access services such as Moraware (MRP), Dropbox and Microsoft Outlook that use

servers which may reside in the USA. These organisations have measures in place to ensure that any

of your data is transferred securely and that the bodies who receive the data that we have transferred, process it in a way required by EU and UK GDPR data protection laws.

We may also share your data with third parties as part of a Company sale or restructure, or for other

reasons to comply with a legal obligation upon us. We have a data processing agreement in place with such third parties to ensure data is not compromised. Third parties must implement appropriate

technical and organisational measures to ensure the security of your data.

 

  1. H) PROTECTING YOUR DATA

We are aware of the requirement to ensure your data is protected against accidental loss or

disclosure, destruction and abuse. We have implemented processes to guard against such.

 

  1. I) RETENTION PERIODS

We only keep your data for as long as we need it for, which will be at least for the duration of your

engagement with us though in some cases we will keep your data for a period after your engagement

has ended. For example, to provide colour match data should any product repair or change be

requested or to maintain warranty records. Our retention period is typically 7 years.

 

  1. J) AUTOMATED DECISION MAKING

Automated decision making means making decision about our Customers using no human

involvement e.g. using computerised filtering equipment. No decision will be made about our

Customers solely on the basis of automated decision making (where a decision is taken using an

electronic system without human involvement) which has a significant impact on any Customer.

Please note, that we do not use automated decision making and do not anticipate a need to do so in

the foreseeable future.

 

  1. K) DATA SUBJECT RIGHTS

You have the following rights in relation to the personal data we hold on you:

  1. a) the right to be informed about the data we hold on you and what we do with it
  2. b) the right of access to the data we hold on you.
  3. c) the right for any inaccuracies in the data we hold on you, however they come to light, to be

corrected. This is also known as ‘rectification’

  1. d) the right to have data deleted in certain circumstances. This is also known as ‘erasure’
  2. e) the right to restrict the processing of the data
  3. f) the right to transfer the data we hold on you to another party. This is also known as

‘portability’

  1. g) the right to object to the inclusion of any information
  2. h) the right to regulate any automated decision-making and profiling of personal data.

Please contact us if you would like to understand more about these rights.

 

  1. L) CONSENT

Because the information we hold about you is not in the special category of data and is solely to enable us to carry out the performance of our contract with you, we take the provision of your to us as your consent for us to use your data. You have the right to withdraw that consent at any time. This means that we will stop processing your data in line with your rights, but it will also mean that the

performance of our contract with you may be rendered infeasible.

 

  1. M) MAKING A COMPLAINT

If you think your data rights have been breached, you are able to raise a complaint with the

Information Commissioner (ICO). You can contact the ICO at Information Commissioner's Office,

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by telephone on 0303 123 1113 (local

rate) or 01625 545 745.

  1. N) DATA PROTECTION COMPLIANCE

Our appointed compliance officer in respect of our data protection activities is: R Bullen

 

Privacy policy

PRIVACY STATEMENT

Blackdown Fabrications Limited respects your personal data and is committed to protecting it.

This statement describes how we process the information we obtain from you and other visitors and customers through a variety of different interactions, including when you visit our websites or social media pages, or contact our team.

Here you can also find out about the types of information we collect from you, how we use it, how we might share data with others, how you can manage the information we hold and how you can contact us.

We are a ‘Data Controller’ of your personal information which means we decide why and how it is processed. It also means we are responsible for that processing, which extends to any third parties we use who may process your information based on our instructions.

We may work with other organisations in connection with some of the processing activities described in this statement such as social media platforms.

Where your data is collected and sent to other organisations for processing that is in both our and their interests, we will be making decisions together in relation to that particular processing and will be ‘joint controllers’ with the organisations involved. Under data protection laws, we will be jointly responsible to you for any processing of that personal data. Where this is not the case, the other organisation will be separately responsible to you and they will set out their responsibilities in their own privacy statement. We do not sell your personal data to anyone.

There may be occasions where we would like to offer promotions or market our products and services to you directly but you will be given the option to not receive such communications from us.

What data do we collect?

We collect information about you when you engage with our website, social media pages or when you contact us directly. We may also receive data from third party sources, but we only collect information which is necessary, relevant and adequate for the purpose you are providing it for.

Some of the information does not identify you personally but provides us with information about how you use our services and engage with us. We use this information to improve our services and make them more useful to you. An example of this is our use of Cookies on our websites.

For information about how we use Cookies, please visit the link to our Cookie Policy on our website. Here you can learn about managing the optional Cookies we use.

The information we collect may include some or all of the following:

  1. Name (including title);
  2. Address;
  3. Phone number;
  4. Date of Birth;
  5. Email address;
  6. The date and time you used our services;
  7. The pages you visited on our website, the features you used and how long you visited us for;
  8. Your IP address;
  9. Your GPS location (where you have permitted access to this);
  10. The internet browser and devices you are using;
  11. Cookie, pixels or beacon information (for more information please see our Cookie Policy);
  12. The website address from which you accessed our website;
  13. Details of any transactions between you and us;
  14. Where you engage with us in a business context, we may collect your job title, company contact details (including email addresses) and company details (some of which we may obtain from online or public business directories, including social media);
  15. Voice recordings of calls and/or voice messages you may leave when making calls to our telephone support team;
  16. Any information within correspondence you send to us.
  17. Your social media name and identification number, any information you post on our social media pages, posts in which you include a hashtag or mention relating to us and information regarding your activities on our social media pages generally (for example, the time and date of your posts and your ‘likes’);
  18. Your direct marketing preferences;
  19. Details of services provided by our group companies that you have received or for which you have registered;
  20. Where you act on behalf of a business, any information we collect as part of business telemarketing activity.

You have the option to not provide us with this information however, this may mean that you are unable to receive certain services from us or communicate with us effectively.

How do we use this data?

We will only process information that is necessary for the purpose for which it has been collected.

There are various ways in which we may use or process your personal information:

To Perform a Contract

We may use and process your personal information where this is necessary to perform a contract with you and to fulfil and complete your orders, purchases and other transactions entered into with us.

Legitimate Interests

We may use and process your personal information where it is necessary for us to carry out activities for which it is in our legitimate interests as a business to do so.

Consent:

Where you have provided your consent, we may use and process your information in the following ways:

  1. To contact you from time to time about promotions, events, products, services or information which we think may be of interest to you; and
  2. To share your personal information with companies within our Group, so that they can contact you with marketing information about their products and services.

Where we collect your data from another source, we rely on our legitimate interests as the legal reason to process your data.

You have the option to withdraw your consent at any time by contacting us using the details below or by using the unsubscribe option provided in our marketing communications.

Processing which is necessary to provide Customer Support, improve our services and respond to complaints, claims and regulators

  1. To respond to any correspondence that you send to us and fulfil customer requests.
  2. To respond to queries, complaints or claims and to manage legal and regulatory requests and requirements.
  3. To provide IT support and services.
  4. To analyse, evaluate and improve our products and services, so that we can provide a more useful and enjoyable customer experience.
    For example, we use Google Analytics software to collect information about how you use our website. This includes IP addresses. We do not store your personal information through Google Analytics as the data is anonymised before being used for analytics processing and we will not identify you through analytics information.
    Google Analytics processes anonymised information about: the pages you visit on our website, how long you spend on each page, how you got to the site and what you click on while you’re visiting the site.
  5. To enforce or protect our legal rights or to establish, bring or defend legal claims.
  6. To comply with a request from you in connection with the exercise of your rights (for example, the keeping of suppression lists where you have opted not to be contacted for the purposes of marketing).
  7. To inform you of updates to our terms and conditions and policies

Processing necessary for us to promote our business, brands, products and services

We may contact you with marketing information after you have purchased a product or service from us. We will only do this in the way in which the law allows and we will only contact you with information about our own products and services and that we believe may be of interest to you. You have the right to object to us sending you this information at any time.

Legal Obligation

We may process your personal information to comply with our legal or regulatory requirements.

Vital Interest

Sometimes we will need to process your personal information to contact you if there is an urgent safety or data breach and we need to tell you about it.

How do we keep your data safe?

We use technical and organisational measures to safeguard your data and adhere to the UK General Data Protection Regulations with regards to protecting your data. This includes measures to deal with any suspected data breaches.

If you suspect any loss, misuse or unauthorised access to your data, please contact us immediately using the contact information below.

Links to other websites

This website may provide links to other websites. This privacy policy does not extend to linked websites. We do not have responsibility for the content of these websites or how they use and protect your data. We advise you to read the privacy policy of other websites prior to using them.

How do we share your data?

As previously stated, we do not sell your information to third parties. We do however work with our group companies and with third party suppliers who fulfil business activities for us.

Transfers outside Europe

There may be some instances where your information is processed or stored outside of the UK and EU. In those instances, we will ensure that appropriate safeguards are in place for that transfer and storage as required by applicable law.

We may use Social Media Platforms to communicate with you and to promote our products and services. We use your personal information when you post content or otherwise interact with us on our official pages on Facebook, Instagram, LinkedIn and Twitter and other social media platforms. We may also view statistical information and reports regarding your interactions with the pages we administer on those platforms and their content.

We take steps to ensure that any third-party partners who handle your information comply with data protection legislation and protect your information just as we do. We only disclose personal information that is necessary for them to provide the service that they are undertaking on our behalf.

How long do we keep your data?

We hold your personal information to give us an opportunity to form a relationship with you but we do not keep your personal information in an identifiable format for longer than is necessary.

There may be occasions where we retain your data after our relationship ends to establish, bring or defend legal claims.

Exceptions to this:

  • Where the law requires us to hold your personal information for a longer period, or delete it sooner;
  • Where you have raised a legal claim, complaint or concern regarding a product or service offered by us, in which case we will retain your information for a period of 6 years following the date of that complaint or query; or
  • Where you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law.

How can you manage the information we hold about you?

You have the right to:

  • Ask for a copy of the information that we hold about you.
  • Correct and update your information.
  • Withdraw your consent (where we rely on it).
  • Object to our use of your information (where we rely on our legitimate interests to use your personal information) provided we do not have any continuing lawful reason to continue to use and process the information. When we do rely on our legitimate interests to use your personal information for direct marketing, we will always comply with your right to object.
  • Erase your information (or restrict the use of it), provided we do not have any continuing lawful reason to continue to use and process that information.
  • Transfer your information in a structured data file (in a commonly used and machine readable format), where we rely on your consent to use and process your personal information or need to process it in connection with your contract.

You also have the right not to be subject to purely automated decisions (including profiling) where this has a significant effect on you. We do not envisage that any decisions will be taken about you in this way, however we will update this statement if this changes.

The contents of this statement may change from time to time so you may wish to check this page occasionally to ensure you are still happy to share your information with us. Where possible, we will also contact you directly to notify you of any substantial changes.

You can exercise the above rights and/or manage your information by contacting us using the details below:

Post Blackdown Fabrication Ltd. c/o 71-75, Shelton Street, Covent Garden, London, WC2H 9JQ

Email: sales@bfab.uk

Phone: 0208 123 6577

If you are unhappy, you have the right to lodge a complaint with a data protection regulator in Europe, in particular in a country you work or live or where your legal rights have been infringed. The contact details for the Information Commissioner’s Office, the data protection regulator in the UK, are below:

Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Call: 0303 123 1113

Email: casework@ico.org.uk