YOUR PRIVACY MATTERS
At V A Whitley we have always honoured our customers’ right to data protection and privacy, however, some data protection laws are changing and we want you to be fully informed about how we handle your data.
Please be reassured that these changes will provide you with greater data protection rights and V A Whitley will continue to use your data only for the purposes you have agreed with us.
This document explains what information we collect about you, why we collect it, what we may use it for and it also explains your rights regarding the information and how we look after it while we have it.
New Data Protection Law : The EU General Data Protection Regulation (GDPR) comes into effect on 25thMay 2018 and replaces current EU and UK Data Protection laws. GDPR introduces increased data protection rights for individuals. V A Whitley is committed to complying with the UK Data Protection Act and to be compliant with GDPR.
If you have a query or concern about data protection or how we currently handle your personal data then please email: email@example.com .
WHAT INFORMATION DO WE COLLECT ABOUT YOU?
We only collect information that we know we will genuinely use. We respect your privacy and we try to minimise what we do collect. Typically we need details like
- Your name, date of birth and address so we know who you are and the services you need from us.
- Your contact details such as telephone numbers or email addresses where supplied so we can keep in touch with you about our services and your account.
- Your bank account or other financial details so we can manage payments on your behalf.
HOW DO WE COLLECT INFORMATION ABOUT YOU?
We prefer to collect the information we need directly from you. That way, you know what we have and we can be sure you’ve provided us with the most up to date and accurate information. We usually do this :
- When you set up your account with us.
- When you contact us for any reason eg calling to place an order, sending us emails, interacting with us via social media.
- If you complete an online order form or place an order via our website.
- If you enter a competition or complete a survey.
Where absolutely necessary, we may occasionally collect information about you from “third parties” such as credit agencies or the electoral roll.
WHAT DO WE DO WITH THE INFORMATION WE COLLECT ABOUT YOU?
We use your information in various ways, such as to:
- Meet the purpose you provided the information for.
- Provide you with the goods and services you want.
- Let you know about goods and services you might want us to provide.
- Help you trade with us. For example, we need to know your credit or debit card details so that we can process your payments.
- Obtain feedback from you about products, our website and other services and activities.
- Reply to any questions, suggestions, issues or complaints you have contacted us about.
- Administer your account, including ;
- Seeking your views on any service we provide.
- Dealing with any problems, enquiries or complaints you may have.
- Resolving unpaid bills.
- Preventing fraud.
- Keeping our records accurate and up to date.
- Complying with any legal obligations we may have.
FOR WHAT PURPOSE DO WE USE YOUR PERSONAL DATA?
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|Purpose / Activity||Type of Data||Lawful basis for processing including legitimate interest to do so|
|To register you as a new client||
|Performance of a contract|
To manage payments, fees and charges and collect any fees owed to us
Marketing and Communications
Performance of a contractOur legitimate interests to recover and process debts due to us
To provide services and manage our relationship with you including using a third party to assist in the provision of the services
To include providing you with information you request, satisfaction surveys, changes to our services/ products or this privacy notice.
ContactMarketing and Communications
Performance of a contract
Our legitimate interests to provide the services you require, keep you updated and receive feedback
Necessary to comply with a legal obligation
To administer and protect our business and this website
(including troubleshooting, data analysis, testing, system maintenance, data handling and reporting)
Our legitimate interests to run our business, provision of administration and IT services, network security, to prevent fraud or prevent access to the data we holdNecessary to comply with a legal obligation
To make suggestions and recommendations to you about services/ products that may be of interest to you
|Our legitimate interest to develop and grow our business|
Types of data
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth.
- Contact Dataincludes your home address, business address, email address and telephone numbers.
- Transaction Data includes details about payments to and from you and other details of products/ services you have purchased from us.
- Marketing and Communications Data includes information that allows us to choose how best to market specific communications to you.
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience particularly in compliance with our agreed terms and conditions with you (in the case of customers of VAW), or agreed terms of business (in the case of suppliers to VAW). We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
WHO DO WE SHARE YOUR INFORMATION WITH?
We appreciate that you have provided your information to us and may not want us to share it with other people or organisations, however we can’t run our business or provide many of the services and benefits you receive without involving other people or organisations from time to time. When we share your information we want you to know that we only do so in accordance with our legal data protection and privacy obligations, or where you have requested us to do so. We may share your information with, for example :
- Your family, associates or someone who represents you, where you have asked us to.
- Our employees who provide you with our services.
- Credit reference and fraud protection agencies in order to help prevent fraud, or as part of our debt collection process.
- Any person or organisation where we are required to because of a court order, legal duty or statutory obligation eg external agencies such as the police or local authorities.
- Carefully selected contractors and specialists to help us provide you with our services, for example businesses within our Q Partnership Group when we take part in nationally promoting brands which we jointly own, we may supply your details to the company responsible for the management of a particular brand so they can send you details of competitions or offers.
- Mailing houses. When we send out promotional literature this may be sent out on our behalf from a preferred mailing house.
- Our insurers and insurance brokers who provide us with comprehensive cover against the risks of running a business.
- Banks and finance companies where we have allowed them to use your data for the purposes of you paying us or us paying you.
- Our professional advisers including lawyers and technology consultants when they need it to give us their professional advice.
- Other people who make a subject access request, where we are allowed to do so by law ; eg to comply with a court order.
We are careful to minimise such sharing. Whenever we share your information we do everything we can to make sure it is protected from misuse or loss.
HOW DO WE LOOK AFTER YOUR DATA AND KEEP IT SECURE?
When we use information about you we take all reasonable efforts to do so fairly and lawfully.
While we are sure that customers know we use their information, we will provide notice of this where we can.
We never use information about you unless it is lawful to do so and we have a clearly defined need or purpose.
When we collect information about you we make sure we minimise what we collect. We try to collect enough accurate and up to date information so we can provide you with excellent, efficient customer service you deserve and no more.
We try not to keep your information for longer than we need it and we make sure that the records we have about you are managed properly and deleted promptly and securely when we no longer need them.
We make every effort to keep your information safe. We take appropriate care to secure the information we hold about you.
We have robust and modern technical security.
We have procedures and training to make sure your information is only available to our employees who need to see it to do their job.
In everything we do with your information we try to be fair, lawful and open and we take seriously our obligations towards your privacy and the protection of information we hold about you.
HOW LONG DO WE KEEP YOUR INFORMATION FOR?
To make sure we meet our legal data protection and privacy obligations, we only hold on to your information for as long as we actually need it for the purposes we acquired it in the first place.
In most cases, this means we will keep your information for as long as you continue to trade with us or use our services, and for a period of time afterwards if you stop doing so. After that we will either delete it or securely destroy it.
The Data Protection Act 1998 and GDPR gives you certain rights towards your personal information. We take all reasonable efforts for you to exercise those rights.
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data
- The right to request a copy of the personal data which we hold about you;
- The right to request that we correct any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary to retain such data;
- The right to withdraw your consent to the processing at any time;
- The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller (known as the right to data portability), (where applicable, i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).
Certain exemptions and conditions apply to these rights, principally that it should be in writing and that you give us reasonable details about the information you want.
We reserve the right not to comply with any enquiries or requests we receive about the information we collect, where we may lawfully do so. For example, if we have reason to believe that a request is malicious, technically impossible, involves disproportionate effort or could be harmful to others.
To make sure that we only give your information out to you and not someone else, you will need to provide us with two current forms of identification. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
To reduce the chances of an error or misunderstanding, we work hard to keep the information we gather about you accurate and up to date. But we also need your help too. Please ensure that the information you provide (eg any contact information) is correct and that you update us of any changes. Please contact us if you have reason to believe any of the information we have is inaccurate.
If you have any worries or complaints about the way we use your information though, please don’t hesitate to get in touch with us. We’ll do our very best to put things right.
MANAGING OUR MARKETING COMMUNICATIONS
We like to communicate with you and keep you up to date with things like our latest product innovations and special offers and we may send you our magazine Whitley News, invitations to our trade exhibitions, direct mail etc. However, we will always provide ways for you to stop these marketing communications should you wish. E.g. any email communications you receive from us will show an “unsubscribe” link to stop further communications. You can contact us any time and let us know what you would like to change.
ON OUR WEBSITE
BY EMAIL AND PHONE
If you have contacted us by email, or provided an email address, we may use this to contact you if we need to. You should also be aware that information conveyed by email could be deliberately or accidentally intercepted or corrupted. While we make every effort to make sure that emails we send to you are free from viruses, this cannot be guaranteed. We recommend that you scan all email for viruses with appropriate and frequently updated virus checking software.
If you have given us your phone number (landline or mobile), we may use it to contact you if we need to, including sending texts. If you call us, we also reserve the right to record your phone call, for security, accuracy and training purposes, and to make sure we record the details of your order if you leave it on our answerphone.
Please let us know if your phone numbers or email addresses change so we can keep this information up to date.
We have CCTV in operation in V A Whitley premises and our vehicles are protected by vehicle cameras. CCTV data is captured purely for health and safety and security and for the prevention and detection of crime.
WANT TO KNOW MORE ABOUT YOUR PRIVACY RIGHTS?
The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible on their website at www.ico.gov.uk
Our full legal name is V A Whitley & Co. Limited and our registered office is Milward House, Fir Street, Heywood, Lancashire OL10 1NW. Telephone: 01706 364211. Email: firstname.lastname@example.org Website: www.vawhitley.co.uk
We are a privately owned company incorporated in England and Wales. Our registered company number is 474394. We are registered under the Data Protection Act 1998 with the ICO in the UK under number Z6181921. We are the data controller of the information you provide us with. This term is a legal phrase used to describe the person or entity that controls the way information is used or processed.