Privacy
Privacy Policy – May 2018
INTRODUCTON:
Kernow Fixings Ltd are committed to protecting and respecting your privacy. This privacy notice contains important information on who we are, how and why we collect, store, use and process personal information and your rights in relation to your personal information. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this privacy notice. This privacy notice will inform you of your privacy rights and how the law protects you. Any changes we may make to our privacy notice in the future will be available to view on our website.
WHO WE ARE:
Under GDPR, Kernow Fixings Ltd is a Data Controller and is therefore registered with the ICO (Information Commissioner’s Office) and is responsible for your personal data (referred to as “Kernow”, “we”, “us” or “our” in this privacy notice.
Our registered address is: Manfield Way, Holmbush Industrial Estate, St Austell, PL253HQ
Our hours of business are 7:00am and 5.00 pm Monday-Friday.
We don’t have a Data Protection Officer (DPO) and there is no requirement for us to appoint a DPO under the terms of the GDPR; contacting us via info@kernow-how.com will enable us to deal with any GDPR related enquiries.
This privacy notice details how we collect and process your personally identifiable data as a customer, prospective customer or supplier. Employees and job applicants are covered by a separate privacy notice within the internal HR system.
You have the right to make a complaint at any time to the ICO (Information Commissioner’s Office), the UK supervisory authority for data protection issues (www.ico.org.uk). Please contact us in the first instance, as we would appreciate the chance to deal with any concern you may have before you make contact with the ICO.
WHAT IS PERSONAL DATA?
Under the EU’s General Data Protection Regulation ‘Personal Data’ is defined as:
“any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
WHY DOES KERNOW NEED TO COLLECT, STORE AND USE PERSONAL DATA?
In order for us to provide you with our products and services we need to collect personal data for correspondence purposes, including contacting the right person regarding queries, sales and invoices, and to deliver goods to site. We are committed to ensuring that the information we collect and use is appropriate for this purpose and does not constitute an invasion of your privacy. We may pass your personal data on to our service providers who are contracted to Kernow Fixings Ltd in the course of our dealings with you. Our contractors are obliged to keep your details securely and use them only to fulfil the service they provide you on our behalf. We ensure all our contractors have GDPR compliance policies in place.
We do not collect or use data about our customers that is classified under GDPR as ‘special categories’ (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
THE DATA KERNOW DOES COLLECT ABOUT YOU:
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).In the course of negotiating, marketing and doing business with customers we may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes name, username or similar identifier, job title, trade
- Contact Data includes billing address, delivery address, email address and telephone numbers and social network handle
- Location includes additional addresses and GPS coordinates
- Financial Data includes bank account, payment card details, credit information
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website, products and services.
- Communication including telephone recordings, voice mail, email
- Marketing & Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
If you fail to provide personal data, where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may have to cancel the contract we have or are trying to enter into with you (for example, to provide you with products). In this case, we will notify you if this is the case at the time.
HOW DOES KERNOW COLLECT YOUR PERSONAL DATA?
Kernow Fixings Ltd uses various methods to collect data from you and about you including through:
- Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- Request marketing information to be sent to you
- Subscribe to our newsletters and other marketing material
- Purchase our products and services
- Create an account on our website
- Take part in a prize draw, competition, survey or promotion
- Provide us feedback
- Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and similar technologies.
- Third parties or publicly available sources
HOW KERNOW USES YOUR PERSONAL DATA
Kernow will process – that means collect, store and use – the information you provide in a manner that is compatible with the EU’s General Data Protection Regulations (GDPR). We will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary. In some instances, the law sets the length of time information has to be kept, but in most cases, we will use its discretion to ensure that we do not keep records outside of our normal business requirements. Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. We will only use your personal data in accordance with the law and the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract, we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email [or text message]. You have the right to withdraw consent to marketing at any time by contacting us.
If you are an individual or run a business as a sole trader or a partnership that is not related to the building and construction industry and haven’t previously entered into negotiation regarding prices with us, communicated with us, registered on our website or purchased from us, we will ask for your consent to process your data.
If you work for a Limited company, PLC, or similar, and we are processing your personal data, your rights under GDPR and PECR are unaffected unless we need them to satisfy a legal obligation or as part of a contract.
USING YOUR PERSONAL DATA:
We will use the information you provide for the following purposes:
Internal record keeping: we use a system to record our customers’ names and contact details, along with dates of orders, what was ordered, brief descriptions of when our team have corresponded, met or talked to our customers, as well as delivery addresses and any names and contact details needed to get our goods to your site or supplied by customers as referees when opening a credit account. This helps us answer questions about past orders, ensure our invoices are correct, contact customers if there’s ever a problem, and anything else that helps us provide the excellent level of service our customers expect.
Business correspondence: from time to time we get in touch with our customers via post, email or phone; this includes sending invoices, arranging meetings, keeping customers updated with their orders, catalogue requests, invitations to events, sending gifts, account management, opening times over holidays, unplanned closures (e.g. due to poor weather conditions), changes to our terms and conditions, or prices.
Delivery to site: sometimes building sites are hard to find, so we make sure that we have some contact details to help the drivers deliver goods where they’re needed. This is usually a name and mobile number – whatever our customer feels is the best information to give. Occasionally we use courier or delivery companies to get our goods to site, or goods will need to be delivered direct by the manufacturer or our supplier; these are third parties working on our behalf and their obligations are detailed above.
Customer feedback and market research: we sometimes ask customers to give feedback about their recent experience by email and may also contact customers for market research purposes by email, post or phone.
Website: customers can log in to our website to see their past orders, buy online with agreed prices, choose from past delivery addresses. We may customise the website according to information gathered from previous purchases or what our customers have told us about themselves, such as address or trade. In some instances, the information on the website has been added by our customers; the website is also linked to our ERP system and email platform to enable us to work towards providing a seamless experience. We also use analytics that track site visitors as they use the website and use this to improve the website.
Marketing: customers may receive marketing messages by email and SMS, and we always provide a means of opting out. Customers can manage their email preferences using links at the bottom of our messages. We sometimes send marketing messages by post and it is always regarding products or services similar to those previously purchased or used, or related to the industry our customers work in.
We may use your identity, contact, technical, usage and profile data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or purchased products from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing
We don’t currently use third-party marketing. If we do in future, we will get your express opt-in consent before we share your personal data with any company outside of Kernow Fixings for marketing purposes.
Opting out - You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us.
Cookies - You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
Customer testimonials: we sometimes ask customers to give us testimonials about the excellent service they’ve received from us, and all customers that do, are asked to put it in writing that they agree and grant us permission to use their testimonial with their name, company name and position, and we keep this authority from them on record.
Customer referrals: on the back of giving our customers an excellent service, we sometimes ask them if they could refer another potential customer to us from within the industry that they know of, have worked with. If and when this happens we would contact them with a soft approach. Again, existing customers that do this put it in writing that they have the referred customer’s consent to pass on their information, and we keep this authority from them on record.
Charitable giving: we’re often asked by customers to donate to a charitable cause on their behalf or sponsor them; we in turn ask their permission to use their name, company name and any other relevant details, such as a link to their ‘JustGiving’ page, in our promotion of the event or cause, which we do via social media, emails and blog posts on our website.
Competitions: occasionally we run competitions and will collect names and contact details so that we can notify the winner(s). We announce the winner(s) via social media, emails and blog posts on our website and this is always detailed in the competition’s terms and conditions available on our website.
CCTV and photography: our head office has a CCTV system installed and runs continuously. We use the footage to investigate issues if and when they arise. At events and/or for marketing purposes, we may ask to take photographs and always ask the individual for permission if we want to use them for business purposes. The majority of our fleet of vehicles have dashboard cameras recording the drivers’ journeys; we use this footage as evidence should any of the vehicles be involved in a road traffic incident or similar event.
Other information: Systems we use or have accounts with may record information about you through your use of, or interaction with them. For example, if you open our emails on your mobile device and have GPS switched on, the email platform we use may record your location – this is usually managed by you with settings on your device. By liking or following Kernow Fixings on social media networks that you are a member of, we may be able to see information about you depending on your privacy settings on the social network you’re using.
Change of purpose - We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
ORGANISATIONS THAT PROCESS DATA ON OUR BEHALF:
In line with GDPR, we need to tell you of any other organisations (sub-processors) involved in the processing of your data. For the most part our information is stored on our internal systems here in our offices. We have sought and have recorded assurances from other sub processors that they are GDPR compliant.
DISCLOSURES OF YOUR PERSONAL DATA:
We do not pass or sell personal data to any person or company that is not acting on our behalf. Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with the terms of this policy.
We may have to share your personal data with the External Third Parties.We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
INTERNATIONAL TRANSFERS:
Some of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
DATA SECURITY:
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
DATA RETENTION:
How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
YOUR LEGAL RIGHTS:
You have the right to object to Kernow Fixings Ltd processing your personal data. Your objection would need to be regarding us processing your personal data based on legitimate interest, or for direct marketing, and on grounds relating to your particular situation. Please contact us if you need to raise an objection.
Should we receive an objection relating to direct marketing, we will stop processing your personal data. Direct marketing includes email, SMS (text messages), phone calls and post. All our marketing emails have an unsubscribe link at the bottom, as well as a link to update your preferences.
If you would like to make a request concerning your personal data, please email: info@kernow-how.com
Or write to us:
GDPR Compliance,
Kernow Fixings Ltd,
Manfield Way
St Austell
Cornwall
PL25 3SA
Or you can call us on 01726 624600 between 6:30am and 5.00pm, Monday - Friday.
You have the right to know how we process your data. This privacy notice has been created for this purpose. If you have any questions that you cannot find the answer to in this notice, please don’t hesitate to contact us.
You have the right to access your personal data and any supplementary information. You can do this by contacting us and making this request. We’ll provide you with what information we have free of charge within one month of receiving your request, after we have verified your identity.
If your request is complex we’ll notify you within one month of receipt that we will need to extend this period and why, and the maximum that we are able to extend it by is a further two months. If we feel that a request is manifestly unfounded or excessive, particularly if requests are repetitive, we can charge a reasonable fee to cover the administrative costs or refuse to respond. If we refuse to respond we will explain why; you would still have the right to complain to the ICO and to a judicial remedy without undue delay and within one month.
You have the right to tell us if your information is incorrect or incomplete and for it to be rectified. Should you notice that data we hold isn’t right, please contact us and we’ll correct it within a month of receiving your request.
Should the request for rectification be complex, we’ll let you know that we will need to extend this period and why, and the maximum that we are able to extend it by is a further two months. If we don’t take action following your request, we’ll contact you to explain why and you’ll have the right to complain to the ICO and to a judicial remedy.
You have the right to be forgotten. You can request the deletion of personal data when there is no compelling reason for us to continue to process it by contacting us. This includes where you feel that it is no longer necessary, where you withdraw consent, where there is no overriding legitimate interest, or if you feel it was unlawfully processed. Should there be a reason for us to refuse, such as the exercise or defence of a legal claim, we will tell you. We will endeavour to fulfil your request otherwise, although if we have used your personal data on social networks it may not be entirely possible (we would not do this without your consent).
You have the right to request that we restrict processing of your personal data. This would mean that we continue to store your personal data, but not use it going forward. You can do this by contacting us. We will retain just enough information about you to ensure that the restriction is respected in the future.
We’ll also restrict processing of your personal data if you tell us that it’s inaccurate or incomplete. Should you need to establish, exercise or defend a legal claim and we no longer need your personal data, we’ll restrict its processing.
You have the right to request your personal data to reuse it for your own use across different services. However, the type of personal data that we process is unlikely to be useful for this purpose. Please contact us if you’d like to request this and we’ll reply within one month either with the data or a reason why we’re not taking action. If we tell you we’re not taking action, you’ll have the right to complain to the ICO and to a judicial remedy without undue delay and within one month.
Kernow Fixings Ltd do not use any form of automated decision making including profiling.