Certain businesses are required under the General Date Protection Regulations (GDPR) to have a Data Controller. For the purpose of the Regulations our Data Controller is Paramount Office Interiors Ltd and can be contacted by email at email@example.com
1. COLLECTION OF PERSONAL DATA
In operating our company we may collect and process the following data about you:
1.1 Details of your visits to our website and the resources that you access, including, but not limited to traffic data, location data, weblog statistics and other communication data.
1.2 Information that you provide by filling in forms on our website, such as when you register to receive information, a newsletter etc including but not limited to your name, email address, mailing address, phone/fax numbers, payment information (where you have chosen to pay for a service). You are not required to provide us with all of the Personal Data listed above, but if you do not do so where requested, we may not be able to effectively provide you with our products, services and information.
1.3 In certain circumstances, you will need to provide us with specific categories of Personal Data (including name, email address and payment information) in order to enter into a contract with us and for us to perform that contract.
1.4 Information provided to us when you communicate with us for any reason.
2. USE OF YOUR INFORMATION
The information that we collect and store relating to you is primarily used to enable us to provide our services to you and to enhance, modify, personalise or otherwise improve our services for the benefit of our customers. We use the information for the following purposes:
2.1 To provide you with information requested from us, relating to our products or services. To provide information on other products which we feel may be of interest to you, where you have consented to receive such information.
2.2 To meet our contractual commitments to you.
2.2 To notify you about any changes to our website, such as improvements or service/product changes, that may affect our service.
2.3 To process payments from you (including, but not limited to, fees and payments for any products or services that you choose to purchase from us) or to process payments to you (including, but not limited to, refunds or reimbursements)
2.4 Internal purposes, such as site and system administration or internal audits and reviews
2.5 To request your participation in surveys, focus groups, or other initiatives which help us to gather information used to develop and enhance our products and services
2.6 To comply with applicable law(s) (for example, to comply with a court order) or to carry out professional ethics/conduct investigations
2.7 From time to time we may provide statistics about the usage levels of our services and other related information to reputable third parties, but these statistics will not include information which will allow you to be identified
2.8 If you are an existing customer, we may contact you with information about goods and services similar to those which were the subject of a previous sale to you.
2.9 Further, we may use your data, or permit selected third parties to use your data, so that you can be provided with information about unrelated goods and services which we consider may be of interest to you. We or they may contact you about these goods and services by any of the methods that you consented at the time your information was collected.
2.10 If you are a new customer, we will only contact you or allow third parties to contact you only when you have provided consent and only by those means you provided consent for. If you do not want us to use your data for third parties you will have the opportunity to withhold your consent to this when you provide your details to us when we collect your data.
We will process your Personal Data for the purposes identified above on the following bases:
- Our legitimate interests, which include processing such Personal Data for the purposes of providing and enhancing the provision of our products, services and information, as well as advertising further products, services and information to you;
- Where such processing is necessary to perform our contract with you or to take steps before entering into our contract with you; and
- As necessary to comply with our legal obligations, resolve disputes and enforce our contractual agreements.
Whenever we process data for these purposes we will ensure that we always take account of your personal data rights. You have the right to object to this processing (see below) but please note that if you object this may affect our ability to carry out tasks for your benefit.
3. STORING AND RETENTION OF YOUR PERSONAL DATA
3.1 We do not transfer data that we collect from you to locations outside of the European Economic Area for processing and storing.
3.3 The transmission of information via the internet is not completely secure and therefore we cannot guarantee the security of data sent to us electronically and transmission of such data is therefore entirely at your own risk..
3.4 We will not keep your personal information for any purpose for longer than is necessary and will only retain the personal information that is necessary in relation to the purpose. We are also required to retain certain information as required by law or for as long as is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.
3.5 Where you are a customer, we will keep your information for the length of any contractual relationship you have with us.
3.6 Where you are a prospective customer and you have expressly consented to us contacting you, we will only retain your data (a) until you unsubscribe from our communications; or, if you have not unsubscribed, (b) while you interact with us and our content; or (c) for 12 months from when you last interacted with us or our content.
The above periods of retention are subject to review and alteration.
In some instances, laws may require us to hold certain information for specific periods other than those listed above.
4. SHARING AND DISCLOSING TO THIRD PARTIES
4.1 We may disclose your Personal Data to third parties from time to time under the following circumstances:
- You request or authorise the disclosure of your personal details to a third party.
- The information is disclosed as permitted by applicable law(s) and/or in order to comply with applicable law(s) (for example, to comply with a court order).
- The information is provided to our agents, vendors or service providers who perform functions on our behalf. See below for additional details.
- Hosting providers for the secure storage and transmission of your data
- Database software providers for the management and tracking of your data
- Legal and compliance consultants, such as external legal advisors
- Marketing and technology providers who send communications on our behalf regarding products and services
- Payment solution providers for the secure processing of payments you provide to us
- Technology providers who assist in the development and management of our site
- Fulfilment and postal vendors for the fulfilment of our products and services
- Survey and research providers who perform studies on our behalf
5. YOUR LEGAL RIGHTS
You have the following rights in relation to your personal data:
5.1 To request access to personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data held about you and to check that we are lawfully processing it.
5.2 To request correction of the personal data that we hold. This enables the correction of any incomplete or inaccurate data we hold, though we may need to verify the accuracy of the new data provided to us.
5.3 To request erasure of personal data. This enables the deletion or removal personal data where there is no good reason for us continuing to process it. A request can also be made for deletion or removal of personal data where the right to object to processing has been successfully exercised (see below), where we may have processed information unlawfully or where we are required to erase personal data to comply with local law. Note, however, that we may not always be able to comply with requests of erasure for specific legal reasons with notification of this given, if applicable, at the time of any request.
5.4 To object to processing of personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process information which override your rights and freedoms.
5.5 To request restriction of processing of personal data. This enables a request to be made to us to suspend the processing of personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it because it is needed to establish, exercise or defend legal claims; or (d) you who objected to use of data but we need to verify whether we have overriding legitimate grounds to use it.
5.6 To request the transfer of personal data back to whom it belongs or to a third party. We will provide to you, or a third party you choose, your personal data in a structured, commonly used, machine-readable format. This right only applies to automated information which we were given consent to use or where we used the information to perform a contract with you.
5.7 To withdraw consent at any time where we are relying on consent to process personal data. However, this will not affect the lawfulness of any processing carried out before the withdrawal of consent. If consent is withdrawn, we may not be able to provide certain products or services. We advise if this is the case at the time of the withdrawal of consent.
Any of the rights set out above can be exercised by contacting us by using the details provided under the ‘Contact Us’ section below.
There is no fee to access personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if a request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with a request in these circumstances.
We may need to request specific information to help us confirm your identity and ensure your right to access the personal data (or exercise other rights). This security measure is to ensure that personal data is not disclosed to anyone who has no right to receive it. We may also contact you to ask for further information regarding the request to speed up our response.
We try to respond to all legitimate requests within 30 days. Occasionally it may take us longer if the request is particularly complex or a number of requests have been made.
6 THIRD PARTY LINKS
7. CHANGES TO THIS POLICY
This version was last updated in May 2018.
8. CONTACTING US
If you prefer to write to us then our Head Office contact address is Paramount Office Interiors Ltd, Summers House, Pascal Close, Cardiff, CF3 0LW