Privacy, Data & GDPR Policy
We are committed to protecting your personal information and have developed this Privacy, Data & GDPR Policy to cover the rights of any individual or company whose personal data we have access to.
We collect and use certain personal information when you make an enquiry or place an order. We will use this information to provide the products or services requested.
We may collect, store and use the following kinds of personal information:
- Information that you provide to us when registering with our website (including your email address)
- Information relating to any purchases you make of our goods or services, including any other transaction details made via any of our websites (including your address, telephone number and payment details)
We store this information on our computer system, servers, cloud-based servers and in emails as well as paper files.
We will only use your personal information for legitimate business purposes including establishing, administering and supplying an order. For example, we may need to:
- Fulfil any service or order you may request.
- Contact you in relation to administering your order.
- Arrange shipping and delivery.
- Administer payments and send statements or invoices.
- Determine suitability of a product we supply.
- Enable your use of the services available on our website.
- Contact you about safety issues including product recalls and warranty issues.
- Undertake any other reasonably related business purpose.
If you believe we are processing or storing your personal data you have certain rights under the General Data Protection Regulation (GDPR). Subject to any restrictions in the Data Access section below you can ask us for the following:
- A copy of the data we hold about you.
- To amend any data we hold about you.
- To delete any data we hold about you.
- To stop processing your data.
- Restrict the processing of your data for specific purposes.
- How we have used your data.
- How we obtained your data.
- Who we have shared your data with.
You have the right to not be subject to automated decision making and we must provide the data in a common, machine readable format (eg. PDF).
You can request to see the personal information that we hold about you. To do so, please contact our Data Protection Offer in writing at the address below.
We will not charge you for a copy of your data and we will respond to your request within 1 month.
When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access.
Your right to access the personal information that we hold about you is not absolute. In the event that we cannot provide you with access to your personal information, we will endeavour to inform you of the reasons why, subject to any legal or regulatory restrictions.
We will hold your personal information for a maximum of 7 years, unless instructed by you. After 7 years, we may, instead of destroying or erasing your personal information, make it anonymous so that it cannot be associated with you.
There are some legal and regulatory requirements which govern how long we should retain your personal data. Outside of these we endeavour to retain your personal information only for as long as we believe is necessary to fulfil the purposes for which the personal information we collected (including meeting any legal, accounting or other reporting requirements or obligations).
We will never sell your personal data to another organisation.
When we have a legitimate business reason to do so, we may share your personal information with selected third parties including our employees and internal dealer network to assist us with establishing, administering or terminating our supplier relationship with you.
Some of these selected third parties may be based outside of the European Economic Area (EEA) in countries that do not have the same standards of protection for personal information as the UK. We will always use every reasonable effort to ensure sufficient protections are in place to safeguard your personal information.
When permitted or required by law or regulatory requirement we may disclose your personal information without your knowledge or consent (eg. supply of data to HMRC).
We will take all reasonable technical and organisational precautions to protect your personal information from loss, unauthorised access, copying, use, modification or disclosure.
We have procedures in place to deal with a suspected data security breach and will notify the Information Commissioner’s Office (ICO) and you of any suspected breach where legally required to do so.
We use 256-bit SSL encryption on our website where sensitive personal and financial information is processed and stored.
Ourselves and any payment processing gateway we may use, are Payment Card Industry Data Security Standard (PCI DSS) compliant, and our certification is available upon request.
We make all our staff aware of this Privacy & Data Policy as part of their basic training. If we ask a staff member to use sensitive personal information as part of their job description, they must complete and pass a GDPR assessment.
Questions & Concerns
If you have any questions about this Privacy & Data Policy or concerns about data protection, you can direct issues to the Data Protection Officer using the contact information below.
We will endeavour to answer your questions or concerns within 72 hours and advise you of any steps taken to address the issues raised. If our response is unsatisfactory, or you believe we have not complied with your data protection rights you may make a written submission to the Information Commissioner’s Office (ICO).
Data Protection Officer
Cabriolet roof hoses
Lower Trelake Business Park
Cabriolet-roof-hoses.com reserves the right to amend this privacy and data policy at any time.
Updated May 2018.
Next review due May 2019.