Specific Online GDPR – Privacy Notice
Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
- Who we are
- How we collect your information
- What we use your information for
- Sharing your information
- Your rights as a data subject
- Retention Policy
- Special categories of personal information
- Security and storage of information
- Transfers outside of Europe
- Other sites
1. Who we are
Granite Build & Design is a building and design company registered in England under company number 03563142.
Our registered office is at:
Unit 20 Imperial Park, Rawreth Lane, Rayleigh, Essex, SS6 9RS. United Kingdom
As an organisation we provide various building and design services.
Under the GDPR regulations, Granite Build & Design does not require a Data Protection Officer however our management can be contacted on:
2. How we collect your information
We will collect information from you if you:
have placed an order for any products or services on our website, via email or by any other method or medium, this will include your name (including business name), address, contact details (including telephone number and email address) and your payment details;
registered to use our website; this will include your name, address, email address and telephone number. We may ask you to provide additional information about your business and preferences on a voluntary basis;
complete online forms, take part in surveys, write posts on any message boards, post any blogs, enter any competitions or prize draws, download information such as templates, or participate in any other interactive areas that appear on our website or which we offer to you from time to time
provide your contact details to us when registering to use or accessing any product or service we provide;
contact us offline for example by telephone, fax, email or post;
visit or browse our website, this may include information about your website visit or use of our products or services using cookies or similar technologies.
3. What we use your information for
We will use your information to assist us in the production, delivery and billing of any product or service that you may have requested or that you have ordered. We may also contact you for feedback on your order.
We may use your personal data for internal purposes such as auditing, data analysis, and research to improve our products, services, website, and customer communications.
We may also use your information to send important notices, such as communications about purchases and changes to our terms, conditions and policies.
From time to time, we may use your information to contact you with details about our products and services which we feel may be of interest to you.
You have the right at any time to stop us from contacting you for marketing purposes. If you wish not to be contacted by us, you can send an email request to email@example.com
4. Sharing your information
We will pass your personal data on to third-party service providers contracted to Granite Build & Design in the course of production and delivery of your order. Any third parties that we may share your data with are obliged to keep your details securely, (for example, payment providers, delivery agents and website hosts where relevant) and to use them only to fulfil the service they provide you on our behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with Granite Build & Design procedures. If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your consent, unless we are legally required to do so otherwise.
We may pass collective information about the use of our website or our products or services to third parties but this will not include information that can be used to identify you.
We will disclose your information if we are required to do so by law. We may disclose your information to enforcement authorities if they ask us to, or to a third party in the context of actual or threatened legal proceedings, provided we can do so without breaching data protection laws
We may also pass your information to another organisation if we sell or buy (or negotiate to sell or buy) any business or assets or with partners such as our bank and with our professional advisers who have a reasonable need to see it.
5. Your Rights as a Data Subject
As a data subject, you will have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review: in the event that Granite Build & Design refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.
How to access what personal data we hold about you.
Granite Build & Design, at your request, can confirm what information we hold about you and how it is processed. If Granite Build & Design does hold personal data about you, you can request the following information:
- Identity and the contact details of the person or organisation that has determined how and why to process your data. In some cases, this will be a representative in the EU.
- Contact details of the data protection officer, where applicable.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of Granite Build & Design or a third party, information about those interests.
- The categories of personal data collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely.
The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information.
- How long the data will be stored.
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority.
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
What forms of ID will I need to provide in order to access this?
Granite Build & Design accepts any of the following forms of ID when information on your personal data is requested:
- Driving licence
- Another form for ID which leaves no doubt of the data owner.
In line with Subject Access Request Procedure (GDPR DOC 2.2) and Subject Access Request Form (GDPR REC 4.2). Granite Build & Design provide the following link whereby the data subject can download/access the SAR Form.
6. Retention Policy
Granite Build & Design will process and hold certain items of personal data for a maximum of 7 years as required to coincide with HMRC and accounting records.
7. Special Categories of Personal Data
We do not store any ‘special’ personal data such as driving license, passport, or national insurance number. We may ask to ‘view’ an item of ‘special’ personal data if being asked to hand over any data as we are required to identify an authorised recipient in order to prevent a data breach
9. Security and storage of information
We will keep your information secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage.
Some communications sent over the internet, such as email, may not be secured unless they are encrypted. Although we do our best to monitor and improve how we protect your personal data, we cannot guarantee the security of your data which is transmitted to our website or other products and services via an internet or similar connection and any transmission of data to our site is at your own risk. If we have given you (or you have chosen) a password to access certain areas of our website, product or service please keep this password safe – we will not share this password with anyone.
10. Transfers outside Europe
Personal data in the European Union is protected by data protection laws but other countries do not necessarily protect your personal data in the same way. Our website and some of our products or services or parts of them may be hosted in the United States and this means that we may transfer any information which is submitted by you through the website, product or service outside the European Economic Area (which means all the EU countries plus Norway, Iceland and Liechtenstein) (“EEA”) to the United States. When you send an email to us, this may be stored on email servers which are hosted in the United States, if we do this, we will take steps to ensure that our hosting provider uses the necessary level of protection for your information but if you do not want your information to be transferred outside the EEA you should not use our website, product or service or contact us via email.
11. Other Sites
If you follow a link from our website, product or service to another site or service, this policy will no longer apply. We are not responsible for the information handling practices of third party sites or services and we encourage you to read the privacy policies appearing on those sites or services.
In the event that you wish to make a complaint about how your personal data is being processed by Granite Build & Design, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority which is the ICO (www.ico.org.uk).
You can report a concern directly with the ICO, if Granite Build & Design fails to handle your complaint in an apppropriate manner: https://ico.org.uk/concerns/