Introduction
- This policy explains what we do with your personal data, whether we are in the process of dealing with an enquiry, processing an order, continuing our ongoing Customer relationship with you, receiving a service from you, requesting your feedback, or you are visiting our website.
- It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
- The policy applies to the personal data of our Customers, Suppliers, and Sub-Contractors. If you are an employee you should refer to your employment contract and company handbook.
- It is important to note that that any updates to our policy will posted to this page.
What kind of personal data do we collect?
- Customer Data In order to provide the best possible products and services to our Customers we need to process certain information. We only ask for details that will genuinely help us to deliver these products and services, such as your name, job role, and contact details. Where we accept payment for goods and services by way of debit or credit card, we will also process those details, but only for that purpose. We may also collect information regarding your website activity and visits in order to further enhance your Customer experience.
- Supplier Data We will collect contact details that assist us in processing transactions. We also need other information such as your bank details, so that we can pay for the services you provide.
- Sub-Contractor data We will collect information required so that we can process contractual obligations between us. These details include personal and business email addresses, telephone numbers, address details, bank account details, qualifications and insurances.
How do we collect your personal data?
- Customer Data We collect data in the following ways:
- Directly from you
- From third party software detailing ongoing project data
- From websites
- From social media platforms
- From your work colleagues
- From exhibitions or events attended by us
- Supplier Data We collect data in the following ways:
- Directly from you
- From your work colleagues
- From your website
- Sub-Contractor Data We collect data in the following ways:
- Directly from you
- From your work colleagues
- From your website
- Website Users We collect your data automatically via cookies when you visit our website, in line with cookie settings in your browser. We will also collect data from you when you contact us via the website, for example by using the contact forms.
How do we use your personal data?
- Customer Data There are two main reasons for using your personal details. Firstly details will be used to help us process ongoing requests that you have made of us, e.g. raising a quotation or processing an order, through to delivery of that order and potentially requesting feedback (in the form of a survey). We will also store and process data for the purposes of direct marketing messages that we feel will be of interest to you. Contact may be made with you by post, by telephone or by email.
- Supplier Data The main reasons for storing and processing your personal data is to ensure that we can complete the contractual arrangements between us and comply with any legal and binding requirements.
- Sub-Contractor The main reasons for storing and processing your personal data is to ensure that we can complete the contractual arrangements between us and comply with any legal and binding requirements.
- Website Users We use data collected via our website to help us to improve your experience when using our website, for example by analysing your recent search trends to help us present recently viewed products. If you are a Customer, we may use data from your use of our websites to enhance other aspects of our communications with you, for example email communications.
Who do we share your personal data with?
- Customer Data We may share your personal data with Suppliers or Sub-Contractors, but only where it is necessary for them to deliver a contractual obligation such as delivery or installation of our products and services. Customers’ details that are being used for the purposes of marketing will be uploaded to a secure external system which is provided by a third party organisation. With your prior agreement, we will pass your details on to alternative companies who we believe will be able to fulfil your requirement when we cannot.
- Supplier Data By way of a referral we may share your personal data with potential Customers who would also benefit from your products and services.
- Sub-Contractor Data Where a contractual agreement has been agreed for you to carry out work on our behalf at a Customer’s site, we will provide your personal data to the Customer, in order for them to complete their internal processes. Where required by the Customer, we will also provide photographic ID.
- Website User No details obtained from our website will be processed outside of our company. Any data used to process and target specific information to you will be done using an internally-managed system.
How do we safeguard your personal data?
- We care about protecting your information. We put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your personal data.
- Those processes include but are not limited to:
- encrypted server access
- keeping anti-virus and gateway security settings up-to-date and monitored
How long do we keep your personal data for?
- Data stored and processed in our CRM system If we have not had meaningful contact with you for a period of five years we will remove your personal data from our systems unless we believe another processing requirement, such as legal or contractual regulation requires us to retain it.
- Printed and digital archived project information Due to the nature of our products we deem it appropriate to store project information for up to 20 years; this allows us the ability to recall previous project information should you, the Customer, require it.
How can you access, amend or take back the personal data that you have given to us?
- If we are holding or using your personal information, you may change your mind at any time by writing to Lockmetal, Westgate House, Verulam Road, Stafford, ST16 3EA or emailing us at sales@lockmetal.com. We will process the restriction of use in our marketing communications or removal of your personal information within 10 days, sometimes sooner. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
- Right to object If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.
- Right to erasure In certain situations you have the right to request us to “erase” your personal data. We will respond to your request within a maximum of 30 days and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will remove your data. We will assume that you would prefer us to keep a note of your name on our system as a person who would prefer not to be contacted by us as this will ensure that we can minimise the future risk of your data being resubmitted and used in the future. If you would prefer that this is not the case please let us know. Any data within the marketing system will be moved to a supressed list and be unable to be resubmitted for direct marketing use without prior agreement from you.
- Right to lodge a complaint You have the right to lodge a complaint with the Information Commissioner’s Office, details of which can be found here.
Who is responsible for processing your personal data on our website?
- We control the processing of personal data on our websites.
What are cookies, how do we use them and how to opt out?
- A “cookie” is a bite-sized piece of data that is stored on a computer’s hard drive. They are used by nearly all websites and do not harm your system.
- We use cookies to track your activity and help us to improve your experience when visiting our website. We can also use the information from cookies to tailor other forms of direct marketing, to ensure that you see information relevant to you and any current requirements. We can also use cookies to analyse traffic and for advertising purposes.
- If you want to check or change what types of cookies you accept, or opt out from cookies being used in the ways mentioned above, this can usually be altered within your browser settings.
- Most web browsers will automatically accept cookies, but if you would rather we didn’t collect data you can choose to reject some or all cookies in your browser’s privacy settings. Please be advised that rejecting all cookies means that you may not be able to use all functions of our website.
Our basis for processing your data – Legitimate interests
- Article 6(1)(f) of the GDPR states that we can process your data where it “is necessary for the purposes of the legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data.”
- Customer data We think it reasonable that if you have communicated with us in the past or we have had meaningful contact with you within the past 5 years that there is legitimate interest that you will continue to benefit from our range of solutions, and thus we will keep you updated via forms of direct marketing.
- We want to provide potential Customers with the opportunity to hear about our products and services and request additional information. We therefore deem that if you operate in a sector that regularly benefits from our products and services, and your information has been made available in the public domain that we can contact you to advise you of our products and services. We will have an upfront and honest approach to this and provide you with the opportunity to opt out of any further communications from us.
- Where we subscribe to third party services who collate and enter data relating to ongoing projects in our industry, we will deem that you are in a position where you wish to be contacted regarding suitable products and services. We will therefore process your data for the purposes of direct marketing in order to establish if you have a requirement.
- Where you have made contact with us we will process your request in line with our business processes and in order to provide you with the requested products and services. This will include processes such as arranging and attending your site and processing information that will enable us to design, manufacture and install your solution. Information obtained will be stored on our systems now and in the future to further enable us to process your requests and to keep you updated on product, service and company updates via forms of direct marketing. Personal details may be used to for administrative purposes including invoicing and project management
- Supplier data We store and process the personal data of individuals within your organisation in order to facilitate the receipt of services from you as one of our Suppliers. We also hold your financial details, so that we can pay you for your services. We deem all such activities to be necessary within legitimate interests.
- Sub-Contractor data We store and process the personal data of individuals within your organisation in order to facilitate the receipt of services from you as one of our Sub-Contractors. We also hold your financial details, so that we can pay you for your services. We deem all such activities to be necessary within legitimate interests.
Our basis for processing your data – Contractual
- Article 6(1)(b) gives us lawful basis for processing personal data where “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”.
- In this context, a contract does not have to be a formal signed document, or even written down, as long as there is an agreement which meets the requirements of contract law. Broadly speaking, this means that the terms have been offered and accepted, they are intended to be legally binding, and there is an element of exchange (usually an exchange of goods or services for money, but this can be anything of value).
- Where we have entered into a contractual agreement with you to supply or receive products and services, we will process the appropriate and required information in order to do so e.g. address details for deliveries and contact information for relevant personnel. In order to provide a suitable level of service we also deem it reasonable to process such information as required to send updates on the progress of the contract between us. Some of these updates and notifications will be automated and sent from an external marketing system.
- This contractual basis for processing data applies to Customers, Suppliers and Sub-Contractors.
Glossary
-
- Customer Refers to entities (whether companies, partnerships, sole traders, or other types) who have been supplied with products or services from us, or have been in contact with us to enquire about products and services, or we deem appropriate to direct market with information about our products and services but may not have had previous communication.
- Supplier Refers to entities (whether companies, partnerships, sole traders, or other types) who provide products and services to us, or we are engaging with in view of providing products and services.
- Sub-Contractor Refers to entities (whether companies, partnerships, sole traders, or other types) who are contracted by us to carry out services on our behalf directly to Customers, or we are engaging with in view of providing such services.
- General Data Protection Regulation (GDPR) A European Union statutory instrument which aims to harmonise European data protection laws. It has an effective date of 25 May 2018, and any references to it should be construed accordingly to include any national legislation implementing it.
- We, us Refers to Lockmetal or its predecessors in business as the controller and processor of personal data.
- Website Users Any individual who accesses our website.
- You Refers to the Customer, Supplier, Sub-Contractor or other company or individual who is protected by the rights and freedoms of GDPR and data protection.