Background – Who we are
Other websites to which this Website links are not covered by this policy and you should read their privacy statements to find out about their processing.
Please note that any reference to Data Protection Law in this document includes The General Data Protection Regulation and all applicable laws and regulations relating to the processing of personal data and privacy from time to time, including where applicable the guidance and codes of practice issued by the Information Commissioner or any other applicable supervisory authority, and the equivalent of any of the foregoing in any relevant jurisdiction.
For the purpose of Data Protection Law, we are the Data Controller in relation to the processing of your personal data arising from your use of our Website, and when you engage us to provide you with goods and services.
What Is Personal Data?
Personal Data: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Special Category of Data: means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
We do not envisage that we will collect any special category data from you.
The data we collect about you
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes name, title.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide the data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our products and services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
What Personal Data is Scotia Double Glazing Processing and what is our Legal Basis for Processing Your Personal Data
- Your name, address, telephone number, email address, bank card type, card number, expiry date and CVV number you provide when making an online payment through our website. Our legal basis for processing that information is that it is necessary for performance of the contract whereby we provide our services to you in return for payment;
- Your name, email and mobile telephone number that you provide if you choose to request a “Brochure Download” by using the form on our website. Our legal basis for processing your personal data is that it is in our legitimate interest to process your personal data so we can respond to your enquiry and offer our services;
- Your name and telephone number, if you choose to request a call back by using the form on our website. Our legal basis for processing your personal data is that it is in our legitimate interest to process your personal data so we can respond to your enquiry and offer our services;
- Your name, address, telephone number and postcode you provide if you choose to make an enquiry by using the form on our website. Our legal basis for processing your personal data is that it is in our legitimate interest to process your personal data so we can respond to your enquiry and offer our services;
- How you use the website through cookies that we use on our website. For “non-essential” cookies our legal basis for processing your personal data is that you provide your consent through our cookie settings page. For “essential” cookies, our legal basis for processing is that it is in our legitimate interest to maintain a properly functioning website for users.
- IP addresses- we may collect information where available about your IP (Internet Protocol) address, operating system and browser type. This data provides us with information about users’ browsing actions and patterns. It is used to inform improvements to the website and for internal system administration. Our legal basis for processing your personal data is that it is in our legitimate interest to maintain a functioning website for users;
- And any other information you post, email or otherwise send to us.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
We may use your personal data to send you information about our services by email or other electronic communication, if you have provided your explicit, opt-in consent at the point of collecting your data. In doing so we will add you to our marketing database and send you marketing materials from time to time according to your preferences.
You have the right to withdraw your consent at any time by contacting email@example.com. However please note that if you withdraw your consent, you will no longer be able to receive this information from us regarding our services. Where you opt out of receiving marketing messages, this will cover marketing communications only and shall not apply to personal data provided to us as a result of a purchase or other transaction.
We may use your personal data to send you information about our services by post or by telephone. It is in our legitimate interest to promote our products and services. You may contact us at any time and request that we no longer contact you in this manner.
Change of Purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (including the ICO) of a breach where we are legally required to do so.
Where We Store Your Personal Data
We are committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate technical and organisational security measures to safeguard and secure the personal data we collect via our Website.
Some of these measures include:
- using a reputable, accredited data centre in which to store your personal data;
- making sure the security within our office is stringent;
- making sure our staff and the staff of any third parties we use are subject to confidentiality obligations;
- providing staff with appropriate training in data protection;
- encrypting our services and data;
- reviewing our processes and activities regularly to make sure they are fit for purpose;
- restricting access only to those employees who need to know the information in order to deliver the service; and
- applying formal risk management to all of our activities.
All personal data you provide is securely stored in the UK. Any payment transactions will be encrypted using SSL Technology.
You accept that the transmission of information via the Internet is not completely secure. Whilst Scotia Double Glazing will do the utmost to protect your personal data we cannot ensure the security of your data when being transmitted to our site. Any transmission is undertaken entirely at your own risk. Once your information has been received, we will use strict procedures and security features to try and prevent any unauthorised access.
Once we have received your personal data, we will use strict procedures and security features as outlined above to try to prevent unauthorised access to your personal data. We cannot be held responsible for the security of your personal data collected by websites that our site may link to. Such third parties shall have their own privacy notices and you should read these carefully.
Disclosure of Your Personal Data
We will not pass your personal data to anyone else outside Scotia Double Glazing without your permission, except; (i) where we are obliged by law or regulatory obligation we are subject to; (ii) where we are required to share your information with any third parties who provide services on our behalf. The following services are carried out by a third-party service provider: web hosting services, internal telecommunication systems, IT services, double glazing suppliers, payment processors, web analytical services to improve our website and web developers; (iii) in order to enforce or apply our terms and other agreements with you; (iv) to protect the rights, property, or safety of our customers or others (including exchanging information with other companies or organisations for the purposes of fraud prevention and credit risk reduction); and (v) where some or all of our assets are purchased by a third party.
Where our suppliers process our personal data on our behalf, we require them to put in place appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes, in accordance with our instructions and GDPR.
For the avoidance of doubt, we will never sell your information or disclose it for direct marketing purposes to any third party.
We do not transfer your personal data outside the European Economic Area (EEA).
How Long We Will Keep Your Data For
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Details on retention periods for different aspects of your personal data are available in our retention policy, which you can request from us by contacting us.
Does Scotia Double Glazing make automated decisions about me?
Scotia Double Glazing does not make automated decisions about you and also does not profile your personal data.
Some data is automatically collected when your browser connects to a website. This includes your IP Address, your computer’s Operating System and the type of Web Browser you used to access our website. Scotia Double Glazing collects this data to identify patterns relating to the use of www.scotiawindowsanddoors.co.uk and not data relating to any individual.
Technical Data – Cookies
- where cookies are essential to the operation of our Website;
- where cookies are used for personalisation features on our Website; and
- to gather statistics about how people use our Website.
You can disable cookies on your computer by modifying the settings on your browser. However, disabling Cookies may affect various services offered by www.scotiawindowsanddoors.co.uk.
You have the following rights:
- You can withdraw your consent (where processing is based on consent), seek to restrict our processing of your personal data, ask us to rectify any personal data we hold about you or object to us processing your personal data at any time by contacting us at firstname.lastname@example.org. If you withdraw your consent it does not effect the legality of the processing carried out by us before your withdrawal.
- You have the right to lodge a complaint with the Information Commissioners Office (ICO) if you think that we have infringed your rights. You can find more information about reporting a matter to the ICO at the following link: https://ico.org.uk/.
- You have the right to access personal data held by us about you. You can access your personal data and correct, update or delete it at any time by contacting us at email@example.com. We will then provide you with a copy of all your personal information that we hold about you. There will be no charge to you for us to provide this information.
- In certain circumstances you have the right to ask us to provide you with your personal data in a structured, commonly used and machine-readable format to allow you (or us on your behalf) to transmit this information to another party.
- In certain circumstances you have the right to ask us to erase the personal data we hold about you. Such circumstances include; (a) where we no longer need your personal data for any purpose; (b) if you withdraw your consent to our processing; (c) if we process the data unlawfully; or (d) where the personal data has to be erased to comply with legal obligation to which we are subject. To do this, you should submit a formal request of erasure to us by contacting us at firstname.lastname@example.org. We will consider any such request in line with Data Protection Law. Please note this is not an absolute right and there may be circumstances where we choose not to delete all of the personal data we hold about you. More information about your right of erasure can be found at https://ico.org.uk.
How to Contact Us