Privacy notice and consent
We take your privacy very seriously and we ask that you read this privacy notice carefully as it contains important information on:
- The personal information we collect about you;
- What we do with your information; and
- Who your information might be shared with
This privacy notice explains how we use your personal data in order to improve our services to you, and what choices you have about how we use that data. This privacy notice has been written to comply with the new privacy laws, known as the ‘GDPR’ (General Data Protection Regulation).
When we refer to ‘we’ or ‘us’ in this notice, we mean Elmhurst Windows Limited.
The information we gather
We gather certain information about you when you register with us, purchase products or services from us, when you contact us, send us feedback, post material to our website or social media channels, complete customer surveys or take part in promotions or competitions run by us.
We will not sell any of your personal information to third parties, nor will we transfer your personal data outside of the European Union without your prior consent.
Information that we gather about you may include (without limitation) your name, contact details, date of birth, and payment details.
We may also obtain information about you from third parties, such as credit reference agencies. Please be aware that our website and social media platforms contain links to third party websites and social media platforms. We are not responsible for the security or privacy policies of those third party sites, and recommend that you review those parties’ privacy notices before sharing your personal data on those platforms.
We will retain your personal data in accordance with your instructions and as required by applicable law. We may also retain certain information in order to conduct audits, comply with our legal obligations (and to demonstrate compliance) and to resolve disputes. However, we will not retain your personal data for longer than reasonably necessary.
Information about third parties
Information we process as described in this notice may also include information about third parties such as your spouse or children or employees, directors and other officers whose details you supply to us. If you give us information on behalf of someone else, you confirm that the other person has agreed that you can:
Systems used to process data
- Give consent on his/her behalf to the processing of his/ her personal data;
- Receive on his/her behalf data protection notices; and
- Give consent to the processing of his/her potentially sensitive personal data
We gather information directly from you and also via our website and other systems. These may include, for example:
- Our computer networks and connections
- Our email, instant messaging and CRM systems
- Internet facilities
- Our telephones, voicemail and mobile phone records
- Third party systems such as Eventbrite.
When you use our website we may gather information about you through Internet access logs, cookies and other technical means. ‘Cookies’ are text files placed on your computer to collect Internet log information and user behaviour information. These are used to track website usage and monitor website activity and for other data processing reasons set out below.
You will see a cookie notice when you access our website. Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site will not work.
Reasons for processing
We process information about you for the following reasons:
- providing services to you;
- carrying out customer profiling and analysis of purchasing preferences;
- marketing our business and services and those of our partners which we believe will be of interest to you;
- operational reasons, such as recording transactions, training and quality control;
- improving our services;
- providing customer service;
- analysing customer feedback;
- investigating complaints;
- ensuring business policies are adhered to;
- tracking activity on our website and social media channels;
- to contact you in the event any products or services you requested are unavailable or to notify you in the event of any changes to an event;
- to personalise and improve your experience on our website and social media channels;
- to personalise any communications to you;
- compliance with legal, regulatory and corporate governance obligations and good practice; and
- gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests.
When you use our website and social media channels we may also collect certain information about you and your visit to help us to improve your experiences on those platforms.
This may include:
- your journey through our website and social media channels;
- what content you like or share;
- which pop up or push messages you saw and responded to;
- your IP address; and
- your browser type and operating system.
We may also collect personal information when you enquire about or book. We may keep a record of your name address, e mail address and telephone number.
Disclosures and exchange of information
We may disclose and exchange information with group companies, venue owners or operators, credit reference agencies, service providers, representatives and agents, as well as with law enforcement agencies and regulatory bodies for the above reasons.
Information may be held at our offices and those of our group companies, venue owners or operators and third party credit reference agencies, service providers, representatives and agents as described above.
Keeping your data secure
We have appropriate security measures in place to prevent your personal information being accidentally lost, or used or accessed in an unauthorised way. We also limit access to your personal information to those who have a genuine business need to know it. Some of the technical and organisational measures we use to safeguard your personal data are:
- storing your personal data, in all forms, in a secure environment;
- training our staff on the importance of data protection measures;
- employing SSL (secure sockets layer) encryption on every domain owned by us – this allows us to encrypt any passwords and debit/ credit card information to prevent unauthorised access or disclosure;
- securing our network by an advanced firewall supported by industry standard anti-virus software.
We also have policies and procedures in place to deal with any suspected data breach so that we can act quickly to minimise any potential damage.
Under the GDPR you have a number of important rights. Those include:
- Right to fair processing of information and transparency over how we use your personal information – we are required to inform you why we want to gather your personal information, what we will do with it, who it will be shared with and how long it will be kept for. That information is set out in this privacy notice, but if you require any further information please don’t hesitate to contact us.
- Right to request a copy of your information – you can request a copy of your information which we hold (this is known as a ‘subject access request’). If you would like a copy of some or all of this information please contact us with proof of your identity and let us know what information you would like. We must provide this information to you in a commonly used and machine readable format.
- Right to require us to correct any mistakes in your information – you can require us to correct any information which we hold. If you would like to do this, please contact us to let us know the information that is incorrect and what is should be replaced with.
- Right to ask us to stop contacting you with direct marketing – you can ask us to stop contacting you for direct marketing purposes at any time. If you would like to do this, please contact us and let us know what method of contact (one or all) you are not happy with.
- Right to restrict processing – you can ask us to suspend the processing of your personal data in certain circumstances, for example, if you have notified us there is a mistake in the information we hold about you, you may ask us to suspend processing until that mistake is rectified.
- Right to erasure – otherwise known as ‘the right to be forgotten’ – you can ask us to delete or remove your personal data from our systems where there is no compelling reason for us to continue processing it.
If you want to exercise any of these rights, please write to us and provide us with enough information to enable us to confirm your identity. We may also require proof of your identity, such as a copy of your driving license, passport and a recent utility bill or bank statement, to be sure that we are not releasing any of your personal data to anyone other than you.
Changes to this privacy notice
This privacy notice was first published on 30 April 2018 and last updated on that date.
Your privacy is important to us and we are constantly reviewing our policies and procedures to ensure we are meeting the high standards we set ourselves. As a result, we may amend this privacy notice from time to time, and we recommend that you check this page periodically to review any changes that may have been made.
How to contact us
If you have any questions or concerns about this privacy notice or the information we hold about you, please do not hesitate to contact us by one of the following methods:
By post: 3 Austhorpe View, Leeds, West Yorkshire, LS15 8NN
By e mail: firstname.lastname@example.org
By phone: 0113 2644505
If you would like this notice in another format (for example, audio, large print, braille) please contact us using any of the methods above.
If you have a complaint, we hope that we can resolve any issues you have by contacting us via one of the methods above. However, you also have the right to lodge a complaint with the Information Commissioners Office who may be contacted at https://ico.org.uk/concerns/
or via the helpline: 0303 123 1113.