Customer Data Protection and Privacy Notice - John Hood & Co (Copper Alloys) Limited
At John Hood & Co (Copper Alloys) Limited, we take your privacy very seriously. We aim to be clear on how we use your personal information and the ways in which we protect it
Under the terms of the Data Protection Act 2018 and the European Union General Data Protection Regulation there are six grounds which justify processing of personal data, namely
- consent of the data subject [you]
- performance of a contract [i.e. carrying out the work you have instructed us to do]
- compliance with a legal obligation imposed on us
- vital interests of the data subject [you]
- legitimate interests of the data controller [us]
- public interest
At least one of these will always apply in respect of any of your data we process.
We use the information you provide to enable us to provide goods and services to you and for related purposes including:
- updating and enhancing customer records
- analysis to help us manage our business
- statutory returns
- legal and regulatory compliance
- The normal justification for us processing your data will be to enable us to perform our contract with you.
Under data protection legislation, if you are an individual you have the following rights:
- a right of access to the personal data that we hold about you including the right to ask us to provide a copy of any of it
- the right to ask for your personal data to be destroyed (though not the automatic right to have it destroyed) or to have it amended
- the right to object to the processing of your personal data
- the right to withdraw your consent for the processing of personal data you have previously consented to
- the right to complain to the Information Commissioner
In addition, for your protection, we must abide by the data protection principles which are
- to process your personal data lawfully, fairly and in a manner that is transparent to you
- your personal data must be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes
- your personal data must be adequate, relevant and limited to that which is necessary in relation to the purposes for which it is processed
- the personal data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay
- personal data must be kept in a form which permits identification of you for no longer than is necessary for the purposes for which the personal data is processed
- personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
Disclosures to third parties
If we are required compulsorily by law to disclose documents or give information relating to your affairs pursuant to a court order or notice or demand served by any person with authority to compel such disclosure, we shall comply. Sharing data in these circumstances is justified by the legal obligation imposed on us.
We may disclose relevant information to a credit reference agency in order to decide whether to extend credit to customers and upon what terms. This is justified by our legitimate interests.
We may disclose relevant information to any person or company authorised by us to undertake debt collection activity against you. This is justified by our legitimate interests.
We may disclose relevant information to our insurers in the event of you making a claim against us. This is justified by our legitimate interests.
We do use a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use billing information except for the sole purpose of credit card processing on our behalf.
We do not send customers’ data outside of the EEA, except in relation to customers’ own data where they are themselves outside the EEA.
We do not sell any personal data.
Retention of data
We will retain information about the goods or services we provide to you for a period of six years after we complete the delivery or service. This is to ensure that we can answer any questions that arise about the them at a later date or notify you of any issues that become apparent in relation to the goods or services after delivery to you.
We would like to send your information about our products and services that we think may be of interest to you from time to time. We rely on marketing as part of our strategy for growing our business and it is in our legitimate interests to do so. However, we would not wish to send out unwelcome communications so please let us know if you do not wish to receive them. You will be able to unsubscribe from marketing emails at any time if you wish.
We collect information about our customers via server logs, cookies and contact forms. A cookie is a file that your web browser places on your computer's hard disk for record keeping purposes. The information collected in this way can be used to identify you unless you modify your browser settings.
You and we agree not to issue any publicity material or information to the media about our business relationship without the other’s consent, save where the information is already in the public domain.
What steps do we take to protect your information?
The security of your personal information is very important to us. We use generally accepted security standards to protect the personal information submitted to us, both during transmission and once it is received.
The Data Controller is John Hood & Co.Ltd, 59-69 Heaton Park Road, Newcastle-upon-Tyne NE6 1SQ. The person to whom you should address enquiries about data protection and privacy is The Data Controller who can be contacted at that address, or by email to firstname.lastname@example.org or by telephone on 0191 2659077