Privacy Policy
SCUTES Limited
trading as SEATCOVERS4VANS
Units 7-8
Vauxhall Industrial Estate
Ruabon
LL14 6HA
DATA PRIVACY
POLICY
Author: Nicolle Elizabeth Evans
Date: 21st April 2020
CONTENTS
Page 3. What Is GDPR?
Page 4. Information Audit
What Information Do We Collect?
How Do We Collect It?
Why Do We Collect It?
How Do We Use It?
Legal Bases
Page 10. Removing, Updating, Restricting, or Obtaining Your Personal Data
Page 10. Disposal of Personal Data
Page 11. CCTV
Page 12. Marketing
Page 13. Contact Us
WHAT IS GDPR?
The General Data Protection Regulation (GDPR) comes into effect on the 25th May 2018 and in the UK will replace the previous Data Protection Act (1998). It describes how organisations must collect, handle, and store personal data[1].
- a) processed lawfully, fairly and in a transparent manner in relation to individuals;
- b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
It also states[2]:
“the controller [SCUTES Limited] shall be responsible for, and be able to demonstrate, compliance with the principles.”
INFORMATION AUDIT
|
SCUTES AS A CONTROLLER |
||||
|
|
||||
|
SEAT COVER CUSTOMERS |
||||
|
Information We Collect |
How Do We Collect It? |
Why Do We Collect It? |
How Do We Use It? |
Legal Bases |
|
Name, Email Address, Delivery Address, Billing Address, Phone Number |
From you over Email |
To enter into and perform our contract with you. |
This information is processed through our database and shared with an authorised third-party shipping company. |
Contract |
|
Name, Delivery Address, Billing Address, Phone Number |
From you over Facebook |
To enter into and perform our contract with you. |
This information is processed through our database and shared with an authorised third-party shipping company. |
Contract |
|
Name, Phone Number, Delivery Address, Billing Address, Bank Details |
From you over the phone or face-to-face |
To enter into and perform our contract with you. |
This information is processed through our database and shared with an authorised third-party shipping company. |
Contract |
|
Name, Delivery Address, Email Address, Phone Number |
PayPal |
To ensure that goods have been paid for. |
This information is processed through our database to create an invoice. |
Legitimate Interest |
|
Name, Phone Number, Delivery Address, Email Address, Billing Address |
Online Sales |
To enter into and perform our contract with you. |
This information is processed through our database and shared with an authorised third-party shipping company. |
Contract |
|
Name, Phone Number, Billing Address, Email Address |
Cardsave |
To ensure that goods have been paid for. |
This information is processed through our database to create an invoice. |
Legitimate Interest |
|
Name, Email Address |
Website |
To send you review request emails of the products you purchased. |
To send you review request emails of the products you purchased. |
Legitimate Interest |
|
SCUTES AS A CONTROLLER |
||||
|
|
||||
|
RUBBER MAT CUSTOMERS |
||||
|
Information We Collect |
How Do We Collect It? |
Why Do We Collect It? |
How Do We Use It? |
Legal Bases |
|
Name, Email Address, Delivery Address, Billing Address, Phone Number |
From you over Email |
To enter into and perform our contract with you. |
This information is processed through our database and shared with an authorised third-party rubber mats distributer & shipping company. |
Contract |
|
Name, Delivery Address, Billing Address, Phone Number |
From you over Facebook |
To enter into and perform our contract with you. |
This information is processed through our database and shared with an authorised third-party rubber mats distributer & shipping company. |
Contract |
|
Name, Phone Number, Delivery Address, Billing Address, Bank Details |
From you over the phone or face-to-face |
To enter into and perform our contract with you. |
This information is processed through our database and shared with an authorised third-party rubber mats distributer & shipping company. |
Contract |
|
Name, Delivery Address, Email Address, Phone Number |
PayPal |
To ensure that goods have been paid for. |
This information is processed through our database to create an invoice. |
Legitimate Interest |
|
Name, Phone Number, Delivery Address, Email Address, Billing Address |
Online Sales |
To enter into and perform our contract with you. |
This information is processed through our database and shared with an authorised third-party rubber mats distributer & shipping company. |
Contract |
|
Name, Phone Number, Billing Address, Email Address |
Cardsave |
To ensure that goods have been paid for. |
This information is processed through our database to create an invoice. |
Legitimate Interest |
|
Name, Email Address |
Website |
To send you review request emails of the products you purchased. |
To send you review request emails of the products you purchased. |
Legitimate Interest |
|
SCUTES AS A CONTROLLER |
||||
|
|
||||
|
ABANDONED CHECKOUT CUSTOMERS |
||||
|
Information We Collect |
How Do We Collect It? |
Why Do We Collect It? |
How Do We Use It? |
Legal Bases |
|
Name, Phone Number, Delivery Address, Email Address, Billing Address |
Shopify |
To remind you of goods that weren't purchased at time of checkout. |
To send an email regarding your potential purchase. |
Legitimate Interest |
|
|
|
|
|
|
|
NON-CUSTOMERS |
||||
|
Information We Collect |
How Do We Collect It? |
Why Do We Collect It? |
How Do We Use It? |
Legal Bases |
|
Name |
From you on Facebook |
To identify who we are talking to. |
To discuss any enquires you may have contacted us about. |
Legitimate Interest |
|
Name, Email Address, Phone Number |
From you over Email or Phone |
To identify who we are talking to and a method to contact you back if necessary. |
To discuss any enquires you may have contacted us about. |
Legitimate Interest |
|
Name, Email Address, Delivery Address |
From you from subscription forms for marketing emails |
To identify who you are when we send you marketing emails. |
To send marketing emails regarding the company and products. |
Consent |
|
|
|
|
|
|
|
AFTER SALES |
||||
|
Information We Collect |
How Do We Collect It? |
Why Do We Collect It? |
How Do We Use It? |
Legal Bases |
|
Name, Email Address, Delivery Address |
From you when you consent to marketing emails |
To be able to send you marketing emails. |
To send you marketing emails |
Consent |
|
SCUTES AS A CONTROLLER |
||||||||
|
|
||||||||
|
TRADE CUSTOMERS |
||||||||
|
Information We Collect |
How Do We Collect It? |
Why Do We Collect It? |
How Do We Use It? |
Legal Bases |
||||
|
Name(s), Email Address(es), Company Address, Phone Number(s), Company Number, VAT Numbers, Authorisation Letter |
Trade Application Form |
To enter into and perform our contract with you. |
This information is processed through our database to create an account. |
Contract |
||||
|
Name, Email Address, Delivery Address |
From you over phone or email |
To enter into and perform our contract with you. |
This information is processed through our database to create an order and shared with an authorised third-party shipping company and/or our authorised rubber mat distributor (if required). |
Contract |
||||
|
Name(s), Email Address(es), Company Address, Phone Number(s), Company Number, VAT Numbers, Authorisation Letter, Order Information, Historical Payment Information, Account Information |
From our database |
To perform our contract with you. |
To share to debt collectors, tracing agencies, debt purchasers or organisations providing debt support – our partners who help us to recover debts, who purchase debts or who offer debt advice and support.
|
Legitimate Interest |
||||
|
|
|
|
|
|
||||
|
SCUTES AS A PROCESSOR |
||||||||
|
|
||||||||
|
DROPSHIP ORDER |
||||||||
|
Information We Collect |
How Do We Collect It? |
Why Do We Collect It? |
How Do We Use It? |
Legal Bases |
||||
|
Name, Email Address, Delivery Address, Billing Address, Phone Number |
From our trade customers |
To act as a processor to complete an order from our trade customers |
This information is processed through our database to create an order and shared with an authorised third-party shipping company and/or our authorised rubber mat distributor (if required). |
Contract |
||||
|
SCUTES AS A CONTROLLER |
||||||||
|
|
||||||||
|
EMPLOYEES & POTENTIAL EMPLOYEES |
||||||||
|
Information We Collect |
How Do We Collect It? |
Why Do We Collect It? |
How Do We Use It? |
Legal Bases |
||||
|
Name, Address, Phone Number(s) |
From you |
To enter into and perform our contract with you |
May be passed to a third-party engineer when home maintenance visits are required and/or suppliers when supplies are ordered for direct delivery. |
Legitimate Interest |
||||
|
Bank/Building Society Details, NI number, Tax Information, Date of Birth, Student Debt, Passport/Work Permit, Nationality, Sex, Marital Status |
From you |
To perform our contract with you |
To ensure we comply with current regulations. Information is shared with Payroll, HMRC, Nest Pension Scheme, & any other legal entities that we are required to by law. |
Contract |
||||
|
Information about your sickness and absence records (including, but not limited to, information relating to your physical and or mental health) |
From you and/or your doctor |
To comply with legal obligations. For monitoring purposes. |
To maintain employment records. To administer sick pay entitlement |
Legitimate Interest |
||||
|
Information on grievances/conduct issues raised by, or involving you |
From you, from complainants, from witnesses, and from other members of staff, CCTV |
To comply with legal obligations. To protect you and other staff members. |
For employee administration. To deal with grievances |
Legitimate Interest |
||||
|
Details of your appraisals, performance reviews, improvement plans, details of your time and attendance and work output |
From you, your boss, and other employees you work with, CCTV |
To perform our contract with you |
For staff administration and assessment monitoring. For bonus and overtime payments. |
Contract |
||||
|
Your use of our IT, communication, and other systems. |
From computers |
To monitor/manage staff access to our systems. To ensure that our policies are adhered to. |
For staff administration and network security. |
Legitimate Interest |
||||
|
Details in references about you |
From you, from people you have stated we can contact |
To enter into contract with you |
To enable us to confirm your details before we enter into a contract with yourselves |
Legitimate Interest |
||||
We will keep your personal data for the purposes set out in this data privacy policy and only for as long as any legal basis continues to apply. Below is a non-exhaustive list of some of the reasons we need to retain your personal data:
- Compliance with the requirements of the Financial Conduct Authority
- Compliance with Anti Money Laundering Regulations
- Reporting obligations to the Credit Reference Agencies
- Ensuring we have relevant information in the event of any queries or complaints
- Being able to identify if you have purchased a product which is subject to a product recall
- Being able to service any product or service guarantee you have purchased
- To assist with the establishment, exercise or defence of legal claims
The length of time we need to keep the personal data will vary depending on the nature of the personal data and the reason we are obliged to hold it.
We may transfer your personal data to the following third parties:
- Technology service providers – our partners who provide IT and website services.
- Telephone providers – our partners who provide telephone services and functionality.
- Delivery companies – our couriers, parcel firms and mail firms who deliver your goods or services and manage any returns on our behalf.
- Marketing service providers – our partners who work with us to make sure we send your information about products, services and special offers that are of interest to you.
- Debt collectors, tracing agencies, debt purchasers or organisations providing debt support – our partners who help us to recover debts, who purchase debts or who offer debt advice and support.
- Regulators and other governmental agencies or law enforcement agencies.
- Organisations who may be interested in purchasing our business or organisations who we may be interested in purchasing - we may sell parts of our business or acquire other businesses and your personal data may be shared with such third parties as part of this process.
REMOVING, UPDATING, RESTRICTING, OR OBTAINING YOUR PERSONAL DATA
You have the right to:
- Ask what information we have about you, and why.
- Ask how to gain access to that information.
- Ask for that information to be deleted/removed, updated, or restricted.
- Ask to move, copy, or transfer the information from our IT environment to another
These requests can be made via post or email. You can phone to request a form to be sent via post or email. This is to ensure that all requests are made in writing and can be documented.
Requests will be reviewed and answered within one calendar month. No reasonable requests will be denied.
Identities will be verified before information is handed out.
Information can be given formally in writing, or informally over the phone – whichever you prefer.
Deletion/removal request within reasonable grounds will be accepted providing we are not required by law to keep them.
It is important that the personal information we hold about you is correct and current. Please keep us informed if your information changes during your contract with us.
DISPOSAL OF YOUR PERSONAL DATA
When it comes to disposing of your personal data we do so in a secure way. All printed and written documentation including any personal details are shredded before disposal. All emails and electronic forms of personal data are deleted at all instances of storage.
CCTV
We use “Closed Circuit Television” CCTV to monitor our property for the prevention of crime.
The live screens of the four cameras we have around the property are in a secure office and can only be monitored off-site by the authorised person using a business phone.
The only time this information is shared is in the event of a crime or work related issue. This information may be shared with staff where work grievances and work time issues need to be dealt with. It may also be handed over to the police until they are finished with it and it is disposed of by them.
The CCTV has only one authorised user who is fully trained in its use and security.
Recordings are only kept for 30 days before they are automatically overwritten on the system.
Our CCTV system uses high quality, clear imagery.
CCTV cannot be accessed by anyone other than the authorised user bar the live video showing in the secure office.
The ability to view anything beyond the live video within the office has been locked with a password and only the authorised user can use it.
The footage is only stored in one place unless the police request footage where it is supplied on a separate USB stick.
MARKETING
On our website we offer positive opt-in pop-up forms for our marketing newsletter. This information provided here will only be used in the way you signed up for it to be used; in this instance our marketing email.
On our website we offer a positive opt-in tick box to receive our marketing newsletter and a request to review the product you are purchasing. This information provided here will only be used in the way you signed up for it to be used; in this instance our marketing email and an email requesting a product review.
If your preferences ever change for any reason please let us know by emailing info@scutes.co.uk or by phoning 01691 674074
CONTACT US
If you have any queries about anything in the policy, or anything else, then please feel free to contact us.
We are contactable by post, email, or phone.
SCUTES Limited
trading as SEATCOVERS4VANS
Units 7-8
Vauxhall Industrial Estate
Ruabon
LL14 6HA
[1] Official Journal of the European Union – Page 35-36 – http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN
[2] Official Journal of the European Union – Page 36 –http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN