The law on data protection is changing in May 2018, when the new EU-wide General Data Protection Regulation (GDPR) comes into force. This new regulation gives you greater control over how information about you is stored and used by organisations like Ravenheat Manufacturing Ltd. We have undertaken an audit of all the personal information we hold at Ravenheat Manufacturing Ltd, and put into place new processes and systems to make sure we are working in line with the regulations. This policy is part of that process.
2. Who are we?
Ravenheat Manufacturing Ltd Registered Company Number 02091988.
3. What is this policy about?
Ravenheat Manufacturing Ltd is committed to protecting your privacy and the personal information you provide us with. In line with our values, we want to treat you – and your personal information – with respect and dignity. It is important to us that you have confidence in us as an organisation, and that you trust us to look after your information. This policy explains how we collect, use and store your personal information, and also explains the rights you have under the 2018 regulations.
4. Your rights
Under GDPR, you have 8 specific rights when it comes to your personal information.
- The right to be informed – meaning you should be given clear information about what personal information we keep, why we keep it and how it is used and stored.
- The right of access – meaning you can ask us for a copy of all the personal information we hold about you and you can ask us questions to make sure that we are processing your information legally.
- The right to rectification – meaning that if the personal information we have is wrong or incomplete, you can tell us so that we only keep accurate information that you have chosen to share with us.
- The right to erasure – meaning that you can ask us to erase all your personal information. This is sometimes known as ‘the right to be forgotten’. There are some occasions when we may have a legal obligation or legitimate interest to keep certain information about you, even if you no longer want to be on our records, for example in terms of processing financial information, or keeping records in case of a future claim.
- The right to restrict processing – meaning that you can ask us to keep your information but only use it for certain purposes, for example you may want to only receive certain types of information from us.
- The right to data portability – meaning that you can ask for your data to be transferred to another system. This is not something that is currently relevant to our work at Ravenheat Manufacturing Ltd, but an example would be if you use a price comparison website to compare different bank accounts, you have the right to tell your current bank not to share relevant information with another account provider.
- The right to object – meaning that if you are unhappy with the way we have processed your data, for example if we keep writing to you when you have asked us not to, you can tell us and we must respond.
- Rights in relation to automated decision making and profiling – meaning that we need to tell you if we use any systems which automatically use your personal information without human involvement. There is more information about this and all the other rights on the Information Commissioners Office website here.
5. On what basis do we collect your information? We collect personal information on the basis of consent (by you willingly providing us with the information) and legitimate interest (for instance when contracts are in place).
In the instance of a purchase being made on the website we ask you for the necessary information to facilitate the delivery of that product. Payment information taken via the website is transmitted via a secure (SSL) connection directly to your chosen payment provider and not stored on this website at any point. Any user account information you provide during the process of creating an account with us via the website is available to you via request. We do not have access to your password but can, upon request, change it for you.
6. What information do we collect?
We collect information on:
- people who contact us
- people who apply for jobs at Ravenheat Manufacturing Ltd
- staff, office-visitors and volunteers
- people who purchase products from our website
When you visit our website, we collect non-personal data such as details of pages visited and time and location data. Website usage information is collected using cookies (see the section on Cookies below). We may collect publicly available information, for example from Companies House, or information published in newspapers.
7. What do we do with your information?
People who contact us: – we may use the personal data we collect from you to:
- provide you with any information you have requested
- keep a record of your relationship with us via internal Customer Relationship Management (CRM) tools
- keep you up to date with news and stories about our work, providing you have specifically given consent to receive this information
- invite you to events
People who apply for jobs with us: – we may use the personal data we collect from you to:
- provide you with any information you have requested
- keep a record of your relationship with us
- process and consider your application for a role at Ravenheat Manufacturing Ltd
- Your information will only be shared with our staff involved in the recruitment process
- share specific and appropriate elements of your personal data, for example, your contact details, with other staff team members that you will be working with should your application be successful
People who purchase products from us: – we may use the personal data we collect from you to:
- use your address details to facilitate your product’s delivery
- follow up any enquiries you have made about the product or it’s guarantee
- use your approximate location in order to assess the effectiveness of any geographically targeted marketing campaigns
Please note, we do not store any payment information on the site and, as part of the purchase process, any payment information is transmitted to our payment providers via a secure (SSL) connection.
Staff and volunteers: – we may use the personal information we collect from you to:
- fulfil our contractual obligations to you, such as paying you
- ensure we are treating you as we’ve committed to, for example under our sickness absence policy
- provide references at your request should you move on
8. Sharing your information
Sometimes we may need to share your information, with your consent. We may also have to share information if it is required by a law enforcement agency or by a regulatory body. We do not share your information with any other organisations for their marketing purposes.
We may use other organisations to carry out tasks on our behalf, including sending emails (such as using Mailchimp to send our newsletters). We will provide these organisations with only the information needed to deliver these services, and they are not permitted to use or store your data for any other purpose.
9. Where and how do we store your personal information?
We take appropriate steps to ensure your personal information is managed securely. We store and process most of our information using cloud and secure servers. Internally, this is accessed only by appropriate staff who are trained suitably.
In some cases, third parties may have access to your personal information, and where this is the case we ensure that they are GDPR compliant.
While we take appropriate steps to ensure that information is secure, for example by using encrypted forms, we cannot guarantee that transmission of information over the internet is 100% secure and therefore you submit data at your own risk.
Data in cloud based systems may be processed outside of the European Economic Area (EEA). By submitting your personal data, you agree to this transfer, storing and processing of your information.
Cookies may be used to collect information about your visit to our website, for example: the pages that you visit, the time and date of your visit, location and traffic data.
We may collect and use this data for the following reasons:
- To understand the interests and needs of those who visit our website
- To estimate our audience size and patterns
- To support the processing of forms, applications or requests you send to us
- To help us improve and update our website
Some of these third parties may be located outside of the UK and the European Union, and therefore they may not fall under the jurisdiction of UK courts. If this is a concern to you, you can change your cookie settings and you can find out more about this from the Information Commissioner’s Office (ICO) (https://ico.org.uk/).
11. Links/Other Websites
12. How long do we keep your information?
How long information is kept for is sometimes called ‘data retention’. We will keep your personal information only for as long as we consider it necessary. We have to take into account legal obligations, accounting and tax considerations and also consider what is reasonable for the activity in question. In the case of product guarantees we keep the requisite information in order to confirm purchase and registration of the guaranteed items.
13. Updating your details and preferences with us
Please keep your details up to date with us, for example if you change address or telephone number.
You can change your preferences for which communications you receive from us, and how we contact you, by getting in touch with us at any time.
14. Accessing and amending your information and preferences
At any time, you can do the following:
- ask for a copy of the personal information we hold about you (this is also known as a Subject Access Request)
- ask us to erase or remove all your personal information
- ask us to restrict how we use your personal information
- object to our use of your personal information
Your request needs to be in writing and either on paper or in an email is fine. The more detail you are able to include the better we’ll be able to respond.
To do any of these, please write to us at:
By email: [email protected]
By post: Data Protection Officer, Ravenheat Manufacturing Ltd, Chartists Way, Morley, Leeds, LS27 9ET.
We will act on any requests received at the latest within one month of receiving your request, unless this request is complex, in which case we will inform you within one month of receiving your request and explain why we need to extend this length of time.
15. How to contact us
For more information about your rights in relation to the information we hold about you, you can visit the ICO website (https://ico.org.uk)