GDPR (General Data Protection Regulation (EU) 2016/679) is the new EU regulation for protection of personal data and the greatest change in data protection regulation over the past 20 years. It will replace the 95/46/EC Directive for protection of personal data and will strengthen the rights that EU citizens have over their personal data.
The GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. GDPR replaces the 1995 Data Protection Directive (Directive 95/46/EC).
Heating Care Scotland Limited values privacy, for both our customers and our employees. We are committed to GDPR compliance and to achieve this, Heating Care Scotland Limited has initiated a common GDPR program to strengthen and improve data protection across the entire Heating Care Scotland Limited Group.
The Heating Care Scotland Limited GDPR Program addresses all services and underlying processes to be compliant with the requirements of GDPR. This includes all customer contracts where Heating Care Scotland Limited is processing personal data on behalf of customers. All Heating Care Scotland Limited UK subsidiaries will implement the same new controls and processes.
1 ABOUT THIS POLICY
1.1 Heating Care Scotland Limited (“we/us”) appreciates how important your privacy is and are committed to protecting and respecting any personal information you share with us.
1.2 This policy describes what type of information we collect from you, how we use it, how we share it with others, how you can manage the information we hold, your legal rights in respect of your personal information, and how you can contact us.
1.3 We will only send you marketing communications where you have purchased a similar product from us, and we will always give you the opportunity to opt out of receiving such marketing communications. We will never send you “junk” email or communications or share your data with anyone else who might. We do not sell any information to third parties but we do work closely with selected partners who help us to provide you with information on the products and services that you request from us. We will always ask for your explicit consent before we send you marketing communications from other companies in our group, or relevant third parties.
1.4 This policy may change, so please check this page from time to time to ensure that you’re happy with any changes. If we make any material changes to the manner in which we progress and use your personal information, we will contact you to let you know about the change.
1.5 This policy was last updated on 23/05/2018.
2 WHO WE ARE
2.1 We are Heating Care Scotland Limited. Whenever you deal with us, we are what is known as the ‘controller’ of your personal information; a ‘controller’ is a company that decides why and how your personal information is processed.
2.2 Where this policy refers to “we”, “our” or “us”, it is referring to Heating Care Scotland Limited.
3 HOW AND WHAT PERSONAL INFORMATION WE COLLECT
3.1 We may collect and process the following personal information about you
Personal information you give to us: This is information about you that you give to us by entering information via our websites or our social media pages or by corresponding with us by phone, email or otherwise and is provided entirely voluntarily. The information you give to us may include all or some of the following but is not limited to:
- Name (including Title);
- Phone number(s);
- Email address(s);
- Enquiry details.
And we may also collect any personal information which you allow to be shared that is part of your public profile on a third party social network.
- Personal information automatically collected: We may automatically collect the following personal information:
- details of your browser and operating system;
- the website from which you visit our website;
- the pages that you visit on our website;
- the date of your visit; and the Internet protocol (IP) address assigned to you by your internet service.
- We also collect some of this information using cookies – please see Cookies for further information.
Personal information we may receive from other sources: We obtain certain personal information about you from sources outside our business which may include other third-party companies; the personal information received will only include personal information as described in this Section 3.1.
3.2 Please see Section 4 (How we use your personal information) for details of the purposes for which we use the personal information we obtain from these sources and the legal basis on which we rely to process that information. The remaining provisions of this policy also apply to any personal information we obtain from these sources.
3.3 Where you have provided CONSENT
We may use and process your personal information where you have consented for us to do so for the purpose of:
- sharing your personal information with a third party to allow said third party to send you marketing communications, as more fully set out in the Marketing section); and/or
- to contact you for conducting market research to allow us to continually improve the products and services that we deliver to you.
- You may withdraw your consent for us to use your information in any of these ways at any time.
3.4 Where required to perform a CONTRACT with you
We may use and process your personal information where it is necessary for the performance of a contract with you or in order to take steps at your request before entering into a contract with you including for the following purposes:
- to fulfil and complete your orders, purchases and other transactions entered into with us;
- to allow us to provide you with breakdown services; and to administer your warranty and aftersales services.
- Where you do not provide us with your personal information, we may not be able to provide you with some or all of the our services.
3.5 Where required to comply with our LEGAL OBLIGATIONS
We will use your personal information to comply with our legal obligations, for example, where it is necessary to process your personal data: (i) to assist HMRC, the Police, or any other public authority or criminal investigation body; and (ii) to comply with any regulatory and/or legal obligations which we are subject to (for example, anti-money laundering regulations).
3.6 Where there is a LEGITIMATE INTEREST
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes:
- to send you marketing communications where you have purchased, or entered into negotiations to purchase, a product or service from us, and such communications relate to a similar product or service;
- to respond to correspondence you send to us and fulfil the requests you make to us (for example, brochure request);
- to inform you of any urgent safety or product recall notices to communicate to you or where we otherwise reasonably believe that the processing of your personal information will prevent or reduce any potential harm to you;
- for analysis purposes, the results of which are used to inform our marketing strategy;
- to administer our websites and for internal operations, including troubleshooting, testing, statistical purposes; to correspond with you via email, text message, post or telephone.
- for marketing activities (other than where we rely on your consent) e.g. to tailor marketing communications or send targeted marketing messages via social media and other third party platforms;
- to enhance and personalise your customer or visitor experience;
- for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
- for the purposes of corporate restructure or reorganisation or sale of our business or assets;
- for efficiency, accuracy or other improvements of our databases and systems e.g. by combining systems or consolidating records we or our group companies hold about you; to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings; and for general administration purposes including managing your queries, complaints, or claims, and to send service messages to you. Where you do not provide us with your personal information, we may not be able to provide you with some or all of the services which you have requested.
4 OTHERS WHO MAY RECEIVE OR HAVE ACCESS TO YOUR PERSONAL INFORMATION
4.1 Group companies
We may share your information with other companies within our group. Our Group companies will only process your personal information for the purposes of providing you with services on our behalf, or, with your consent, to provide you with marketing communications relating to products and services that complement our own range of products and services. Group companies shall only send you marketing communications where you have provided your express consent to receive communications from our group companies. Where you have provided your consent you are entitled to withdraw it at any time.
4.2 Our suppliers and service providers
We may disclose your information to our third-party service providers, agents, subcontractors and other organisations for the purposes of providing services to us or directly to you on our behalf. Such third parties may include cloud services providers (such as hosting and email management) or advertising agencies, administrative services or other third parties who provide services to us.
When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we shall enter into a contract with all such third parties which requires them to keep your information secure, act in a manner compliant with relevant data protection legislation, and not use your personal information for any purpose other than in accordance with our specific instructions.
4.3 Third parties who provide products and services
We work closely with various third parties to bring you a range of products and services which are complimentary to ours.
4.4 Other ways we may share your personal information
We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal information if we’re under a duty to disclose or share it in order to comply with any legal obligation, to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our employees, visitors and customers. However, we will always take steps with the aim of ensuring that your privacy rights continue to be protected.
5. HOW LONG WE KEEP YOUR PERSONAL INFORMATION FOR
5.1 If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws.
5.2 We do not retain personal information in an identifiable format for longer than is necessary for the purposes for which we need to use it for.
5.3 Unless one of the situations described in Section 6.4 below applies, we will retain your personal information for 7 years after the last occasion on which we have used your personal information in one of the ways specified in Section 4 (How we use your personal information).
5.4 The only exceptions to the data retention period set out above is where:
we have been using your personal information to provide you with marketing emails, we will retain this information until you ask to be removed from our marketing email list;
the law requires us to hold your personal information for a longer period, or delete it sooner;
it is necessary to do so for the management of any active or potential legal proceedings, to resolve or defend claims, and for the purposes of making any necessary remediation payments; and you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted in this Section 6, or because we are required under the law.
6.1 Where you have purchased, or entered into negotiations to purchase, a vehicle or other product or service from us, we may send you marketing communications using the contact details which you have provided to us, which may include relevant news, information about our services, and details of similar products which we think may be of interest to you. Such marketing communications are send by email, post and SMS.
6.2 We will always give you the option to opt out of such marketing communications at the time you provide us with your information, and in each marketing communication which you receive from us. Where you have given us consent to send marketing communications, you may withdraw such consent at any time by clicking the "unsubscribe" link in any marketing email which you receive, or by updating your preferences by contacting us using the details provided below.
6.3 We may contact you with targeted advertising delivered online through social media and platforms (operated by other companies). Such targeted advertising may use your personal information to tailor advertisements to you, and to improve the relevance of advertisements which are made available to you.
6.4 Where you have given us permission, we will share your personal information with group companies and named third parties who will send you marketing communications about their products and services which we think may be of interest to you.
6.5 A full list of third parties is provided via a link provided to you at the time which we request your consent. This list may be updated from time to time, and we will send you an email informing you of any updates before sharing your personal data with a third party which has been added to the list after you have given us your consent to share your personal information.
6.6 If you would like to opt-out of receiving marketing from any of our group companies or any third party after providing your consent, you can do so at any time by contacting the relevant third party directly or by clicking the "unsubscribe" link in any marketing email which you receive.
6.8 From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you consent to continue receiving marketing information from us.
7 YOUR PRIVACY RIGHTS
As a data subject, you have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received this information or, where no such information is required, after we have received your request.
7.1 Accessing your personal information
You have the right to ask for a copy of the information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making.
You can make a request for access free of charge by emailing or writing to us at the address set out in Section 10 of this policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
7.2 Correcting and updating your personal information
The accuracy of your information is important to us and we will endeavour to make it easy and simple for you to review and correct the information that we hold about you. If you change your name or address/email address/contact numbers, or you find out that any of the other information we hold is inaccurate, incomplete or out of date, please let us know by contacting us using any of the methods detailed below in Section 10.
7.3 Withdrawing your consent
Where we rely on your consent as the legal basis for processing your personal information, as set out in above (How we use your personal information), you may withdraw your consent at any time by contacting us using the details at the end of this policy or by clicking the "unsubscribe" link in any marketing emails which you receive. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
7.4 Objecting to our use of your personal information
Where we rely on our legitimate business interests as the legal basis for processing your personal information for any purpose(s), as out in Section 4 (How we use your personal information), you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data. You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request.
7.5 Erasing your personal information or restricting its processing
In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address set out below in Section 10. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request. You may also ask us to restrict processing your personal information in the following situations:
Where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.
In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
7.6 Transferring your personal information in a structured data file
Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out above (How we use your personal information), you may ask us to provide you with a copy of that information in a structured data file.
We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file. You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
7.7 Make a complaint
You can make a complaint about how we have used your personal information to us by contacting us as noted in Section 10 below, or to a supervisory authority – for the UK this is the Information Commissioner's Office, at https://ico.org.uk/.
8 SECURITY / COOKIES / LINKS / SOCIAL PLUGINS
8.1 Security measures we put in place to protect your personal information
All companies within our group use appropriate technical and organisational security measures to protect the personal information supplied by you and managed by us against manipulation, loss, destruction, and access by third parties. Our security measures are continually improved in line with technological developments. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information whilst in transit to our website and any transmission is at your own risk.
8.2 Use of 'cookies'
'Cookies' are small pieces of information sent to your device and stored on its hard drive to allow our websites to recognise you when you visit.
Information on the cookies that we use and their features can be found in under here.
8.3 Links to other websites
Our website may contain links to other websites run by other organisations which we do not control.
8.4 Social plugins
After their activation, a direct link to the server of the respective social network is established. The contents of the button are then transmitted from the social network directly to your browser and incorporated in the website.
After activation of a button, the social network can retrieve data, independently of whether you interact with the button or not. If you are logged on to a social network, the network can assign your visit to the website to your user account. A social network cannot assign a visit to websites operated by our other group companies unless and until you activate the respective button there as well.
If you are a member of a social network and do not wish it to combine data retrieved from your visit to our websites with your membership data, you must log out from the social network concerned before activating the buttons.
We have no influence on the scope of data that is collected by the social networks through their buttons. The privacy policies of the social networks provide information on the purpose and extent of the data that they collect, how this data is processed and used, the rights available to you and the settings that you can use to protect your privacy.
9 CHANGES TO THIS POLICY
The content of this policy may change from time to time and you may wish to check this page occasionally to ensure you are still happy to share your information with us. Where we make a material change to the manner in which we use your personal information, we will send you an email informing you of this.
10 HOW TO CONTACT US
Heating Care Scotland Limited, James Young House, Drumshoreland Road, Pumpherston, Livingston EH53 0LQ
Telephone: 01506 411 921 | 01506 439 077 | email: firstname.lastname@example.org