1 Introduction
Rainbow Blinds & Fabrics Ltd ("Rainbow Blinds", "We", "Us") is your local, family-run window blinds and shutters company. As an essential part of our business, we collect and manage customer data. In doing so, we observe UK data protection legislation, and are committed to protecting and respecting your privacy and rights.
This Privacy Notice sets out how we use and protect any information that you give us when you use our services. It describes the ways in which we collect, manage, process, store and share information about you as a result of you visiting this site. Should we ask you to provide certain information by which you can be identified when using our services, then you can be assured that it will only be used in accordance with this privacy notice.
This Privacy Notice also provides you with information about how you can have control over our use of your data.
Please note that we will be updating this Privacy Statement on a regular basis in order to keep you fully up-to-date with our approach to data protection and privacy. If you have any comments or queries regarding our use of your data, or you wish to unsubscribe from receiving marketing communications from us, please contact our Data Protection Officer ("DPO") or by post at: Data Protection Officer, 61 Canyon Road, Wishaw ML20EG
This policy is effective from 5th May 2018.
2 Who is collecting your data?
Rainbow Blinds are the Data Controller collecting your data.
Our registered address is:
61 Canyon Road, Wishaw ML20EG
3 What information is being collected?
Personal Details
We collect the following data to enable us to provide you with our services. The information is provided by you and may include:
Title; First Name; Surname; Phone Numbers (landline; mobile; alternative contact line); Email; Addresses (home; alternative/contact); relevant card/billing information.
Website Visitor Data
When you visit this website and even if you do not register with us, we may collect technical information about you such as your Internet Protocol (IP) address which connects your computer or mobile device to the internet, your login information, browser type and version, the country and telephone code where your computer is located, and information about your visit including products you viewed or searched for, page response times, download errors and length of visits to certain pages.
Google Analytics
Click this link to read how Google uses data when you use our websites or apps - https://policies.google.com/privacy/partners?hl=en-GB&gl=uk
Bing Ads
Our Bing Ads use Universal Event Tracking (UET) – a way to track what happens after someone has clicked on our adverts.
4 How is it collected?
We collect your data via:
- Customer submission – this is where you have provided us with your personal data via an online form (from website), by telephone, in writing by email or letter, in person at our premises or by some other means.
- Website interaction – we use Google Analytics; Google Adwords; Bing Ads; and Facebook Ads. These services use tracking technology such as cookies that collect data.
- Telephone calls – our telephone system records the phone number used for incoming calls.
5 Why is information being collected and How will we use that information?
Currently, we use your data for the following purposes:
5.1 - To assist in the processing of your order / to carry out our obligations arising from any contracts entered into between you and us. For example, this could include manufacturing and installing orders, forwarding order details, order fulfilment, the processing of credit/debit card transactions, fraud prevention, registering warranties and the provision of corresponding customer services.
In certain circumstances, it may be necessary for us to provide your information to external companies with which we contract to assist us in providing agreed services to you. We assure you that these companies are not permitted to use your information for any other purpose. For further information about these companies, please see section 7 below.
5.2 - Where you have given us your specific consent, we will use your data to provide you with marketing services. This allows us to tell you about new products or services that may be of interest to you. Again, we do use a number of external companies to help us provide such marketing services. However, these companies are prohibited from sharing your data with any other company. This means that by consenting to receive marketing from us, you will not receive marketing communications from anyone else.
5.3 - To invite you to participate in customer surveys, write customer reviews or enter competitions.
5.4 - To ensure that the information contained within this website is presented in the most effective manner for you and your computer or mobile device. This information allows us to update and improve the contents of our site, and ensure the smooth operation of internal processes, such as troubleshooting, data analysis, testing, research, statistical and survey purposes, and to keep our website as safe and secure as possible. For further information, please refer to our Cookies Policy, which can be found here.
5.5 - To understand what sections of the website you are visiting, so that we can subsequently contact you regarding particular products and services which may also be of interest. This facility is enabled by cookies, described in our Cookies Policy which can be found here. We do this as we think it is important to understand your shopping and browsing habits so that we can keep improving our service for you.
If you change your mind at any stage about receiving marketing from us, or if you do not want us to process your personal data for one or more of the reasons set out above, please contact our DPO as described in section 1 above.
6. How Long Will We Keep Your Data?
Unless you ask us otherwise, we will never keep your data for longer than is necessary for us to complete the activity for which your data was collected in the first place. However, sometimes there is a legitimate and/or legal reason that means we need to retain your data.
Technical data collected by Google through use of this website will be kept for 2 years.
7 Who will it be shared with?
Sometimes to fulfil our contractual obligations to customers, we need to use external suppliers who support our business. We would contact you prior to sharing your data for your express permission with full details of the external company should this occasion arise.
For operational purposes including accounting and management procedures we may share your data with our parent group GC Group Ltd.
We assure you that we will only exchange your data with another organisation where i) we have your express permission to do so; or ii) it is necessary in order to honour a contract between you and Rainbow Blinds; or (iii) we have a legal obligation to share the information; or (iv) it is in the public interest; or (v) it is necessary for the establishment, exercise or defence of legal claims; or (vi) it is necessary to protect the vital interests of you or another person.
We will never sell your personal data to any external organisation.
8 What will be the effect of this on the individuals concerned? Is the intended use likely to cause individuals to object or complain?
As an organisation, we only ask for data that enables us to offer our customers the best experience of Rainbow Blinds from processing a customer order to ensuring this website is functioning properly. We actively seek permission to use a customer's personal data and this data must be supplied by the customer so we do not feel that this use is likely to cause an individual to object or complain.
9 How Can You Access The Personal Data We Hold?
You have the right to ask us, in writing, for a copy of all the personal data we hold about you. This is known as a "Subject Access Request". Except in exceptional circumstances (which we would discuss and agree with you in advance), you can obtain this information at no cost.
We will send you a copy of the information within 30 days of your request.
To make a Subject Access Request, please write to our DPO at the postal address shown in section 1 above.
10. Updating, Amending or Deleting Your Personal Data
If, at any time, you want to update or amend your personal data or consent preferences, please contact our DPO as described in section 1 above.
Any requested and legitimate changes will take effect within 28 days of receipt of your request.
We respect your right to be forgotten, and you can request that we delete your personal data. Please contact our DPO as described in section 1 above.
11. Data Privacy and Security
We maintain and adhere to a comprehensive range of IT policies, which includes processes for ensuring that data protection is a key consideration of all new and existing IT systems that hold customers' personal data. Where any concerns, risks or issues are identified, we conduct relevant impact assessments in order to determine any actions that are necessary to ensure optimum privacy.
We also maintain an active information security work programme which seeks to protect the availability, confidentiality and integrity of all physical and information assets. Specifically, this programme helps us to:
- protect against potential breaches of confidentiality;
- ensure all IT facilities are protected against damage, loss or misuse; and
- increase awareness and understanding across our business of the requirements of information security, and the responsibility of colleagues to protect the confidentiality and integrity of the information that they handle.
We recognise that the security of data and transactions on this website is of primary importance. We therefore ensure that these parts of the website (such as when you book an appointment with us) are secured using Secure Socket Layer (SSL) – the industry recognised standard for protecting data transfer over websites.
12. Disclaimers
Every effort is made to ensure that the information provided on this website, and in this Privacy Notice, is accurate and up-to-date, but no legal responsibility is accepted for any errors or omissions contained herein.
We cannot accept liability for the use made by you of the information on this website or in this Privacy Notice, neither do we warrant that the supply of the information will be uninterrupted. All material accessed or downloaded from this website is obtained at your own risk. It is your responsibility to use appropriate anti-virus software.
This Privacy Notice applies solely to the data collected by us, and therefore does not also apply to data collected by third party websites and services that are not under our control. Furthermore, we cannot be held responsible for the Privacy Statements on third party websites, and we advise users to read these carefully before registering any personal data.
13. General
Questions, comments and requests regarding this Privacy Notice are welcomed, and should be sent to our DPO.