The General Data Protection Regulation (“GDPR”) which comes into being on 25th May 2018 is the biggest change to data privacy laws since the Data Protection Directive was first established in 1995. The new regulation is focused on you, the individual, and how your information is used and processed. It will increase transparency and give you more control and protection.
If you have any specific concerns around the privacy of your personal information or require further information about how we manage your data, please get in touch with us directly:
By post: The Data Protection Manager, Clement Windows Group, Clement House, Haslemere, Surrey, GU27 1HR
By phone: +44 (0) 1428 643393
By email: firstname.lastname@example.org
We are open 8.30 am to 5.00 pm Monday to Friday. For your security and to improve the quality of our service, we may record and monitor telephone calls.
2. Who we are
Clement Windows Group manufactures and installs an innovative range of steel windows, doors, screens and rooflights. We are also recognised as specialists in conservation work for both private residences and commercial projects.
If you are a residential customer you will interact with Clement Windows Ltd.
If you are a commercial customer you will interact with Clement Projects Ltd.
Manufacturing is carried out by Clement Polska sp.z. o. o.
The data controller of your information will be the Clement Windows entity you interact with, as set out above.
3. What information we hold and how we collect it
Personal information is information that identifies you as an individual or from which you are identifiable. This includes your contact details and financial information.
For the sales process, only contact and address details are required.
In order to secure an order and administer your account, occasionally financial details are required such as debit card information. Card details are not recorded in any form, paper or electronic. If a subsequent payment needs to be made, we would need to ask you for your card details again.
As a Clement customer, we collect personal information about you in connection with providing our products and services to you. This means we will generally use your information in the following ways:
- When you interact with us, whether over the phone, in person, in writing, or through our web site or emails, specifically when you book an appointment with us, request a quote from us or place an order with us;
- When you comment on or review our products and services;
- When you complete any surveys we send to you;
- When you visit our showroom, our CCTV systems may record your image during your visit;
- From third parties, such as credit reference agencies and social networks; and,
- From publicly available sources, eg Land Registry.
4. How we use your personal information
The main ways in which we may use your personal information are to:
- Create your account, administer your order, to analyse your windows requirements and tailor our products and services to you;
- Communicate with you and provide information on specific products and services when you request it (for example, when we send you our newsletter); and,
- Meet our legal obligations.
5. Our lawful bases for processing information
We will only process your personal information where we have a lawful basis for doing so. Clement Windows Group will rely on the following legal bases:
- To fulfil or enter into a contract with you: We use this basis in order to perform our obligations under our contract with you. For example, we need to collect your address details in order to arrange delivery and installation of your windows.
- Your consent: We use this basis when you give your consent verbally or by ticking the box in an email or on our web site to receive email newsletters and product updates from us.
- To comply with a legal obligation: We use this basis if we need to process your personal information to comply with a legal obligation we are subject to.
- Our legitimate interests: In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we may use your purchase history to identify product updates which we believe will be of interest to you. We may also rely on our and your employer’s legitimate interests to process your personal information when you make a booking or otherwise interact with us on behalf of your employer.
6. Sharing your personal information
We may share your personal information with:
- Trusted third parties who provide services on our behalf, namely:
- Insurance providers, eg HomePro who provide an Insurance Backed Guarantee for our windows products (data will be kept for the lifetime of the guarantee and will not exceed 10 years);
- Industry bodies, eg FENSA who operate a Competent Person Scheme for self-certification under Building Regulations (data will be kept for the lifetime of the guarantee and will not exceed 10 years), or other industry bodies to whom we might refer a customer complaint under our complaints policy or to resolve a dispute; and,
- Credit referencing agencies.
In these cases we will only provide the third party with the information that they need and they may only use your data for the exact purposes we specify in our contract with them.
We may also share your personal information with the following, should the need arise:
- Other companies in the Clement Windows Group.
- Law enforcement and other governmental authorities, e.g. to report a fraud or in response to a lawful request.
- Third parties engaged in fraud prevention and detection.
- Our professional and legal advisors.
- Otherwise where we have your consent or are otherwise legally permitted to do so.
We do not share your information with any third parties for the purposes of marketing.
7. Retaining your personal information
We will retain your personal information for as long as is necessary for the purposes described above and therefore the retention period will vary depending on your interactions with us. For example, typically we will retain information related to your order for a minimum of seven years to: fulfil our business purposes; comply with legal and regulatory requirements; or, for any legal claims. Records earmarked for destruction are sent for secure shredding.
We may keep your data for longer where this is necessary for statistical purposes. However, we will ensure all personally identifiable information is removed where technically feasible.
8. How we ensure the security of your personal information
We know how important data security is to our customers. With this in mind, we treat your personal information with the utmost care and take all reasonable precautions to keep it secure, including safeguards against unauthorised access, use or data loss. This includes ensuring our staff, partners and any third parties who perform work on our behalf comply with security standards as part of their contractual obligations.
We operate a secure web site and a secure PDQ terminal supplied by Global Payments is used. This terminal is not connected to the company network, internet or any other computer systems other than those provided by Global Payments and access to the terminal by anyone other than authorised employees is prohibited. If the terminal has to be service or exchanged, this process is supervised by the Clement Windows Group Financial Controller.
Occasionally if we need to take your payment card details it is for the purposes of administering the transaction at that specific time. Your card details will not be maintained or communicated in any form, paper or electronic and the security code will always be destroyed.
Company business systems are maintained on a firewall protected server which is backed up regularly. Accounting software is password protected and only made available to authorised employees.
We utilise a third party company to monitor our systems for possible vulnerabilities and attacks.
9. Your data subject rights
You can withdraw your consent to marketing (including our newsletters) at any time. As well as our obligations and commitment to respect the privacy of your information, you also have the right to request access to and the erasure or correction of your personal information. You also have the right to request the restriction of processing your personal information, and in some cases, you will be able to object to its processing. Please note, these rights are all subject to various exceptions and limitations, therefore there may be circumstances where can cannot comply with your request. You can exercise these rights at any time by contacting us using the contact details at the beginning of this document (See (1) Introduction). You are also entitled to contact the Information Commissioner’s Office (“ICO”) if you are not satisfied with how we have handled your information.
Last updated 23rd May 2018