1. What is the purpose of this privacy statement
Cold Clad Ltd are committed to safe guarding your privacy online and we take our responsibilities seriously. This policy is intended to help you understand the following:
• What data we collect, who is collecting it and how we collect it
• When and why we collect this data.
• How we use your data.
• How we share your data and who with.
• How we keep your data secure.
When we refer to “Cold Clad”, “we”, “us” or “our” in this policy we mean the relevant Cold Clad company or companies providing your product and/or service, details of which are set out at the end of this document. We may change this policy from time to time so please check back with us occasionally for an update to ensure that you are happy with any changes. This statement applies where we act as a data controller, which is where we are responsible for deciding how we hold and use your personal data.
It is important that you read this statement together with any other privacy notice we may provide on specific occasions, so you are aware of how and why we are using your personal data.
2. Who we are:
We are an independent reseller of products and services in the telecommunications and IT sector. We offer a wide range of products including voice, mobile, data and cloud. We provide solutions for organisations in both the public and private sector.
3. How will we use your personal data?
Data protection laws require that the personal data that we hold about you must be:
• Used lawfully, fairly and in a transparent way.
• Collected only for valid purposes that we have clearly explained to you and not used a way that is incompatible with those purposes.
• Relevant to the purpose that we have told you about and limited only to those purposes.
• Accurate and up to date.
• Kept securely and confidential.
4. What Type of Data is Collected?
Personal data means any information about an individual from which that person can be identified.
In order to provide our products and services, we may collect the following types of personal data about you which we have grouped into the following categories:
• Identity Data includes first name, last name, signature and title.
• Contact Data includes billing address, delivery address, email address, telephone number(s), place of work and your position within the company.
• Financial Data includes bank account details.
• Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
• Technical Data includes internet protocol (IP) address, Media Access Control (MAC) Address and extension number.
• Usage Data includes information about how you use our website, products and services.
We do not collect, store or process special category or criminal offence data.
5. How do we collect this data?
We may collect personal data from you in several ways, depending on the products and/or services you have including:
Information you give to us: You may choose to provide us with your personal data by:
• Submitting a request via the “Contact Us” facility on our website for us to contact you.
• Corresponding with us by telephone, email, webchat, letter or other means:
• Applying for one of our products and services.
• During our sales process.
• Participating in feedback or surveys or by providing contact details offline.
Information we receive from other sources:
• We may obtain personal data from public sources such as Companies House, your website, LinkedIn, Facebook or via other social media interactions.
6. Why is your data being collected?
We comply fully with our obligations under GDPR and we will only collect your personal data when we have a lawful basis for doing so. We will always process your data lawfully, fairly and in a transparent manner. Most commonly we use your personal data to provide you products and/or services and to comply with our legal obligations. We have set out the main reasons why we process your personal data and the applicable circumstances below:
To perform the contract that we have entered into with you, for example to:
• To provide technical support on the products and/or services we have provided to you.
• To order, change or cease products and/or services.
• To provide quotations for our products and/or services.
• Exercise our rights in our agreements.
To comply with a legal obligation, for example:
• Where we are required to use your personal data and maintain records of our dealings with you by our regulators such as The Office of Communications (OFCOM), Information Commissioner’s Office (ICO), the Department of Work and Pensions (DWP) and Her Majesty’s Revenue & Customs (HMRC).
• To respond to complaints and data subject requests.
• To prevent and detect crime such as fraud or money laundering.
Where it is necessary with our legitimate interests provided your interests and fundamental rights do not override those interests, for example:
• To respond to and manage ad hoc queries or complaints.
• To provide and improve customer support.
• To recover debts due to us.
Where we have obtained your explicit written consent to do so, for example:
• To provide you with marketing services, including information about us or our products and/or services and related information.
7. If you choose not to provide or update your personal data:
If you do not provide certain information requested, we may not be able to offer you our products and/or services. We may also not be able to apply with our legal obligations such as verifying your identity. This could mean that we must cancel the products and/or services you have with us.
It is important that the information that we hold about you is accurate and current. Please keep us informed about any changes to your personal data.
8. How long do we hold your data?
We will keep your personal data for as long as you are a customer of ours. Thereafter we may keep your data for up to 7 years to enable us to respond to any questions or complaints and to maintain records and lease obligations where we are required to do so.
To determine the appropriate retention period of your data, we consider:
• The type of contract you have with us.
• The quantity, nature and sensitivity of the personal data.
• The potential risk of harm from unauthorised use or disclosure of your personal data.
• The purpose for which we process your personal data.
• Whether we can achieve these purposes through other means.
• Any legal requirements to retain such personal data for prescribed periods.
Where we retain your data, we will make sure your privacy is protected and only use it for the purposes described above
9. Who has access to your data?
Your data is only accessed by authorised individuals within our group of companies which includes the following teams:
• The finance team.
• The sales team.
• The marketing team.
• The project management teams.
• The senior management team.
10. Who may we share your personal data with?
We may have to share your personal data with third parties, including third-party service providers. We will always require those third parties to respect the security of your data and to treat it in accordance with the law and only for the purpose for which we obtained it.
When we use third party service providers, we disclose only the information that is necessary to deliver the product and/or service to you. We have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
We may share your personal data with third parties who we use to provide our products and/or services such as our suppliers, manufacturers, designated agents, subcontractors and other associated agents for the purpose of completing tasks and providing services to you on our behalf. An example of this could be the installation of new products and/or services. These third parties may also be data controllers in their own right and have their own privacy policies.
We may also share your personal data with the following third-party service providers who also support the provision of our products and/or services:
• IT and back office administration services.
• Billing provider.
• Marketing communication providers.
• Debt collection agencies.
• Manufacturers and distributers.
Where we are under a legal duty to do so we may share your personal data with Her Majesty’s Revenue & Customs (HMRC) and other tax authorities, The Office of Communications (OFCOM), Information Commissioner’s Office (ICO), The Department of Work and Pensions (DWP), the courts, the police and other law enforcement agencies. We will also share your personal data with the person or company you have authorised to deal with us on your behalf.
We may share your information with other third parties, for example in the context of the possible sale or restructuring of the business.
We will not sell your details to any third party. We will not use your personal data for marketing purposes without explicit written consent. We do not use automated decision-making or profiling.
11. Transferring information outside of the European Economic Area (“EEA”):
We do not transfer your personal data outside of the EEA.
12. How do we protect your data?
We have put in place appropriate measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to use your data. They will only process your personal data on our instructions and are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. As part of our data security measures we ensure that we train our employees and have appropriate data protection policies in place to support our compliance.
13. Who is responsible for your data?
We are not required by law to appoint a Data Protection Officer (DPO), but we have allocated a Data Representative position within the company who will be responsible for this.
14. Individual rights with your personal data:
Under the new General Data Protection Regulations (GDPR), you can ask us to do certain things with your personal data such as provide a copy of it, correct it or even delete it. There may be occasions where we cannot comply with a request and we will tell you if this is the case alongside our reason(s) for doing so. These will usually be for legal or regulatory reasons.
Under certain circumstances you have the right to:
The right to access your personal data – Also known as a data subject access request and this enables you to confirm whether we process your personal data. It also allows you to receive a copy of the personal data we are processing alongside certain information about how we use your personal data.
The right to rectification of the personal data that we hold about you – This allows you to have any incomplete or inaccurate information we hold about you corrected.
The right to erasure of your personal data – You can ask us to delete or remove personal data where:
• Processing is no longer necessary for the original purpose.
• You withdrew your consent.
• Processing is unlawful.
• our personal data must be erased to comply with the law.
However, in some cases, if we have another legal basis or legitimate interest for processing your personal data, we may not be able to comply. We will tell you if this is the case.
The right to restrict processing of your personal data – You can ask us to restrict the processing of your personal data where:
• You think the personal data that we hold is inaccurate until we can verify its accuracy.
• You believe we no longer need to process your personal data (but you do not want it erased).
• You wish processing to be restricted pending confirmation that our processing is based on our overriding legitimate interests.
The right to request the transfer of your data to another party (data portability) – In certain circumstances, you can ask us to send your personal data to a third party of your choice. For example, where it is information which is processed by us by automated means and you have consented to such processing or we need to process the information to perform our contract with you.
The right to object to the processing of your personal data – You have the right to object to us processing your personal data where we are doing so:
• Based on our legitimate interest (for the purposes described in the policy statement) unless we can demonstrate compelling grounds as to why the processing should continue in accordance with data protection laws.
• For direct marketing purposes.
Rights in relation to automated decision making and profiling – We do not carry out any automated decision making or profiling of your personal data.
Right to withdraw consent – If you have provided your consent to processing of your personal data for a specific reason, you have the right to withdraw your consent for that specific processing at any time. This will not affect the validity of the processing prior to such date. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Please note that by exercising this right it is possible that we will no longer be able to continue to provide our products and/or services or administer our contract with you. In such circumstances you will need to consider transferring to another provider.
15. How do you exercise your rights?
You can make a request by contacting us via the methods set out below. However, we will also ask you to confirm your request in writing.
You will not usually have to pay a fee to exercise any of your rights
16. Links to other websites:
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
17. Right to complain:
You also have the right at anytime to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Their contact details are:
Information Governance Department
Information Commissioner’s Office
Telephone – 0303 123 1113
Website – https://ico.org.uk/
Email – firstname.lastname@example.org
18. Review of this Policy
We keep this Policy under regular review and it was last updated in November 16th, 2018.
19. How to contact us:
Cold Clad Ltd,
Sarnia House, Green Lane
Website – https://www.coldclad.com/
20.Cold Clad Companies:
Cold Clad. Ltd are registered in England (Registered no. 06276472) Registered office: Cold Clad Ltd, Sarnia House, Green Lane, Tewkesbury, Gloucestershire, GL20 8HD.
You may request details of personal information which we hold about you under the Data Protection Act (DPA) 2018. If you would like a copy of the information held on you please write to: Registered office: Cold Clad Ltd, Sarnia House, Green Lane, Tewkesbury, Gloucestershire, GL20 8HD. Registered in England (no. 06276472)
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect. If you would like to be removed from our database. Please call 01684 438190 requesting the removal, or email email@example.com with REMOVE FROM DATABASE as the subject line.
Contact us on 01684 438190