Privacy & Cookies Policy
Published January 2020
Privacy Notice
This privacy notice explains how BSW-Heating Ltd uses the personal information we collect from you, either through using our website, or in any other way, electronically, verbally or in writing
Topics:
• Data controller
• Basis for collecting your data (Lawful processing)
• Recipients of data and data transfers
• Sensitive Information
• Retention policy
• Data Storage and Security
• Cookies
• Your Rights as a data subject
• Automated decision making
• 3rd Party Websites
• Contact Details
Data controller
BSW-Heating Ltd is the data controller, this is because we make decisions about what data we collect and how it is used and with whom it is shared with. We can be contacted at dataprotection@bsw-heating.com or telephone number +44 (0)208 7635 329.
On what basis do we collect and process your data?
Data Protection law defines the basis by which we can lawfully collect and process personal data.
To enter into or in pursuance of a contract:
We will collect personal data when engaging with individuals or organisations to enter into a contract, such as the agreement to supply services or goods. We will continue to process that data for the duration and often subsequently after the contract expires or is terminated.
Where processing your data is in your vital interests:
We will process your data if we feel it is required to protect your vital interests, or the vital interests of another person. This might occur in serious life or death situations where immediate disclosure of personal data is required. We have documented our justification for processing your data on this basis.
In our legitimate interest:
We will collect and process personal data where it is in the legitimate interest of BSW-Heating Ltd to do so. Specifically, we use legitimate interest in relation to engaging with our customers and clients in order to provide them with the services required.
Data Protection law defines the basis by which we can lawfully collect and process personal data.
Directly Contracted Clients
| Purpose of Processing | Data Category | Data Type | Legal Basis |
| Engaging commercially | Identity Details | Full Name | Contract |
| Engaging commercially | Contact Details | Address (business) | Contract |
| Engaging commercially | Contact Details | Home Phone number | Contract |
| Engaging commercially | Contact Details | Mobile number | Contract |
| Engaging commercially | Contact Details | Email address(s) | Contract |
| Engaging commercially | Identity Details | Preferred name | Legitimate Interest |
| Engaging commercially | Identity Details | Signature | Contract |
| Engaging commercially | Financial Details | Bank Account/Credit Card details | Contract |
| Service Improvement | Identity Details | Voice Recording | Legitimate Interest |
Public Sector Clients
| Purpose of Processing | Data Category | Data Type | Legal Basis |
| Engaging commercially | Identity Details | Full Name | Legitimate Interest |
| Engaging commercially | Contact Details | Address | Legitimate Interest |
| Engaging commercially | Contact Details | Phone number | Legitimate Interest |
| Engaging commercially | Contact Details | Mobile number | Legitimate Interest |
| Engaging commercially | Contact Details | Email address business | Legitimate Interest |
| Engaging commercially | Identity Details | Signature | Legitimate Interest |
| Engaging commercially | Contact Details | Personal Email address | Legitimate Interest |
| Engaging commercially | Contact Details | LinkedIn URL | Legitimate Interest |
| Engaging commercially | Contact Details | Fax Number | Legitimate Interest |
| Engaging commercially | Identity Details | Photo | Legitimate Interest |
| Service Improvement | Identity Details | Voice Recording | Legitimate Interest |
Suppliers
| Purpose of Processing | Data Category | Data Type | Legal Basis |
| Engaging commercially | Identity Details | Name | Contract |
| Engaging commercially | Contact Details | Address | Contract |
| Engaging commercially | Contact Details | Phone number | Contract |
| Engaging commercially | Contact Details | Email address | Contract |
| Engaging commercially | Contact Details | Nickname/Preferred Name | Legitimate Interest |
| Engaging commercially | Identity Details | Bank Account | Contract |
| Engaging commercially | Contact Details | VAT Reg | Contract |
| Engaging commercially | Contact Details | Company telephone Number | Contract |
| Service Improvement | Identity Details | Voice Recording | Legitimate Interest |
We collect data in relation to your communications and interaction with us. This can include emails, text messaging, postal service delivery, social media posting or any other form of communication. We also record telephone call for customer service and training purposes. In addition to the lawful purpose described previously for the above categories, we have a legitimate interest purpose to collect and retain this data to enable and improve our communication and for record keeping purposes.
The data we collect as data controllers from our data subjects is obtained directly from the data subject themselves. Please see our Cookie Policy for information on the data collected by our website.
Where we collect data for the purposes of providing contracted services to you, if you fail to provide this data, we may not be able to fulfil our contracted obligations.
Data recipients and data transfers
We do not sell any of your personal data to any third party – including your name, address, email address or credit card information.
Where required, BSW Heating Ltd. share personal data with service providers such as our auditors, accountants and insurance companies. We may, as required, share your personal information with printing and mailing companies, as well as email service providers and other delivery companies. Our email system is cloud based and personal data is held in Microsoft’s cloud environment.
Financial transactions are handled by our card payment service providers, Barclays Bank. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
Where required we will disclose your personal data with law enforcement and fraud prevention agencies. This is so we can help tackle fraud or where such disclosure is necessary for compliance with a legal obligation to which we are subject. Additionally, in order to protect your vital interests or the vital interests of another natural person, or in connection with the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Personal data in electronic form is held in UK accredited data centres. If data is transferred outside of the EEA, we ensure that the transfer is covered by an EU adequacy decision such as the USA Privacy Shield or through mechanism such as standard contractual clauses as approved by the EU.
Sensitive information
BSW-Heating Ltd does not process special category data as defined by Article 9 of the GDPR in relation to its clients, customers or suppliers.
Retention policy
The data we collect directly from you is the minimum we require to facilitate the lawful processing described above. Personally Identifiable Data placed on our system will be deleted in accordance with legal obligations, such as HMRC rules. Outside of that BSW Heating Ltd. has developed a retention policy to ensure personal data is held only for as long as is required for the purpose we collected it or for our legitimate purposes.
Generally, personal data required for financial transaction and audit purposes, including reporting to the HMRC will be retained for 6 years plus the current year it is collected.
Personal data collected for the purposes of engaging with clients and suppliers will be maintained for the duration of the commercial relationship and for a further 7 years thereafter. CCTV images will be deleted on rolling basis after 30 days and voice recordings used for training and customer service purposes are also for 60 days.
Data Storage and Security
BSW Heating Ltd. follows strict security procedures to ensure that your personal information is not damaged, destroyed, or disclosed to a third party without your permission and to prevent unauthorised access. We store data within our own physical network and via cloud services provided by Microsoft Office. Our data is subject to rigorous back up regimes to prevent data loss and continuance of service.
The servers storing personal information are kept in a secure environment with restricted physical access. We use secure firewalls and other measures to restrict electronic access, including anti-virus and anti-malware measures. If the data must be transferred to a third party, we require them to have in place similar measures to protect your personal data. We have a process in place to mitigate the impact of any data breach that should occur.
Only persons who need the information to fulfil their duties are granted access to personal data. We may require you to cooperate with our security checks before we disclose information to you. You can update the personal information that you give us at any time by contacting us directly.
Cookies from our website
To make our website work properly, we sometimes place small data files called cookies on your device.
What are cookies?
Cookies are pieces of data, normally stored in text files, that websites place on visitors’ computers to store a range of information, usually specific to that visitor – or rather the device they are using to view the site – like the browser or mobile phone. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.
How do we use cookies?
We do not set any cookies on your browser, other than one strictly necessary for the operation of our website. The cookie-related information is not used to identify you personally and the pattern data is fully under our control. These cookies are not used for any purpose other than those described here.
How to control cookies
You can control and/or delete cookies as you wish – for details, see https://cookiepedia.co.uk/all-about-cookies
You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
Cookies we use are:
| Cookie | Description | Duration | Type |
| __stid | The cookie is set by ShareThis. The cookie is used for site analytics to determine the pages visited, the amount of time spent, etc. | 1 year | Analytics |
| _gat | This cookie is installed by Google Universal Analytics to throttle the request rate to limit the collection of data on high traffic sites. | 1 minute | Performance |
| _gid | This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form. | 1 day | Analytics |
| _ga | This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. | 2 years | Analytics |
| __unam | Social sharing widget to enable sharing of content across various social networks. | 8 months | Other |
Your rights as a data subject
he regulations provide a number of rights to you as the Data Subject. BSW-Heating Ltd is committed to upholding those rights and those applicable to the personal information we collect and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/
• The Right to be Informed – you should be clear about what, why and in what way your personal information will be processed at the time it is processed. This privacy policy sets out that information
• Right of Access – you have the right to know what personal information is held, by whom and why.
• The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified.
• Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations.
• Right to Restrict Processing – If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified.
• Right to Data Portability – You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way.
• Right to Object – You have the right to object to profiling and direct marketing
• You also have rights in relation to automated decision making.
You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office www.ico.org.uk
Automated decision making
BSW Heating Ltd. does not use automated decision making to process personal data.
Third party websites
Our website may contain links to other websites. This privacy policy only applies to BSW Heating Ltd., so if you follow a link to another website, you should read that organisations own privacy policy.
Changes to our privacy policy
We keep our privacy policy under review and we will place any updates on our website. This privacy policy was last updated in January 2020
How to contact us
You can write to us at this address:
BSW Heating Ltd. Ltd.
3 Old Barn Lane,
Kenley.
Surrey. CR8 5AT
You can telephone us on this number:
+44 (0)208 7635 329
You can email us by using this link:
dataprotection@bsw-heating.com