Privacy & Cookies Policy
Published December 2018
This privacy notice explains in clear language, how BSW Heating Ltd. uses the personal information we collect from Data Subjects, either through using our website, or in any other way, electronically, verbally or in writing.
• Data controller
• Basis for collecting your data (Lawful processing)
• Recipients of data and data transfers
• Sensitive Information
• Categories and type of Personal Data collected
• Retention policy
• Data Storage and Security
• Your Rights as a data subject
• Automated decision making
• 3rd Party Websites
BSW Heating Ltd. is the data controller. We can be contacted at firstname.lastname@example.org or telephone number +44 (0)208 7635 300. Our Data Protection Officer can be contacted at email@example.com
On what basis do we collect and process your data? (known as lawful processing)
Data Privacy law defines the basis by which we can lawfully collect and process personal data. For the data we act as data controller, we have determined the following:
To enter into or in pursuance of a contract:
We will collect personal data when engaging with individuals to enter into a contract, such as an employment contract or commercial agreement to supply services or goods. We will continue to process that data for the duration and often subsequently after the contract expires or is terminated.
Where we have a Legal obligation:
We will collect personal data when we are required to through a legal obligation, such as requirements from HMRC in relation to employment or conduct checks through the Disclosure and Barring service.
In our legitimate interest:
We will collect and process personal data where it is in the legitimate interest of BSW Heating Ltd. to do so. Specifically, we use legitimate interest in relation to our clients and in order to identify prospective clients and if engaged, we continue to process personal data to manage our commercial relationship. This will include but not limited to the continued processing (retention) of records of our transactions and interactions. We also consider our use of CCTV and the collection of images as a legitimate interest activity. A legitimate Interest Assessment has been conducted to ensure that the legitimate interests of the organisation does not outweigh that of the data subject. The data collected will not be used for any unlawful or unethical purpose.
Data recipients and data transfers
We do not sell any of your personal data to any third party – including your name, address, email address or credit card information.
Where required, BSW Heating Ltd. share personal data with service providers such as our auditors, accountants and insurance companies. We may, as required, share your personal information with printing and mailing companies, as well as email service providers and other delivery companies. Our email system is cloud based and personal data is held in Microsoft’s cloud environment.
Financial transactions are handled by our card payment service providers, Barclays Bank. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
Where required we will disclose your personal data with law enforcement and fraud prevention agencies. This is so we can help tackle fraud or where such disclosure is necessary for compliance with a legal obligation to which we are subject. Additionally, in order to protect your vital interests or the vital interests of another natural person, or in connection with the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Data is transferred to by our email host and held in UK based accredited data centres. We utilise the service of secure off-site document storage facilities also based in the UK.
BSW Heating Ltd. does process sensitive data as defined by Article 9 of the GDPR. This is employee health data and is used for the purposes of entering into a contract. We use this data to ensure we can comply with any relevant workplace legislation and to discharge our duty of care. In addition we process necessary health and vulnerability data in relation to end users in order to provide suitable and appropriate responses when carrying out our services.
Categories and types of data
For engagement of our Contractors we process:
• Phone number(s)
• Email Address
• Date of birth
• Sickness record
• Driving Licence
• Bank account
• Disclosure and Barring Service check
• Location data
We process the following data of our customers:
• Phone number(s)
• Email address
• Preferred name
• Bank Account/ Credit card details
We process the following data of our Clients:
• Phone number(s)
• Email Address(s)
• Online identifier such as LinkedIn URL
• Fax. No
We process the following personal data of our suppliers:
• Phone number
• Email address
• Preferred name
We collect data in relation to your communications and interaction with us. This can include emails, text messaging, postal service delivery, social media posting or any other form of communication. In addition to the lawful purpose described previously for the above categories, we have a legitimate interest purpose to collect and retain this data to enable and improve our communication and for record keeping purposes.
The data we collect directly from you is the minimum we require to facilitate the lawful processing described above. Personally Identifiable Data placed on our system will be deleted in accordance with legal obligations, such as HMRC rules. Outside of that BSW Heating Ltd. has developed a retention policy to ensure personal data is held only for as long as is required for the purpose we collected it or for our legitimate purposes.
Generally, personal data required for financial transaction and audit purposes, including reporting to the HMRC will be retained for 6 years plus the current year it is collected.
Personal data processed for employment purposes will be held for 6 years after termination of employment or contract. Right to work verification will be retained for 2 years after termination of employment or contract. Employment application data will be retained for a period of 3 months following unsuccessful application. CCTV images will be deleted on rolling basis after 30 days.
Personal data collected for the purposes of engaging with suppliers will be maintained for the duration of the commercial relationship and for a further 7 years thereafter.
Data Storage and Security
BSW Heating Ltd. follows strict security procedures to ensure that your personal information is not damaged, destroyed, or disclosed to a third party without your permission and to prevent unauthorised access. We store data within our own physical network and via cloud services provided by Microsoft Office. Our data is subject to rigorous back up regimes to prevent data loss and continuance of service.
The servers storing personal information are kept in a secure environment with restricted physical access. We use secure firewalls and other measures to restrict electronic access, including anti-virus and anti-malware measures. If the data must be transferred to a third party, we require them to have in place similar measures to protect your personal data. We have a process in place to mitigate the impact of any data breach that should occur.
The information we collect and process as data controllers is restricted to our offices, other than that required to be transmitted to electronic devices operated by our service engineers. Only persons who need the information to fulfil their duties are granted access to personal data. We may require you to cooperate with our security checks before we disclose information to you. You can update the personal information that you give us at any time by contacting us directly.
Cookies from our website
To make our website work properly, we sometimes place small data files called cookies on your device.
What are cookies?
A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.
• your display preferences, such as contrast colour settings or font size
• if you have already replied to a survey pop-up that asks you if the content was helpful or not (so you won’t be asked again)
• analytical purposes
• to allow sharing of information across social media platforms
The cookie-related information is not used to identify you personally and the pattern data is fully under our control. These cookies are not used for any purpose other than those described here.
How to control cookies
You can control and/or delete cookies as you wish – for details, see www.aboutcookies.org You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
Cookies we use are:
- _gid Performance Google Analytics used to store and update a unique value for each page visited.
- _ga Performance Used to calculate visitor, session and campaign data for the site’s analytics reports.
- _gat Performance Used to throttle the request rate – limiting the collection of data on high traffic sites. It expires after 10 minutes.
- _unam Functionality Social sharing widget to enable sharing of content across various social networks.
- _stid Functionality Tracks content you view and share across social media.
Your rights as a data subject
The regulations provide a number of rights to you as the Data Subject. BSW Heating Ltd. is committed to upholding those rights and those applicable to the personal information we collect and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/
• Right of Access – you have the right to know what personal information is held, by whom and why.
• The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified.
• Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations.
• Right to Restrict Processing – If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified.
• Right to Data Portability – You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way.
• Right to Object – You have the right to object to profiling and direct marketing
• You also have rights in relation to automated decision making.
You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office www.ico.org.uk
Automated decision making
BSW Heating Ltd. does not use automated decision making to process personal data.
Third party websites
How to contact us
You can write to us at this address:
BSW Heating Ltd. Ltd.
3 Old Barn Lane,
Surrey. CR8 5AT
You can telephone us on this number:
+44 (0)208 7635 300
You can email us by using this link: