Arran Isle Limited and its group companies are committed to protecting and respecting your privacy.
||Controller name, company registration number and Data Protection Act (DPA) registration number
||Heywood Williams Components Limited, company no. 2523354, DPA registration Z8038819, trades as Window Ware, Mila Hardware and Mila Maintenance.
||The above companies all have their registered address at Brindley House, Premier Way, Lowfields Business Park, Elland HX5 9HF.
Information we may collect from you
We will collect and process the following data about you either from your use of our site, or when you contact us, open an account or place an order:
- Information you give us. This is information about you that you give us by filling in forms on our site or by corresponding with us by phone, fax, EDI, face-to-face, e-mail or otherwise and includes information you provide when you register an account, submit an enquiry, place an order with us or when you report a problem with our site or submit a complaint. The information you give us may include your name, address, business role, gender, e-mail address, user name and password, phone number, details of any comments you provide to us and financial and credit card information. Other information you give us may include feedback regarding our products and responses to surveys and/or market research (although you do not have to respond to such surveys or requests). We may also collect and process records of any correspondence and communications with us and telephone calls and CCTV may also be recorded. You may also give us information through job applications and CVs.
- Information we collect about you. With regard to each of your visits to our site we may automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, MAC addresses, traffic data, location data, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform and cookies, which will be collected in accordance with the relevant group company’s cookies policy;
- details of your visits to our sites and your preferences and habits when making a purchase; we will use this information to create a profile of you, for the purpose of enhancing your customer experience with us;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), services you viewed or searched for your conduct via the site and (where relevant) details of the fulfilment of any of your orders, and any other site activity, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call us; and
- your transaction/account history.
- Information we receive from other sources. We are also working closely with third parties (including, for example, business partners, credit reference agencies, sub-contractors in technical, payment and delivery services, analytics providers and search information providers) and may receive information about you from them.
HOW WE USE YOUR INFORMATION
We use information held about you in the following ways:
- Information you give to us. We will use this information:
- to carry out our obligations arising from any agreements entered into between you and us and to provide you with the information, products and services that you request from us, including to check any instructions given to us;
- for training purposes in order to improve the quality of our customer service;
- to carry out appropriate and necessary investigations and discharge our legal and regulatory obligations and duties, including to comply with anti-fraud and anti-money laundering requirements and for crime prevention;
- to send you a welcome email to verify your account when you register and other emails for the purposes of providing any services, products, competitions or promotions to you, including in relation to account management or system maintenance;
- to provide you with marketing information about other services or products we offer that (a) you have consented to receive; or (b) are similar to those that you have already bought (in which case it will only be the company you bought the same/similar services or products from who will contact you for this purpose);
- to notify you about changes to our services and/or products;
- build a profile of you, your preferences and your habits;
- to provide customer support; and/or
- to ensure that where you have an online account, content from the site is presented in the most effective manner for you and for your computer.
Please note we will not use any financial or credit card information for any purpose other than to discharge our legal/regulatory duties and to process payments paid by you for our products and services or due to you by agreement.
- Information we collect about you. We will use this information:
- to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to discharge our legal and regulatory obligations and duties, including to comply with anti-fraud and anti-money laundering requirements and for crime prevention;
- to assess and control credit risk;
- improve our site and to ensure that where you have an online account, content is presented in the most effective manner for you and for your computer;
- to enhance our site to ensure you receive a personalised and continuously improving customer service;
- to allow you to participate in interactive features of our site, when you choose to do so;
- as part of our efforts to keep our site safe and secure;
- for data-matching purposes in respect of your use of our site/services and your use of certain third party services;
- to deliver (whether directly or indirectly via third parties) effective and personalised marketing material and content from Arran Isle Limited and its subsidiaries and to assist us in the improvement and optimisation of advertising, marketing material and content, our services and the sites and/or the services of any other company in the Group;
- to measure, understand or monitor the effectiveness of advertising, promotions, marketing material and content and any joint initiatives with our affiliates, suppliers, partners, subcontractors and other selected third parties;
- build a profile of you, your preferences and your habits;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you where permitted; and/or
- to make suggestions and recommendations to you and other users of our site or services about goods or services that may interest you or them.
- Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
- We may use the personal data we collect about you on an anonymised basis to create statistics and anonymised information which we then share with third parties including ad networks, search engines and analytics providers.
USING YOUR INFORMATION IN ACCORDANCE WITH DATA PROTECTION LAWS
- Compliance with legal obligations: As a corporate group there are certain laws we need to comply with. In particular, we will need to process your personal information to verify your identity, and your source of funds for anti-money laundering, fraud and crime prevention purposes. Failure to provide the requisite personal information on sign-up/as you use our site, will unfortunately mean we cannot provide our products to you, as to allow you to purchase our products would mean we would be in breach of our legal obligations. You will not be able to object to processing or ask for the deletion of your personal information insofar as it falls under this category.
- Necessary for the entry into/performance of a contract: When you enter into a transaction with us, a contract between you and the relevant group entity will have been entered into. In order for us to fulfil our obligations under such contract (e.g. to allow you to place an order and receive the products), we will need to collect and process your personal information. Failure to provide the requisite personal information on sign-up and financial information on entering into the transaction or objecting to this type of processing/exercising your deletion rights will unfortunately mean we cannot provide our products to you.
- Consent: We may provide you with certain marketing information about third party services or products where you have provided your explicit consent for us to do so. Please note that we will use your personal information in order to provide certain marketing information for the same or similar products you have previously bought. You have the right to withdraw your consent at any time and can object to processing of this nature.
||We have a legitimate interest in processing your information as:
· both you and we benefit from the effective management of your account(s) (where applicable);
· both you and we benefit from the effective management, updates and administration of our site; and
· we would be unable to provide our services without processing your information.
||We consider that it is reasonable for us to process your personal data for the purposes of our legitimate interests outlined above as we process your personal data only so far as is necessary to provide our goods and/or services.
|Impact of processing
||We consider that it is reasonable for us to process your personal data for the purposes of our legitimate interests outlined above as it can be reasonably expected for us to process your personal information in this way to provide our goods and/or services, we will implement safeguards for vulnerable individuals, and you are able to withdrawn your consent to the processing of special categories of personal data.
HOW LONG WE KEEP YOUR INFORMATION FOR
When your data is no longer required for the purposes listed above, we will delete it within 6 years from the closure or your account/ delivery of your order or of our last positive interaction with you. This data is archived where customers or account holders are inactive for a period of 24 months. We keep your personal information for 6 years, to enable us to retain the information we may require for legal and regulatory purposes.
In some circumstances, some of your data will be deleted in much shorter timescales, where possible, for example:
- Call and CCTV recordings will typically be deleted after 6 months;
- Marketing consents will be refreshed or deleted after 24 months;
- Marketing emails and other communications where possible will typically be deleted after 24 months; and
- Business contact details will typically be deleted once our relationship (i.e. our contract) has come to an end.
Disclosure of your information
We may share your personal information with any member of the Arran Isle group, which means the ultimate holding company, Arran Isle Limited, and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (“Arran Isle Group“).
We will only disclose your information to:
- business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you including service providers who operate elements of our site service and process personal data on our behalf. These may include businesses who provide technology services such as hosting for our servers and email distribution, and business partners who provide delivery fulfilment services. We may also disclose your personal data to our supply and delivery partners for the purpose of processing and fulfilling your order;
- members of the Arran Isle Group business partners and third party suppliers and service providers for the purposes listed under HOW WE USE YOUR INFORMATION above;
- third party suppliers and service providers to the extent they assist the Arran Isle Group with its legal/ regulatory obligations e.g. providers of services in respect of anti-money laundering, fraud, verification etc;
- selected third parties so that they can contact you with details of the services that they provide, where you have expressly opted-in/consented to the disclosure of your personal data for these purposes;
- analytics and search engine providers that assist us in the improvement and optimisation of our site and other selected third parties; and
- law enforcement or fraud prevention agencies, as well as our legal advisers, courts and any other authorised bodies, for the purposes of investigating any actual or suspected criminal activity or other regulatory or legal matters etc.
We will disclose your personal information to third parties:
- in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
- in the event of any insolvency situation (e.g. the administration or liquidation) of Arran Isle Limited or any of its group entities;
- if we, or substantially all of our assets, are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets;
- to the extent required where charges and security are held over our assets.
- to protect the rights, property, or safety of us, our staff, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of staff and customer safety, crime prevention, fraud protection and credit risk reduction; and
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or regulatory requirements, or otherwise for the prevention or detection of fraud or crime.
CREDIT REFERENCE AGENCIES AND CREDIT CIRCLES
In order to process your customer account application we may supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at http://www.experian.co.uk/crain/index.html
Where our businesses are members of Credit Circles, information including trade credit performance will be made available to other participating organisations.
WHERE WE STORE YOUR PERSONAL DATA
SECURITY OF YOUR PERSONAL DATA
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site/your account, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
You have a number of rights under data protection law in relation to the way we process your personal data. These are set out below:
||DESCRIPTION OF RIGHT
A right to access personal data held by us about you.
|A right to require us to rectify any inaccurate personal data held by us about you.
|A right to require us to erase personal data held by us about you. This right will only apply where (for example): we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your personal data based on your consent; or where you object to the way we process your data (in line with Right 6 below).
|In certain circumstances, a right to restrict our processing of personal data held by us about you. This right will only apply where (for example): you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or where we no longer need to use the personal data to achieve the purpose we collected it for, but you require the data for the purposes of dealing with legal claims.
|In certain circumstances, a right to receive personal data, which you have provided to us, in a structured, commonly used and machine readable format. You also have the right to require us to transfer this personal data to another organisation, at your request.
|A right to object to our processing of personal data held by us about you where the processing of such data is necessary for the purposes of our legitimate interests, unless we are able to demonstrate, on balance, legitimate grounds for continuing to process personal data which override your rights or which are for the establishment, exercise or defence of legal claims (including for the purposes of sending marketing materials to you).
||A right for you not to be subject to a decision based solely on an automated process, including profiling, which produces legal effects concerning you or similarly significantly affect you.
||A right to withdraw your consent, where we are relying on it to use your personal data.
You may contact us using the details below to exercise any of these rights, and we will respond to any request received from you within one month from the date of the request.
Contact email address for each of our group companies are shown below:
Please address any questions, comments and requests regarding our data processing practices to the relevant email address in the first instance.
If you have any concerns regarding our processing of your personal data or are not satisfied with our handling of any request by you in relation to your rights, you also have the right to make a complaint to the Information Commissioner’s Office. Their address is:
First Contact Team
Information Commissioner’s Office
This policy was last reviewed and updated: April 2018