WHO WE ARE?
Homespace Installations Ltd (Starifurb) are a limited company registered in England and Wales under registration number 09287041, with a registered office at Unit 21 Blakenhall Park Bar Lane, Barton Under Needwood, Burton-On-Trent, England, DE13 8AJ. Homespace Installations Ltd are the ‘Controller’ of any personal information we collect about you.
Homespace Installations Ltd offer a range of services to create the perfect balustrade for your home, and provide you with any help you might need, from measuring through to installation.
In this notice, all references to “Stairfurb”, “we”, “our” and “us” are to be taken as references to Homespace Installations.
We promise that your personal data shall be:
- processed lawfully, fairly and in a transparent manner.
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’).
- adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’).
- accurate and, where necessary, kept up to date; every reasonable step will be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased, or rectified without delay (‘accuracy’).
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’).
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
WHAT IS PERSONAL DATA?
The term “personal data” means any information relating to you that identifies you, or through which you can be identified, directly or indirectly. In particular, by reference to an identifier such as a name, an identification number, location data, or an online identifier or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural, or social identity.
THE PURPOSE OF THIS PRIVACY NOTICE
The purpose of this Privacy Notice is to let you know how we process your personal data. This Privacy Notice therefore explains what personal data we collect from you and how we collect, use, store and disclose it. This Privacy Notice also contains information about your rights under applicable data protection legislation.
We are committed to compliance with data protection laws, and we believe that ensuring data protection compliance is the foundation of trustworthy business relationships.
It is important that you read this Privacy Notice together with any other Privacy Notice we provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements the other notices and is not intended to override them.
HOW DO WE USE YOUR PERSONAL DATA?
We will only use your personal data for the purpose we collected it and in accordance with the law. We will not use your personal data for any other purpose without your prior consent. The only exception to this is if it is required or permitted by law, such as where it is necessary for the prevention, investigation, detection or prosecution of criminal offences or the enforcement of civil law matters.
We may use your persona data in connection with the following:
Fulfilling your requests:
- Provide you with the information, products, and services that you have requested from us.
- Complete any transaction you are undertaking with us.
- Carry out our obligations arising from any contracts entered between you and us.
- Allow you to participate in interactive features of our service when you choose to do so – like creating a design on our website.
- Process a job application or enquiry.
- Meet a legal or statutory obligation.
- When you take advantage of our “refer a friend” scheme.
Service Improvements and account management:
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
- To administer our site and for internal business administration and operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- To notify you about changes to our service.
- Provide you with information, suggestions and recommendations about other goods and services we offer that are similar to those that you have already purchased or enquired about (unless you have opted out).
- To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you, which may be based on your activity on our website(s) (the information we use for this purpose is collected using cookies and you can adjust your cookie settings by clicking on cookie settings on our website).
- To contact you after you have entered a competition with us online.
- To contact you after you have entered a promotion of survey.
HOW DO WE COLLECT YOUR PERSONAL DATA?
We will collect your personal data directly from you in the following ways:
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- Sign up to receive our newsletter.
- Make enquiries or request information be sent to you.
- Create a design on our website.
- Order our products or request our services.
- Ask for direct marketing to be sent to you.
- Use our ‘refer a friend’ schemes.
- Participate in our competitions.
- Engage with us on social media.
- Enter a promotion or survey.
- Contact customer services.
- Leave comments or reviews on our products or services.
We also receive personal information indirectly, from the following sources in the following scenarios:
- From providers of services which facilitate our ecommerce operations (including ecommerce platforms and payment and fraud prevention services).
- From analytics providers, advertising networks and search information providers; from data partners.
- From your friends who referred you using ‘refer a friend’ schemes.
We may also collect data that are available via public sources, and from any third parties, who are permitted by law, or have your permission to share information with us, such as review sites, and/or social media.
We may share this information with third parties, listed below. We will only share your personal data when we have a lawful reason to do so, and we require all third parties to have appropriate data protection controls in place. These third parties may only process your data for the purpose in which it was collected, and under instruction of us, the controller.
- Suppliers and service providers (such as outsourced services partners, technology service providers and post and courier services).
- Payment services providers– payment processors may take your personal data directly from you as part of processing a purchase, and they will be data controllers in their own right for that processing.
- Auditors and professional advisers like bankers, lawyers, accountants, and insurers.
- Government, regulators, and law enforcement agencies (when necessary).
OUR LEGAL BASES FOR PROCESSING YOUR DATA
The UK and EU GDPR, (our global standard of compliance) requires that a Controller must have a legal basis for processing personal data. In most instances, our legal bases for processing your personal information are:
- Your consent. You are able to withdraw your consent at any time. You can do this by contacting email@example.com
- We have a contractual obligation.
- We have a legal obligation.
- We have a vital interest.
- We have a legitimate interest.
With your consent we may contact you via email, phone,or other means, to promote, or inform, you about our services. If you have provided consent, we may also contact you to promote services provided by third parties.
We will only provide you with such marketing materials if you have provided consent for us to do so.
Where we contact you for direct marketing purposes, we will comply with the requirements set out in the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).
To start or stop receiving marketing information from us, simply contact us by emailing – firstname.lastname@example.org
HOW LONG WE WILL KEEP YOUR PERSONAL DATA
We will only keep your personal data for as long as is necessary to fulfil the purposes we collected it for, which may include satisfying any legal, accounting, or reporting requirements. The retention period depends on the type of personal data and the reason we are processing it.
When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention periods. Using these criteria, we regularly review the personal data which we hold and the purposes for which it is held and processed.
When we determine that personal data can no longer be retained (or where we must comply you request us to delete your data in accordance with your right to do so) we ensure that this data is securely deleted or destroyed.
SECURITY OF YOUR PERSONAL DATA
In order to protect your personal data, we put in place appropriate organisational and technical security measures. These measures include ensuring our internal IT systems are suitably secure and implementing procedures to deal with any suspected data breach.
In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required, will notify you, and any applicable authority, of such a breach.
TRANSFERRING YOUR PERSONAL DATA OUTSIDE THE EEA
To provide our services, we may need to share your personal data with third parties and suppliers outside the United Kingdom and the European Economic Area (the “EEA”), for example, the United States. If we do this, we will ensure your personal data receives the same protection as if it were being processed inside the United Kingdom and the EEA.
Where we transfer your data outside of the United Kingdom and the EEA we endeavour to safeguard your data, in line with GDPR, by:
- Implementing data processing agreements which incorporate standard contractual clauses (SCCs) including a UK Addendum where necessary, as approved by the UK Information Commissioner’s Office or the European Commission, as appropriate. Such agreements will be preceded by the completion of a Transfer Risk Assessment (TRA).
- To further minimise any risks to your rights, we may, where appropriate, implement additional measures such as:
- Encrypting data when in transit.
- Pseudonymisation of personal data.
- Conducting regular audits to ensure our suppliers and third parties comply with the contracts in place which stipulate the standards they must follow to process personal data.
- In some cases, derogations as outlined in Article 49 in GDPR may be applied. For example, the transfer is necessary for the defence of legal claims.
Your data may be transferred to one or more of the following third countries:
- United States of America
You have rights under the data protection legislation and, subject to certain legal exemptions, we must comply when you inform us that you wish to exercise these rights. There is no charge unless your requests are manifestly unfounded or excessive. In such circumstances, we may make a reasonable charge or decline to act on your request. Before we action your request, we may ask you for proof of your identity. Once in receipt of this, we will process the request without undue delay and within one calendar month. In order to exercise your rights please contact us at – email@example.com.
You can contact us if you wish to complain about how we collect, store, and use your personal data. It is our goal to provide the best possible remedy with regard to your complaints.
However, if you are not satisfied with our answer, you can also contact the relevant competent supervisory authority/regulator. In the UK, the relevant regulator is the ICO.
Your rights in connection with personal information are set out below:
Subject Access Request – You have a right to receive a copy of all the personal data we hold about you.
Rectification – If any of the personal data we hold about you is incomplete or inaccurate, you have a right to have it corrected.
Erasure – This is also known as the “right to be forgotten”. You have a right to ask us to delete your personal data where there is no good reason for us continuing to process it. However, certain criteria apply and if we have a legitimate reason to continue processing your personal data, we will not be legally required to delete it.
Objection – You have a right to object where we are relying on legitimate interests as our legal basis for processing your personal data but, in certain circumstances we may be able to continue with the processing. For example, if we have compelling legitimate grounds which override your interests, rights and freedoms or your personal information is needed for the establishment, exercise, or defence of legal claims. However, you have an absolute right to object to us processing your personal data for direct marketing purposes.
Restriction – You have a right to ask us to restrict the processing of your personal data in certain circumstances. For example, you may require us to suspend processing information about you whilst checks are made to ensure it is accurate.
Portability – You have the right to ask us to transfer any personal data you have provided to us to another party, subject to certain criteria being satisfied. We will provide this personal data in a structured, commonly used, and machine-readable format.
Right to withdraw consent – If you have given us your consent for the processing of your personal data, you can withdraw this at any time. Please note, the withdrawal has no effect on the legality of the data processing carried out in the past on the basis of your consent. To exercise your right to withdraw consent contact us at firstname.lastname@example.org
Right to complain – If you are unhappy with the way in which your personal information has been, or is being processed, you have the right to make a complaint about it to the Information Commissioner’s Office (ICO). They can be contacted at:
Information Commissioner’s Office
If any of your personal data changes whilst you are a user of our services, it is important that you update us about any changes to ensure that the data we hold about you is accurate and up to date.
CHANGES TO THIS PRIVACY NOTICE
We reserve the right to update this Privacy Notice from time-to-time. Updates to this Privacy Notice will be published on our website. To ensure you are aware of when we make changes to this Privacy Notice, we will amend the revision date at the top of this page. Changes apply as soon as they are published on our website. We therefore recommend that you visit this page regularly to find out about any updates that may have been made.