It would be helpful to start by explaining some key terms used in this policy:
- We, us, our – Jigsaw Interior Design Limited, a company registered in England and Wales under company number: 08325539. We also trade as Jigsaw Interior Architecture.
- Our website – www.jigsawinteriordesign.com
- Personal data – Any information relating to an identified or identifiable individual.
- Special category personal data – Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership. Genetic and biometric data (when processed to uniquely identify an individual). Data concerning health, sex life or sexual orientation
- Data subject – The individual who the personal data relates to
PERSONAL DATA WE COLLECT ABOUT YOU
We collect, use, store and transfer different kinds of personal data about you, including in very limited circumstances sensitive health personal data. This may include:
• Full name;
• Email address;
• Telephone numbers (mobile and landline);
• Job title;
• Business name;
• Name of your employer or the organisation you represent;
• Marital status, if you choose to give this to us;
• Date of birth;
• Your gender, if you choose to give this to us;
• Passport information.
• Information relating to your contract(s) with us;
• Billing information and payment card information;
• [Your professional online presence e.g. LinkedIn profile;]
• [Information from accounts you like to us e.g. Facebook;]
• [Information to enable us to undertake credit or other financial checks on you;]
• [Technical information from when you visit our website, including your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website;]
• [Information about how you use our website including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs) and methods used to browse away from the page;]
• [Your personal interests;]
• Marketing and communications information, including your preferences in receiving marketing
from us and your communication preferences; and
• [Information that you volunteer to us when you subscribe to our newsletter, make an online enquiry, request goods or services from us, fill in forms on our website, participate in discussion boards or other social media functions on our website (if any), enter a competition, promotion or survey, provide us with feedback or report a problem with our website and when you correspond with us by telephone, email or otherwise.]
If you do not provide personal data
For customers or suppliers, where we need to collect personal data to enter into a contract with you and you fail to provide that data when requested, we may not be able to enter the contract with you. This data may include your name and contact details For customers, if you thereafter do not provide personal data we ask for, this may delay or prevent us from providing our goods and/or services to you.
HOW YOUR PERSONAL DATA IS COLLECTED
We collect most of this personal data directly from you –in person, by telephone, text or email and/r via our website . However, we also collect information:
• [From publicly accessible sources, e.g. Companies House.]
• Directly from a third party, e.g.
a. credit reference agencies;
b. analytics providers;
c. advertising networks;
d. search information providers;
e. an employee or representative of the organisation for whom you work;
f. manufacturers (when dealing with e.g. warranty claims);
g. finance providers (when you use finance in relation to a contract with us).
• Via our IT systems, e.g.:
a. [from door entry systems and reception logs;]
b. [through automated monitoring of our website and other technical systems, such as computer networks and connections, CCTV and access control systems, communication systems, email and instant messaging
HOW AND WHY WE USE YOUR PERSONAL DATA
Under data protection law, we can only use your personal data if we have a proper reason for doing
so, for example:
• to comply with our legal and regulatory obligations;
• for the performance of our contract with you or to take steps at your request before entering into a contract;
• for our legitimate interests or those of a third party; or
• where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
The table below explains what we use your personal data for and our lawful basis for doing so.
What we use your personal data for / Our lawful basis for processing
- For individual customers with whom we have contracts – to provide our goods and/or services to you / Necessary for the performance of our contract with you or to take steps at your request before entering into a contract.
For prospective individual customers e.g. for corresponding with you about the goods and/or services we offer, to provide a quotation and to respond to your queries / Necessary for our legitimate interests or those of a third party e.g. to deal with pre-contractual enquiries or issues
- For individuals who work for or represent corporate customers with whom we have contracts e.g. for corresponding with you about the goods and/or services we offer, to provide a quotation, to respond to your queries and to provide the organisation you work for or represent with our goods and/or services / Necessary for our legitimate interests or those of a third party e.g. to deal with pre-contractual enquiries or issues and provide the organisation you work for or represent with our products and/or services
- For individuals who work for or represent prospective corporate customers e.g. for corresponding with you about the products and/or services we offer, to provide a quotation and to respond to your queries / Necessary for our legitimate interests or those of a third party e.g. to deal with pre-contractual enquiries or issues
- For individual suppliers with whom we have contracts e.g. for corresponding with you about the products or services you offer, to obtain a quotation and to take steps under the contract with you / Necessary for the performance of our contract with you or to take steps at your request before entering into a contract with you
- For individuals who work for or represent corporate suppliers e.g. for corresponding with you about the products or services your organisation offers, to obtain a quotation and tomanage the contract with the organisation you work for or represent / Necessary for our legitimate interests or those of a third party e.g. to deal with pre-contractual enquiries or issues and to manage the contract with the organisation you work for or represent
- For individuals who work for or represent prospective corporate suppliers e.g. for corresponding with you about the products or services your organisation offers and to obtain a quotation / Necessary for our legitimate interests or those of a third party e.g. to deal with pre-contractual enquiries or issues
- To assist individual customers with obtaining finance / Necessary for our legitimate interests or those of a third party i.e. to assist you with securing
- To deal with manufacturer warranty issues and safety recalls / Necessary for the performance of our contract with you / Necessary to comply with our legal obligations
- To manage our relationship with you, or the organisation which you work for or represent, which will include (where appropriate) notifying you about changes to our terms of business or privacy notice or dealing with complaints / Necessary to comply with our legal obligations / Necessary for our legitimate interests i.e. to manage our relationship with you or the organisation you work for or represent, and to analyse and improve the products or services we offer
- To prevent and detect fraud against you or us / Necessary for our legitimate interests or those of a third party i.e. to minimise fraud that could be damaging for us and for you
- Conducting checks to identify our customers and verify their identity / To comply with our legal and regulatory obligations
- Credit reference checks via external credit reference agencies where it is a condition of us entering into a contract with you / Necessary for our legitimate interests or those of a third party i.e. to ensure our customers are likely to be able to pay for our products and services
- Other processing necessary to comply with legal and regulatory obligations that apply to our business (e.g. under health and safety law or as otherwise permitted or required by law / Necessary to comply with our legal obligations
- Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies / Necessary to comply with our legal obligations
- Ensuring our business policies are adhered to e.g. policies covering data security / Necessary to comply with our legal obligations / Necessary for our legitimate interests of those of a third party e.g. to make sure were are following our own internal procedures so we can deliver the best service we are able to at the best price
- Operational reasons, such as improving efficiency, training and quality control / Necessary for our legitimate interests or those of a third party e.g. to be as efficient as we can so we can deliver the best service for you or the organisation you work for or represent, at the best price
- Ensuring the confidentiality of commercially sensitive information / Necessary to comply with our legal obligations / Necessary for our legitimate interests or those of a third party i.e. to protect commercially valuable information
- Statistical analysis to help us manage our practice e.g. in relation to our financial performance, client base, work type or other efficiency measures / Necessary for our legitimate interests or those of a third
party i.e. to be as efficient as we can so we can deliver the best service we are able to at the best price
- Preventing unauthorised access and modifications to systems / Necessary to comply with our legal obligations / Necessary for our legitimate interests or those of a third party i.e. to prevent and detect criminal activity that could be damaging for us and for you or the organisation you work for or represent
- Updating and maintaining customer and supplier records / For individual customers, necessary for the performance of our contract with you or to take steps at your request before entering into a contract / Necessary to comply with our legal obligations / Necessary for our legitimate interests or those of a third party i.e. to make sure we can keep in touch with our customers
- Staff management and administration / Necessary for our legitimate interests or those of a third party i.e. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service that we are able to
- External audits for the audits of our accounts / Necessary to comply with our legal obligations
- To keep you updated of special offers and general information via our newsletter. / With your consent.
- Marketing our services to
– existing and former customers;
– third parties who have previously expressed interest in our services;
– third parties with whom we have had no previous dealings.
For our legitimate interests i.e. to promote our business to existing and former customers.
- To enforce or apply our terms and conditions or any other agreements / Necessary for our legitimate interests or those of a third party i.e. to enforce our legal rights and protect our business
- To administer and protect our business and our website (including troubleshooting, data analysis, testing / Necessary for our legitimate interests e.g. for running our business, provision of administration and IT services,
network security and to prevent fraud / Necessary to comply with our legal obligations system maintenance, support, reporting and hosting of data)
- To deliver relevant website content to you and measure or understand the effectiveness of the content / Necessary for our legitimate interests e.g. to study how customers use our products and/or services, to develop them, to grow our business and to inform our marketing strategy
- To use data analytics to improve our Website, products and/or services, marketing, customer relationships and experiences / Necessary for our legitimate interests e.g. to define types of customers for our products and/or services, to keep our Website updated and relevant, to develop our business and inform our marketing strategy
- For testimonials on our website / With your consent.
- For recording and/or reporting accidents at our premises or connected with our services or business. / Necessary to comply with our legal obligations
Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.
We may use your personal data to send you periodic communications by email about our goods and/or services that might be of interest to you.
We will always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes.
You have the right to opt out of receiving marketing communications at any time by:
• emailing – [email protected]
• writing to us at 2 Wolterton Road Poole Dorset BH12 1LR
• calling us on 01202 767488; or
• using the ‘unsubscribe’ link in our emails.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
Third party marketing
We will get your express opt-in consent before we share your personal data with any other company for marketing purposes.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk.
Our website may, from time to time, include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our Website, we encourage you to read the privacy notice of every website you visit before you submit any personal data to these websites.
Our website is not intended for children and we do not knowingly collect data relating to children.
individuals. Usage information helps us to improve our website and to deliver a better and more personalised service. Some of the cookies we use are essential for our website to operate.
HOW AND WHY WE USE YOUR PERSONAL DATA – SPECIAL CATEGORY DATA
Certain personal data we collect is treated as special category data to which additional protections apply under data protection law:
Where we process special category personal data, we will also ensure we are permitted to do so
under data protection laws, e.g:
• we have your explicit consent;
• the processing is necessary to protect your (or someone else’s) vital interests where you are
physically or legally incapable of giving consent; or
• the processing is necessary to establish, exercise or defend legal claims.
WHO WE SHARE YOUR PERSONAL DATA WITH
We routinely share personal data with:
• third parties we use to help deliver our goods and/or services to you, e.g. payment service providers, warehouses and delivery companies;
• third party finance providers when you wish to use finance in connection with your purchase;
• other third parties we use to help us run our business, e.g. marketing agencies or website hosts;
• third parties approved by you, e.g. social media sites you choose to link your account to or third party payment providers;
• credit reference agencies;
• our insurers and brokers;
• our banks;
We only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you.
We or the third parties mentioned above occasionally also share personal data with:
• our and their external auditors, e.g. in relation to the audit of our accounts, in which case the recipient of the information will be bound by confidentiality obligations;
• our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations;
• law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations;
• other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations
Who we share your personal data with—further information
If you would like more information about who we share our data with and why, please contact us (see
[‘How to contact us’] below).
TRANSFERRING YOUR PERSONAL DATA OUTSIDE OF THE UK
Some of organisations with whom we share your personal data are based outside the UK so their processing of your personal data will involve a transfer outside of the UK.
These transfers are subject to special rules under UK data protection law.
Some countries have been assessed as providing an adequate level of protection for personal data. Other countries are not considered to have sufficient data protection laws. We will, however, ensure the transfer complies with UK data protection law. We will do this by ensuring one of the following (or one of the other grounds set out in UK data protection law) applies:
• your data is transferred to countries that have been deemed to provide an adequate level of protection for personal data;
• the transfer is necessary for the performance of a contract between you and us;
• the transfer is necessary to establish, exercise or defend legal claims;
• there are adequate safeguards in place, together with enforceable rights and effective legal remedies for you; or
• you have provided explicit consent to the proposed transfer after being informed of any potential
Please contact us (see below: how to contact us if you want further information on data transferred
outside of the UK and the specific mechanism used by us for the same.
WHERE YOUR PERSONAL DATA IS HELD
Personal data may be held at our offices and those of our third party agencies, service providers,representatives and agents as described above (see above: ‘Who we share your personal data with’).
Some of these third parties may be based outside the UK. For more information, including on how we safeguard your personal data when this happens, see below:
HOW LONG WE KEEP YOUR PERSONAL DATA
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including;
• to meet our obligations to you in respect of goods or services you engage us to supply;
• to respond to any questions, complaints or claims made by you or on your behalf;
• to show that we treated you fairly; and
• to keep records required by law to comply with our legal obligations.
We will not retain your data for longer than necessary for the purposes set out in this notice. Different retention periods apply for different types of personal data, further details of this are available on request [If we are no longer providing goods or services to you, we will delete or anonymise your account data after seven years. Following the end of the of the relevant retention period, we will delete or anonymise your personal data.
KEEPING YOUR PERSONAL DATA SECURE
We have put in place reasonable and appropriate security measures to endeavour to prevent personaldata from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA
Data protection law gives you certain rights, which you can exercise free of charge. Your rights will differ depending on our lawful basis for processing your data:
Access – The right to be provided with a copy of your personal data
Rectification – The right to require us to correct any mistakes in your personal data
To be forgotten – In certain situations, the right to require us to delete your personal data
Restriction of processing – In certain situations, the right to require us to restrict processing of your personal data e.g. if you contest the accuracy of the data
Data portability – In certain situations, the right to ask us to transfer any personal data you provided to us to another organisation
To object – The right to object at any time to your personal data being processed for direct marketing and in certain other situations to our continued processing of your personal data e.g. where processing is carried out for the purpose of our legitimate interests
To withdraw consent – If you have provided us with consent to use your personal data you have the right to withdraw that consent at any time.
We do not use personal data for automated decision making.
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please email, write or telephone us (see below: [‘How to contact us’]) and let us have enough information to identify you as well as what right you want to exercise and the personal data to which your request relates.
HOW TO COMPLAIN
We hope that we can resolve any query or concern you may raise about our use of your personal data. If you want to complain about how we have used your personal data, please email or write to us (see below: [‘How to contact us’]). However, if we are not able to resolve your complaint to your satisfaction, you can complain to the Information Commissioner’s Office (ICO). Further information about how to make a complaint to the ICO can be found on the ICO website www.ico.org.uk.
We may change this privacy notice from time to time and when we do so, we will inform you via our website. If any changes are likely to have an adverse impact on your rights under data protection law, we will use reasonable endeavours to notify you of the changes in advance in writing or by alternative means.
CHANGES TO YOUR PERSONAL DATA
It is important that the personal data we hold about you is accurate and current.
Please let us know if you change your name, address or any other personal detail (see below: [‘How to contact us’]).
HOW TO CONTACT US
Email: [email protected];
Telephone: Poole Office: +44 (0)1202 767 488;
Post: Poole Office: 2 Wolterton Road, Branksome Trading Estate, Poole, Dorset BH12 1LR;
Do you need extra help?
If you would like this notice in another format (for example large print) please contact us (see above:
[‘How to contact us’]).