Privacy Policy

This privacy notice (“Notice”) sets out how Blackpool Industrial Roofing Limited uses and protects your personal data through the use of this website, including any data you may provide when you register with us or purchase, or otherwise receive, a service from us, in accordance with the UK General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018.

Blackpool Industrial Roofing Limited is the data controller (“BIR”, “we”, “us” or “our”) and is responsible for the personal data of users of this website and any other of our platforms (“you”, “your”, or “yours”).

About Us

We are Blackpool Industrial Roofing Limited. We are a private limited company (company number 01131741). Our registered office address is 8 Cocker Avenue, Poulton-Le-Fylde, Lancashire, FY6 8JU. We are registered as a data controller with the Information Commissioner’s Office and our registration number is ZB227411. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this Notice. 

We aim to process information about you fairly, lawfully and in a transparent manner. The aim of this Notice is to provide you with sufficient information for you to be able to understand what we are doing with your information. If you are unsure how we are handling information about you or you think we could improve our privacy information, please let us know.

This Notice, will:

  • set out the types of personal data that we collect;
  • explain how and why we collect and use your personal data;
  • explain when and why we will share personal data within BIR and other organisations; and
  • explain the rights and choices you have when it comes to your personal data.

We ensure that the appropriate technical and contractual measures are in place to provide security of your personal information, guard against unauthorised or unlawful processing of such information and guard against accidental loss, destruction, disclosure, or damage of it.

This Notice also applies if you contact us, or we contact you. 

Link

Our website may contain links to other websites operated by other organisations that have their own privacy notices. Please make sure you read their terms and conditions and privacy notices carefully before providing any personal data as we are not responsible for the content of these websites, their own privacy notices or for the way in which they hold and treat information about their users.  In particular, unless expressly stated, we are not agents for these sites, nor are we authorised to make representations on their behalf.

Personal information that we collect

Personal data means any information about an individual from which that person can be identified.

We may collect, use, store and transfer different kinds of data about you as follows:

  • the personal data that you may enter whilst you are enquiring about or using our service, including your name, (home or work) address, email address and telephone number, and social media handle;
  • other profile data including your date of birth and gender that you may enter whilst you are using our service (website or otherwise);
  • purchase data including the fact that you ordered a service from us, and payment details provided for billing purposes;
  • technical data including your internet protocol (“IP”) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website ; and
  • your marketing and communications preferences for us and third parties.

Although we do not envisage it to be part of our normal processing, we may need, on occasions, to process special categories of personal data, or other sensitive data, in order to comply with the law. If we do process such data, we will do so according to data protection law. We will process such data using one or more lawful bases and Article 9 exceptions set out in the UK GDPR.

How is your personal data collected?

The information we hold will either have been provided by you (e.g. as you interact with us) or be collected by automated technologies as you interact with our website. As you interact with our website, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.

We do not use automated decision-making on your personal data.

Legal Basis

The law requires us to have a lawful basis for collecting and using your personal data. We rely on one or more of the following lawful bases:

Consent

This applies when you contact us or we contact you and you provide your personal data and specific consent for us to use that data to provide a service.  For example:

  • to send you information about our services;
  • details of the emails and other digital communications we send to you that you open, including any links in them that you click on;
  • your feedback and contributions to customer surveys and questionnaires; and
  • dealing with a customer complaint you have raised with us, and we need to contact you for further information or to otherwise resolve the complaint.

When collecting your data, we will ensure it is clear to you what you are consenting to.  You have the right to withdraw consent to any processing that you have previously given consent to at any time.

Contractual Obligations

This applies when you provide us with your personal data in order for us to provide you with a service.  For example, when you make a purchase for a service, we’ll collect your address details in order to carry out the service. 

Legal Obligations

This is where we need to process your data in order to comply with the law.  For example, we can pass on details of individuals involved in criminal activity if required to by law enforcement.

Legitimate Interests

This is where we can use personal data to enable us to accomplish our legitimate interests as may be reasonably expected as part of running our business.  For example, we may review your order history with us to ensure we are providing you with the correct service.  Also, we may contact you for feedback on the orders provided for service improvement purposes.  

Other People’s Information

If you provide us with information about another person, you confirm that they have appointed you to act for them i.e. you are their Carer, Parent or Guardian, they consent to the processing of their personal data and that you have informed them of our identity and the purposes (as set out above) for which their personal data will be processed. You will produce clear evidence to show you have been appointed and are able to share their personal information. When we first speak to them, we may tell them where we have got their information from.

How and why we use personal data

Your personal data is used to support a range of different activities.  These are listed in the table below together with the types of data used and one or more lawful bases that we rely on when processing them, including where appropriate, our legitimate interests.  Please be aware that we may process your personal data using more than one lawful basis, depending on the specific activity involved, and not all lawful bases stated may be applicable for each occurrence of processing.  Please contact us if you need details about the specific legal grounds we are relying on to process your personal data where more than one ground has been set out in the table below.

  Information  Purpose/Activity  Legal Basis
Name, address, and email addressThis information is for us to set you up in our CRM system. To manage our relationship with visitors to our website, including responding to correspondence. To complete your orders, or communicate with you on prospective orders, when requested via our website, telephone, social media or at a virtual or face to face event .  To send you marketing information about existing and new services. To contact you about becoming a candidate for market research or new service trials.  To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).Consent Contractual obligations Necessary for our legitimate interests in ensuring we are providing you with the correct service Necessary for our legitimate interests in running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise  
Other profile dataThis information is essential for us to set you up in our CRM system. To manage our relationship with visitors to our website, including responding to correspondence. To ensure we are sending or tracking the correct orders to the correct customers. To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).Consent Contractual obligations Necessary for our legitimate interest in ensuring we are providing you with the correct service Necessary for our legitimate interests in running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise  
Telephone numberThis information is for us to be able to communicate with you on orders placed or prospective orders. To manage our relationship with visitors to our website, including responding to correspondence. To answer any queries or concerns you may have about your orders. To contact you about becoming a candidate for market research or new trials. To follow up with you periodically to see how you are getting on and if you need any further advice or support.  To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).Consent Contractual obligations Necessary for our legitimate interests in ensuring we are providing you with the correct service Necessary for our legitimate interests in running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise  
Purchase dataThis information is for us to set you up in our CRM system. To process and track orders to ensure we send/ complete your orders when made online, via telephone, via social media or at a virtual or face to face event.Consent Contractual obligations Necessary for our legitimate interests in ensuring we are providing you with the correct orders    
Technical DataTo use data analytics to improve our website, marketing, relationships and experiences.Necessary for our legitimate interests to better understand visitors to our website and their use of our services, to keep our website up to date, to develop our business and to inform our marketing strategy  
Marketing and communications preferencesTo contact you in accordance with your preferences, but only if you have given us consent.Consent Necessary for our legitimate interests in running our business, and providing you with the service you are after  
Collection and storage of data analyticsThis information enables us to improve the performance of our website.  Consent Contractual obligations Necessary for our legitimate interests in allowing us to see who is visiting our website, and ensure our website content is up to date and contains relevant information to meet the needs of customers/ prospective customers. Also, in enabling us to monitor customer relationships and experiences and to carry out market research, statistical and survey activities

Who do we share this information with?

We may share your personal information with external third parties  in the following situations:

  • service providers who provide IT systems and software, and to host our website;
  • third party service providers that we engage to deliver the material regarding the service you have ordered or for marketing purposes.  We only use reputable service providers i.e. Royal Mail, Parcel Force etc;  
  • analytics and search engine providers that assist us in the improvement and optimisation of our website;
  • HM Revenue & Customs, regulators and other authorities based in the United Kingdom;
  • in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  • if BIR or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements, or to protect the rights, property, or safety of BIR, our customers, or others;  
  • disclose information about you as required by law, to enforce an agreement and to preserve our rights; and         

  • Third Party links:  the website may include links to third-party websites, plug-ins and applications.  Clicking on those links or enabling those connections may allow third parties to collect or share your personal information.  We do not control these third-party websites and are not responsible for their privacy statements.  We encourage you to read the privacy notice of every website you visit.

Third parties only have access to personal information to perform the described purposes and may not use it for other purposes. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We try to ensure this by having data processing agreements with these third parties, requiring that the third party takes such measures in order to maintain our commitment to protecting data. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Marketing and market research

This section explains the choices you have when it comes to receiving marketing communications and taking part in market research.

We will send you details regarding the following:

  • service information;
  • event information; and
  • newsletters,

but only if you have previously not opted out of receiving these marketing communications. When you register with us, we will ask if you would like to receive marketing communications, and you can change your marketing choices online, over the phone or in writing at any time.

Protection of Information

We are committed to ensuring that your information is secure.  In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information that we collect.  For example:

  • we limit employee access to customer information to only those who have a business reason to know this information. They will only process your personal data on our instructions and they are subject to a duty of confidentiality;
  • we maintain policies and procedures covering the physical security of workplaces and records to ensure no improper use or disclosure of information, no unauthorised modification of personal data and no unlawful destruction or accidental loss of personal data; and
  • we use technological means such as a secure cloud-based server, virus detection software, encryption, firewalls and SSL/ TLS technology to protect against unauthorised access or alterations to customer data.

We have put in place procedures to deal with any suspected personal data breach  and will notify you and any applicable regulator of a breach where we are legally required to do so.

All of our employees and data processors, who have access to, and are associated with the processing of personal data, are required to respect the confidentiality of our customers’ personal data. 

Whilst we take appropriate technical and organisational measures to safeguard your personal data, please note that we cannot guarantee the security of any personal data that you transfer over the Internet to us.

How long will you hold my information for?

We will only retain your personal information for as long as is reasonably necessary to enable us to fulfil the purpose we have collected it for, including for the purpose of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period where we have a legal reason for doing so, in the event of a complaint, or if we reasonably believe there is a prospect of litigation in respect of the relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purpose for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Where your information is no longer required, we will ensure it is disposed of in a secure manner.  Where you request that you would not like to receive further marketing communications from us, we will retain your details on a “deactivation list” to ensure that no further marketing communications are sent.

By law, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers.

In some circumstances, you can ask us to delete your data: see ‘Your Rights’ below for further information.

Your Rights

You have the following rights in relation to your personal data:

Right to be informed:  know how we use your data – which is provided to you within this Notice.

Access request: (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information held about you and to check that we are lawfully processing it. This information will be provided within 1 month of receipt of the request.  Occasionally it may take us longer than a month if the request is particularly complex or a number of requests have been made.

To request correction of the personal information that we hold. This enables the correction of any incomplete or inaccurate information we hold, though we may need to verify the accuracy of the new information provided to us.

To request erasure of personal information. This enables the deletion or removal of personal information where there is no good reason for us continuing to process it. A request can also be made for deletion or removal of personal information where the right to object to processing has been successfully exercised (see below), where we may have processed information unlawfully or where we are required to erase personal information to comply with local law. Note, however, that we may not always be able to comply with requests of erasure for specific legal reasons. Notification of this will be given, if applicable, at the time of any request.

To object to processing of personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process information which override your rights and freedoms.

To request restriction of processing of personal information. This enables a request to be made to us to suspend the processing of personal information in the following scenarios: (a) if you want us to establish the information’s accuracy; (b) where our use of the information is unlawful but you do not want us to erase it; (c) where you need us to hold the information even if we no longer require it because it is needed to establish, exercise or defend legal claims; or (d) you objected to use of the information but we need to verify whether we have overriding legitimate grounds to use it.

To request the transfer of personal information back to whom it belongs or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which we were given consent to use or where we used the information to perform a contract with you.

To withdraw consent at any time where we are relying on consent to process personal information. However, this will not affect the lawfulness of any processing carried out before the withdrawal of consent. If consent is withdrawn, we may not be able to provide certain services. We will advise if this is the case at the time of the withdrawal of consent.

If you wish to exercise any of these rights, then please contact us by using the details provided under the ‘How to contact us’ section below. 

There is no fee to access personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if a request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with a request in these circumstances.

We may need to request specific information to help us confirm your identity when making the request and ensure your right to access the personal information (or to exercise any of the other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to the request to speed up our response.

How to contact us

Please send any questions, comments or requests for information to [email protected] .

If you have a concern about the way we are collecting or using your personal information, we would ask that you raise your concern with us in the first instance by using the contact details above.

You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, should you feel that we have not handled your information in line with legislative and regulatory requirements.  Details of how to contact the ICO can be found on their website: www.ico.org.uk/.

Changes to this privacy notice

We reserve the right to change this Notice at any time, so please check back regularly to keep informed of updates to this Notice.