2. WHO WE ARE
2.1. In this Privacy Statement the terms ("we", "us", "our") refers to "Saint-Gobain Insulation UK”, "Celotex", and “Isover", and for the purposes of the General Data Protection Regulation "Celotex", and “Isover" are the data controllers ("Data Controller") of the data we hold on you. The registered offices of ("Celotex", and “Isover ") are Saint-Gobain House, East Leake, Loughborough, Leicestershire, LE12 6JU. 2.2. A “data controller” determines the purpose and means of processing your personal data.
3. HOW WE COLLECT YOUR PERSONAL INFORMATION
We may collect and process the following information about you: 3.1. Personal information you give to us: this is information about you that you give to us: by entering information on one of our websites; when visiting a branch; via our mobile applications; via social media platforms; when corresponding with us by phone, email or otherwise; by entering competitions run by us; by taking surveys undertaken by us or on our behalf; when participating in promotional events; and when you open an account with us. 3.2. Personal information we collect about you: we may collect the following information: details of transactions you carry out through the websites, and your visits to our websites, including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources you access; technical information including anonymous data collected by the hosting server for statistical purposes, the Internet Protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; any personal information which you allow to be shared as part of your public profile or third party social network; information you provided to us in response to a survey or competition; information resulting from enquiries, quotations or sales whether by phone, email or in person in a branch. 3.3. Personal information we may receive from other sources: We obtain certain personal information about you from sources outside our business which may include our group companies or other third party companies. We will tell you when we obtain information about you from third party companies.
4. WHAT TYPE OF PERSONAL INFORMATION DO WE COLLECT AND PROCESS ABOUT YOU
5. WHY AND HOW WE USE YOUR PERSONAL INFORMATION
6. OTHERS WHO MAY RECEIVE OR HAVE ACCESS TO YOUR PERSONAL INFORMATION
6.1. If you ask us not to contact you in future, we will take this as an instruction not to do so and will amend our records accordingly. 6.2. We will also share your personal information to third parties in the following circumstances: our suppliers, service providers and subcontractors, such as credit reference agencies, fraud prevention agencies, payment processors, suppliers of technical and support services, insurers, logistics providers, manufacturers and cloud service providers, debt collectors, our legal and other professional advisors, including auditors; companies assisting us in our marketing, advertising and promotional activities; third party payment processor in relation to credit/debit card payments; fraud prevention agencies if false or inaccurate information is provided to us as part of your use of our services or otherwise, and fraud is identified or suspected; if we are under a duty to disclose or share it in order to comply with any legal obligation, to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and customers; and when we restructure or sell our business or its assets or have a merger or re-organisation. 6.3. We work closely with various third parties to bring you a range of products and services which are complementary to those which we provide. Any third parties with whom we share your personal information are limited in their ability to use your personal information: they are not entitled to use your personal information for any purpose other than to provide services to us and/or to you. For example, we may share your details with a manufacturer for warranty purposes. We will always ensure that any third parties with whom we share your personal information are subject to privacy and security obligations consistent with our practices and with applicable laws. 6.4. International Transfers 6.4.1. The personal information we use may be stored or accessed by our staff, other members of the Saint-Gobain Group, or third party data processors for the purposes listed above, the provision of services to you, or the processing of transactions with you. These third party data processors may be operating outside of the EEA, in India, the USA or elsewhere. 6.4.2. Wherever data is transferred or made available outside of the EEA, we undertake due diligence on the entity accessing or receiving your data to ensure that they have put in place appropriate technical and organisational measures to protect and secure your data. We also put in place contractual safeguards in accordance with our obligations under the GDPR. These contractual safeguards limit their ability to use your personal information so that it can be used solely to provide services to us and/or to you and not otherwise.
7. HOW LONG WE KEEP YOUR PERSONAL INFORMATION FOR:
7.1. We keep your personal information for no longer than necessary for the purposes for which the personal information is processed. The length of time we retain personal information will depend on the purposes for which we collect and use it, or as required to comply with applicable laws, or to establish, exercise or defend our legal rights. 7.2. Further information on the length of time during which we retain your personal information can be found in our Data Retention Policy. We do not retain personal information in an identifiable format for longer than is necessary. 7.3. We many need your personal information to establish, bring or defend legal claims. For example, we will retain your personal information for 7 years in case of any investigation by the tax authorities.
8. YOUR RIGHTS
You have certain rights in relation to your personal information. There is normally no charge for exercising these rights. If you would like further information in relation to these rights, or would like to exercise any of them, please contact us by email at email@example.com at any time. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received this information or, where not required, after we have received your request. Subject to any exceptions, you may have the right to: 8.1. Access your personal information You have the right to ask for a copy of the information we hold about you by emailing or writing to us at the address at the end of this Privacy Statement. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold such information. 8.2. Correct, modify and update your personal information The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information we hold about you. In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us in any of the details described at the end of this Privacy Statement. 8.3. Erase your personal information or restrict its processing in certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this Privacy Statement. Unless there is a reason the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request. You may also ask us to restrict processing your personal information where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings. In these situations we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings. 8.4. Withdraw your consent Where you have given your consent to our processing of your personal data you may at any time withdraw your consent. Unless we have another legal basis to process your personal data (such as compliance with a legal obligation) we will cease any processing of your personal data following receipt of your notice of withdrawal of consent. 8.5. Object to our use of your personal information for automated decisions made about you Where we rely on our legitimate business interests as the legal basis for processing your personal information for any purpose(s) set out above or at the time your data is collected, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this Privacy Statement. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data. You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request. 8.6. Ask us to transfer your personal information in a structured data file to you or to another service provider if it is technically possible (data portability) Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract you may ask us to provide you with a copy of such information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file. You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if it concerns other individuals or we have another lawful reason to withhold such information. 8.7. Lodge a Complaint with the competent supervisory authority and seeking a judicial remedy If you are concerned about the way we have processed or collected your personal information you have the right to complain to the UK data protection regulator being the Information Commissioners Office.
9. SECURITY AND CONFIDENTIALITY
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our website and any transmission is at your own risk. Once we have received your personal information, we put in place reasonable and appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration, or unauthorised access.
10. USE OF 'COOKIES'
11. LINKS TO WEBSITES
Our website may contain links to other websites and Apps run by other organisations. This Privacy Statement does not apply to those other websites and Apps‚ so we encourage you to read their privacy policies. We cannot be responsible for the privacy policies and practices of other websites and Apps even if you access them using any links we provide. In addition, if you linked to our website from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of the third party website and recommend that you check the policy of any third party website.
13. CONTACT US
13.1. Our Privacy Correspondent is Richard Wall. Please direct any queries about this Privacy Statement or about the way we process your personal information to our Privacy Correspondent using our contact details below. 13.2. If you wish to write to us, please write to us at Saint-Gobain House, Binley Business Park, Coventry CV3 2TT. 13.3. Our email address for data protection queries is firstname.lastname@example.org.