Defined Tubing Limited Privacy Notice
Introduction – who we are:
We are Defined Tubing Limited.
Our registered Office is Ballinascullogue, Manor Kilbride, Co. Wicklow. Registered in Ireland.
This policy sets out the basis on which we will process any personal data that we collect from you, or that you provide to us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
We are committed to complying with data protection laws and to respecting the privacy of individuals.
This policy applies to our website, external communication platforms as well as to our internal processes. It applies to all personal data provided in person, by telephone, email, through the website and by post. It applies to any data collected from third parties which has been sent to us in our normal day to day operations.
For the purpose of the Data Protection Act 1998 (Act) / EU General Data Protection Regulation 2016 (GDPR), Defined Tubing Limited is the data controller of any personal data which you may provide to us or which we may collect from third parties about you/which we may collect when you access our website.
Data protection principles
Under the EU General Data Protection Regulations, there are six data protection principles that the Company must comply with. These provide that the personal information we hold about you must be:
- Processed lawfully, fairly and in a transparent manner
- Collected only for legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes.
- Adequate, relevant and limited to what is necessary in relation to those purposes.
- Accurate and, where necessary, kept up to date.
- Kept in a form which permits your identification for no longer than is necessary for those purposes.
- Processed in a way that ensures appropriate security of the data.
The Company is responsible for, and must be able to demonstrate compliance with, these principles. This is called accountability.
How we collect personal data about you
We may collect and process personal data about you including, but not limited to, information you provide:
- when you contact us in person, on our website, over the telephone, by e‐mail or by post;
- at the time of entering into a customer, supplier or other working contract with us;
- during the course of purchasing any products from us which may include bank details;
- by operation our safety and security procedures by virtue of CCTV and record keeping within our premises and vehicles.
The personal information that you provide to us may include names, addresses, telephone numbers, email addresses, bank or financial information, photographic identification and video images.
Why will we process your personal data and how will we us it?
We may use your personal data to:
- ensure that content from our website is presented in the most effective manner for you and for your computer/device;
- respond to your enquiries
- process and manage your purchase of any product from us and provide after sales services where applicable;
- carry out our obligations arising from any contracts entered into between you and us;
- enable third parties to carry out technical, logistical or other functions on your behalf
- provide you with information about products that you request from us;
- communicate with you about news, orders, products, prices and promotional offers;
- contact you about new products if you have expressly consented to us that you agree to be contacted in this way. If you initially wish for us to use your personal data in this way, but you change your mind later you can withdraw your consent at any time in writing to us.
Note – process and use are not limited to this list but will always be for a legal or legitimate reason
Who may we disclose your personal data to?
Your personal data may be shared internally within the Company if access to your personal information is necessary for the performance of their roles. We may disclose your personal information to any member of our group, which means our subsidiaries and our ultimate holding company and its subsidiaries, as defined in the UK Companies Act 2006.
We will not sell or rent your personal information to third parties.
From time to time we contract third parties to perform functions on our behalf including fulfilling orders, delivering packages, sending customer communications, analysing data and processing card payments. They have access to Personal Data as needed to perform their functions but may not use it for other purposes.
We may disclose your information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our contracts with you; or to protect our rights, property, or our safety and/or the safety of our customers, or others.
Where do we store your personal data?
The personal data that we collect from you will be stored as stipulated within the General Data Protection Regulations 2018.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to us on our website or by e‐mail; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access
How does the Company protect your personal information?
The Company has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, workers, agents, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities.
Where your personal information is shared with third-party service providers, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes.
The Company also has in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and you of a suspected breach where we are legally required to do so.
How long do we keep your personal information?
The Company will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, tax, health and safety, reporting or accounting requirements.
Your rights in connection with your personal information
It is important that the personal information we hold about you is accurate and up to date. Please keep us informed if your personal information changes, e.g. you change your home address, during your working relationship with the Company so that our records can be updated. The Company cannot be held responsible for any errors in your personal information in this regard unless you have notified the Company of the relevant change.
As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:
- request access to your personal information – this is usually known as making a data subject access request and it enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
- request rectification of your personal information – this enables you to have any inaccurate or incomplete personal information we hold about you corrected
- request the erasure of your personal information – this enables you to ask us to delete or remove your personal information where there’s no compelling reason for its continued processing, e.g. it’s no longer necessary in relation to the purpose for which it was originally collected
- restrict the processing of your personal information – this enables you to ask us to suspend the processing of your personal information, e.g. if you contest its accuracy and so want us to verify its accuracy
- object to the processing of your personal information – this enables you to ask us to stop processing your personal information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your particular situation which makes you decide to object to processing on this ground
- data portability – this gives you the right to request the transfer of your personal information to another party so that you can reuse it across different services for your own purposes.
If you wish to exercise any of these rights, please contact our data controller. We may need to request specific information from you in order to verify your identity and check your right to access the personal information or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.
In the limited circumstances where you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent, please contact our Data Controller. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose you originally agreed to, unless we have another legal basis for processing.
If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues.
Transferring personal information outside the European Economic Area
The Company will not transfer your personal information to countries outside the European Economic Area.
Automated decision making
Automated decision making occurs when an electronic system uses your personal information to make a decision without human intervention.
We do not envisage that any decisions will be taken about you based solely on automated decision making, including profiling. However, we will notify you in writing if this position changes.
Changes to this privacy notice
The Company reserves the right to update or amend this privacy notice at any time, including where the Company intends to further process your personal information for a purpose other than that for which the personal information was collected or where we intend to process new types of personal information. We will update this page with a new privacy notice when we make significant updates or amendments. We may also notify you about the processing of your personal information in other ways.
If you have any questions about this privacy notice or how we handle your personal information, please contact our data controller as follows:
The Data Controller
Defined Tubing Limited
Manor Kilbride, Nr Blessington