Bathrooms at Source Ltd are committed to protecting and respecting your privacy.
This policy, together with any other documents referred to in it, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
By visiting this website, you are accepting and consenting to the practices described in this policy.
Along with our business and internal computer systems, this website is designed to comply with the following national legislation with regards to data protection and user privacy:
- UK Data Protection Act 1988 (DPA)
- EU Data Protection Directive 1995 (DPD)
- EU General Data Protection Regulation 2018 (GDPR)
This site’s compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether this site is compliant with your own country of residences’ specific data protection and user privacy legislation you should contact our data protection officer (details of whom can be found below) for clarification.
1. Information we collect from you
We will collect and process the following categories of data about you:
- Information you give us. This is information about you that you give us by filling in forms on the website (Site), interacting with the Site or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you sign up to our newsletter service, make an enquiry about our products and services.
The information you give us will include your name, address, e-mail address and phone number, as well as preliminary information about your business.
- Information we collect about you. This is information that we collect upon your consent when you visit the site and during your time on the Site. It typically involves technical information and is often collected using small data files called “cookies”. This information helps us to provide you with a good experience when you browse the Site and also to indicate where the Site requires improvement.
Social Media platforms
We operate social media platforms. These platforms are, in most cases, operated outside of the EU and do not comply with current Data Privacy Act and subsequent GDPR provision although they may well conform to the U.S Privacy Shield protocol.
It is our process and protocol that any personally identifiable data gathered on these platforms is only in response to users interacting out of their own volition with our marketing pages. The contact is deemed as a legitimate business enquiry. The personal contact data is removed from the site once the enquiry is processed or the user has requested so.
Our website uses Google Analytics to collect information about how visitors use our website. We anonymise this data at the point of collection and automatically delete user and event data that is older than two years.
2. Uses made of the information
All information about you that we collect or receive, whether of a personal or technical nature, may be used by us in the following ways:
- To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us, if you have consented to this;
- To provide you with information you have consented to, about other goods and services that we offer that are similar or relevant to those that you have already purchased or enquired about, such contact will only be made by email or phone from which you can opt out at any time; To notify you about changes to our services;
- To administer the Site and for internal operations, including troubleshooting, system and security updates, data analysis, testing, research, statistical and survey purposes, if consented to via cookie consent;
- To improve the Site to ensure that content is presented in the most effective manner for you and for your computer, where consent is obtained via cookies;
- To allow you to participate in interactive features of our service, when you choose to do so, if consent was obtained via cookies;
- As part of our efforts to keep the Site safe and secure, where consent was given;
- To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you, where we have obtained your consent; and
- To comply with our record keeping and information storage obligations and policy (please see the “How We Store Your Personal Information” in section 3 below for more details).
Our Third Party Data Processors
We use some third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation set out above. Some of these third parties are based in the USA and are EU-U.S Privacy Shield compliant.
3. How we store your personal information
If you submit a query on this website by the contact forms on any of our pages or an email link, some personal information will be sent by email.
Pseudonymisation is a recent requirement of the GDPR which many web application developers are currently working to fully implement. We are committed to keeping it as a high priority and will implement it on this website as soon as we are able to.
All information that you provide to us is stored on a third party secure server, and we will take reasonable steps to protect your information in accordance with this policy, including (without limitation):
- Installing a secure firewall;
- Using anti-virus protection software;
- Encrypting data; and
- Carrying out regular back-ups.
All data sent via website forms is passed through a third party relay service and deleted after 30 days. All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of any information transmitted to the Site; and any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Disclosure of your personal information
We may have to share your personal information with the parties set out below:
- Service providers who provide IT and system administration services.
- Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
- Other companies who provide services as part of our normal business activities
We require all third parties to whom we transfer your personal information to respect the security of your personal information and to treat it in accordance with the law. We only allow such third parties to process your personal information for specified purposes and in accordance with our instructions.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. By law we must keep basic information about our customers (including Contact, Identity, Financial and Transaction information) for six years after they cease being customers for tax purposes. In some circumstances you can ask us to delete your information: see below for further information. In some circumstances we may anonymise your personal information (so that it can no longer be associated with you).
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Please note: We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further details in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
4. Your rights
You have the following rights under law in respect of your personal information:
- The right to be informed about the collection and use of your personal information;
- The right of access to your information to verify the legality of our use of it;
- The right to request that inaccurate or incomplete information about you is rectified;
- The right to request the deletion or removal of your information where there is no further reason for us to use it (such as you have withdrawn your consent);
- The right to restrict the use of your information;
- The right to obtain and reuse the information that we have about you for your own purposes;
- The right to object to certain uses (such as for marketing purposes); and
- The right not to be subject to a decision that has a legal effect on you that has been based on an automated decision.
Should you wish to exercise any of these rights, you may do so at any time by writing to us at the address given below.
If you feel that your rights have been breached in any way, you should contact (insert person’s name) at the email address given below or lodge an official complaint with the Information Commissioner’s Office via their website (https://ico.org.uk) or by writing to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
The Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
5. Data Breaches
We will report any unlawful data breach of this website’s server or of our email server, or any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.