Privacy Policy
GDPR (GENERAL DATA PROTECTION REGULATION) & PECR (PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATION)
Guthrie Douglas Limited is the controller responsible for the personal data of the people indicated below and is committed to protecting and respecting your privacy. Please read this privacy policy carefully to understand how we collect data from you and how it is used by us.
We hold customers’, potential customers’ and suppliers’ data and the data of personnel within companies that have expressed an interest in or used Guthrie Douglas’ products or services. We collect this data through business contact in quoting for, or completing a project, if a subject registers to receive our e-newsletter on our website, or if we have met in person and exchanged business contact details.
We hold data about our clients, potential clients or suppliers and people who visit our website: name, company name & address, company email, main company telephone number and work mobile, financial data such as bank accounts or insurance information and technical data collected via cookies. Please refer to our Cookie Policy in relation to the data we capture regarding website visitors.
We use personal data for the purpose we have collected it which includes:
- To register you as a new customer
- To process and deliver your order
- To manage your relationship with us
- To improve out website, products and services, marketing or customer/supplier relationships
- To recommend products or services which may be of interest to you
- To send you marketing for which you have consented
We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
We are committed to complying with the current data protection laws including GDPR & PECR, only processing that data for the purposes made clear below:
- We will NEVER share with or sell your data to any 3rd parties for commercial gain, but we may share your personal data with suppliers for the purpose of fulfilling our contract with you, suppliers for the purpose of communicating with you including sending marketing communications, with our professional advisers in relation to the management of our relationship or to comply with our legal obligations, to relevant authorities where it is necessary to comply with our legal obligations.
- We will do our best to ensure your personal information is accurate and kept up-to-date. Please do contact us if you want to update your details
- We will never disclose your details unless required to do so legitimately by law. For example, a request from the ICO
- We will not send you marketing messages via cold calls, automated calls, texts or fax
- We will contact you regarding current or potential projects as necessitated by the project
- Under PECR we might contact you by HTML email with news and updates, which we have identified as the most unobtrusive way to contact you. We will never contact you with marketing communications more than once a calendar month and only if:
- we have a pre-existing professional, or personal, relationship with you
- we have a financial or contractual agreement with you
- that we believe the information is of genuine and legitimate interest
- we believe that the information is useful or relevant to your job role
If you do not find our marketing communications of use, or interest, you can easily choose to unsubscribe from our HTML emails at any time. We will NEVER contact you again using this method and will delete your data from our active email marketing lists. The ‘Unsubscribe’ link can be found in the footer area of our marketing emails.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.
The internet isn’t always an inherently safe environment, but we will always work to ensure that all reasonable technical and organisational measures are in place to protect your personal data against accidental or unlawful loss, alteration, unauthorised use, disclosure or access.
There may be occasions when we have to share your personal data outside of the UK. This may be necessary where for example in order to fulfil our contract with you we need to share your contact details with suppliers who are located outside of the UK. Whenever we transfer your personal data out of the UK to countries which have laws that do not provide the same level of data protection as the UK law, we always ensure that a similar degree of protection is afforded to it by ensuring that the following safeguards are implemented. If there is a breach of the data we hold, which fundamentally risks your rights or freedoms, we commit to reporting to the ICO and our contacts on the compromised lists within 72 hours of the breach.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
You have a number of rights under data protection laws in relation to your personal data.
You have the right to:
- Request access to your personal data (commonly known as a “subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
- You also have the absolute right to object any time to the processing of your personal data for direct marketing purposes.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:
- If you want us to establish the data’s accuracy;
- Where our use of the data is unlawful but you do not want us to erase it;
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
To exercise your rights please contact sales@guthriedouglas.com. You will not normally have to pay a fee to access your personal data but there are occasions when we may charge a fee including where your request is unfounded or repetitive or excessive. Alternatively we may refuse to comply with your request. We may need you to verify your identity before we can provide copies of personal data. We will aim to respond within one month. If we require longer we will let you know.
You have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.ukOpens in a new window). However, before doing so please make sure you have first made your complaint to us or asked us for clarification if there is something you do not understand.
Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.
LINKS TO OTHER WEBSITES
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.