Customer Privacy Notice
We use personal data to process and deliver incoming orders, deal with customer service issues and to pay for services we have utilised.
- We respect your personal data and take its security very seriously.
- We only hold what data we need for the purpose for which we obtained it.
- We delete your data when it has reached the end of its retention period.
- You have privacy rights.
- We are happy to answer your questions. Our contact details can be found at the end of this notice.
- We will not share your information with any other party other than those required to fulfil our legitimate business interest with you.
What data we hold
For an order to be entered, we need to create an account on our system. For this we process your name, address, email, telephone number and payment information. Your order history is stored on our servers for any customer service issues and sales analysis purposes.
Once your account is created the information is also available on our Customer Relations Management (CRM) system which helps us track our engagement activity with your organisation. In addition to the account information we also keep records of our product sampling which you have received and details of when our Sales Representative has visited.
If you request samples we will process your name, address, email and telephone number.
If you make a complaint we will process your name, address, email, telephone number and information regarding the complaint.
If you consent to receive our marketing, we will process your name, address, email address and IP address.
If you purchase goods from us, we will process your name, address, email address and IP address in order to send you marketing email.
If you opt out of marketing information, then we will process your name and email address so that we don’t market to you again.
How we use your personal data
References to the legal basis for the processing of your personal data (e.g.”(Basis: Art 6(f).)”) are a reference to the article of the General Data Protection Regulation. Each piece of personal data we process must have a legal basis.
If you purchase from us
In order to fulfil your order, we will need to process your data in order to get the goods delivered to you. We need to process payment details in order to fulfil the contract, but never retain payment information such as card details. We will retain your personal data, excluding payment information, for ten years for customer service purposes. This provides for the legal requirement from HMRC to hold transactional information for seven years.
(Basis: Art. 6(b): processing is necessary for the performance of a contract.)
We would like to send you information about our products and will send you this with your consent if you sign up to our marketing communications.
If you buy from us, we will send you information about similar products or services. Our processing in this case is without your consent but you can opt out at any time.
If you do opt out of marketing, we will keep your name and address and mark them as “UNSUBSCRIBED” so that you will not receive any further marketing communications.
(Basis: Art. 6(1)(a): you have consented to the processing of your personal data for this purpose. Art 6(f): sending you information about products similar to those which you have purchased is a legitimate activity for a business; keeping a record of those who have opted out of marketing is a legitimate interest for a business.)
We use the logs from our servers to help with our company’s security as well as to look at visitor behaviour (e.g. which website pages get the most traffic or are the most popular).
(Basis: Art. 6(c): we have a legal obligation to protect the data of our clients and our staff. Art. 6(f): strategy planning is a legitimate activity for a business.)
Your data and transfers outside of the EEA
We do not transfer or process any data outside of the European Economic Area.
You have rights in respect of our processing of your personal data, which are:
- To access your personal data and information about our processing of it. You also have the right to request a copy of your personal data (but we will need to remove information about other people).
- To rectify incorrect personal data that we are processing.
- To request that we erase your personal data if:
- We no longer need it;
- If we are processing your personal data by consent and you withdraw that consent;
- If we no longer have a legitimate ground to process your personal data; or
- We are processing your personal data unlawfully.
- To object to our processing if it is by legitimate interest.
- To restrict our processing if it was by legitimate interest.
- To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out by automated means.
If you want to exercise any of these rights, please contact us using the details at the end of this notice.
You also have the right to lodge a complaint about our processing with the UK’s Information Commissioner’s Office – www.ico.org.uk
As a prospective customer, we will not transfer your personal data to third parties at this stage except the following:
Companies that provide services to us - our telephone service providers will get to see your phone number if we call you and our broadband supplier could see your email address (but not the content of what you send us, if you encrypt it).
- It is possible, though unlikely, that we may be forced to disclose your information in response to a court order.
As a customer, we transfer your data, excluding payment details to the following third parties:
- Companies that provide services to us. Our telephone service providers will get to see your phone number if we call you and our broadband supplier could see your email address (but not the content of what you send us, if you encrypt it).
- Cloud service providers. We use Dropbox to share internal documents.
- Delivery services. We use a small number of delivery companies to get your products to you safely and quickly.
- Your details could be passed to an Independent Inspector if a complaint is raised.
- When opening your account we check your financial score on Credit Safe and contact your nominated references.
- It is possible, though unlikely, that we may be forced to disclose your information in response to a court order. If you do not pay your bills, we may choose to engage a third party to recover any money you owe us.
To pay suppliers and service providers payment details are stored on our secure online banking system.
We do not record phone calls.
This is the length of time that we will continue to process or store your personal data.
Data about prospective clients: retention for the duration of the enquiry, then one year in case you come back.
Data about clients: 10 year retention to cover potential customer service issues; seven years is the statutory retention for HRMC and accounting purposes.
Marketing purposes: For as long as you consent to receive marketing information.
Penthouse Carpets Ltd is registered with the Information Commissioner’s Office (Z5318429).
Penthouse Carpets Ltd
Buckley Carpet Mill