Hereford Heating Privacy Policy Summary

This is the privacy policy of Hereford Heating Ltd.. This policy sets out our procedures regarding the collection and use of your personal information when we send you information in the post, when we contact you electronically and when you access our website www.herefordheating.co.uk. Hereford Heating Ltd is a company registered in England & Wales whose company number is; 5986904 and our registered office is 8 St Martins Street, Hereford, HR2 7RE.

Our privacy policy will explain in detail to you what happens to the personal information we collect about you when you visit our website, receive postal information, and order or enquire about our goods and services:

• What information we collect

• The legal basis for processing we use in relation to processing your personal data

• How we use your personal information and how long we keep it for

• Who we share your information with and on what basis

• How you can control our use of your personal information

• Your rights

• Who to contact if you want more information

This Privacy Policy comes into effect from 15th May 2018. This policy applies to all the personal information we collect and process about you when we engage with you, either as a customer or an enquirer. If you would like to know more about this policy, please contact us. You can view the detailed privacy policy below.

When we collect your personal information

We collect personal information about you as soon as you access our website www.herefordheating.co.uk using a smartphone or computer and also when you call our customer service team. The specific information we collect depends on whether you are a customer or a website visitor. If you engage our services, you become a customer of Hereford Heating. The specific information we collect is detailed below in the What personal information we collect section of this document.

When does this privacy policy apply?

Our Privacy Policy relates to personal information gathered from your use of our website www.herefordheating.co.uk or if you order from our catalogue by phone or by post, either as a customer or an enquirer. The policy extends to cover your personal information when it is moved from our website and stored for subsequent processing within our IT infrastructure in the UK and when we process information about you directly into our IT systems. Our Privacy Policy does not extend to external links on our website to other organisations outside of our control. Please ensure that you take time to review the privacy policies of external sites to www.herefordheating.co.uk as their privacy policies may differ from ours.

What personal information we collect on our website

The personal information we collect from you when you access our website comes in two parts: the information you give us when you complete our website forms, and the information we automatically gather from the device you use to access our website.

Information you give Hereford Heating: this includes the following data items (although you can visit and use our website without giving us this information, if you do not place a transaction or an enquiry during your web visit to us):

• Your first name or initial, and surname

• Your email address

• Your telephone number

• Your postal address

Information from your device: when you access a website using a smartphone, TV (browser enabled), tablet, laptop or desktop computer, your device will exchange information with www.herefordheating.co.uk to maximise the speed of the site and provide the optimum navigation for your device. Without this information, Hereford Heating cannot ensure the optimum browsing experience. To do this, our website may acquire the following information:

• IP (Internet Protocol) address: your IP address indicates your location, unless you are using a VPN service

• Device: what type of device you are using (TV, smartphone, laptop, desktop)

• OS (Operation system): what operating system your device has (IOS, Android, Windows, Linux, MAC OS X)

• Browser & browser version: which web browser you are using (Internet Explorer/Edge, Opera, Chrome, Safari, Firefox)

• Domain: depending on your device and browser settings, we sometimes identify the web address of the domain you came from before landing on our website

• Clickstream data: this is a list of all the web pages that you visited, and the order you viewed them in, on each visit to www.clifford-james.co.uk. We also record how much time you spend on each web page, and record any actions you make on each page. We also record what items you place in the web shopping basket, even if you do not purchase them

• Cookies: these are small text files that our website places on your device, so that our website can remember something about you at a later time and optimise the website for your visit. There are also some third-party cookies we place on your device.

Preferences on our website: you can change how we stay in touch with you, and what we inform you about by by contacting us via our contact us page, or by calling 01432 264477.

What personal information we collect by post and by phone

Information you give Hereford Heating: if you phone our call centre we collect the following information about you;

• Your first name or initial, and surname

• Your email address, to which we send out order despatch information.

• Your telephone number

• Your postal address

Why we collect your personal information

There are two main purposes for gathering your personal information: for contacting customers to confirm orders and scheduling visits, and for transaction processing.

Transaction processing: when you purchase our services, you become a customer of Hereford Heating, so we retain personal information on you whilst you remain an active customer of ours and also for a short time when you no longer order from us. When you make an enquiry about a product of ours, we also retain the personal information you give us in your enquiry for a limited period of time. Our Data Retention policy below explains how long we keep your personal information. In all cases for transaction processing, our legal basis for processing your personal data is contract.

• Web analytics: we use cookies and the device-level personal information to build a profile of your use of the site, including any transactions that you make, so that we can personalise our marketing offers to you, and to customise your website visits. The legal basis for processing is legitimate interest.

• Anonymous web analytics: Hereford Heating aggregates and anonymises all your activity on our website for traffic analysis, to help measure and improve the website performance. We also use this anonymised data to monitor the effectiveness of our advertising. Your personal data is anonymised in this process, so there is no requirement under GDPR for a legal basis for processing.

How we protect and where we store your personal information

The personal information we collect about you is stored within our secure IT systems. No identifiable personal information is stored or shipped to non-UK/EU locations. Your personal information is stored in databases which are encrypted at rest, providing the highest level of security. Access to your personal data held on databases managed by Hereford Heating is granted only when there is a need to use the data, no permanent access exists.

Hereford Heating is amending our IT policies to further protect your personal information by adopting 'Privacy by Design', an information management standard that seeks to anonymise personal data held in commercial databases to further protect that information. You can find out more about this anonymization process by following this link.

How long we keep your personal information

Hereford Heating will only use your personal information for as long as you remain a customer, and for a short time after your last order. The maximum amount of time that Hereford Heating will retain your personal information in a data archive, is seven years, except in the event of a legal dispute. This seven-year limit is based on the legal requirement to maintain details of transactions as described in the Companies Act 2006. We have listed below how long we store your personal information for, which depends on your relationship with Hereford Heating.

If you made a purchase from us: we will keep the information you gave us and details of what you bought for up to seven years from the date of the last transaction with us. After that time your personal data will be anonymised, but we will keep your purchase history.

If you wrote to us: we will keep any correspondence with you for one years although we do keep this information longer if your correspondence is a complaint.

Sharing your personal information with other organisations

We do not share your information with any other organisations.

Requesting a copy of your personal information

You can contact Hereford Heating using the information below, to request a copy of the personal information we hold on you. If you request this information, you will need to provide proof of your identity. We will return the information to you electronically in a text file. You are legally entitled to request this information under the General Data Protection Regulation, there is no charge for this service.

To request a copy of your personal information via post, please write to: Data Protection Officer, Hereford Heating, 8 St Martins Street, Hereford, HR2 7RE.

Your rights

This privacy statement reflects the rights that you have under the General Data Protection Regulation, which specifically charges Hereford Heating with providing you access to your personal information, and to ensure that your data is used appropriately & securely with specific reference to the rights of you, the data subject. Those rights regarding your personal data are as follows:

The right to access a copy of your personal information that we hold

The right to object to our processing of your personal data, if doing so causes you distress

The right to prevent Hereford Heating processing your data for direct marketing purposes

The right to object to decisions being taken using automated means that includes your personal data

The right to have inaccurate personal data rectified, or destroyed

The right to have your data erased from our IT infrastructure

The right to data portability

The right to be informed about the collection and use of your data

You can find out more about your rights regarding your personal data in the UK from the Office of the Information Commissioner www.ico.org.uk.

Definitions

In this section of our privacy policy we want to explain what some of the terms in the policy mean, for the avoidance of any doubt. If you cannot find the definition you require, or are still unsure about the meaning of any aspect of this privacy policy, please use the contact us form on our website to request more information.

Data Controller: under the General Data Protection Regulation (GDPR), organisations that collect, process and store your personal information are defined as Data Controllers, which makes Hereford Heating the Data Controller for your personal data collected from our website.

Data Subject: GDPR classifies individuals as data subjects. So you, the customer or enquirer of Hereford Heating are a data subject under GDPR if you purchase or enquire about our products.

Data Processor: a data processor is an organisation other than the data controller, who processes your personal data on behalf of the data controller. A good example of this is PayPal, who are one the payment processing options for any products that you buy online. The data processors who handle your personal information gathered by our website have the same duty of care in handing your personal information.