We're committed to safeguarding your privacy; this policy sets out how we'll treat your personal information. This policy applies to individuals, businesses and people who contact us via our website or social media.
What data do we collect?
We may collect, store and use the following kinds of personal information:
Personal Data — such as your name, address, contact numbers and email address. We need this information in order to provide our service to you.
Financial Data — such as your payment details. We need these details to process any transactions with you.
Social Media Data** - information such as public uploads and posts, including publicly posted photographs. We need this to provide the service for which you are engaging with us.
*See our Cookies Policy section below
** See the Social Media/Automated Decision Making/Children’s Policy sections below
CCTV—our premises are monitored by CCTV cameras. We need to record this footage for your and our safety.
We will not process or hold any data irrelevant to the purposes of doing business with you.
Why do we need your personal data?
We only collect and process your personal data under the following lawful bases:
Contractual - To fulfil our obligations under a contract with you and any steps taken at your request before entering into a contract
Legal Obligation - To fulfil requirements under UK/EU law or other statutory obligations to process data for a particular purpose.
Legitimate Interest- For in-house research and insight purposes, to enable us to provide improved customer service.
To administer our website/social media and to improve your browsing experience.
CCTV footage for health and safety purposes.
You will never be contacted in regards to marketing unless you have expressly consented to receive such marketing, and your consent can later be withdrawn at any time.
By post, email or similar technology we may wish:
- to send you our newsletter
- put a unique request/event invitations to you which we think may interest you
- to use any ‘feedback’ you voluntary share with us to promote our business either on our website, on marketing material or in our showroom. Such feedback may be taken from ‘Buy With Confidence’ reviews, letters/emails of thanks, customer satisfaction surveys. All such feedback will be anonymized.
We will NOT — without your express consent — provide your personal information to any third parties for the purpose of direct marketing.
Who do we share your data with?
In addition, we may disclose your personal information to:
- Other people where you have authorised us to; or where they are named on your account.
- Our Media Company and their service providers for ‘opted in’ direct marketing.
- Third parties to provide services for our business, including (but not limited to) IT support, data analytics, cloud hosting/storage, email exchange and website hosting.
- To the extent that we are required to do so by law.
- In connection with any legal proceedings or prospective legal proceedings
- In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
- To the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
- To any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
Retention of data
If we have sold something to you
We will retain your personal data for a maximum of 10 years in order to service any warranties which may be in place, after which time it will be securely erased.
There may be circumstances where we need to keep it longer—for instance, if we are dealing with a remedial issue; or a complaint from you; or if there is a legal reason.
If we provided you with a quotation service which did not proceed to a sale
We will keep your personal data for 2 calendar years following the end of our relationship with you, this usually being the date of your final quotation, after which time it will be securely erased.
There may be circumstances where we need to keep it longer—for instance, in the event of an ongoing project.
If we hold your personal data for any other reason we will delete it as soon as we no longer have a valid reason to retain it.
Concept of Cookies
A cookie is a small piece of data that is sent to your browser from a web server and stored on your computer’s hard drive. A cookie cannot read data off your hard disk or read cookie files created by other sites. Cookies do not damage your system. Cookies contain a number that can uniquely identify your computer, even when there is a change in location or IP address.
Cookies also provide information that includes, but is not limited to, the location from which you access our website, the length you are connected to and browsing our web site, the type of device from which you access our website (fixed or mobile), including, your operating system and browser used, the most visited pages, number of clicks made and data regarding your behaviour on the Internet.
The website is accessible without cookies being enabled on your browser, although its deactivation may prevent proper operation of the website or your access to the service provided through the website.
Types of Cookies used in the Web
You will find the following types of cookies on our website:
Cookies that are related to the use of our website and our service
Standard Advertisement and Re-Targeting Cookie - These cookies are used to serve advertisements relevant to the end user.
The acceptance or rejection of cookies is based on the setting of your browser.
Your acceptance of cookies may be revoked by selecting the appropriate configuration options for your browser. We advise you to consult the help page for your browser to assist you in configuring your desired privacy settings:
Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Microsoft Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
If you have any questions about our Cookies Policy, please contact us at email@example.com and include in your subject line “Cookies Policy”
We’d also remind you that any information you post publically is visible to anyone.
If we know you’re a Simply Kitchens customer and you send us personal data using a private or direct message via social media that data may be stored along with your other account records in line with our standard data retention period.
If you send us personal data via Facebook Messenger we’ll delete the relevant messages from Messenger but they will still be available to you and Facebook unless you also delete them.
Our website and social media streams may contain links to other websites. We are not responsible for the privacy policies or practices of third party websites.
Automated Decision Making
We do not carry out any decision-making processes by automatic means ie without any human involvement, or profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.
We do not intentionally collect personally identifiable information from children under the age of thirteen. If we become aware that we have collected personally identifiable information from a user who is under the age of thirteen, we will remove that child's personal information from our files.
Right to be Informed: you have the right to know what personal data we are collecting and processing and why; and with whom we might share it.
Right to Portability: you can require that we provide the data we hold about you either to you or a 3rd party in a commonly used format.
Right to Object: you can object to our processing of your data when we are using it for legitimate interests or for direct marketing; although we may not have to comply in relation to legitimate interests if we can demonstrate compelling legitimate grounds to continue, or if the processing is for the establishment, exercise or defence of legal claims.
In each of the following rights, if we have disclosed your personal data to others, we will contact them and inform them of your request- unless this proves impossible or involves disproportionate effort. We may refuse to comply with your request, or charge a reasonable fee, if the request is manifestly unfounded or excessive, in particular because it is repetitive in nature.
Right to Access: you can have access to the personal data we hold about you and we must provide this to you within one month of your request.
Right to Rectification: you can have inaccuracies in your personal data rectified and we must comply with this within one month of your request.
Right to restrict processing or erasure (‘right to be forgotten’): you can ask us to restrict the processing of your data, or to have your personal data erased. We must comply with these requests within one month. When processing is restricted, we are permitted to store your personal data, but not use it. These rights are not absolute and we may not always be required to comply with your request.
Right to contact the ICO—Information Commissioner’s Office: If you are unhappy with any aspect of how we handle your personal data you have the right to contact the Information Commissioner’s Office (ICO), the supervisory authority that regulates handling of personal information in the UK.
You can contact them via their website www.ico.org.uk or by contacting 0303 1231113 or by post to:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
We only ask for the minimum personal data necessary in order to fulfil our service to you.
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your data. We will store all the data you provide on secure password — and firewall — protected servers.
Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
Data Shared Outside the EU
The General Data Protection Regulation applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU. Countries within the European Union all operate the same laws and controls to safeguard your personal data. In order to carry out the processes of our business your personal data may be shared outside the EU via top-tier, third party data hosting providers (eg cloud storage) in line with this Privacy Notice. Depending on this scope your personal information may be stored in or accessed from multiple countries, including the United States. All our third-party service providers are required to take appropriate security measures to protect your personal information in line with applicable data protection legislation. We do not allow our third-party service providers to use your personal data for their own purposes.
Simply Kitchens UK Ltd is the data controller responsible in respect of the information collected.