Website Visitor Privacy Notice
GJP Flooring Ltd (company Reg No: 4569296) is committed to protecting and processing your personal data in accordance with the General Data Protection Regulations and the Data Protection Act 2018 (the legislation). We will always treat your personal data with the utmost care, and we want you to understand what data we collect from you, why we collect it, and how we protect it.
For the purpose of the legislation and your personal data, GJP Flooring Ltd is the Data Controller, Glyn Pires is the person responsible for data protection and can be contacted at 30 New Road, Brighton, East Sussex, BN1 1BN Tel: 01273 770499 Email: firstname.lastname@example.org
The General Data Protection Regulations are to safeguard your personally identifiable information or personal data. This privacy notice will be regularly reviewed and updated.
Website Server Information
Online identifiers, IP addresses and cookie identifiers
When you visit our website we may collect information about your computer, including (where available) your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns. The data we store is always stored within the European Union or outside of the European Union but with an organisation operating under the General Data Protection Regulations.
We may obtain information by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. Our lawful basis of processing is a legitimate interest as processing the data enables us:
- To estimate our audience size and usage pattern.
- To store information about your preferences, and so allow us to customise our site according to your individual interests.
- To speed up your searches.
- To recognise you when you return to our site.
We do not access log data from our website server AND our third-party hosting provider collect(s) and store(s) server logs to ensure network and IT security and so that the server and website remain uncompromised. This includes analysing log files to help identify and prevent unauthorised access to our network, the distribution of malicious code, denial of services attacks and other cyber-attacks, by detecting unusual or suspicious activity.
Unless we are investigating suspicious or potential criminal activity, we do not make, nor do we allow our hosting provider to make, any attempt to identify you from the information collected via server logs.
Your personal data will be processed during and after your website visit and any subsequent visits to our website.
A cookie is a small text file placed on your computer by lots of the websites you visit. Some cookies are essential to making our site function properly. Others, while not essential, help us to provide the best user experience possible and to continually improve our service
Recipients of personal data
We do not share your personal data with our website host and advertisers.
We only store clients name/address/phone number if sent my email, contact form logged from a phone call for the purpose of providing estimates and sending invoices.
Information may be stored on Dropbox for convenience and business continuity:
We use WUFOO.com to manage online forms/contact forms.
- your data is protected with encryption at rest and in transit,
- access control for both authentication and authorization,
- continuous network & security monitoring,
- vulnerability management,
- incident response and recovery,
- ongoing security awareness training,
- Periodic independent 3rd-party security reviews and penetration testing
- EU-US Privacy shield certified
- PCI DSS 3.2
We use GSUITE (Google Mail) to send and receive emails. Details of Googles GDPR / Data protection statement may be located here: https://gsuite.google.com/terms/dpa_terms.html
Retention period and criteria used to determine the retention period
We will retain some elements of your personal data for up to three months. The information that can be anonymized will be that which is no longer required for either contractual fulfilment or a legitimate interest. If the lawful basis for processing your data was consent then you may withdraw such consent at any time.
You have a right of access to check your personal data to verify the lawful basis of processing. We are obliged to respond to an access request within 30 days and may not charge a fee unless the request is unfounded, excessive or repetitive. If a fee is charged it is to be a reasonable fee based upon the administrative cost of providing the information.
You have a right to rectification if the data we hold is either inaccurate or incomplete. If your data has been disclosed to third parties then we must inform them of the rectification, where possible.
You have a right to require erasure of your data when consent is our basis of processing (the right to be forgotten). You may request that your personal data be erased, for example, where there is no compelling reason for its continued processing or where you withdraw consent. We will comply with your request unless we have another basis of processing justifying our retaining the data (for example a legal requirement or the defence of a legal claim).
You have some rights to ask us to restrict processing i.e. to block or supress processing where, for example, the data may be incorrect and whilst the accuracy is verified. We are permitted to store the data.
Your right to object
You do have a right to object to further processing of your personal data. We may be required to stop processing unless there is some other legitimate basis of processing such as a legitimate interest or a requirement for the exercise or defence of a legal claim.