Who we are
When we refer to “we” (or “our” or “us”) we are referring to the plumbing and heating company Weyside Heating Services. This policy applies across all aspects of our business including the website that we own and operate: www.weysideheatingservices.co.uk.
The personal information we collect and use
When we say ‘personal data’ we mean identifiable information about you, such as your name, email, address, telephone number, bank account details, payment information and so on.
In the course of operating our business there will be times when we will need to collect, store, use and share your personal data. When we do so, we are regulated under the General Data Protection Regulation that applies across the European Union (including the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws. Where we use third-party service providers to enable us to conduct our business, such as our online, cloud-based accounting software and our employee-managed Google email accounts, these providers are also regulated under the same laws to keep the information we hold with them secure and it is their duty to ensure they are compliant with the new GDPR laws.
Personal information provided by you
In the course of operating our plumbing and heating business, we collect personal information when you provide it to us, such as your name(s), postal address(es), email address(es), phone number(s), and payment details. We also collect personal information from you if you apply for a job with us or work for us for any period of time. In this context, personal information we gather may include: contact details, next of kin, financial and payment details, details of education, qualifications and skills, marital status, nationality, NI number, job title, and CV.
Personal information provided by third parties
We may also at times receive information about you from third-parties. For instance, if we are working on a building site as a subcontractor, we may be required by the main contractor to make contact with you, as their customer, with regards to any plumbing-specific enquiries you have, or to invoice you directly for and the work we have completed. We also work for letting agencies and landlords who may request that we contact a tenant on their behalf to arrange visits to their property for plumbing-related work. In all of these scenarios we operate on the assumption that they have your express consent to do so under the circumstances of your contract with them and it is their contractual obligation to you to be transparent in the way they are using your information with us as a third-party supplier.
If you apply for a job or apprenticeship with us, we may receive information from the people who provide references, as well as details about your qualifications from your education provider.
Personal information about other individuals
If you give us information on behalf of someone else as an alternate contact, referee or next of kin, you confirm that the other person has agreed that you can:
• give consent on his/her behalf to the processing of his/her personal data
• receive on his/her behalf any data protection notices
Sensitive personal information
As a customer we will never ask you to provide sensitive personal information. Sensitive personal information includes information relating to your ethnic origin, political opinions, religious beliefs, whether you belong to a trade union, your physical or mental health or condition, sexual life, and whether you have committed a criminal offence.
As an employee, we will only ask you to provide sensitive personal information if we need to for a specific, legitimate reason in order to comply with the law or protect the health and safety of any other person. If we request such information, we will explain why we are requesting it and how we intend to use it.
How and when we collect information from you
We do not monitor or record telephone communications with you. We may however, record notes from a telephone conversation if it assists us with managing aspects of your account, such as logging when we can expect to receive payment.
You can set your browser not to accept cookies and the websites below tell you how to remove cookies from your browser. However, some of our website features may not function as a result.
For further information on cookies generally visit: www.aboutcookies.org.
Reasons we can collect and use your personal information
We rely on a different lawful basis for collecting and using personal data in different situations.
Where we collect personal data, we’ll only process it:
• to perform a contract with you, or
• where we have legitimate interests to process the personal data and they’re not overridden by your rights, or
• in accordance with a legal obligation, or
• where we have your consent.
Where you make enquiries about a plumbing and heating service before you become a customer, we need to collect personal information about you so that we can take steps to enter into a contract with you. Once you have become a customer, we need to collect and use personal information to provide services to you and to claim our right to be paid in return for our services under our standard terms of business/contract with you. This includes collecting and using your personal information to:
• enable us to follow up on enquiries made by you in relation to a plumbing or heating job in accordance with industry guidelines and to give you our quote;
• create and manage an account for you from which we can prepare a quote / invoice
• contact you for reasons related to the service you have requested or to provide information you have requested;
• deal with payment for our services;
• notify you of any changes to our website or to our services that may affect you; and
• resolve disputes or collect overdue payments.
If you apply for a job with us, we will collect and use personal information to process your application and check references. If you take a job with us, we will collect and use your personal information to enter into an employment contract with you and to administer the employment relationship, including making payments to you, accounting for tax, ensuring safe working practices, monitoring and managing staff access to systems and facilities, monitoring absences and performance and conducting assessments.
We collect and use personal information from our customers and employees to comply with our legal obligations. For example, we will take copies of identity documents so that we can comply with our vehicle insurance requirements.
If we propose to use your information for any other uses we will ensure that we notify you first. If we need your consent to use your information for these other purposes, we will give you the opportunity to opt in or to refuse. If you opt in, you will be able to opt out at any time.
When will we contact any other person about you?
The only circumstances that we will contact another person about the information that we hold on you are the following:
• If you have provided an alternative contact in relation to a service you have employed us for;
• If it is requested and deemed legitimate under a contract we hold with a Contractor for whom we are providing services;
• If you provide us the details of a person who we can contact for a job reference, we may contact that person in connection with your job application;
• If they have been specified as your next of kin in the event of an emergency.
Who your information might be shared with
We may disclose your personal data to:
• service providers under contract with us to support our business operations, such as email service providers, payroll and accounting software and other technology services
• our insurers and insurance brokers (if you are an employee for the purpose of covering you under our work-related insurances such as public liability, vehicle etc)
• any person or agency if we need to share that information to comply with the law or to enforce any agreement we may have with you or to protect the health and safety of any person;
• any person who you have named as a person we can contact to discuss your account;
• any person who is your agent or representative, such as a landlord, project manager etc that we have a contract with
• any person who we are negotiating with as a potential buyer of our business or property or if we are proposing to merge our business with another business;
• credit card associations if specifically required (for employees only)
If we pass data on to insurers, they may enter your data onto a register of claims which is shared with other insurers to prevent fraudulent claims. If we use an outside party to process your information, we will require them to comply with our instructions in connection with the services they provide for us and not for their own business purposes.
Keeping your personal information
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those people processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We will use technical measures to safeguard your personal data, for example:
• we store your personal data on secure cloud-based servers; and
• payment details are encrypted on a secure server
• employee-managed devises are set up with two-step verification and mobile devise management
We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable supervisory body of a suspected data breach where we are legally required to do so.
While we will use all reasonable efforts to keep your personal data safe, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that is transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How to contact us’ below).
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
Transfers of your personal information out of the EEA
We will not transfer your personal data outside of the [United Kingdom OR European Economic Area] or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
How long do we keep your personal information for?
We will usually hold your personal information as a customer or employee on our system for the period we are required to retain this information by applicable UK law, currently 6 years from the end of our contract or 6 months after any unsuccessful job application, unless you have told us you want us to delete the information earlier (see section “What rights do you have” below).
What rights do you have?
Under the General Data Protection Regulation, you have a number of important rights. These include the right to:
• request a copy of your information which we hold;
• require us to correct any mistakes in your information which we hold;
• require the erasure of personal information concerning you in certain situations
• require us to stop contacting you for direct marketing purposes;
• object in certain other situations to our continued processing of your personal information;
• restrict our processing of your personal information in certain circumstances;
• object to decisions being taken by automated means which produce legal effects concerning you or which affect you significantly; and
• receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations.
Further information on each of these rights is available from the Information Commissioner’s Office.
If you would like to exercise any of these rights, please email, call or write to us (see ‘How to contact us’ below)
We will not charge any fee for any of these services.
How to contact us
The General data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone 0303 123 1113.
This Privacy Notice was published on 24th May 2018. We may need to update this notice from time to time. You should check this policy occasionally to ensure you are aware of the most recent version.