We update this policy from time to time so please do return and review this page regularly. Last Modified: 23/05/2018
Who we are
Registered office: Doorstuff Ltd., Unit 10 Estuary Court, Broadmeadow Industrial Estate, Teignmouth, TQ14 9FA, United Kingdom
Company registration number: 5764690 (England & Wales)
Our Data Protection Officer is Ian Butland.
“You” and “your” means you, as an individual, as a data-subject.
“We”, “us” and “our” mean Doorstuff Ltd, or any of the brands/websites it operates:
Who may we collect data on?
We have categorised the types of ‘Data Subjects’ we collect data from. This will make it easier for you to identify what category(s) you would fall under and the types of data that may be held on you. The following is a list of ‘Data Subjects’ that we may process data on:
Consumer – Customers that would be considered B2C sales.
Client – Customers that would be considered B2B sales.
Contact – Often associated with a Client (in the B2B world) which, although not specifically the company in question, identifies individuals who might be used as contact points within that company and could be seen as individuals associated to a company.
Prospect – A potential customer qualified on the basis of their buying authority, financial capacity, and willingness to buy.
Website Visitor/Visitor – A visitor to any of our websites, whom accesses via any internet enabled device.
Internal Data Subject – A person or company we deal with in the running of our normal business practises, e.g. Suppliers, Employees, Contractors, Recruitment Candidates, etc. For more information about our data use and storage for these categories please contact our Data Protection Officer on firstname.lastname@example.org
Types of data we collect
This section aims to outline the data we collect, how it may be used and how/when we destroy personal data records and when/how we may have obtained it.
When someone visits www.doorstuff.co.uk and www.sliding-doorstuff.co.uk we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site or the times of day when visitors are browsing – this enables us to make decisions on how best to improve website functionality/efficiency and ultimately, the experience of the visitor. This information is only processed in a way which does not identify anyone; aggregate statistical information is used in any decision making.
We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website(s). We do not have full control of the settings provided in the service, specific changes or exclusions can only be made via contact to Google Analytics.
Contact Form Submissions From Our Website(s) and General Email Enquiries
If a visitor uses the ‘Contact Us’ process or sends us an Email Enquiry, personal data is supplied, usually:
a) your name (required on the contact form);
b) your email (required on the contact form);
c) your company (optional on the contact form); and
d) your message
This information is not stored within our website(s) database, the data submitted, is immediately sent to our Sales Team via email. That is the only record of this data and it is needed to enable us to respond to genuine enquiries made via our website(s). Our Emails are stored in-house and are protected under the measures and controls of our IT Infrastructure and internal policies, which is described further in this notice. We keep our contact form enquiry emails organised and protected by authorised access only, with the ability to retrieve or delete at any given time. Any further contact, would categorise the website visitor as another type of ‘Data Subject’, then falling under the relevant processes/measures applicable to that individual’s new ‘Data Subject’ type.
The transmission of information via the internet is not completely secure and therefore we cannot guarantee the security of data sent to us electronically and transmission of such data is therefore entirely at your own risk.
Contact Details, Billing and Shipping Details and Addresses
As part of our general business operations, personal data is required to confirm orders with Doorstuff Ltd. We will require the following information to confirm orders with our consumers/clients:
a) your name;
b) your email;
c) your telephone number;
d) billing address details;
e) shipping address details;
f) credit card details (if payment from a Customer is taken via credit card, the details are entered directly into the SagePay payment gateway, or card machine in the case of trade counter sales, by authorised staff, whilst the card-holder is on the phone or present in person, no credit card details are entered into our business systems, any card numbers that are written down are under strict policy to destroy instantly, via a purposed shredder);
h) online payments are also taken via PayPal, we keep no records of payment details or card numbers for these payments. Payments are processed via PayPal, through their secure systems. The shipping address, email and phone number are all that is required for us to accept payments via PayPal.
This information is a standard requirement to confirm business activity in the form of ‘Sales. The information is recorded under lawful basis to allow for confirmation of order, delivery of goods, payment of invoices, requests for reviews and ultimately, adherence to the business ‘Contract’ commitment established when confirming an ‘Order’. This information is stored and processed in our business systems Romancart and Mazurka.
Access to the Romancart and Mazurka are controlled via ‘User Permissions’, the authorised employees processing the data will only process the data to fulfil their responsibility and are aware of their obligations under GDPR and our code of conduct.
Internal Data Subjects’ Data
Employee, Ex-Employee, Workers, Next of Kin, Recruitment Candidates etc.
If you are somebody that has worked for us (current or previous), be it as a staff member, worker or contractor, then it is likely that we have/will collect information about you. If you have applied to work for us, then it is also likely we will/have collected information about you. The information relating to these internal ‘Data Subjects’ is controlled by our HR Department, a lot of the information is a legal requirement and retention laws may apply, information regarding these Data Subjects is summarised in this policy – For more information on this kind of data we will be happy to help, please send your enquiries to our Data Protection Officer on email@example.com
What Are Cookies?
For more general information on cookies see:
On occasion, we may gather information about your computer for our services, and to provide statistical information regarding the use of our Website(s) to our advertisers.
Such information will not identify you personally; it is statistical data about our visitors and their use of our site. This statistical data does not identify any personal details whatsoever. It is used by us to analyse how visitors interact with the Website(s) so that we can continue to develop and improve them.
We may gather information about your general Internet use by using a cookie file that is downloaded to your computer.
Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer as cookies contain information that is transferred to your computer’s hard drive. They help us to improve our Website(s) and the service that we provide to you.
All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you may be unable to access particular areas of our Website(s).
Any advertising featured on the Website(s) may also incorporate cookies, over which we have no control. Such cookies (if used) would be downloaded only once you click on advertisements on our Website(s).
Third Party Links
You may find links to third party websites on our website. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
Basis for Processing Data
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
In specific situations, we can process and store your data with your consent.
For example, when you sign up (Opt-In) to receive communications in relation to a specific service. When requesting consent to keep or record your personal data, we’ll make clear to you which data is necessary in connection with a particular service.
In certain circumstances, we need your personal data to comply with our contractual obligations.
For example, if you order an item from us for delivery, we’ll collect your shipping address details to deliver your purchase, and pass them to our courier(s).
If the law requires us to, we may need to collect and process your data.
For example, we can pass on details of people involved in fraud or other criminal activity affecting our company to law enforcement.
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
For example, we will occasionally email you (via MailChimp) with our company newsletter containing our news, product announcements and community interest features, and we may use your purchase history to send you or make available personalised offers. If you no longer want to receive these newsletters, then clicking 'unsubscribe' on the bottom of the newsletter or contacting our Data Protection Officer on firstname.lastname@example.org with your request will permanently remove you from the list. Consent for direct marketing will be requested, explicitly from all other forms of consent.
Security of Data
We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
We secure access to all our websites using ‘https’ over SSL technology.
Access to your personal data is password-protected, employees have user-access controls assigned to them and an ‘Internal Processor Agreement’ has been agreed to by all staff processing personal data, outlining their responsibility, expectation and any actions that may result from a breach.
We regularly monitor our system for possible vulnerabilities and attacks. We use Firewalls, Enterprise-Level Anti-Virus, Anti-Malware and Back-Up Utilities throughout the entire organisation.
Last, but certainly not least… PEOPLE! We do our best in keeping staff trained and up to date on the most current forms of cyber-threats and regulation affecting the privacy/security of businesses/individuals and how to apply best-practice; continually making efforts to be more capable of scrutinizing dubious/harmful incoming communications throughout the organisation and developing a culture of ‘privacy by design’.
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. We identify what form the data is held, where it is located etc.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
If you would like more information about the retention periods for specific data types, please contact our Data Protection Officer on email@example.com
Who do we share your data with?
We sometimes need to share your personal data with trusted third parties.
For example, our Website Development Company, Couriers Making Deliveries, IT Remote Backup Company, Auto-Mailing Company, Trustpilot, eBay and PayPal all provide services which enable us to do business.
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
· We provide only the information they need to perform their specific services.
· They may only use your data for the exact purposes we specify in our contract with them.
· We work closely with them to ensure that your privacy is respected and protected at all times.
· If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
· Agreements are in place with all of our Data Processors, to ensure that privacy of personal data ‘processed’ on our behalf, is lawfully held and managed.
MailChimp – Auto-Mailer
We sometimes use a third-party provider, MailChimp, to deliver emails to our mailing list. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our service. For more information, please see https://mailchimp.com/legal/privacy/
You can unsubscribe to these general mailings at any time by clicking the unsubscribe link at the bottom of any of our emails or by emailing our Data Protection Officer on firstname.lastname@example.org
Courier, Freight, Delivery – Delivery of goods, on our behalf, to our customers/clients
“Contractual obligation – In certain circumstances, we need your personal data to comply with our contractual obligations.”
For example, if you order an item from us for delivery, we’ll collect your shipping address details in order to deliver your purchase, and pass them to our courier. Regarding Data Privacy under GDPR, we have been satisfied in the cooperation and information provided by our couriers relating to their GDPR compliance - which is the responsibility of each organisation.
Ebay and Paypal
We occasionally use eBay and PayPal to take orders for specific types. The data processed is covered already under the Contact Details, Billing and Shipping Details and Addresses section. Any orders that come via eBay, are paid via PayPal, only authorised members of the team access these accounts. Orders are processed directly into our standard system and internal processes; eBay and PayPal merely provide the demand and means to take payment for these types of orders. We do not hold or store any payment (credit/debit card) details, PayPal is the payment handler that securely processes payment information and is the only method we use to receive payments via eBay. See below the links to the privacy policies for both organisations, we are satisfied with the compliance levels of these organisations:
Where may we transfer your data?
Sometimes we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA).
If you are based outside the UK and place an order with us, we will transfer the personal data that we collect from you to the Partnership in the UK.
Protecting your data outside the EEA
The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway
We may transfer personal data that we collect from you to third-party data processors in countries that are outside the EEA such as Australia or the USA.
For example, this might be required in order to fulfil your order, process your payment details or provide support services.
If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA. For example, our contracts with third parties stipulate the standards they must follow at all times. If you would like any more information about these contracts please contact our Data Protection Officer.
Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.
Access to your personal information
You are entitled to be informed, view, amend, take/move, object to/restrict processing, not be subject to auto-profiling and decision making, delete/’be forgotten’, for the personal information that we hold on you, unless there is Legal Basis to do so.
If you would like to make an enquiry regarding personal data, please email our Data Protection Officer on email@example.com directly with your request, making sure to include your:
– Full name
– Relation to the company (see Data Subject Types)
– Your request
Under the GDPR we are under obligation to respond to a Data Subject Access Request (DSAR) within one month, we will do our best to respond to most requests within 72 hours, however there may be cases where a more thorough request may be required, needing more time to gather all the information and personal data.
Your Personal Privacy is very important to us. We hope we have been able to provide as much information as you may require but please do not hesitate to contact our Data Protection Lead, should you wish to seek more information. We are committed to complying with both the GDPR and the UK Data Protection Bill to the best of our ability, going further than just the letter of the law.