This website is operated by Yorkshire Profiles Ltd. We take our privacy very seriously and urge you to read this policy because it contains important information about who we are, how and why we collect, store and use your data, your rights in relation to your data, and how to contact us in the event that you have a complaint or with you exert your right to be forgotten by us.
“Personal data” is information that relates to an identifiable person who can be directly or indirectly identified from that information, for example, a person’s name, identification number, location, online identifier. It can also include pseudonymised data.
“Data processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
C) DATA PROTECTION PRINCIPLES
Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
a) processing will be fair, lawful and transparent
b) data be collected for specific, explicit, and legitimate purposes
c) data collected will be adequate, relevant and limited to what is necessary for the purposes of processing
d) data will be kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
e) data is not kept for longer than is necessary for its given purpose
f) data will be processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
g) we will comply with the relevant GDPR procedures for international transferring of personal data
If you would like to exercise your rights to be forgotten following the completion of your order, please contact us on the below email address.
D) TYPES OF DATA HELD
Yorkshire Profiles Ltd (‘we’ or ‘us’) collect and use certain information about you and/or your business. When we do so we do so under the principles of the General Data Protection regulations which apply across the European Union (including the United Kingdom) and we are responsible as the “controller” of that information for the purposes of these regulations.
Specifically, we collect and hold the following types of data:
a) name, business name, address, phone number, email address, order history and password.
a. You provide this information to us upon registration of our online system.
b. The information is initially held on a consent basis (by way of registration) and can be deleted at any time on your right to be forgotten.
c. If an order is placed, this information is held contractually. Upon billing, the information is held legally for a period of 6 years for tax purposes.
b) We do not store payment details, but they may be processed and stored by a third-party payment processor. Their details will be shown to you when payment is requested.
a. You provide this information if you choose to pay via Credit/Debit Card.
b. The information is processed on a contractual basis to complete an order.
c. The information will be stored securely by Global Payments on a legal basis (Tax purposes and Fraud prevention).
c) Cookies are used for visitor tracking. Where possible we anonymise IP data to prevent you from being identified, but where the website contains embedded content (e.g. videos or snippets from other suppliers) additional cookies may exist.
a. All non-essential cookies are consented to via a pop-up window.
b. Cookies can be deleted at any time by clearing your internet history or running cleaning applications.
c. Visitor tracking information stored via Google Analytics is deleted after 14 months.
d) If you register for our newsletter, we will store your name and email address.
a. You provide us with this information upon registration for the newsletter.
b. The process is double opt-in. This means you will also have to click inside a confirmation email to say you would like to receive the newsletter.
c. You can unsubscribe at any time by clicking unsubscribe in any received newsletter.
E) INFORMATION YOU PROVIDE ABOUT THIRD PARTIES
If you provide us with information relating to another person or business, you confirm that the other person, or the business owner/director have appointed you to act on their behalf and agreed that you:
a) Can consent on their behalf to the processing of the data required to place the order with us
b) Shall receive any data protection notices on their behalf
c) Can consent on their behalf to the transfer of their personal/business data abroad
F) MONITORING AND RECORDING COMMUNICATIONS
We may monitor communications such as emails and telephone calls for the following purposes:
a) Quality Assurance and Policy Compliance
b) Completion of enquiry/Order
G) COOKIES AND SIMILAR TECHNOLOGIES
a) Traffic data for the website
b) Embedded videos may contain cookies which will track your location if you allow it.
c) User login tracking for moderators of the website.
d) Where we use a “Content Delivery Network” to speed up performance of the website.
This information helps us to analyse the use of our website and boost its performance for you, the end user.
Cookies can be deleted at any time by clearing your internet history or by clicking here. There are several cookie blocking options available for your browser but may affect the loading performance of the site.
|Content Delivery||session||This cookie is used to track which servers are delivering you various parts of the website when we are using a Content Delivery Network to speed up the performance of the website.|
|Google Analytics||persistent||24 hours|
Used to count the number of visitors and pages visited.
|Google Analytics||persistent||2 Years||Used to count the number of visitors and pages visited. IP anonymised so cannot identify you from stored data.|
|Google Analytics||persistent||24 Hours||Used to count the number of visitors and pages visited. IP anonymised so cannot identify you from stored data.|
|Google Analytics||persistent||6 hours||Used to count the number of visitors and pages visited. IP anonymised so cannot identify you from stored data.|
|Google Website Call Conversion||persistent||3 Months||Google Website Call Conversion|
|Online Quoting||session||This cookie keeps you logged in if you are using our online quoting tools.|
|Online Quoting||session||Used by our online quoting tool to maintain your position in the system.|
H) HOW AND WHY WE USE YOUR INFORMATION
We collect information about users of the online ordering system on our website for the purpose of:
a) Order processing and completion
We may share your information with the following third parties as part of the contractual obligation of completing your order:
b) The company responsible for our online ordering system, for the purpose of transferring your order to us digitally.
c) Payment Processing company; if paying by Credit/Debit card.
d) Couriers for the purpose of delivering your order
e) Our accounting company for the purpose of sending an invoice and/or receipt for payment
f) Our banking institution for the purpose of invoice financing.
We will hold your personal information for the purpose of completion of the order placed with us through our online system. In order to complete the order, this information is transferred to our customer database.
Information provided by you for the purpose of order completion is required under the lawful basis of contractual obligations, as without this information we cannot complete the requested order for you.
I) DATA SECURITY
We have appropriate security measures in place to prevent personal information being lost or used or accessed in an unauthorised way. We limit access to your personal/business information to those who have a genuine business need to know it – our data processors. Those data processors will process your information in an authorised manner and are subject to a duty of confidentiality.
Data provided through our online ordering system is stored on a secure server for the purpose of order completion. Data transfers take place with HTTPS connections.
We have procedures in place to deal with any suspected data security breach – our Data Breach Notification Policy – and we would notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
While we take every reasonable effort to secure your personal/business data, in using any website, including ours, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal/business data that is transferred from you or to you via the internet. If you have any particular concerns, please contact us on the below email/postal address.
J) THIRD PARTY PROCESSING OUTSIDE OF THE EEA
Through the use of our online ordering system, your personal/business data is transferred outside of the European Economic Area to the following country:
This transfer is undertaken for the purpose of:
b) Personal/business information is required for the contractual purpose of order completion when this information is sent to us through our online ordering system, the servers for which are geographically located in Australia
Australia is not currently on the list of countries with the same data protection laws as the EEA. Whilst the European Commission has not given a formal decision that such countries provide adequate levels of data protection similar to those that apply to us, any transfer of your personal/business information will be subject to this, and our other, data protection, storage and transference policies, that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach in accordance with the GDPR Articles.
K) REQUIREMENT TO NOTIFY BREACHES
All data breaches will be recorded on our Data Breach Register. Where legally required, we will report a breach to the Information Commissioner within 72 hours of discovery. In addition, where legally required, we will inform the individual whose data was subject to breach.
More information on breach notification is available in our Breach Notification policy.
The Company keeps a Customer Database for the purpose of order completion. It is your right, should you so choose, to be erased from this list at any time.
Orders, including .dxfs, on our system are retained for the purpose of reference in ensuring that repeated orders are priced and processed correctly. These records are retained for 6 years from the data of completion in order to comply with the Tax Management Act 1970, relating to VAT records. Should you exercise your right to be erased from our records, records of your orders will be included in this erasure, with the exception of information required under the Tax Management Act for the purpose of VAT records.
The company also keeps a record of any errors made in processing orders, through a Problems and Improvements Log as part of our ISO9001 certification. This Log contains information relating to a customer’s name/company name and the details of the order. This record does not include information relating to customer contact information. We require this information for the purpose of maintaining our ISO9001 certification, and for the purpose of Quality Assurance and Error Correction.
M) DATA PROTECTION COMPLIANCE
Our appointed compliance officer in respect of our data protection activities is:
Amy-Juliet Reeves Rowley Halliwell
Quality Assurance Coordinator, Yorkshire Profiles
If you have any questions about this policy, any other of our data policies, or the information we hold about you, please contact us by:
Post: Yorkshire Profiles Ltd
Quality Department – Data Protection
Hessay Industrial Estate
Telephone: (01904) 737095