Data Usage and Data Protection Statement
Purpose of Policy
This policy describes how Crete Pave Ltd (“Crete Pave”) collects and processes your personal data as part of the task of providing the service of pattern imprinted concrete driveway and patio installers from the company base in Rhyl, Denbighshire, UK.
It is important that you read this policy together with any other data related notice that may declared elsewhere at exhibitions, newspaper articles, etc.
Data Controller and Data Processor
Why Crete Pave Processes Personal Data (the “Purpose”)
Personal data, or personal information, is any information about an individual from which that person can be identified. Personal data does not include information where the identity has been removed or is anonymous.
Crete Pave collects and processes (stores, transfers, archives, updates and uses) different kinds of personal data, which is outlined as follows:
- Crete Pave customer/client data. Contact data: The personal data collected and processed is: name, postal address, landline phone number, mobile number and email address;
- Electronic mail and “enquiries” contact form enquiries data. Contact data: If the website contact form is used, the personal data collected and processed is: name, a telephone number (optional) and email address. If Crete Pave is contacted directly via electronic mail then the name and email address (at the very least) will be collected and processed;
- “Quick quote” contact form enquiries data. Contact data: If the website contact form is used, the personal data collected and processed is: name, a telephone number and email address;
- “Detailed quote” contact form enquiries data. Contact data: If the website contact form is used, the personal data collected and processed is: name, address, a telephone number (optional) and email address;
- Online chat enquiries data. Contact data: The personal data collected and processed is: name and email address;
- Website Comments Data. Comments made into the new blog section of the website will be recorded into the database. Web users who want to comment need to subscribe. The personal data collected and processed is as follows: email address, IP address (minimal data profile), and optionally the personal data profile can also include name and subscriber’s website address (if they have one);
- Website Functional Data. Various procedures are in place to protect the website from malicious online activities. Personal data will be recorded and processed as a consequence. Statistical data is also recorded, this will include IP address and which pages have been visited and online documents downloaded. Use and content of contact form submissions is recorded for a limited time. Use and commenting on blog articles is recorded for a limited time.
How Crete Pave Processes Personal Data
Personal data from customers/clients is collected using temporary paper-based forms or within an electronic text-based file. This information is transferred and processed within a more permanent electronic file system on a secure (password and firewall protected) desktop computer at the business address.
With the website contact form an email is generated and sent to the data processor’s computer email application. With direct email communication, the email message is also sent to the data processor’s computer email application. Messages are stored on a password protected and firewall protected computer.
Website comments data and website functional data is stored in a MariaDB database. The website data controller will be alerted by email when a new subscriber account request is made (blog commenting). Quality assured WordPress plugins are used to record and monitor website activities to ensure no malicious online activities take place. The WordPress plugins used to collect and process website-based data are: statistical add-on “WP Statistics”; security add-on “Wordfence”; electronic mail logger add-on “WP Mail Log” and; website auditing logger add-on “WP Security Audit Log”.
The website files and MariaDB database are stored and maintained on a secure shared hosting server, located within the EU, provided by established UK web hosting company, Heart Internet.
The Lawful Basis for Collecting & Processing Personal Data
The Law states Crete Pave must tell you the following:
Crete Pave holds clients’ data because it is in its legitimate interest to do so. Without holding the data Crete Pave cannot work effectively.
Crete Pave holds website functional data because it is in its legitimate interest to do so. Without collecting, processing and monitoring web-based data (which includes personal data such as IP address) the website would be vulnerable to cyber-attacks and other malicious online activities.
How Personal Data is Used
With client/customer contact data, your personal data is only used for contact purposes between you and Crete Pave regarding the task of providing the service of installing pattern imprinted concrete on order. Crete Pave may ask you if you’d like to opt in to a newsletter subscription containing offers and promotions from Crete Pave in the future.
With enquirer contact data, your personal data is only used for contact purposes between you and Crete Pave regarding the possible future task of providing the service of installing pattern imprinted concrete driveways and/or patios (and similar).
With the personal data processed in relation with the Crete Pave website operations, it is the task of Crete Pave to maintain a website that is safe to use by all, that is uncompromised by malicious online activities, and is data secure for those using the website, be it using the contact form, using the online chat facility, downloading documents, reading the news blog, or even commenting on our articles. Website activities and statistics are recorded for a maximum of 12 months and then automatically deleted.
Change of Personal Data Purpose
Crete Pave will only use your personal data for the purposes for which it was originally collected for (as previously outlined). If another reason arises for which Crete Pave needs to use your personal data you will be contacted first to gain your consent.
Note that Crete Pave may further process your personal data without your knowledge or consent where this is required or permitted by law, such as requests from government bodies, e.g. HMRC.
Disclosure of Personal Data
Crete Pave does not sell, distribute or otherwise make personal data commercially available to any party, except as described in this policy or with your prior consent.
Protection of Your Personal Data
Crete Pave takes the security of the personal data held seriously, both customer/client personal data and website based personal data. Policies and procedures are in place to safeguard it from loss and misuse.
Crete Pave also has procedures to deal with any suspected personal data breach and will notify you of breach when legally required to do so.
Good security practices are in places, namely: strong passwords; updated antivirus and firewalls; up to date Windows operating system installations, up to date Microsoft Office applications, and up to date WordPress installation and latest plugins in use at all times.
Length of Time Processed Personal Data Is Stored
Customers/clients contact data: Some personal data will be stored for up to 7 years as per the requirements stated by HMRC for income related purposes.
Enquirer contact data: Personal data will be held for the length of the enquiry. Relating emails and the data held within will be deleted in a timely manner (within weeks of the initial enquiry). Personal data from an online enquiry will never be transferred to another data process in the event the enquiry does not produce a sale.
Enqurier contact data using the Online Chat facility: Personal data will be recorded and stored for a maximum of 30 days.
Web-based Personal data: Contact form messages are recorded by the WP Mail Log plugin and stored for a maximum of 30 days. The web activities stored by the WP Security Audit Log plugin are kept for 12 months. Blog comments, if deemed helpful to an article, will be kept online indefinitely, but the owner (blog “subscriber”) of the comment will always be able to remove it at any time. If a subscriber wishes to delete their account, they can do so themselves at any time. Deletion of an account will automatically delete all their own comments from the blog as well.
Your Legal Rights
Crete Pave assumes responsibility for keeping an accurate record of personal data once you have submitted the information. Please inform Crete Pave of any changes to your information, or in the case of the blog, subscribers must update their email address by logging in at any time to the website user interface.
You are entitled to:
- Request access to your personal data;
- Request the correction or deletion of your personal data;
- Object to the processing of your personal data;
- Request a restriction of processing your personal data;
- Withdraw consent at any time, where Crete Pave is relying on consent to process your personal data.
Complaints or Concerned About Crete Pave Ltd Data Processing?