Data Protection Policy
You are on the websites of Prestige Fittings Ltd, www.prestigefittings.co.uk . The protection of your data is important to us. We would therefore like to inform you in the following about which data from your visit we will be using for which purpose.
Controller within the definition of the General Data Protection Regulation (the “GDPR”) and other data protection provisions: applicable within the Member States of the European Union is:
Prestige Fittings Ltd
Unit 3, Globe Trading Estate,
2. Credit Card Details
We do not store customer credit card details or provide to any third party except the relevant card processing company or bank to check the acceptance of your transaction. The legal basis for this is Art. 6 (1 1st sentence b) GDPR.
3. Data processing
3.1 General information
Personal data is all data that can identify you personally, such as your name, address, email address and online user names. The personal data of our users is used as follows:
performing our services,
1. performing our services
2. ensuring the delivery of technical support.
Unless otherwise described in the following sections, in general no personal data will be collected, processed or used in connection with the use of this website.
3.2 Storage of access data, creation of log files
Whenever a user accesses a page on this website, and whenever a file is accessed, access data about this procedure is recorded in a log file and saved. The recorded information is standard logging. Each data record consists of the following:
- Date/time of request
- Page from which the file was requested
- Pages retrieved via our website by the user's system
- Called up file name
- Transmitted volume of data
- Access status (file transferred, file not found)
- Description of operating system and web browser used, client IP address and user name (login data) of authenticated users
This data is used to deliver the content of our website, ensure the functionality of our information technology systems, and to optimise our online presence. The data may be used in an anonymised form for statistical purposes (see below), as well as for the purposes of data security, especially for error analysis and preventing hacking attempts (Art. 6 (1f) GDPR). Access rate will not be used for the creation of individual user profiles, nor be passed onto third parties, and will be erased after 90 days at the latest.
3.4 Contact form
If there is an option for entering personal or business information on this website, the information is always entered voluntarily. Information required to perform the desired operation is designated with an asterisk ‘*’. If you provide us with personal or business information via the contact forms, we will only use it for the respective intended purpose. Your consent constitutes the legal basis for this (Art. 6 (1a) GDPR). Data transfers are encrypted using SSL or TLS technology in order to prevent the unauthorized access of your personal data by third parties.
3.5 Supplier portal
You enter your surname, first name and other business data in order to register for the supplier portal. This will enable you to access our services for suppliers. The data will be stored for the duration of the registration, for the purpose of performing the contract and in order to fulfil statutory obligations. The legal basis for this is Art. 6 (1 a and b) GDPR. You may cancel your registration at any time. In that case, your access will be blocked immediately and erased upon the expiry of the statutory retention obligations.
3.7 Email marketing
You have the opportunity of subscribing to our marketing communication emails. To do so, you are required to enter your email address to which we will send these communications. If you enter this into the input screen, we will record your name and/or company name in order to personalise the emails to you. By entering your email address you agree that we may use your data for the purpose of sending you marketing email communications. The legal basis for this processing is Art. 6 (1a) GDPR. Your email address will not be used for any other purpose; in particular it will not be sent to any third parties.
You can unsubscribe from emails at any time; which will take affect from 72 hours in the future. To unsubscribe, simply use the relevant button located at the bottom of every marketing communications email that we send you. Your email address will then be suppressed from our email service platform to avoid sending you future marketing emails.
If you would like to place an order on our website, the conclusion of the contract requires you to provide your personal data that we need in order to execute your purchase order. An “*” indicates the mandatory information required to execute contracts; other data is voluntary. To place an order with us, you are required to enter your company-specific customer number. We will process the data provided by you, in order to execute your purchase order. To this end, we may forward your payment data to our house bank. The legal basis for this is Art. 6 (1 1st sentence b) GDPR.
We may also process the data you provide, in order to inform you about other interest products in our portfolio, or to send your emails containing technical information. The legal basis for this is Art. 6 (1 1st sentence f) GDPR.
Commercial and tax law stipulations oblige us to store your address, payment and order details for a period of ten years. However, we will implement a limitation on processing after three years, meaning that your data will only be used in order to fulfil the statutory obligations.
The order procedure is encrypted using SSL or TLS technology in order to prevent the unauthorised access of your personal data - particularly your financial data - by third parties.
Rights of the data subject
You have the right
- to demand information concerning the categories of data processed, the purposes of the processing, any recipients of the data, the envisaged storage period (Art. 15 GDPR);
- to demand the rectificationor augmentation of incorrect or incomplete data (Art. 16 GDPR);
- to withdraw consent at any time, effective for the future (Art. 7 (3) GDPR);
- to object to the processing of your personal data on grounds relating to your particular situation (Art 21 (1) GDPR);
- in certain cases defined in Art. 17 GDPR, to demand the erasure of data - especially insofar the personal data is no longer necessary for the envisaged purpose or if it is processed unlawfully, or if you withdraw your consent in accordance with (c) above, or if you have stated your objection in accordance with (d) above;
- under certain conditions, to demand the restriction to the processing of data, insofar as it is not possible to erase it, or the obligation to erase disputed (Art. 18 GDPR);
- to data portability,i.e. you are entitled to receive the personal data concerning you, which you provided to us, in a commonly used machine-readable format, such as CSV, and, where relevant, to transmit it to others (Art. 20 GDPR);
8. Amendment of the Data Protection Declaration
We reserve the right to amend this Data Protection Declaration in accordance with relevant changes to the law or the services we offer. Older versions shall remain accessible.
Last Updated August 2018