By law any company handling personal and sensitive data have to adhere to particular guidelines to ensure they comply with General Data Protection Regulation (GDPR).
- We do not purchase data from outside sources.
- We would never share your data with 3rd parties, unless for the purposes of deliveries and our legal obligations.
- All information we keep on file is processed in one office only and is not on a public network.
- Sensitive data is never stored on our database i.e. payment information.
- Only authorised personnel are allowed to handle sensitive data.
- All our managed hosting and product servers are secured to PCI standards (Payment Card Industry, the security standard for ecommerce) and are regularly scanned by an independent PCI ASV (approved Scanning Vendor). Our systems and services store your data securely to a level that is generally accepted as being greater than the minimum requirements for GDPR.
- The check out pages on our website are SSL secure.
- Data is sent to and from the servers via encrypted protocols.
- Data such as name, postal address, email address and phone numbers may be shared with Royal Mail or other couriers for the purposes of delivering an order.
We do not send un-solicited emails. Any contact is made to existing customers, who are able to un-subscribe at any time.
When filling in our contact form, you are offering up your information to allow us to serve your needs.
We collect cookies for the following reasons:
- To know if a customer is new or returning to the site (for statistics only).
- Session cookies at the checkout stage to remember your previous selections.
- Google and Bing Analytics to allow us to measure web performance and advertising.
What information do we keep?
All information we retain is provided to us when meeting an employee or via telephone, email and other forms of electronic communication.
- Contact name, Company name and address, Contact number, Email address, Site address and Service history.
- Some information we ask for is optional i.e. mobile number. This can be used to help speed up contact e.g. when an engineer is on site and we need to speak to the customer about the works.
Supply Only Sales
- Contact name, Company name and Invoice address, Contact number, Delivery address, Email address and Purchase history.
- All sensitive data is processed via Sagepay and First data Merchant Services, with encrypted platforms.
- On a rare occasion when an order is placed via telephone, the information is processed via Sagepay On-Line Merchant Terminal. Once the payment has been authorised the card data is destroyed.
How long is your information kept?
- We have to keep information of sales for a period of 6 years for legal and auditing purposes.
- Quotations are only kept for a short period of time, as after that the information is not relevant and a re-inspection of the doors is required.
- We keep records of previous invoices, to allow us to keep a record of door locations and their equipment for guarantee purposes and future works required.
We would contact everyone on our database, should there be found to be a breach.
Under the EU Regulation 2016/679 GDPR and if you are a European data subject, you have the following rights:
- To obtain access to and copies of the personal data we hold on you, via a subject access request.
- To ask us to stop processing your data.
- To erase your data, where possible, whilst not breaking our own legal obligations.
- To require us to correct the personal data we hold about you if it is in-correct.
Should you have any enquiries regarding the above, please direct them to the following:
Able Door Spring Company Ltd
Overbeck House, Solid Lane