Here at Guardian Waterproofing, we take your privacy seriously and will only use your personal information to administer your account, support a guarantee (where applicable) and to provide the products and services you have requested from us. Our policy adheres to the guidelines published in the General Data Protection Regulation (EU) 2016/679.

This privacy notice explains what information we collect, why we need the information and what we do with it.

A lead for data protection is Hannah Herbert. For any questions relating to this notice and our privacy practices, please contact her at hannah@guardianwaterproofing.co.uk or call 01242 649129.

What information we collect from you

If you contact Guardian Waterproofing by telephone, website or email, the information we will need to collect from you is your name, telephone number, email address, property address, contact address, business details (where applicable) and scope of work in your property.

If we buy goods from suppliers or supply you with goods or services; for example, damp proofing treatment we will also need to collect limited financial information.

Our website uses cookies. A cookie is a small file of letters and numbers that we put on your computer if you agree. These cookies allow us to distinguish you from other users of the website which helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For example, the cookies we use are ‘analytical’ cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the site when they’re using it. This helps us to improve the way our website works, for example by making sure users are finding what they need easily and by helping you enter our site without having to login.

Why we need this information

Contractual obligations

In certain circumstances, we need your personal data to comply with our contractual obligations.

We need to collect and retain your contact details so we can:-

  • deliver our service, for example to help manage your account through reports, quotes, information, invoicing and guarantees

  • supply you with goods

  • to be able to respond to queries you may have

  • to enter into contracts with our suppliers

Legal obligations

If the law requires us to, we may need to collect and process your data.

For example, we are obliged to retain certain information for HMRC reporting purposes or to comply with other legislative provisions.

Legitimate interest

In particular circumstances, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we withhold supplier information to maintain good long-standing working relationships.

What we do with your information

When you give us information we take steps to make sure that your personal information is kept secure and safe. Your full name, contact address, property address, telephone number and email address are stored on our cloud based accounts system called Xero. These details are also entered in our secure server onsite, which is backed up by our computer contractor SSL. Whilst we carry out work on your property, the contracts team keep the property address and details of work in a WhatsApp file, which has end to end encryption.

The cloud systems we use are access controlled and password protected. All systems have firewalls and anti-virus protection is updated regularly. All paper records are held in locked filing cabinets and access to all pc’s / laptops is password protected.

Any paper copies or scanned invoices, guarantees, reports and specifications which have been issued to/from you are retained securely in our offices which has an externally monitored alarmed security system and CCTV cameras.

How long we keep your data

Personal data is not stored for any longer than it is reasonably required.

Any financial invoices/terms of payments/copy account applications will be retained We in line with HMRC rules and then securely destroyed. Personal details are retained for the contract and guarantee period, to verify your guarantee, we have to maintain your property information and personal details for 10 years, to ensure we have sufficient information if a claim was to be made.

We will remove all personal and property details after a maximum of 10 years.

Sharing of your information

We sometimes share your personal data with trusted third parties which act only on our instruction (known as “data processors”).

Data processors might be, for example, our 3rd party accounting apps or subcontractors or those companies who store data for us:

Where we share information with these companies or individuals we make sure that they also keep your data secure and that they also protect your rights. To this end we make sure that:

  • We provide only the information they need to perform their specific services.

  • They may only use your data for the exact purposes we specify in our contract with them or where their terms and conditions of processing contain the correct data processor clauses under GDPR.

  • If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

Sharing your data with third parties for their own purposes (“joint controllers”) eg HMRC, accountants, legal advisors:

We will only do this in very specific circumstances, for example:

  • With your consent

  • Where we have a contract in place with the other party

  • Where we are obliged to share the information for legal reasons

We do not transfer data outside of the EEA. Our servers are located Cheltenham and Gloucester.

From time to time we may pass personal data such as your name and email address to other services that we use to send out newsletters and other communications (both electronic and print).

However, your personal data will remain in the EU or countries considered by the EU to have equivalent policies such as Jersey, Guernsey, Switzerland, New Zealand and Canada. Companies based in the USA that have certified with the EU-US Privacy Shield programme are also considered to be permitted destinations by the EU (this includes popular US products like Microsoft and MailChimp).

YOUR RIGHTS AND WHO TO CONTACT

You have the following rights, which you can exercise free of charge:

Access

The right to be provided with a copy of your personal data

Rectification

The right to require us to correct any mistakes in your personal data

To be forgotten

The right to require us to delete your personal data—in certain situations

Restriction of processing

The right to require us to restrict processing of your personal data—in certain circumstances, eg if you contest the accuracy of the data

Data portability

The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations

To object

The right to object:

—at any time to your personal data being processed for direct marketing (including profiling);

—in certain other situations to our continued processing of your personal data, eg processing carried out for the purpose of our legitimate interests.

Not to be subject to automated individual decision-making

The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

Where we rely on our legitimate interest

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.

We will then stop processing your information unless we believe we have a legitimate overriding reason to continue processing.

Checking your identity

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.

For us to check your identity please:

  • let us have enough information to identify you [(eg your full name, address and client or matter reference number)];

  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and

  • let us know what right you want to exercise and the information to which your request relates.

If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

If we choose not to action your request we will explain to you the reasons for our refusal.

If you are unhappy with our response, please contact the Information Commissioners. Please find the details below.

England
Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire
SK9 5AF
Telephone: 0303 123 1113
Email: casework@ico.org.uk

Wales
Information Commissioner’s Office
2nd Floor, Churchill House
Churchill Way, Cardiff
CF10 2HH
Telephone: 029 2067 8400
Email: wales@ico.org.uk

The accuracy of your information is important to us – please help us keep our records updated by informing us of any changes to your email address and other contact details.