privacy

S&H Steel Frames Privacy Policy

Introduction

This Privacy Notice explains the types of personal data we may collect about you when you interact with us. It also explains how we store and handle that data and keep it safe.

1. WHO WE ARE AND WHAT WE DO

S&H Steel Frames is a family business based in the Midlands, supplying structural steelwork to the agricultural, industrial and equestrian markets. We can also provide steel fabrication services, cladding works and repairs and refurbishments to existing buildings. 

All our staff are employed by us directly and handle all aspects of a project including design, fabrication, supply and erecting. We can be contacted at Long Itchington Road, Hunningham Hill, Leamington Spa CV33 9ER or on 01926 633689.

2. THE FIRST POINT OF CONTACT FOR DATA PROTECTION 

If you have any concerns or queries about our data protection procedures, please contact Wendy Mace on 01926 633689, or wendy@shsteelframes.co.uk

3. WHY WE PROCESS DATA

We provide quotes for projects with prospective clients. Once instructed, we order the necessary material to be delivered onsite and an invoicing schedule is agreed. We only share your details with your consent to our suppliers and other professionals we work with. For example, once a project has started, if an engineer is required they will be given your contact details and your address.

If you are one of our suppliers, then we process your data and finance details to fulfil our contract with you, to fulfil legal requirements and as part of our ongoing working relationship. 

4. LEGAL BASES FOR PROCESSING YOUR DATA INCLUDING ANY EXPLANATION OF LEGITIMATE INTERESTS

The law on data protection sets out a number of different reasons for which a company may collect and process your personal data. Some of these reasons, set out below, are the bases we have for processing your personal data:

Consent 
In specific situations, we can collect and process your data with your consent. For example, we may contact companies identified from the Council planning portal who have submitted planning for steel frame buildings in the area, to give them information about our services, by phone or by post.

When collecting your personal data, we always make it clear to you which data is necessary in connection with a particular service.

Contractual obligations
In certain circumstances, we need your personal data to comply with our contractual obligations.
We need to collect and retain your contact details, so that we can, for example:
• Deliver our service, (our employees carry out the required work on-site, for example ground works, excavation of foundations or installation of services to the building)
• Supply you with goods or;
• To enter into a contract with you to supply us with goods or services

Legal obligations
If the law requires us to, we may need to collect and process your data.  
For example, we are obliged to retain certain information for HMRC tax and accounting purposes or to comply with other legislative provisions.

Legitimate interest
In certain circumstances, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.

For example, we may retain client and supplier information for six years beyond the contract period, in order to maintain a good working relationship with these individuals.

If you are a client or a supplier, we may also use your address details to send you direct marketing information by post or email, telling you about our goods or services that we think might interest you, based on our previous dealings with you.  

5. WHEN WE COLLECT DATA

Via our website
If you fill in the form on our website to contact us, we process your data in order for us to reply to your email.

Phone or email
If you make an enquiry or order over the phone or by email, we will use the details you give us to respond to your query and/or confirm your order. These details will be your name, addresses, phone number and, if applicable, who to raise the invoice to. This is then stored on our accounting software, Xero.

We also use the Council’s planning portal to contact companies who have submitted planning for steel frame buildings in the area. We collect company data when we do so, such as their contact details so that we can phone them. Should they not wish to receive information about our goods or services, we do not retain their data.

6. WHAT DATA WE COLLECT

• Contact information including: name, address, phone number and email address
• When you place an order with us, we will ask you who to raise the invoice to. That address is then in our accounts system and we retain a hard copy of the invoice for HMRC purposes as outlined above.
• If you are a supplier, we also collect your data as part of our ongoing contract and to process invoices and payments.
• If our clients are associated with a charity, then we may wish to support the charity by making a donation or volunteering. When we do this, we need to collect payment data in order to make a donation or contact details in order to volunteer, for example. 

7. HOW WE USE YOUR PERSONAL DATA

• We process data to enable us to process client orders and deliver our goods or services to the correct addresses
• Your bank details will only be used when payment is made against an invoice. 
• We hold your telephone number and addresses so that we can contact you via phone, post or email regarding the goods and services that we think you might be interested in.

8. HOW LONG WE KEEP YOUR PERSONAL DATA

Whenever we collect or process your personal data, we only keep it for as long as is necessary for the purpose for which it was collected.

At the end of that retention period, your data will be deleted completely. Some examples of our data retention periods:

Purchases and Services
We keep the personal data clients give us for 6 years so that we can retain a good relationship with you should you have any future queries or wish to request a quote from us for another project.

Warranties
If your order included a warranty, the associated personal data will be kept until the end of the warranty period.

Suppliers
For individuals who are supplying us with goods or services, we retain your personal information for a period of 6 years so that we can, if necessary, contact you again and continue our business relationship with you.

We also need to comply with our legal contractual obligations and therefore we need to retain certain transactional information from the order for 7 years to satisfy accounting rules.

9. HOW WE KEEP YOUR DATA SAFE

We are aware of the need to maintain the correct and highest-level security when processing your personal information. We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. 

We take the following steps to maintain the security of your personal information:

• We keep all your information in systems that are secure, such as Microsoft Office and Xero
• Access to client or supplier information is limited to only those who need access.
• We use full login and password controls on our sales control system
• We maintain firewalls and anti-virus software

Any documentation retained in paper form or kept in our office is locked away in filing cabinets, and the premises is monitored with an intruder alarm.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

10. WHO WE SHARE YOUR DATA WITH

We sometimes share your personal data with trusted third parties which act only on our instruction (known as “data processors”). 

Data processors might be, for example, 3rd party accounting apps or subcontractors or delivery drivers or those companies who store data for us:

Where we share information with these companies or individuals we make sure that they also keep your data secure and that they also protect your rights. To this end, we make sure that:
• We provide only the information they need to perform their specific services.
• They may only use your data for the exact purposes we specify in our contract with them or where their terms and conditions of processing contain the correct data processor clauses under GDPR
• If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

We sometimes also share your data with third parties for their own purposes (“joint controllers”) e.g. HMRC, accountants, legal advisors.

We will only do this in very specific circumstances, for example:
• With your consent
• Where we have a data sharing agreement in place with the other party 
• Where we are obliged to share the information for legal reasons 

11. WHERE YOUR DATA IS PROCESSED

We do not transfer data outside of the EEA. 

From time to time we may pass personal data such as your name and email address to other services that we use to send out communications (both electronic and print). 

However, your personal data will remain in the EU or countries considered by the EU to have equivalent policies such as Jersey, Guernsey, Switzerland, New Zealand and Canada. Companies based in the USA that have certified with the EU-US Privacy Shield programme are also considered to be permitted destinations by the EU (this includes popular US products like Gmail, DropBox and MailChimp).

12. YOUR RIGHTS AND WHO TO CONTACT

You have the following rights, which you can exercise free of charge:

If you would like to exercise any of those rights, please email us at wendy@shsteelframes.co.uk or henry@shsteelframes.co.uk or call 01926 633689.

OTHER RIGHTS

Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. You can do this by contacting wendy@shsteelframes.co.uk or henry@shsteelframes.co.uk.

Where we rely on our legitimate interest

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. 

We will then stop processing your information unless we believe we have a legitimate overriding reason to continue processing.

Direct marketing 

You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We will always comply with your request. To ask us to stop direct marketing please email us at wendy@shsteelframes.co.uk or henry@shsteelframes.co.uk 

Checking your identity

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. 

For us to check your identity, please:
• Let us have enough information to identify you (e.g. your full name, address and client/supplier number or order number, if applicable);
• Let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
• Let us know what right you want to exercise and the information to which your request relates.

If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act on your behalf.

If we choose not to action your request, we will explain to you the reasons for our refusal.

Your right to contact the ICO

We would hope that you will always raise any issues with us first, and that we will be able to resolve them to your satisfaction. However, if this isn’t possible then you always have a right to complain directly to the Information Commissioner’s Office (ICO) If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data.

You can contact them by calling 0303 123 1113 (local rate) or go online to www.ico.org.uk/concerns (this opens in a new window; please note we can't be responsible for the content of external websites).

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.

You also have the right to take to seek a judicial remedy. 

UPDATES TO THIS PRIVACY NOTICE

From time to time we will make changes to this Privacy Notice, for example, as the result of government regulation, new technologies, or other developments in data protection laws or privacy generally. You should check our website periodically to view the most up-to-date Privacy Notice. This privacy notice was last updated on 19 July 2018.

Share by: