Traverse Flooring UK Ltd ensures that it keeps all of its customers details securely and confidentially. We wish to treat our customers in the same way that we would like to be treated and this is the same for their personal details.
Any data that we collect on our clients when we provide a service for them is not used for any marketing purposes nor would we ever pass on customers details to a third party. Customer data that is retained is done so for legal compliance.
The purpose of this document is to provide customers, our staff and other stakeholders with a clear definition and understanding of what our guiding principles are regarding collection, use, transfer, retention and disclosure of personal data and how this is reflected in our working practices and systems.
This document outlines the data protection principles and provides practical examples of how these data protection principles are applied by Traverse Flooring UK in its own systems.
All staff at Traverse Flooring UK Ltd are required to read this document in full. Any partner or company working with or for us is also required to read this document.
If further details are required or, if there are any concerns regarding our Data Protection Policy, please do not hesitate to make contact with us: firstname.lastname@example.org
The company directors are directly responsible for the handling of any personal data we hold on our customers. Our position is that we are not only compliant with the law from a legal perspective but also within the spirit of the law – in short, we see the legal requirements as a ‘minimum’ and aim to go ‘above and beyond’ those standards wherever we can.
The company directors also act as the point of contact for notifying and cooperating with the Data Protection Authorities (DPA). Any new systems that are introduced by the company are subject to a (DPIA) Data Protection Impact Assessment.
All staff are encouraged to notify a company director if they have concerns regarding the storage, use or processing of customer personal data. The company directors will ensure all reports are responded to and, if required, immediate remedial action will be taken.
Principle 1: Lawfulness, Fairness and Transparency
All Personal Data that we process is done so lawfully, fairly and in a transparent manner in relation to the Data Subject (the individual). We will inform the Data Subject what processing will occur in an understandable manner and we will seek consent where consent is required.
Principle 2: Purpose Limitation
Any Personal Data collected will be done for specified, explicit and legitimate purposes. We will limit the processing of that Personal Data to only what is necessary to meet the specified purpose.
Principle 3: Data Minimisation
We limit any Personal Data collection to that which is necessary in regard to the purposes for which they are processed.
Principle 4: Accuracy
We will do our best to keep Personal Data accurate and up to date. We will make contact with the Data Subject to verify Personal Data and rectify, as required.
Principle 5: Storage Limitation
Personal data of Data Subjects will be kept for no longer than is necessary. Wherever possible, we will store Personal Data in a way that limits or prevents identification of the Subject.
Principle 6: Integrity & Confidentiality
We will process Personal Data in a way that ensures appropriate security of the Personal Data, including protecting against unlawful or unauthorised processing. We will use the appropriate technical and organisational measures to ensure the integrity and confidentiality of Personal Data.
Principle 7: Accountability
We will be able to demonstrate compliance with the six Data Protection Principles as outlined above.
We will regularly review our collection, use, retention, transfer, disclosure and destruction of Personal Data on a regular basis.
Personal Data will be sourced directly from the Data Subject and NOT from 3rd parties unless the collection must be carried out under emergency circumstances in order to: 1) Protect the vital interests of the Data Subject. 2) Prevent serious injury or loss to another person. 3) Respond to requests from law enforcement agencies.
Personal Data will only be collected by lawful and fair means and with the knowledge and consent of the Data Subject (the individual to which the Personal Data relates).
Where we require consent from an individual prior to collection or use of their Personal Data, we will ensure the request for consent is presented in a clear manner.
When the Data Subject wishes to withdraw their Consent we will comply in a speedy and timely manner.
When a Data Subject has an account with us, there are some emails and communications which we need to be able to send in order to deliver our service (invoices, contract changes etc). We do not regard these as marketing emails and we make it clear to the Data Subject that when they have an account with us, they are giving their permission for us to store their name, email address, address and contact telephone number(s). We will always keep our emails to the minimum.
We provide a clear route for a user to close an account with us and to delete Personal Data held. Simply email: email@example.com for us to carry this out.
No digital marketing emails will be sent out without first achieving consent. Where digital marketing is carried out from a ‘business to business’ context, there may be no legal requirement to obtain consent to carry out digital marketing to individuals provided that they are given the opportunity to opt-out. Nevertheless, we will seek to obtain consent, typically orally, before any email address is entered into our systems for marketing purposes.
There are certain circumstances when it is permitted that Personal Data be shared without the knowledge or consent of the Data Subject. These include:
We will not transfer Personal Data to Third Party Data Controllers unless the Data Subject has given their express permission to such a transfer and is required to carry out the purchase or contract with the customer.
Data Subjects with a complaint about the processing of their Personal Data should put forward the matter by writing to one of our company directors. We will inform the Data subject as to the progress and outcome of any complaint within a reasonable period.