PRIVACY POLICY

Personal information is any information relating to an individual who can be identified directly from the information or indirectly from the information in combination with other information.

Personal information may include “special category data” relating to racial or ethnic origin, political opinions, religious beliefs, membership of a trade union, physical or mental health and criminal records and allegations.

When we collect personal information from you we will indicate whether it is mandatory or voluntary – for instance, this is done on the website by using asterisks to mark mandatory fields. Where we need to collect personal information by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel an order for a product or service you have with us.

1.1 WHO THE INFORMATION CONCERNS

This privacy notice applies to personal information we (as well as any subsidiaries, affiliates and applicable third parties) process concerning the following data subjects:

• Visitors to our website
• Customers who purchase goods or services or create an account with us
• Our suppliers

1.2 WEBSITE AND APP DETAILS

The types of information we may process about you includes but is not limited to:

Personal Details Name, address, email address, telephone number, date of birth, copies of identification, account name, Order Details, Delivery addresses, payment details, contact information, complaint / enquiry information, delivery photographs, survey and installation details, Account Details, Identification, purchase history and trends, credit limits, contact information, account activity, log-in details, Fraud Prevention, Anti-money laundering and credit check results, fraud investigation results, Location Details of your location Website, Details Like many websites, our server logs capture details of your operating system, browser software, IP (Internet Protocol) address and Uniform Resource Locator (URL), including the date and time of your visit.

1.3 PURPOSES OF PROCESSING

Website Visitors:

You can visit and browse our website without providing your name or contact details. We use cookies to analyse how our site is used by visitors and to provide some of the functionality – see our Cookies Policy for more information.

Customers:

If you purchase products or services from us, we may process the information you provide us for the purposes of:

• Responding to your enquiries, complaints or rights requests
• Providing a service or quoting for a service
• Keeping you informed about our products and services (including marketing)
• Processing your order and to follow up on orders that are not completed
• Arranging visits to your home (e.g. to carry out a survey or installation)
• Managing your account, including carrying out identity checks where relevant
• Managing your credit account (if applicable) including carrying out credit checks
• Using your purchase history to manage rebates and supplier claim backs
• Market research
• Seeking your views on products and services purchased from us
• Publishing trends and/or to improve usefulness and content of our website
• Tracking activity on our site and to provide a more personalised online experience
• Linking with social media sites and services, for example, for advertising purposes
• Notifying you about important changes or developments to our site or services
• Managing deliveries, returns and refunds
• Processing competition entries
• Product liability purposes
• Dealing with enquiries and complaints
• Claims management and insurance purposes
• Record keeping

Suppliers:

If you supply products or services to us, we may use your personal information for the purposes of:

• Processing and managing orders
• Managing deliveries, installations, returns and refunds
• Product liability
• Managing accounts, including conducting credit and other background checks where applicable
• Market research
• Notifying you about important changes or developments to our websites, services and policies
• Supply chain management
• Handling rights requests, enquiries and complaints
• For claims management and insurance purposes
• Record keeping

If you are a supplier and you have any questions about how we use your personal information, please contact the Commercial Team or your usual business contact.

1.4 THIRD PARTY SOURCES

Information about you may also be provided to us indirectly by:

• Next of kin / delegated authorities
• Business associates
• Your employer in partnership/business with the Iveo Group
• Other trusted sources such as:
  • Credit / Default Agencies
  • Financial Institutes
  • Insurance Companies
  • Health providers
  • Third party service affiliates or suppliers who have obtained your consent

1.5 CALL RECORDING

Some telephone calls may be recorded and/or monitored, for example calls to our customer services teams. Call recording and monitoring may be carried out for the following purposes:

• Training and quality control
• As evidence of conversations
• For the prevention or detection of crime (e.g. fraudulent claims)

The legal basis we use to process your personal information may differ for each processing activity. Dependent upon the purpose for processing, as outlined above, and the business area processing your data one of the following lawful basis of processing may apply:

• Article 6 (1) (a) GDPR Consent: Where your permission and consent has been provided to allow processing to be undertaken
• Article 6 (1) (b) GDPR Performance of a contract:
  • Where you have set up an account with us
  • To process your orders
  • Where you (or your employer) have or will enter into a contract with us and we need to process your information as part of this contract
  • To provide quotations and / or estimates as a preliminary step towards providing goods and/or a service
• Article 6 (1) (c) GDPR Legal Obligation: Where we are bound by further laws and regulations to process your information, in relation to areas such as:
  • Privacy and Electronic Communications Regulation
  • Crime and anti-money laundering
  • Financial Services
  • Employment
  • Welfare and health and safety
• Article 6 (1) (f) GDPR Legitimate interests: These include:
  • Suppression lists and managing communication opt-out requests
  • Training, communication and awareness
  • Direct marketing where a valid legitimate interest applies as our lawful basis for that activity (such as a validly formed soft opt-in)
  • Monitoring and web analytics
  • Cloud storage
  • Track and trace requirements in response to public health concerns
  • To keep in touch with current, past and prospective customers
  • To provide online account management and related services
  • To improve the level of visibility of our marketing and advertising among likely customers
  • To gain an understanding of how our customers interact with us so we can provide the most relevant products and services
  • To monitor the use of our website and improve its facilities
  • Seeking your views on products and services purchased from us

As a rule, we do not collect “special category data” about visitors to our website or our customers or suppliers. The exception is where we identify suspected criminal activity such as fraudulent claims or the use of stolen payment card details. In this case we will record details of the suspected criminal activity and may take appropriate action, including refusing to accept orders, make payments or give refunds. We may also report the incident to the relevant bank or payment card issuer or to the police or other appropriate authorities.

Should we process information defined as ‘special category’ the following lawful basis for processing may be relied upon:

• Article 9 (2) (a) GDPR Explicit Consent: Your permission has been granted and documented directly to us
• Article 9 (2) (f) GDPR Establishing, exercising or defending a legal claim: Such as litigation against a business, supplier, fraudulent person

We may also process criminal conviction data under:

• Schedule 1, Part 3, Paragraph 33 DPA 2018 Legal claims: In connection with legal, or potential legal proceedings, obtaining legal advice or establishing, defending and /or exercising legal rights

We may collect and process your personal data for humanitarian purposes, such as the monitoring of epidemics and their escalated spread (Recital 46 GDPR) and in compliance with those purposes as defined by the appropriate authority/government under the lawful basis of “public interests” in order to protect our customers and colleagues and others with whom we may be in contact.

We maintain administrative, technical and physical safeguards designed to protect against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of information you submit via our website and any transmission is at your own risk.

Once we have received your information, we will take appropriate technical and organisational measures to safeguard your personal data against loss, theft and unauthorised use, access or modification.

If you have created an account or registered to use any online services, your account details may be password protected. It is your responsibility to keep your password confidential and to sign out once you have finished browsing.

Access to personal data is restricted only to those who have a legitimate business need and data processed by third parties is only done so under strict instruction from us, as per the terms of their contract.

We contractually require service providers to safeguard the privacy and security of personal information they process on our behalf in line with data protection obligations and authorise them to use or disclose the information only as necessary to perform services on our behalf and under our instruction or to comply with legal obligations and requirements.