GDPR COMPLIANCE STATEMENT
At Heritage Trees Limited, we understand that we have a responsibility to protect and respect your privacy and look after your personal data.
This Privacy Notice, inclusive of our General Terms of Service, explains what personal data we collect, how we use your personal data, reasons we may need to disclose your personal data to others and how we store your personal data securely.
For clarity, At Heritage Trees Limited may be both data controller and data processor for your personal data under certain circumstances.
We must advise that this policy is subject to change, so please check our website on a regular basis for any further changes.
Data Protection law will change on 25 May 2018
This Privacy Notice sets out your rights under the new laws.
Who are we?
Heritage Trees Limited is an Arboricultural Specialist company.
How the law protects you
Data protection laws state that we are only able to process personal data if we have valid reasons to do so. The reasons we process your personal data include, but are not limited to, your consent, performance of a contract, billing and to contact you with offers, company news and similar.
How do we collect personal data from you?
We receive information about you from you when you use our website, complete forms on our website, if you contact us by phone, email, or otherwise in respect of any of our products and services or during the paying for hire of any such product.
If you contact us for information – we will store the relevant information in Microsoft outlook as an e-mailed enquiry. This will only include your name and e mail address – combined with the information on the products you have asked us to quote for you.
What type of data do we collect from you?
The personal data that we may collect from you includes your name, address, email address and phone numbers. We also retain records of your queries and correspondence, in the event you contact us. We do NOT store any Credit Card information taken from you anywhere on our systems – all Credit Card transactions are handled securely through Stripe and Direct Debit transactions via Go Cardless on their secure Servers via our website secure payment links.
We merely process such data on your behalf, subject to our Terms and Conditions and you are responsible for any applicable legal requirements in respect of your content.
How do we use your data?
We use information about you in the following ways:
- To process orders that you have submitted to us;
- To provide you with products and services;
- To comply with the contractual obligations, we have with you;
- To help us identify you and any accounts you hold with us;
- To provide customer care, including responding to your requests if you contact us with a query;
- To administer accounts, process payments and keep track of billing and payments;
- To notify you about changes to our conditions and services;
- To provide you with information about products or services that you request from us or which we
feel may interest you, where you have consented to be contacted for such purposes; and
- To inform you of service and price changes.
We will keep your personal data for the duration of the period you are a customer of Heritage Trees Limited. We shall retain your data only for as long as necessary in accordance with applicable laws.
On the closure of your account, we may keep your data for up to 7 years after you have cancelled your services with us. We may not be able to delete your data before this time due to our legal and/or accountancy obligations. We may also keep it for research or statistical purposes. We assure you that your personal data shall only be used for these purposes stated herein.
Who has access to your personal data?
Here is a list of all the ways that we may use your personal data and how we share the information with third parties. For clarity, we have grouped them into the specific products and services that we offer:
For the avoidance of doubt, we do not and never shall sell or pass your personal data to third parties for marketing or advertising purposes.
In preventing the use or processing of your personal data, it may delay or prevent us from fulfilling our contractual obligations to you. It may also mean that we shall be unable to provide our quotations for our services.
You have the right to object to our use of your personal data, or ask us to delete, remove or stop using it if there is no need for us to keep it. This is known as your “right to be forgotten”. There are legal and accountancy reasons why we will need to keep your data, but please do inform us if you think we are retaining or using your personal data incorrectly.
Our Privacy Notice shall be made clear to you at the point of collection of your personal data.
We will not contact you for marketing purposes unless you have given us your prior consent. You can change your marketing preferences at any time by e mailing firstname.lastname@example.org
Accessing and updating your data
You have the right to access the information we hold about you. Please email your requests to email@example.com so that we can obtain this information for you.
Where we store your personal data
We follow accepted standards to store and protect the personal data we collect, including the use of encryption if appropriate. Hard copy Invoices and Delivery notes are stored in locked filing cabinets in our office. The premises is alarmed and serviced by a NACOSS approved Alarms company.
Any quotations we provide to you are stored in Outlook on our Windows PC. Our PCs are secured requiring secure login access. Full Anti-Virus and live malware prevention by Panda software is used to form a barrier to protect our systems from any unlawful access. Panda is automatically updated on a regular basis. As the transmission of information via the internet is not completely secure, we cannot guarantee the security of your data transmitted to our site and any transmission is at your own risk.
All data passed through our Website is encrypted and sent via the internet using HTTPS – thus minimising as much as possible the risk of any data breach. For the Purposes of compliance with GDPR – we have installed an SSL Certificate on our Web Server (This is a Global Sign domain name SSL.)
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We agree to take reasonable measures to protect your data in accordance with applicable laws and in accordance with our General Terms and Conditions:
In the event of a data breach, we shall ensure that our obligations under applicable data protection laws are complied with where necessary.
Your right to make a complaint
You have the right to make a complaint about how we process your personal data to the Information Commissioner:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Tel: 0303 123 1113