How we use your information – We are committed to protecting your privacy. We do not sell your data to anyone. This policy covers how we use your information and covers the following areas:
Individuals or companies who place orders over the telephone, email or via our website must provide their name, address details and payment details in order to process and deliver products or services ordered. Your payment information will be shared with SagePay, Barclaycard or Paypal in order to process payments and your delivery details will be passed to our third party dropship suppliers and/or carriers to enable delivery of your order. This data is used only to process your order.
Individuals may choose to sign up to receive news, product information or offers from our website in email format, and are able at any time to unsubscribe, following the unsubscribe links in every email sent.
Companies who wish to have an account with TB Davies (Cardiff) Ltd need to provide relevant information required to open and service the account. Your business name will be credit checked prior to accounts being approved. Limited information will also be shared with third party payment providers and transport carriers, sufficient to enable successful processing of your order(s).
- Online reporting (Google Analytics) – We track user visits using Google Analytics using cookies to monitor website usage and understand how our website is used, its performance and where improvements can be made.
- Email newsletter (Mailchimp) – We use a third party supplier, Mailchimp to deliver our e-mail newsletters. We gather statistics for the opening and click through data to monitor performance. Emails that are subscribed to can easily be unsubscribed, simply by following a link contained in the footer of every newsletter email sent. For more details, please see Mailchimp’s privacy notice – https://mailchimp.com/legal/privacy/
- Security (https & SSL certificate 256 bytes encryption) – We secure our website using a 256 bytes encryption SSL certificate issued by GlobalSign CA. This secures all data sent between the website and your computer. It protects website transactions as well as information sent across in forms, e.g. warranty registrations and checkout transactions. The address always includes, ‘https://’ and a small padlock is displayed in the web browser search bar to give confirmation that the link is secure. We also use Transport Layer Security (TLS) version 1.2, to encrypt and protect email traffic. We will also automatically monitor emails sent to us, including attachments for viruses and Trojans or malicious software.
- Website CMS – We use the WordPress content management system (CMS) for our corporate website. The WordPress CMS collects anonymous data to provide web traffic statistics that help us build a better site with information that is relevant and informative.
- Warranties – After buying your product from us, you will be invited to register your warranty via our website. Your name, contact details including telephone number and products purchased will be securely sent from our website and processed in house. The data will be held there, securely for us to process future warranty claims.
Social media communications
If you send us a message via a social media channel, we will delete the message after 3 months. It will not be shared with any other organisation.
People who contact us via email or telephone
Emails are stored within a secure facility, with limited and authorised access and with an audit trail of ownership and usage. We record some calls for training and legal purposes. Calls that are recorded are securely stored with limited access and will not be shared with third parties unless there is a legitimate reason including but not limited to insurance, fraud, manufacturing issues.
Services – Training Courses
- Individuals who attend courses at TB Davies (Cardiff) Ltd, will have to give consent to allow us to take their name, contact details, date of birth and photograph and submit to the awarding body, in order to receive the appropriate PhotoCard ID.
- Employees of account customers who attend courses at TB Davies (Cardiff) Ltd, will have to give consent to allow us to take their name, contact details, date of birth and photograph and submit to the awarding body, in order to receive the appropriate PhotoCard ID.
Job applicants, current and former TB Davies (Cardiff) Ltd employees
TB Davies (Cardiff) Ltd is the data controller for the information you provide during the process, unless otherwise stated. If you have any queries or would like further information, please email email@example.com
What will we do with the information you send us? All the information you provide will be used to process your application to work with us. We will not share any information with third parties for marketing or advertising purposes. The information you provide is for us to decide suitability of your employment.
- Application – We will ask you for your personal information, including name and contact details including education and work experience, as well as references. We will also ask you questions suitable for the role to which you are applying.
- Offer – If you are successful, we will ask for references and will carry out pre-employment checks prior to a confirmed offer. We are required to confirm the identity of our staff and their right to work in the United Kingdom.
You will be required to provide:
- Proof of your identity – we require sight of original documents – we will take copies
- Proof of your qualifications – we require sight of original documents – we will take copies
- You will be asked to complete a criminal records check to declare any unspent convictions
- We will contact your referees, using the details you provide in your application to obtain references
- We will also ask you to provide a health questionnaire to establish your fitness to work
Use of Data Processors
Data processors are 3rd parties who provide elements of our recruitment service. We have contracts in place with data processors (Our Accountant & Pension Provider). This means they cannot do anything with your data unless we instruct them to do so. They will not share your personal information with any organisation except us. They will hold it securely and retain it for the period we instruct.
- Accountant – If you are employed by TB Davies (Cardiff) Ltd relevant details will be provided to our accountants, who manage our payroll services. This will include your name, bank details, address, date of birth, National Insurance number and salary details.
- Pension Provider – If you are employed by TB Davies (Cardiff), you will be auto-enrolled into the company pension scheme. Relevant details will be provided to our pension provider. This will include your name, bank details, address, date of birth, National Insurance number and salary details.
How long is the information retained for?
If successful, the information provided during the application process will be retained on your employment file for the duration of your employment plus a period of time following the end of your employment to satisfy HMRC purposes. This includes your criminal records check, fitness for work, sickness records and references. If unsuccessful, the information provided during the application process will be retained for a period of 3 months, after which it will be deleted.
Images including video of models who agree and separately sign a model release form, to take part in photography & video photography shoots will be kept in perpetuity for purposes of marketing and advertising TB Davies (Cardiff) Ltd group’s products and services.
We undertake regular reviews of security policies including maintaining Payment Card Industry Data Security Standard (PCI DSS) compliance including Penetration Tests against our computer systems. We ensure that terminals are protected with anti-virus software that is regularly patched. Passwords are subject to robust guidelines.
CCTV is used on our premises solely for the prevention of crime and images taken from it are deleted after 3 months.
Data Protection Act, 1998 – superseded by the General Data Protection Act 2018 Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018, (DPA) you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability. If you have provided consent for the processing of your data, you have the right (in certain circumstances) to withdraw that consent at any time that will not affect the lawfulness of the processing before your consent was withdrawn. You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or DPA 18 with regard to your personal data.
This policy is subject to regular change. The date this was last updated is displayed in the footer of this document.
How to contact us
Or email us at firstname.lastname@example.org
Version 1.3 Last Updated April 16th, 2018