We collect, use and are responsible for certain personal information about you. When we do so we comply with local data protection laws. For example, if you are in the EEA, the GDPR and the e-Privacy Directive and relevant member state laws in the EEA, and if you are in the UK, the UK Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 and the UK GDPR (as incorporated into UK law under the UK European Union (Withdrawal) Act 2018). We are responsible as ‘controller’ of that personal information for the purposes of those laws.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
It would be helpful to start by explaining some key terms used in this policy:
|We, us, our||Arran Isle Limited or the relevant Arran Isle business based in the United Kingdom as set out below, who acts as controller under data protection law.|
|Personal information||Any information relating to an identified or identifiable individual that is provided to us or we otherwise collect|
|Special category personal information||means personal data about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership (or non-membership), genetic data, biometric data for the purpose of uniquely identify a person, data concerning physical or mental health or condition, sexual life, criminal offences, or related proceedings.|
OUR UK GROUP WEBSITES
|URLs||Controller name, company registration number and Data Protection Act (DPA) registration number|
|https://www.arranisle.com||Arran Isle Limited, company no. 7044474, DPA registration ZA300295 and Arran Isle Holdings Ltd, company no.109354, DPA registration Z6104884.|
|https://www.carlislebrass.com||Carlisle Brass Limited, company no. 2022858, DPA registration Z9526392.|
|https://www.windowware.co.uk||Heywood Williams Components Limited, company no. 2523354, DPA registration Z8038819, trades as Mila Hardware, Mila Maintenance and Window Ware.|
The above companies all have their registered address at Portobello, School Street, Willenhall, England, WV13 3PW.
INFORMATION WE MAY COLLECT FROM YOU
We will collect and process the following data about you either from your use of our site, or when you contact us, open an account or place an order:
- Information you give us. This is information about you that you give us by filling in forms on our site or by communicating with us by phone, fax, EDI, face-to-face, e-mail, remote meeting facilities, video conferencing facilities or otherwise and includes information you provide when you register an account, submit an enquiry, place an order with us or when you report a problem with our site or submit a complaint. The information you give us may include your name, address, business role, gender, e-mail address, username and password, phone number, details of any comments you provide to us and financial and credit card information. Other information you give us may include feedback regarding our products and responses to surveys and/or market research (although you do not have to respond to such surveys or requests). We may also collect and process records of any correspondence and communications with us and telephone calls and CCTV may also be recorded. You may also give us information through job applications and CVs.
- Information we collect about you. With regard to each of your visits to our site we may automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, MAC addresses, traffic data, location data, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform and cookies, which will be collected in accordance with the relevant group business’ cookies policy;
- details of your visits to our sites and your preferences and habits when making a purchase. We will use this information to create a profile of you, for the purpose of enhancing your customer experience with us;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), services you viewed or searched for your conduct via the site and (where relevant) details of the fulfilment of any of your orders, and any other site activity, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page;
- any phone number used to call us; and
- your transaction/account history.
- Information we receive from other sources. We are also working closely with third parties (including, for example, business partners, credit reference agencies, sub-contractors in technical, payment and delivery services, analytics providers and search information providers) and may receive information about you from them.
HOW WE USE YOUR INFORMATION
We use information held about you in the following ways:
- Information you give to us. We will use this information:
- to carry out our obligations arising from any agreements entered into between you and us and to provide you with the information, products and services that you request from us, including to check any instructions given to us;
- for training purposes in order to improve the quality of our customer service;
- to carry out appropriate and necessary investigations and discharge our legal and regulatory obligations and duties, including to comply with anti-fraud and anti-money laundering requirements and for crime prevention;
- to send you a welcome email to verify your account when you register and other emails for the purposes of providing any services, products, competitions or promotions to you, including in relation to account management or system maintenance;
- to provide you with marketing information about other services or products we offer that (a) you have consented to receive; or (b) are similar to those that you have already bought (in which case it will only be the business you bought the same/similar services or products from who will contact you for this purpose);
- to notify you about changes to our services and/or products;
- build a profile of you, your preferences and your habits;
- to provide customer support; and/or
- to ensure that where you have an online account, content from the site is presented in the most effective manner for you and for your computer.
Please note we will not use any financial or credit card information for any purpose other than to discharge our legal/regulatory duties and to process payments paid by you for our products and services or due to you by agreement.
We will not sell or rent your data to third parties for marketing or other purposes.
- Information we collect about you. We will use this information:
- to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to discharge our legal and regulatory obligations and duties, including to comply with anti-fraud and anti-money laundering requirements and for crime prevention;
- to assess and control credit risk;
- improve our site and to ensure that where you have an online account, content is presented in the most effective manner for you and for your computer;
- to enhance our site to ensure you receive a personalised and continuously improving customer service;
- to allow you to participate in interactive features of our site, when you choose to do so;
- as part of our efforts to keep our site safe and secure;
- for data-matching purposes in respect of your use of our site/services and your use of certain third party services;
- to deliver (whether directly or indirectly via third parties) effective and personalised marketing material and content from Arran Isle Limited and its subsidiaries and to assist us in the improvement and optimisation of advertising, marketing material and content, our services and the sites and/or the services of any other business in the Arran Isle Group;
- to measure, understand or monitor the effectiveness of advertising, promotions, marketing material and content and any joint initiatives with our affiliates, suppliers, partners, subcontractors and other selected third parties;
- build a profile of you, your preferences and your habits;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you where permitted; and/or
- to make suggestions and recommendations to you and other users of our site or services about goods or services that may interest you or them.
- Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
- We may use the personal data we collect about you on an anonymised basis to create statistics and anonymised information which we then share with third parties including ad networks, search engines and analytics providers.
USING YOUR INFORMATION IN ACCORDANCE WITH DATA PROTECTION LAWS
- Compliance with legal obligations: As a corporate group there are certain laws we need to comply with. In particular, we will need to process your personal information to verify your identity, and your source of funds for anti-money laundering, fraud and crime prevention purposes. Failure to provide the requisite personal information on sign-up/as you use our site, will unfortunately mean we cannot provide our products to you, as to allow you to purchase our products would mean we would be in breach of our legal obligations. You will not be able to object to processing or ask for the deletion of your personal information insofar as it falls under this category.
- Necessary for the entry into/performance of a contract: When you enter into a transaction with us, a contract between you and the relevant group entity will have been entered into. In order for us to fulfil our
obligations under such contract (e.g. to allow you to place an order and receive the products), we will need to collect and process your personal information. Failure to provide the requisite personal information on sign-up and financial information on entering into the transaction or objecting to this type of processing/exercising your deletion rights will unfortunately mean we cannot provide our products to you.
- Consent: We may provide you with certain marketing information about third party services or products where you have provided your explicit consent for us to do so. Please note that we will use your personal information in order to provide certain marketing information for the same or similar products you have previously bought. You have the right to withdraw your consent at any time and can object to processing of this nature.
We have a legitimate interest in processing your information as:
|Necessity||We consider that it is reasonable for us to process your personal data for the purposes of our legitimate interests outlined above as we process your personal data only so far as is necessary to provide our goods and/or services.|
|Impact of processing||We consider that it is reasonable for us to process your personal data for the purposes of our legitimate interests outlined above as it can be reasonably expected for us to process your personal information in this way to provide our goods and/or services, we will implement safeguards for vulnerable individuals, and you are able to withdrawn your consent to the processing of special categories of personal data.|
HOW LONG WE KEEP YOUR INFORMATION FOR
When your data is no longer required for the purposes listed above, we will delete it within 6 years from the closure or your account/ delivery of your order or of our last positive interaction with you. We keep your personal information for 6 years, to enable us to retain the information we may require for legal and regulatory purposes.
In some circumstances, some of your data will be deleted in much shorter timescales, where possible, for example:
- Call and CCTV recordings will typically be deleted after 3 months;
- Marketing consents will be refreshed or deleted after 24 months;
- Marketing emails and other communications where possible will typically be deleted after 24 months; and
- Business contact details will typically be deleted once our relationship has come to an end.
DISCLOSURE OF YOUR INFORMATION
We may share your personal information with any member of the Arran Isle global group, which means Arran Isle Limited, any subsidiary, parent or ultimate holding company from time to time of Arran Isle Limited or any subsidiary from time to time of Arran Isle Limited’s parent or holding company ("Arran Isle Group").
We will only disclose your information to:
- business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you including service providers who operate elements of our site service and process personal data on our behalf. These may include businesses who provide technology services such as hosting for our servers and email distribution, and business partners who provide delivery fulfilment services. We may also disclose your personal data to our supply and delivery partners for the purpose of processing and fulfilling your order;
- members of the Arran Isle Group business partners and third party suppliers and service providers for the purposes listed under HOW WE USE YOUR INFORMATION above;
- third party suppliers and service providers to the extent they assist the Arran Isle Group with its legal/regulatory obligations e.g. providers of services in respect of anti-money laundering, fraud, verification etc;
- selected third parties so that they can contact you with details of the services that they provide, where you have expressly opted-in/consented to the disclosure of your personal data for these purposes;
- analytics and search engine providers that assist us in the improvement and optimisation of our site and other selected third parties; and
- respond to Government/ Governmental/Law Enforcement Agency requests and other legal requests or to perform our duties pursuant to a legal request, such as a search warrant or court order, or in compliance with applicable laws, with or without notice to you, if we have a good faith belief that we are legally required to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, counter terrorist financing verification requirements, fraud, or other wrongdoing or otherwise in legal procedures held between us and you or anyone on your behalf.
We will disclose your personal information to third parties:
- in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
- in the event of any insolvency situation (e.g. the administration or liquidation) of Arran Isle Limited or any of its group entities;
- if we, or substantially all of our assets, are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets;
- to the extent required where charges and security are held over our assets;
- to protect the rights, property, or safety of us, our staff, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of staff and customer safety, crime prevention, fraud protection and credit risk reduction; and
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or regulatory requirements, or otherwise for the prevention or detection of fraud or crime.
CREDIT REFERENCE AGENCIES AND CREDIT CIRCLES
In order to process your customer account application we may supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at http://www.experian.co.uk/crain/index.html Where our businesses are members of Credit Circles, information including trade credit performance will be made available to other participating organisations.
WHERE WE STORE YOUR PERSONAL DATA
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA") and/or the UK, e.g.:
- with our service providers located outside the UK and/or the EEA;
- if you are based outside the EEA and/or the UK;
- where there is an international dimension to the services we are providing to you.
It may also be processed by staff operating outside the UK and/or EEA who work for us or for one of our suppliers. This includes staff engaged in, among other things, the processing of your payment details and the provision of support services.
These transfers are subject to special rules under European and UK data protection laws.
These countries do not have the same data protection laws as the UK and EEA. We will, however, ensure the transfer complies with data protection law and all personal information will be secure. In the absence of any finding of adequacy from the European Commission or the UK Government (as appropriate) regarding the country to which the personal data will be transferred, our standard practice is to use standard data protection contract clauses that have been approved by the European Commission / UK Government. To obtain a copy of those clauses see here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimensiondata-protection/standard-contractual-clauses-scc_en
If you would like further information please see ‘HOW TO CONTACT US’ below.
SECURITY OF YOUR PERSONAL DATA
We have appropriate security measures to prevent personal information from being accidentally lost, or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site/your account, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
You have a number of rights under data protection law in relation to the way we process your personal data.
These are set out below:
|RIGHT||DESCRIPTION OF RIGHT|
|Access||A right to access personal data held by us about you.|
|Rectification||A right to require us to rectify any inaccurate personal data held by us about you.|
|To be forgotten||A right to require us to erase personal data held by us about you. This right will only apply where (for example): we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your personal data based on your consent; or where you object to the way we process your data (in line with To object below).|
|Restriction of processing||In certain circumstances, a right to restrict our processing of personal data held by us about you. This right will only apply where (for example): you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or where we no longer need to use the personal data to achieve the purpose we collected it for, but you require the data for the purposes of dealing with legal claims.|
|Data portability||In certain circumstances, a right to receive personal data, which you have provided to us, in a structured, commonly used and machine readable format. You also have the right to require us to transfer this personal data to another organisation, at your request.|
|To object||A right to object to our processing of personal data held by us about you where the processing of such data is necessary for the purposes of our legitimate interests, unless we are able to demonstrate, on balance, legitimate grounds for continuing to process personal data which override your rights or which are for the establishment, exercise or defence of legal claims (including for the purposes of sending marketing materials to you).|
|Not to be subject to automated individual decision-making||A right for you not to be subject to a decision based solely on an automated process, including profiling, which produces legal effects concerning you or similarly significantly affect you.|
|Withdraw consent||A right to withdraw your consent, where we are relying on it to use your personal data.|
You may contact us using the details below to exercise any of these rights, and we will respond to any request received from you within one month from the date of the request.
HOW TO CONTACT US
Contact email address for each of our UK group businesses are shown below:
|Arran Isle Limitedfirstname.lastname@example.org|
|Arran Isle Holdings Ltdemail@example.com|
|Carlisle Brass Ltdfirstname.lastname@example.org|
|Heywood Williams Components Limited trading as Mila Hardwareemail@example.com|
|Heywood Williams Components Limited trading as Window Warefirstname.lastname@example.org|
|Heywood Williams Components Limited trading as Mila Maintenanceemail@example.com|
Please address any questions, comments and requests regarding our data processing practices to the relevant email address in the first instance.
HOW TO COMPLAIN
We hope that we can resolve any query or concern you may raise about our use of your information. If you have any concerns regarding our processing of your personal data or are not satisfied with our handling of any request by you in relation to your rights, you also have the right to make a complaint to the Information Commissioner's Office. Their address is:
First Contact Team
Information Commissioner's Office
Or telephone: 0303 123 1113.
This policy was last reviewed and updated: July 2022