Website & Offices
1.2 For the Data Protection Act 2018 (the Act) and the provisions of Regulation (EU) 2016/679 (the General Data Protection Regulation or GDPR), the company is the Data Controller. We are registered with the ICO (Information Commissioner’s Office. The website(s) under the domain names and associated sub-domains of timber-pak.co.uk (the Website) are operated by Timber PAK (SW) Ltd.
How We Collect Your Personal Data:
2.1 We collect Personal Data directly from you via the Website or when we meet you at our sales offices and via other communications between us when you make enquiries with, or purchase a Timber Frame from us; including;
2.1.1 Your name, date of birth, home address(es), home and mobile telephone number(s), email address(es) and employment information.
2.1.2 Information about your transaction(s) with us.
2.1.3 Information and documentation you provide when you respond to requests to submit personal information about yourself/company.
2.1.4 Records of written and verbal communications between us either written or electronically.
2.1.6 CCTV images if you visit our premises where we use CCTV recording (please see section titled: CCTV for further information).
2.2 We may also collect your Personal Data from third parties, for example;
2.2.1 From searches of CRA’s (Credit Reference Agencies) and FPA’s (Fraud Prevention Agencies) of their records relating to you.
2.2.2 From public records (i.e. the electoral roll).
2.2.3 From other third parties with your consent
How We Use Your Personal Data:
3.1 We may use the information we collect about you to;
3.1.1 Provide you with our products and services.
3.1.2 Communicate with you by; email or electronic mail, post, telephone or SMS (text message).
3.1.3 Meet our legal, regulatory and contractual obligations, including verifying your identity for the purposes of preventing money laundering and fraud.
3.1.4 Manage any agreement you have in place with us.
3.1.5 Provide you with updates you have requested
3.1.6 Deliver marketing information to you about other products and services we offer that are like those that you have already purchased, requested or enquired about, unless you have Opted Out of receiving such communications (please see section titled: Marketing for further information).
3.1.7 Ensure that any content on the Website is presented to you in the most effective manner for you, your requirements and your computer.
3.1.8 Contact you for your views on our services or events and notify you occasionally about important changes or developments to the Website or our services.
3.1.9 Provide and improve customer service and support.
3.1.10 Administer, monitor, support, improve and develop our Website to enhance operational capabilities and for internal operations.
Sharing Your Personal Data:
4.1 We may share your Personal Data with;
4.1.1 Third parties who provide services for us where necessary for the delivery of our products and services for example;
➢ Other contractors who undertake work on our behalf.
➢ Agents who act on our behalf
➢ Third parties who administer agreements on our behalf
➢ Suppliers who provide or make provisions to provide services to, or in relation to your contract with Timber PAK SW Ltd.
➢ Home warranty suppliers such as CRL to support the administration of the relevant warranty.
4.1.2 Other third parties with your consent and where you request we introduce you to them, i.e. Equipment/service suppliers
4.1.3 Law enforcement agencies or regulatory bodies where we are required to do so to comply with regulatory or legal provision.
4.1.4 CRA’s (Credit Reference Agencies) and FPA’s (Fraud Prevention Agencies).
4.1.5 Our professional advisers.
4.1.6 The company named in the definition of Data Controller under paragraph 1.1 of this notice for fulfilling those purposes as set out in paragraph 3.
Our Legal Basis For Using Your Personal Data:
5.1 Our use of your Personal Data as outlined above is subject to different legal bases for processing, including where necessary for;
5.1.1 The purposes of the performance of our contractual agreement with you or to take steps at your request prior to entering into an agreement with you.
5.1.2 Our legitimate interests, i.e. in managing and monitoring the operation of our Website and for preventing fraud and for marketing our services and offers to you (subject in this case to offering you an ability to Opt Out).
5.1.3 Compliance with a legal obligation, i.e. under consumer anti-money laundering and data protection laws, making reports to regulatory authorities and law enforcement agencies.
5.1.4 Where you have consented to do so.
5.2 Where our use of your data is not necessary for one of the purposes outlined above we may seek your consent to use it in a specific way (please see paragraph 4.1.2 for further information). Where we ask for your consent you are free to refuse our use of the data for those purposes and you may withdraw your consent at any time by contacting us (please see the section titled: Contact and Complaints for further information).
CRA’s (Credit Reference Agencies) and FRA’s (Fraud Prevention Agencies):
6.1 We may undertake searches of CRA’s to verify your identity/credit checks. We do this by submitting your Personal Data. We may need to undertake such searches in accordance with anti-money laundering laws. If we undertake such a search for these purposes it will leave a ‘soft’ footprint on your credit file.
6.2 You can find more information about the various CRA’s and the ways in which they use and share your personal information. There are three main CRA’s in the UK, each being regulated by the FCA (Financial Conduct Authority);
➢ Call Credit:
Post: Call Credit Information Group, One Park Lane, Leeds, West Yorkshire LS3 1EP.
Telephone: 0330 024 7574
➢ Equifax Ltd:
Post: Equifax Ltd, Customer Service Centre, PO Box 10036, Leicester, LE3 4FS.
Telephone: 0333 321 4043 or 0800 014 2955
Post: Experian, PO BOX 9000, Nottingham, NG80 7WF.
Telephone: 0344 481 0800 or 0800 013 8888
7.1 We may use CCTV recording devices on some of our premises, including site or sales offices, for the purposes of security, crime prevention, performance monitoring and health & safety.
7.2 Wherever CCTV is in operation there will be appropriate signage.
7.3 We will retain the images recorded only for so long as is necessary and will normally keep them for no longer than 12 months, unless there is a specific requirement to retain them longer. The images recorded for our internal use and will only be shared with any third parties to protect the legitimate business interests of the Company or where required, i.e. the purposes of the prevention or detection of crime or criminal activity.
8.1 A cookie is a small file which is sent to your browser by the Website and which is then stored on your computer’s hard disk. When you browse the Website, cookies record your activity to enable us to keep a record of any Personal Data submitted. We use this to understand more about you and your preferences, to optimise your browsing experience and deliver content to you in the most appropriate way.
8.2 We may work with third parties to track and research, on our behalf, your usage and activity on the Website. No personal information about you is shared, however, whilst conducting this research these third parties may place a unique ‘cookie’ on your computer’s hard disk.
Links To Other Websites:
How Long We Will Keep Your Personal Data:
10.1 We will retain your Personal Data for up to six years from the end of our relationship with you (unless required by law to retain your Personal Data for a longer period). In relation to identification data this will be retained for five years.
Transfer Of Your Personal Data:
11.1 The Personal Data that we collect from you will not ordinarily be transferred to, or stored at, a destination outside of the EEA (European Economic Area).
11.2 However, if we do need to transfer your Personal Data, outside of the EEA, we will take all steps reasonably necessary to ensure that any such transfer is made securely and that there is adequate protection in place to protect your Personal Data, as required by the Act and Chapter V of the GDPR, including requiring the transferee to agree a contractual clause or (if US based) being a member of the Privacy Shield.
11.3 We will notify you if we ever transfer your Personal Data outside of the EEA and will provide you with a copy of the relevant safeguards and measures taken.
12.1 The information you supply to us will be held on our servers located in datacentres hosted by one or more approved providers. The internet is not a secure platform; however, we take all reasonable care to prevent any unauthorised access to your Personal Data.
12.2 We take reasonable technical and organisational measures to protect Personal Data in our possession from loss, misuse and unauthorised access, disclosure, alteration and destruction.
12.3 Personal Data stored electronically is secured by us in the following manner;
12.3.1 Stored in a restricted access format
12.3.2 Secured within networks that have certified firewalls in a multi-layer manner.
12.3.3 Personal Data can only be accessed by staff on an as required basis only.
12.3.4 All network and computer equipment are secured with passwords and servers are only physically and logically accessible by authorised personnel, systems and software.
Marketing And Opting Out:
13.1 Unless you have ‘Opted Out’, we may contact you by email or electronic mail, post, telephone or SMS (text message) to inform you about other products and services provided by us that are like those that you have already agreed to, requested or enquired about.
13.2 You have the right at anytime to ask us not to use your Personal Data for marketing purposes by notifying us using the contact details (please see the section titled: Contact and Complaints for further information).
14.1 Your personal information is protected under Data Protection laws and you have several rights, see below, which you can seek to exercise. Please contact us in writing, by post, email or telephone using the contact details (please see the section titled: Contact and Complaints for further information), if you wish to do so, or if you have any queries in relation to your rights. Please note these rights do not apply in all circumstances. We may need to verify your identity before we are able to respond to any request to exercise your rights.
14.1.1 Right of access: Subject to certain exceptions, you have the right of access to your Personal Data that we hold.
14.1.2 Right to rectify your personal information: If you discover that the information we hold about you is inaccurate or incomplete, you have the right to have this information rectified (corrected).
14.1.3 Right to be forgotten: You may ask us to delete information we hold about you in certain circumstances. This right is not absolute, and it may not be possible for us to delete the information we hold about you, i.e. if we have an ongoing contractual relationship or are required to retain information to comply with our legal obligations.
14.1.4 Right to restriction of processing: In some cases, you may have the right to have the processing of your personal information restricted, i.e. where you contest the accuracy of your personal information, its use may be restricted until the accuracy is verified.
14.1.5 Right to object to processing: You may object to the processing of your personal information when it is based upon our legitimate interests. You may also object to the processing of your personal information for the purposes of statistical analysis.
14.1.6 Right to data portability: You have the right to receive, move, copy or transfer your personal information to another controller when we are processing your personal information bases on consent or on a contract and the processing is carried out by automated means.
15.2 As a result of improvements we make to our services, amendments to laws or regulation or developments in the technology or processes we use, we may change the way in which or the purposes for which we process such information. If we make any substantial changes in the way in which we use your Personal Data, we will notify you by email or by post.
Contacts And Complaints:
16.1 If you have any questions about how we treat and protect your Personal Data and your privacy, if you have any comments, wish to seek to exercise any of your rights as outlined within this Policy or to complain, please contact: Timber PAK (SW) Ltd:
Email: firstname.lastname@example.org – Please add in the subject line – Confidential GDPR.
Post: Timber PAK (SW) Ltd, Unit 4-5 Redlake Trading Estate, Ivybridge, PL21 0EZ – Please clearly mark the envelope as Confidential GDPR
Telephone: 01752 710289
16.2 You may also lodge a complaint with the ICO (Information Commissioner’s Office):
Post: ICO, Water Lane, Wilmslow, SK9 5AF – Please clearly mark the envelope as Confidential GDPR
Telephone: 0303 123 1113
Timber Pak (SW) Ltd
Office Number: 01752 710289
Address: Unit 4 & 5, Redlake Trading Estate, Ivybridge, PL21 0EZ. www.timber-pak.co.uk