The policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the website and website owners. Furthermore, the way this website processes, stores and protects user data and information will also be detailed within this policy.
This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies to all UK national laws and requirements for user privacy.
Cookies are small files saved to the user's computer hard drive that track, save and store information about the user's interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website. This information may or may not be linked to remarketing programs and software to tailor ads shown on Google and non-Google websites for a period of up to 120 days from each visit. Information gained from these tracking devices will be used to further better our website user experience and product offering. Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.
Other cookies may be stored on your computer hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days although this may be up to 120 days. No personal information is stored, saved or collected.
Contact & Communication
Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 1998. In line with GDPR 2018, any contact with the aforementioned company or companies will give the user an opportunity to give explicit consent to subscribe and grant the use of their data in data processing and marketing communications by Axair and its holding companies only. Any information submitted for data processing may be used under the ePrivacy Regulations, stating legitimate interests as a reason for direct contact with individuals for data processing purposes, where the promoted product is relevant to the parties involved. Personal data will not be shared with third parties unless necessary to complete a transaction (e.g. delivery courier), or when enquiries are made from outside the UK and are passed to our trusted supplier partners to fulfil the enquiry, or unless requested by the individual in line with GDPR legislation. Every effort has been made to ensure a safe and secure form to email submission process but we advise users using such forms to email processes that they do so at their own risk.
This website and its owners use any information submitted to provide you with further information about the products/services they offer or to assist you in answering any questions or queries you may have submitted. This includes using your details to subscribe you to any email newsletter program the website operates whereby you the consumer have previously purchased from or enquired about purchasing from the company a product or service that the email newsletter relates to. This is by no means an entire list of your user rights in regard to receiving email marketing material.
Personal information provided for product enquiry processing will be stored within our quotes software for as long as is necessary. Personal data provided with consent to marketing communications will be stored until a request for removal is submitted. Enquiries made from outside the UK may be passed onto our supplier partners in order to process the request.
Axair Fans UK Limited is registered with the Information Commissioner’s Office (ICO), the UK’s independent body set up to uphold information rights. The ICO’s register of data controllers details how we process personal data and is available here [https://ico.org.uk/].
This website operates an email newsletter program, used to inform subscribers about products and services supplied by this website. Users can subscribe through an online automated process should they wish to do so but do so at their own discretion. Some subscriptions may be manually processed through prior written agreement with the user.
Subscriptions are taken in compliance with UK Spam Laws detailed in the Privacy and Electronic Communications Regulations 2003 and where email addresses and personal data are gathered, these are used in compliance with GDPR 2018 Regulations, implying that explicit consent should be gained from the user before emails or information is used for processing or marketing communications. All personal details relating to subscriptions are held securely and in accordance with the Data Protection Act 1998. No personal details are passed on to third parties nor shared with companies/people outside of the company that operates this website. Under the Data Protection Act 1998 you may request a copy of personal information held about you by this website's email newsletter program. A small fee will be payable. If you would like a copy of the information held on you please write to the business address at the bottom of this policy.
Email marketing campaigns published by this website or its owners may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity [this is by no far a comprehensive list]. This information is used to refine future email campaigns and supply the user with more relevant content based around their activity.
In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003 subscribers are given the opportunity to unsubscribe at any time through an automated system. This process is detailed at the footer of each email campaign. If an automated un-subscription system is unavailable clear instructions on how to unsubscribe will by detailed instead.
Social Media Platforms
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate/engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
Shortened Links in Social Media
This website and its owners through their social media platform accounts may share web links to relevant web pages. By default, some social media platforms shorten lengthy urls [web addresses] (this is an example: http://bit.ly/zyVUBo).
Users are advised to take caution and good judgement before clicking any shortened urls published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine urls are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.
GDPR Compliance Policy
1.1 In these conditions the following words have the following meanings:
“Data Controller” Means the holding company responsible for the data being processed. This being Axair Fans UK Limited or Axair Refrigeration Ltd.
"Data Processor" means any individual processing personal data for the use of legitimate activities;
“Data Subject” means the individual that the data controller holds personal information about;
“Processing” means the lawful collection, storing, using, disclosing or destroying of personal data;
"Legitimate Interests" Means common interests and activities common to the data subject and the data controller to ensure a fair and transparent business relationship. This requires no consent on the data subject’s part; “Marketing Communications” means any marketing related activity such as email, direct mail, social media and web related activities;
“Third Party Software” means any additional software programmes used to enhance the data controllers activities whether for processing or marketing communications;
"Legislation" means any statute, subordinate legislation, European directive, international convention, or rule or regulation made pursuant to such legislation;
“Explicit Consent” means the written, verbal or electronically submitted consent to the lawful processing of data from the data subject;
“Personal Data” Means any identifiable piece of information such as name, email address, date of birth, address and phone numbers.
“Sensitive Personal Data” Means any information that is personal to the data subject but may be considered sensitive in nature, for example sex, religion, ethnic origin.
2. BASIS OF DATA PROCESSING
2.1 These conditions shall govern the GDPR Compliance of the Data Controller and shall supersede and replace all previous terms and conditions previously notified. 2.2 The data controller shall process lawfully and in a transparent manner in relation to the data subject. 2.3 Personal Data shall be collected for specified, explicit and legitimate purposes and not processed in a manner that is incompatible with those purposes. 2.4 Personal Data requested and processed, shall be adequate, relevant and limited to what is necessary in relation to the purpose it is collected. 2.5 Sensitive Data shall in no circumstances be required by the Data Controller for the purposes of data processing or marketing communications. 2.6 The Data Controller shall ensure appropriate security of the personal data, including protection against unauthorised or unlawful processing, and against accidental loss, destruction or damage. All data processors within the Data Controllers control shall sign an explicit confidentiality agreement, clearly stating their responsibility over the protection of personal data. 2.7 The Data Controller shall be responsible for, and be able to demonstrate compliance with all in point 2.
3. LAWFUL CONSENT
3.1 The lawful processing of data for business related activities such as sales and enquiries shall fall within legitimate interests given that processing is necessary for the performance of a business contract to exist. 3.2 Where processing is based on consent, such as marketing communication, the Data Controller shall request explicit consent at the point of first interaction, as started by the data subject. 3.3 Explicit Consent for marketing communications, shall be presented in various contact points, for example website request forms, face to face meetings and following verbal phone contact. 3.4 Explicit Consent shall be given by the data subject freely, with no condition on whether service is offered. 3.5 The Data Controller shall ensure that explicit consent for marketing communications purposes is marked within the customer record to avoid unnecessary consent requests in the future. 3.6 Where Explicit Consent forms are completed by the Data Controller or Data Processor, these shall be stored as evidence to present to the supervisory authority if required. This consent shall be recorded as in 3.5.
4. RIGHTS OF THE DATA SUBJECT
4.1 The Data Subject shall have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed, and have access to the following information; purposes of processing, categories of personal data held, the recipients of the personal data and the envisaged period the data will be held for. 4.2 The Data Controller, shall upon request, provide a copy of the personal data held by them. This Subject Access Request (SAR) shall come with no fee and shall be granted within 1 month from the date of the request. 4.3 The Data Subject shall have the right to obtain from the Data Controller, the rectification of inaccurate personal data concerning him or her. 4.4 The Data Subject shall have the right to request that the Data Controller deletes personal data concerning him or her without undue delay. 4.5 The Data Controller, should, following a request for the withdrawal of marketing communications consent or unsubscribes, remove the data subject’s personal data from any marketing activity including when stored within third party software programs. 4.6 The Data Controller shall delete any personal data in compliance with a legal obligation in Union or Member state law to which they are subject. 4.7 The Data Controller shall communicate any rectification (in line with 4.3) or erasure (in line with 4.4) of personal data to any other Third Party processor, until this proves impossible or involves disproportionate effort. The Data Controller shall inform the Data Subject about those third party recipients if the Data Subject requests it. 4.8 The Data Subject shall have the right to receive the personal data held about them in a structured and commonly used machine readable format, and have the right to transmit this data to another controller without hindrance.
5. RESPONSIBILITY OF THE CONTROLLER & PROCESSOR
5.1 The Data Controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with the regulation. 5.2 Where processing is to be carried out on behalf of the Data Controller, the Controller shall use only Data Processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the GDPR regulation and ensure the protection of the rights of the Data Subject. This will be guaranteed by a signed confidentiality and data protection disclaimer. 5.3 The Data Processor and any person acting under the authority of the Data Controller, who has access to personal data, shall not process this data except on instructions from the Data Controller, unless required to do so by Union or Member State.
6. RECORDS OF PROCESSING ACTIVITIES
6.1 The Data Controller shall keep a record of all of the Data Processors within their organisation and process activities as below; 6.1.1 The purpose of processing - processing is necessary for the performance of a business contract to exist. 6.1.2 A description of the categories of Data Subjects – customers and potential customers to the Data Controller. Pre-existing relationships and interactions started by the Data Subject following primary contact with the Data Controller or Data Processors. 6.2 Categories of Personal Data – Full name, business address, business postcode, business email address, business telephone and fax numbers. No personal email addresses unless explicitly communicated by the Data Subject for legitimate business interests shall be stored. 6.3 Categories of recipients that the personal data is disclosed – Enquiries outside of the UK, may be sent to the Data Controllers supplier partners to satisfy the request from the Data Subject. 6.4 Envisaged time limits for erasure of personal data – the Data Controller shall store the personal data for the Data Subject until a request for deletion is submitted. This shall ensure that future enquiries shall be serviced quickly and efficiently with the historical information available. 6.5 The Data Controller shall make this GDPR Compliance available to the supervisory authority on request.
7. NOTIFICATION OF A PERSONAL DATA BREACH
7.1 In the case of a personal data breach, the Data Controller shall without undue delay, and not later than 72 hours, notify the supervisory authority. This is unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. 7.2 Data Processors shall notify the Data Controller without undue delay shall they become aware of a personal data breach. 7.3 This notification shall include the nature of the data breach including the approximate number of subjects concerned, the name of the Data Controller, describe the likely consequences of the breach and describe the measures taken or proposed to be taken by the controller to address the personal breach, along with, where possible, appropriate measures to mitigate its possible adverse effects. 7.4 Where the information cannot be provided at the time of the breach notification, the Data Controller shall provide this information in phases but without undue delay. 7.4.1 The Data Controller shall record any data breaches. This documentation shall enable the supervisory authority to verify GDPR compliance. 7.4.2 The Data Controller shall communicate a breach of personal data, should the risk to rights and freedom be high. This should be in clear and plain language when issued to the Data Subject. 7.4.3 The communication to the Data Subject shall not be compulsory if the Data Controller has mitigated the high risk to the rights and freedom of the subject so that it is no longer likely to materialise.
8. MARKETING COMMUNICATIONS
8.1 Marketing communications following explicit consent shall be relevant to the interests of the Data Subject or those considered of importance with regards to the efficiency and functionality of the business relationship to continue. 8.2 The Data Controller shall erase any Data Subjects personal information following a request to withdraw from marketing communications in line with 4.5.
9. DATA CONTROLLER CONTACT DETAILS
Lowfield Drive, Wolstanton, Newcastle-Under-Lyme, Staffordshire, ST5 0UU.
Tel: 01782 349 430
Email: email@example.com | firstname.lastname@example.org
Website: www.axair-fans.co.uk | www.axair-refrigeration.co.uk
Ecommerce Website: www.www.axaironline.co.uk
Date of Policy Review: 28th November 2022