Tough Furniture Privacy Statement
This privacy notice provides you with details of how we collect, store and process your data. When you purchase products or services from Tough Furniture, your personal data will be handled in line with the requirements of the General Data Protection Regulation (GDPR) 2016.
It is important that the data we hold is accurate and up to date so if any information you have provided changes then please update us using the email address shown below.
Data Controller: Tough Furniture, Craven Arms Business Park, Stokewood Rd, Craven Arms, SY7 8NR.
The data we may collect, store and process includes the following:
Identity data, including but not limited to the full names and titles of individuals named on quote requests, orders and delivery details.
Contact data, including but not limited to, invoice address, delivery / site address, email address and phone numbers.
We do not collect, store or process sensitive data as defined by the GDPR regulation.
We collect data from the following sources: information you supply to us for quote requests, order confirmations, delivery confirmations and through phone calls, e-mails or letters you send to us.
Your data will only be processed when there is a lawful reason to do so.
Our main lawful reasons will be:
– in order to meet the obligations of any sales contract that exists between us
– where we need to comply with a legal or regulatory obligation
– for our legitimate interests.
Please note: Other than the delivery information we supply to our sub-contracted delivery team (see section 6) we do not share data with third party ‘partner’ companies, and in general our data processing will simply be on the basis of what is required to fulfil customer orders
The data we collect from customers will be stored as long as there is an ongoing customer relationship. Accountancy data will be held for the statutory period as required by the UK Government.
Under certain circumstances, you have the right to rectification, erasure, restriction, objection, if you deem, and it is proven, the data we hold is incorrect.
You have the right to lodge a complaint with the UK supervisory authority, which is the Information Commissioner’s Office (ICO). If you are unhappy about any aspect of how we handle your personal data or the application of your rights then please contact us in the first instance.
If you wish to exercise any of the rights set out above, please email us at firstname.lastname@example.org
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We may have to share your personal data with the parties set out below for the purposes set out in paragraph 4 above:
Please note: All delivery information is deleted/destroyed from our delivery subcontractor’s records within a month of the delivery being fulfilled.
From time to time we may contact you with marketing material related to your previous purchases from our company. We will only send marketing information to people who have opted-in via our website, or have otherwise signalled their interest in our products, or who may otherwise be considered to have a legitimate interest in new products.
If at any time you wish to stop receiving marketing material from us, please e-mail email@example.com with a request to be removed from our marketing database.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, and contractors who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes. This data will therefore be retained for seven years to allow us to respond to a ‘last minute’ request.
Customer Services Director
Tough Furniture Ltd.