Grillo respects your right to privacy. This policy is to tell you what data we collect and how we use it.
We assure you that we NEVER sell on customers data to any other company for marketing purposes and we only collect personal data that we need and use it as you would wish us to.
If you have any queries or consider we may be misusing your data please contact us immediately at email@example.com.
For the purposes of this policy, “we” or “us” means Grillo Group Ltd, The Ridge, Iceni Way, Haverhill, Suffolk, CB9 7FD, England and “you” means the user of the website. We are the data controller for the purpose of the Data Protection Act 1998.
New GDPR Regulations -This policy has been updated to take account of changes in the law and will be updated further as new regulations are brought into place.
1. What information do we collect?
- If you make an enquiry or place an order by telephone or e-mail or on our website, or set up a user-account on our website, we will collect and process the information that you provide that is necessary to answer your enquiry or process the order and/or future enquiries, messages and orders that you may wish to send us.
- This may include information you provide at the time of registering to use our site, subscribing to our service, posting material, requesting additional services, or in the event that you report a problem with our site;
- If you contact us at any time, we may keep a record of that correspondence, and may keep your contact details so that we can contact you to answer your queries.
- We will retain details of any transactions you carry out through our site or by telephone or e-mail, including records relating to the fulfilment of any orders you place with us.
If you do not provide this data, we may be unable in some circumstances to comply with your requirements and/or our obligations. We can tell you about the implications of that decision.
Updating your information – If the information you have provided us changes please let us know promptly and we will correct and update it. We also make a practice of checking and updating data when we are able to.
We do not ask for information that we do not need.
2. How your information will be used
The information we hold and process may be used as follows:
- to pursue the legitimate interests of the company in the running of our business supplying beautiful outdoor kitchens and associated products and services (including manufacture, design, marketing, sales, procurement, construction, warehousing, despatch, accounting, credit control and all normal business functions).
- for our management and administrative use. We will keep and use it to enable us to run the business and manage our relationship with our customers effectively, lawfully and appropriately.
- to enable us to comply with any sales contract or other contractual requirement,
- to comply with any legal requirements,
- to protect our legal position in the event of any legal proceedings.
- Answering questions or enquiries you have made regarding for example feasibility of a project, or options for layout and design, details of products, pricing, stock availability, lead-times or generally following up orders you have placed and enquiries you have made to see how we can help you further.
- Shipping orders to you and arranging delivery and/or installation of products.
- Sending invoices and similar paperwork that you require and that we are legally required to send or that will be helpful to you.
- Sending new catalogues when they are published or on an occasional basis details of new lines and offers for similar products to those that we supply to you when you have requested this or when we have carefully considered and feel it will be genuinely of interest to you and in line with what you would expect to receive from us. From time to time we may also invite you to provide feedback on products or our customer service or for other research purposes. (Please note that you do not have to respond to our surveys if you do not wish to do so).
- Note: Any e-shot GRILLO send out will always have an unsubscribe facility included.
From time to time we may also invite you to provide feedback on products or our customer service or for other research purposes. (Please note that you do not have to respond to our surveys if you do not wish to do so).
We will never pass on customers’ details to other companies for their marketing purposes.
3. Additional optional processing by consent
Where customers request to be sent marketing material or to be included in e-mail marketing, whether in person, through the website or by e-mail or telephone, we comply with the request where possible. You can unsubscribe at any time using the unsubscribe link always included on any e-shots we send or by phone or e-mail.
4. What is the lawful basis for processing this data?
The lawful basis for (2) is to meet our contractual obligations and legal requirements and pursue our legitimate interest in running a business. The lawful basis for (3) is by your consent but also to pursue our legitimate interest of running a business. See section (2) for more details.
5. What information do we hold? And what is it for?
We do not collect any information that we do not need.
Information collected is needed to meet our contractual and legal obligations and pursue legitimate interest of running a company and is retained as follows:
- For professional or business customers and enquiries we hold the Company name, address, phone numbers, domain name & e-mail address and contact names of appropriate personnel with job title (so we know who to contact)
- For private customers enquiries we hold name and contact details provided and all information needed to prepare any design, quotation and/or orders.
- We keep Feedback supplied to help us continually improve our products and service.
- We do NOT retain card details and other personal data required for card payments – these are entered directly into the SagePay secure facility.
- Details of correspondence with you regarding supply of products and services, technical enquiries, design plans etc., including products of interest and prices quoted to enable us to quickly process orders and meet your requirements etc.
- Copies of credit account applications and references if a credit facility is requested or maintained where appropriate. Note: Where the company is a sole trader or partnership some detail may be regarded as personal information and it is important that you make this clear if for example you apply for credit facilities so that appropriate procedures can be followed.
- Details of bank accounts – if you have a credit account or where we need to keep details of any payments and refunds made for contractual legal or legitimate interest purposes. These will be kept securely and for as long as they are needed.
6. What data do we pass on to other parties?
We do not pass on your data to any other companies or persons for their own use; only for purposes necessary for our contract with you, for our legitimate interest as set out in this policy or for legal purposes.
- Data entered on the website is collected by a hosting company as data processor on our behalf, other than payment card data which is entered directly to SagePay.
- Details of your delivery addresses and contact information will be transferred to delivery companies such as FedEx and DHL to enable them to ship the goods to you. They may also need to make declarations to Customs authorities in the UK and country of import on behalf of us and you.
- When we send out mail shots or e-shots this may be via secure software at an approved third-party mailing company. Any unsubscribe requests are retained to ensure these are carefully respected.
- We also may transfer information about you to our associate companies for internal administrative purposes such as accounting, credit control, despatch and management. These companies are Comar Investments Ltd, Comar Optics Ltd, Access Expeditions Ltd and Comar Group Ltd all of which have the same director(s) and operate from the same building.
- In the unlikely event of our company being acquired by a third party, customer data may be transferred to the new company.
- In limited and necessary circumstances, your information may be transferred outside of the EEA or to an international organisation to comply with our legal or contractual requirements.
- Some data is kept in secure storage “in the cloud”.
- We may need to disclose data to HMRC or other government bodies for accounting or taxation purposes, or to other parties to meet other regulatory and statutory requirements, or if required to by the courts or for fraud protection or credit-risk management.
- If you ask us to give a credit reference on your behalf we would need to disclose information in order to do so.
7. What security is in place?
We have in place safeguards to ensure the security of your data. Our building, staff, servers and procedures comply with the strict security requirements of the PCI DSS (payment card industry data security standards).
8. We do NOT use automated decision making or profiling.
We do not use any automated decision making or profiling
9. How long will your data will be stored?
Where customers have placed orders with us we will need to keep certain details for contractual and legal reasons for ten years. Many of our customers are companies or professionals with long-term needs requiring regular and repeat supplies and we retain details in view of being able to meet our customers future needs. We do not retain any card details or unnecessary personal information. You may quickly and easily withdraw consent for any marketing using the unsubscribe link or by phone letter or e-mail.
10. Other processing in the future
If in the future we intend to process your data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information.
11. Your rights
- Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data.
- You also have rights under the Privacy and Electronic Communications Regulations.
- The rights under GDPR relate to personal data and depend on the legal basis the information is processed under. These may include in different circumstances the right to request from us copies of any personal data held, rectification and erasure, the right to restrict processing or object to processing as well as in certain circumstances the right to data portability.
- If you have provided consent for the processing of your data as in clause (3) you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn. The easiest way is by using an unsubscribe link but you can also e-mail, write to or phone us.
- You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the law with regard to your personal data.
12. If you have any concerns as to how your data is processed please contact us as soon as possible to your normal contact or to firstname.lastname@example.org.
13. Identity and contact details of data controller:
Grillo Group Ltd, The Ridge, Iceni Way, Haverhill, Suffolk, CB9 7FD, England is the controller (and processor) of data for the purposes of the DPA 18 and GDPR. E-mail address: email@example.com Registered in England and Wales Co. No. 11159167.
© Copyright Grillo Group Ltd May 2018.