At Bristan Group Ltd, we take the safeguarding of your information very seriously. One of the ways we do this is by adhering to the requirements of UK data protection legislation. This has changed as part of the General Data Protection Regulation (GDPR for short) in force from May 2018.
For clarity, where we talk about Bristan Group Ltd we mean both Bristan and Heritage Bathrooms.
Bristan Group Ltd will be the Controller of the information you provide to us and that we collect about you when you use our online services. Our contact details are set out in the “How to get in touch” section.
This policy may change from time to time so it's a good idea to come back and read through it every now and then. If there’s a significant change to the policy, we’ll let you know straight away.
What kind of information do we collect, when and how?
There are a few ways we collect your information. This could be when you:
- Purchase our products and services (whether via our websites or over the phone)
- Use a channel partner to resolve a service incident with your Bristan Group Ltd product
- Create or log in to an account on our website
- Contact us by telephone, email, electronic messaging (such as SMS, MMS or live chat tools) or post
- Register your product guarantee
- Correspond with us via emails and letters
Additionally, we may also obtain information from:
- Customer surveys
- You taking part in our competitions or promotions
- Specialist data sources; including but not limited to Glenigan and Focal Research
- Purchased data from trusted partners
- All social media networks (for instance, when you click on one of our Facebook or Google ads)
- Public information sources
- Agents, suppliers, sub-contractors and advisers - These could include for example, firms we use to help us run marketing activity and specialist companies who advise us on ways to develop and improve our business.
- Market researchers (who combine data from many sources to produce market trend reports and advice)
We’ll never keep more information from you than we need to. The types of information we collect will depend upon: (i) whether we collect the information from you or from someone else; and (ii) how / when we collect that information.
Information you give to us:
When you create an online account, or contact us with queries we’ll ask you to give us, where necessary, your generic details (i.e. name, surname,), your contact details (i.e. address, email, phone number)
When you talk to us on the phone, email, communicate via electronic messaging (such as SMS, MMS or live chat tools) or write to us. Again, where necessary, we’ll ask for your generic details
In customer surveys from time to time, to help us provide you with improved products and services, we might ask you to fill in a questionnaire, just so you can let us know how we're doing. When sending you a questionnaire we’ll ask you to provide us with the following information: name, email address, telephone number
Information we collect from you when you use our products and services:
We may also monitor, record, store and use the communications we have directly with you to improve the quality of our customer service and/or for training, operational and compliance purposes
Information collected from others:
We may supplement the information we collect from you and about your use of the services as described above, with information we receive from third parties.
This may include data from other organisations who have obtained your permission to share information about you with us.
Why do you collect my information?
There are a few ways we use the information we hold about you. We’ll use it:
- Where it’s necessary to perform our contract with you
- To process your orders for our products and services and to bill you for the same
- To provide you with the products and services you have ordered from us
- To provide access to privileged areas of our online services which require an account
- To respond to any questions or complaints you may have regarding our products and services
Where you’ve given us your consent
- To send you details of products, services, special offers and rewards we think will be of interest to you. However, we hate junk mail as much as you do so it's up to you to decide whether or not you want to receive this information. We’ll cover more of that further down.
- To occasionally carry out market research
- To administer contests and competitions
Where we’ve got a legitimate interest
This is when we’ve got a good reason to process your data; e.g. situations where Bristan Group Ltd needs to process information to operate its business. However we always do this by considering the safeguards and impact to you.
- Processing activities based on a legitimate interest include:
- To complete transactional orders & warranty obligations
- To enable us to gain customer insights and to review, develop and improve our products and services to ensure we are giving customers what they want
- Defining types of customers for new products or services
- Complying with laws and regulations that apply to us
You’re in control of your data
If you would like to stop receiving marketing from us, you can review and amend your preferences at any time by emailing us at email@example.com or firstname.lastname@example.org with the header “Unsubscribe".
Letting us know if your personal information is incorrect
You have the right to question any information we have about you that you think is incorrect or out of date. If the information we hold on you is wrong, you can email us at email@example.com, let us know what needs updating and we’ll take reasonable steps to check this for you and correct it.
Verification of your information - When we receive any request to access, edit or delete personal identifiable information we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.
It’s all about choice
You can choose not to give us personal information. In this section we explain the effects this may have.
We may need to collect personal information by law, or to enter into or fulfil a contract we have with you.
If you choose not to give us this personal information, it may delay or prevent us from fulfilling our contract with you, or doing what we must do by law. It may also mean we cannot support your account. It could mean we cancel an order, service or service request you have with us.
We sometimes ask for information that is useful, but not required by law or a contract. We will make this clear when we ask for it. You do not have to give us these extra details and it won't affect the products or services you have with us.
Sometimes we’ll need to share the information we hold about you with others. We provide information about you to:
- Our employees so they can administer and deal with any questions or complaints you’ve got about any products or services provided to you by Bristan Group Ltd now or in the future
- Relevant 3rd parties in order to administer insurance claims
- Our distribution partners that deliver our products to you.
- Contractors who work on our behalf to deliver our warranty repairs and/or installation services
- Marketing agencies we work with when creating marketing campaigns, special offers and promotions.
We may also share your personal information if the make-up of Bristan Group Ltd changes in the future. We may choose to sell, transfer, or merge parts of our business, or our assets. Or we may try to bring other businesses into Bristan Group Ltd. During any such process, we may share your data with other parties involved. We’ll only do this if they agree to keep your data safe and private.
If the change to our Group happens, then other parties may use your data in the same way as set out in this notice.
Where we share your personal data with another company we make sure they respect your data protection rights too.
We won’t pass on your personal information to third parties except in accordance with this policy and our Terms and Conditions or where we are required to disclose that information in order to comply with any legal or regulatory requirements.
How do you protect my information?
The security of your information is really important to us. Any information sent to us is protected using robust security methods. The methods we use are industry-standard ensuring data is safeguarded whilst being sent over unprotected communications paths such as the internet. When it reaches us, we store it securely and only provide access to it by those authorised. Although we safeguard your personal information once received, Bristan Group Ltd cannot guarantee the safety of any personal information you transmit to us using online methods.
Our security measures include:
- Encryption of data where appropriate
- Regular penetration testing of systems
- Security controls which protect the entire Bristan Group Ltd Information Technology infrastructure from external attack and unauthorised access
- Regular cyber security assessments of all service providers who may handle your personal data
- Regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents
- Internal policies setting out our data security approach
- Training for employees on security and privacy
How do you keep my information?
We collect and store your data safely and only for the time strictly necessary to operate services provided to you by Bristan Group Ltd and/or based on the reasons we process your personal data. Afterwards it’ll either be destroyed or anonymized.
When determining the relevant time we store information, we take into account factors such as:
- Legal obligation(s) requiring data to be kept for certain periods of time
- (Potential) disputes
- Guidelines issued by the UK’s data protection authority.
A few examples for how long we’ll keep your data:
- Unless you ask us not to, we store your generic details (i.e. name, surname, contact details) for up to two years after you stop being our customer, to contact you just in case you change your mind
- We keep any purchase data for 7 years, for tax purposes.
What are my rights when it comes to my information?
Here we’ll explain the rights you have regarding your information:
|Rights||What does this mean?|
|1. The right to be informed||
|2. The right of access||
You’re welcome to ask us what information we have about you, any time you like.
|3. The right to rectification||
You’re entitled to have your information corrected if it’s inaccurate or incomplete. Just let us know of any changes.
|4. The right to erasure||
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
|5. The right to restrict processing||
You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
|6. The right to data portability||
You have rights to obtain and reuse your personal data for your own purposes across different services.
|7. The right to object||
You have the right to object to certain types of processing, including processing for direct marketing (which we do only with your consent).
|8. Rights in relation to automated decision making and profiling||
Some organisations make automated decisions based on personal information supplied or have been collected from others about you. Bristan Group Ltd do not make any automated decisions.
To exercise any of these rights at any time, check out the “How do I get in Touch” section.
How do you market your products and services?
If you’ve given consent for us to contact you, then from time to time, we may contact you via the methods you have selected, (which may include mail, telephone or email,) with information about our products and services (including discounts and special offers).
What do I need to know about cookies?
Cookies are small computer files that get placed on your computer’s hard drive (PC, tablet or mobile phone) by your web browser by websites when you visit them. They stay on your device and get sent back to the website they came from, when you go there again.
We also track cookies anonymously to support our site analytics and learn how to improve your website experience and hone the relevance of our products and services.
We also use technology that uses Internet Protocol (IP) information exchanges during the course of normal web activity combined with data-enhancement technology to get detailed analytics information. This doesn't allow us to spy on you – it just allows us to see how well our sites are working.
You can disable any cookies already stored on your computer, but these may stop some elements of our website from functioning properly.
How do I get in touch with you?
If you’ve got any questions or concerns about our use of your personal information you can contact us:
By using the email firstname.lastname@example.org
By phone: 0330 0266274
Or by writing to us: Ken Ellis, Bristan Group Ltd, Birch Coppice Business Park, Dordon, Tamworth, B78 1SG.
If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner's Office. This can be done at https://ico.org.uk/concerns/
You also have the right to representation by a not-for-profit organisation, such as European Digital Rights. As per Article 80 of GDPR Policy.
Here’s a glossary of data types
Contact details: name, address, telephone number, email address, delivery details.
Customer Care data: your support requests and the details required to resolve them. The time and duration of the call and the solution applied. We may also record your call to the service desk.
Data collected in our website: when you log into our website we collect the time and duration of the session, pages visited, campaign attributes, transaction details and technical details (IP/MAC address, operating system and browser type)
Data collected when purchasing direct: We retain information related to the purchase of a product or service when purchased direct