Civic Windows & Doors is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains your rights and how we ensure compliance.
1. Our Commitment
We are committed to:
- Processing personal data lawfully, fairly, and transparently
- Collecting data only for specified, explicit, and legitimate purposes
- Keeping data accurate and up to date
- Retaining data only for as long as necessary
- Implementing appropriate security measures
2. Data Controller
Civic Windows & Doors is the data controller for personal information collected through this website and our services. This means we determine how and why your data is processed.
Contact details:
Civic Windows & Doors
47 Victoria Street
London SW1H 0EX
Email: [email protected]
3. Your Rights
Under the UK GDPR, you have the following rights:
Right to Be Informed
You have the right to know how we collect and use your personal data. This is provided through our Privacy Policy and this GDPR page.
Right of Access
You can request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond within one month of receiving your request.
Right to Rectification
If you believe any personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will respond within one month.
Right to Erasure
Also known as the "right to be forgotten", you can request deletion of your personal data in certain circumstances, such as:
- The data is no longer necessary for its original purpose
- You withdraw consent (where consent was the basis for processing)
- You object to processing and there are no overriding legitimate grounds
Right to Restrict Processing
You can request that we limit how we use your data in certain circumstances, such as when you contest its accuracy or have objected to processing.
Right to Data Portability
Where processing is based on consent or contract and is automated, you can request your data in a structured, commonly used, machine-readable format.
Right to Object
You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.
Rights Related to Automated Decision-Making
You have rights regarding automated decision-making and profiling. We do not currently make any automated decisions that have legal or similarly significant effects.
4. Exercising Your Rights
To exercise any of these rights, please contact us at:
- Email: [email protected]
- Post: 47 Victoria Street, London SW1H 0EX
We may need to verify your identity before processing your request. We will respond within one month, though this may be extended by two months for complex requests, in which case we will inform you.
5. Legal Bases for Processing
We process your personal data based on the following legal bases:
- Consent: Where you have given specific consent for marketing communications
- Contract: Where processing is necessary to fulfil our services to you
- Legal obligation: Where we are required by law to process data
- Legitimate interests: Where we have a genuine business need, balanced against your rights
6. Data Retention
We retain personal data in accordance with the following guidelines:
- Quote enquiries: 2 years if no purchase
- Customer records: 7 years after completion of services
- Marketing contacts: Until you unsubscribe or withdraw consent
- Website analytics: 26 months (aggregated)
7. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Secure servers and encrypted connections (SSL/TLS)
- Access controls and authentication
- Regular security assessments
- Staff training on data protection
8. International Transfers
We primarily process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.
9. Data Breaches
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the Information Commissioner's Office within 72 hours
- Communicate the breach to affected individuals where required
- Document all breaches and our response
10. Complaints
If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113
However, we would appreciate the opportunity to address your concerns first, so please contact us directly in the first instance.
11. Updates to This Page
We may update this GDPR information from time to time. Any changes will be posted on this page with an updated revision date.