Privacy Policy
We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on (i) who we are and (ii) how and why we collect, store, use and share your personal information. It also explains the rights that you have and how to contact us, or our supervisory authority, in the event that you have a complaint.
We collect, use and are responsible for certain personal information about you. As such, we are subject to the General Data Protection Regulation (the GDPR), which applies across the European Union (including in the United Kingdom) and we are responsible as a ‘controller’ of that personal information for the purposes of the GDPR.
1. KEY TERMS
1.1. In this policy:
we or us: means Robert Bridges, sole proprietor of and trading as Bob Bridges Designs.
personal information: means information relating to an identified or identifiable individual.
special category personal information: means personal information revealing (i) racial or ethnic origin (ii) political opinions (iii) religious beliefs (iv) philosophical beliefs (v) trade union membership (vi) genetic and biometric data and (vii) data concerning health, sex life or sexual orientation.
2. CUSTOMER PERSONAL INFORMATION
2.1. If you are one of our customers, we may collect and use the following personal information about you:
a) your name and contact information including (without limitation) your email address, telephone number, fax number, delivery address and billing address;
b) information to enable us to check and verify your identity (e.g. your date of birth);
c) your billing information, transaction, VAT (where required) and payment card information;
d) any further relevant delivery information, to enable us to deliver our products to you; and
e) information about how you use our website, through the use of cookies, IT, communication and other systems.
2.2. This personal information is required to provide our products and services to you. If you do not provide the personal information that we ask for, it may delay or prevent us from providing our products and services to you.
3. SUPPLIER PERSONAL INFORMATION
3.1. If you are one of our suppliers, we may collect and use the following personal information about you:
a) your name and contact information including (without limitation) your email address, telephone number, company details and forwarding address;
b) the name and contact information of our main point(s) of contact, including (without limitation) their email address and telephone number;
c) the name and contact information of your company directors where necessary, including (without limitation) their email address and telephone number;
d) information to enable us to check and verify your identity (e.g. your date of birth and other information contained in any identification documents that we hold);
e) your billing information, transaction, VAT and payment information;
f) your insurance information and the necessary policies which are specified in our contract with you;
g) information to enable us to undertake credit or other financial checks on you; and
h) information to enable us to collect the relevant supplied products or materials, where applicable.
3.2. This personal information is required by us in order to receive the products, materials and services that are provided by you and to pay you for them. If you do not provide the personal information that we ask for, it may delay or prevent us receiving the relevant products and services, and/or delay or prevent us paying for them.
4. COLLECTION OF INFORMATION
4.1. We collect most of this personal information directly from you i.e. in person, by telephone, text, email and/or via our website. However, we may also collect information:
a) from publicly accessible sources such as Companies House and the websites of our Suppliers;
b) directly from a third party e.g. our chosen delivery provider and/or Stripel;
c) from a third party with your consent e.g. from professional advisers and/or third party suppliers; and
d) via our IT systems e.g. through automated monitoring of our website(s) and other technical systems, such as our computer networks, and through the use of cookies, communication systems and email.
5. USE OF PERSONAL INFORMATION
5.1. Under data protection law, we can only use your personal information if we have a proper reason for doing so. These reasons include:
a) to comply with our legal and regulatory obligations;
b) for the performance of our contract with you (or to take steps at your request before entering into a contract with you);
c) for our legitimate interests or those of a third party; or
d) if you have given us your explicit consent.
5.2. A legitimate interest is when we have a business or commercial reason to use your information, as long as this is not overridden by your own rights and interests.
5.3. The table below explains what we use/process your personal information for and our reasons for doing so:
USE OF YOUR PERSONAL INFORMATION
REASON(S)
To provide products and services to you or (as applicable) to receive products/materials and services from you. This may include liaising with, and passing your personal information to, third parties i.e. passing delivery information between our customers and our chosen delivery provider.
For the performance of our contract with you or to take steps at your request before entering into a contract.
To detect and prevent fraud against you or us.
For our legitimate interests or those of a third party i.e. to minimise fraud that could be damaging for us and for you.
Conducting checks to identify our suppliers, and to verify their identity.
Screening for financial and other sanctions, in relation to our and suppliers.
Other processing necessary to comply with legal and regulatory obligations that apply to our business e.g. under health and safety regulations or safe working practices.
To comply with our legal and regulatory obligations.
Conducting checks to verify that sufficient policies of insurance are in place, with regards to the manufacture and supply of our products.
For the performance of our contract with you or to take steps at your request before entering into a contract.
To comply with our legal and regulatory obligations.
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies.
To comply with our legal and regulatory obligations.
Ensuring business and regulatory policies are adhered to e.g. policies covering health and safety, security and internet use.
To comply with our legal and regulatory obligations.
For our legitimate interests or those of a third party, i.e. to ensure we follow our own internal procedures so that we can deliver the best service to you and improve our relationships with our suppliers and manufacturers.
Operational reasons, such as improving efficiency, training and quality control.
For our legitimate interests or those of a third party, i.e. to be as efficient as we can so that we can deliver the best service to you at the best price and/or improve our relationships with our suppliers.
Ensuring the confidentiality of commercially sensitive information.
For our legitimate interests or those of a third party, i.e. to protect confidential and other commercially valuable information.
To comply with our legal and regulatory obligations.
Statistical analysis to help us manage our business e.g. in relation to our financial performance, customer base, supplier base, range of available products and services, and/or other efficiency measures.
For our legitimate interests or those of a third party i.e. to be as efficient as we can so that we can deliver the best products and service to you at the best price and/or improve our relationships with our suppliers.
Preventing unauthorised access and modifications to our systems.
For our legitimate interests or those of a third party i.e. to detect and prevent criminal activity that could be damaging for us and for you.
To comply with our legal and regulatory obligations.
Updating and enhancing our records. Including maintaining a “do not contact” list of customers, or third parties who do not want to receive marketing communications from us.
For the performance of our contract with you or to take steps at your request before entering into a contract.
To comply with our legal and regulatory obligations.
For our legitimate interests or those of a third party, e.g. making sure that we can keep in touch you about the products and services that we provide.
Statutory returns.
To comply with our legal and regulatory obligations.
Marketing our products and services to:
- existing and former customers;
- third parties who have previously expressed an interest in our products or services; and
- third parties with whom we have had no previous dealings.
For our legitimate interests or those of a third party i.e. to promote our business and any products or services that may be of use or interest to existing/former customers and third parties.
External audits and quality checks and the audit of our accounts.
For our legitimate interests or those of a third party, i.e. to maintain our accreditations so we can demonstrate we operate at the highest standards.
To comply with our legal and regulatory obligations.
5.4. The above table does not apply to special category personal information, which we will only process with your explicit consent.
6. MARKETING AND PROMOTION
6.1. We may use your personal information to send you updates (by email, text message, telephone or post) about our services, including (without limitation) exclusive offers, promotions or new products and services.
6.2. We have a legitimate interest in processing your personal information for promotional purposes (see paragraph 5 above, ‘Use of Personal Information’). This means we do not usually need your consent to send you promotional communications.
6.3. However, where your consent is needed, we will ask for your explicit consent separately and clearly.
6.4. We will always treat your personal information with the utmost respect and we will never share it with other organisations for marketing purposes.
6.5. You have the right to opt out of receiving promotional communications at any time by:
a) contacting us at contact@bobbridgesdesigns.co.uk; or
b) using the ‘unsubscribe’ link in emails or by replying ‘STOP’ to any text message received.
6.6. We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are any changes to the law or in the structure of our business.
7. INFORMATION SHARING
7.1. We routinely share personal information with:
a) third parties we use to help deliver our products and services to you e.g. sharing information between our chosen delivery provider and customers;
b) other third parties we use to help us run our business, e.g. Stripe, marketing agencies, and website hosting companies (including SquareSpace) and other IT service providers;
c) our insurers and insurance brokers; and
d) our bank.
7.2. We only allow our service providers and other third parties to handle your personal information if we are satisfied that they take appropriate measures to protect your personal information.
7.3. We will impose contractual obligations on third parties and service providers to ensure they can only use your personal information to provide services to us and to you. We may also share personal information with external auditors e.g. in relation to the audit of our accounts.
7.4. We may disclose and exchange information with law enforcement agencies and regulatory bodies in order to comply with our legal and regulatory obligations.
7.5. We may also need to share some personal information with other parties, such as potential buyers of our business (or any part thereof) or during any restructuring of our business. Usually, the information provided will be anonymous, but this may not always be possible. However, the recipient of the information will always be bound by confidentiality obligations.
7.6. We will not share your personal information with any other third party.
8. HOLDING INFORMATION
8.1. Information may be held at our offices, on our IT systems and on those of our third party service providers, representatives and agents as described above (see paragraph 7 above, ‘Information Sharing’).
8.2. Some of these third parties may be based outside the European Economic Area (EEA). For more information, including on how we safeguard your personal information when this occurs, see paragraph 9 below, ‘Data Transfers’.
8.3. We will keep your personal information while we are providing any products or services to you, or (as applicable) receiving any products/materials or services from you. Thereafter, we will keep your personal information for as long as is necessary:
a) to respond to any questions, complaints or claims raised or made by you (or on your behalf);
b) to show that we treated you fairly;
c) to keep records as required by law.
8.4. We will not retain your personal information for longer than necessary for the purposes set out in this policy.
8.5. Different retention periods apply for different types of personal information:
a) Customer data will be held for up to 6 years following the end of our contractual relationship with you.
b) Potential customer data will be held until the potential customer changes their marketing preferences or where the potential customer exercises their rights to ‘object’ or ‘to be forgotten’.
c) Supplier data will be held for 6 years after the end of the relevant contract.
d) Company records and data (i.e. statutory books, board minutes, company resolutions etc) will be held for 10 years from the date of the creation of such records or data.
8.6. When it is no longer necessary to retain your personal information, we will either delete the information or make the information anonymous.
9. DATA TRANSFERS
9.1. We do not routinely transfer your data outside of the European Economic Area (EEA). However, there may be some circumstances when it is necessary for us to do so, in order to deliver services to you, for example:
a) when relevant third parties (including customers, suppliers or service providers) are located or operate outside the EEA;
b) where website servers (or other items of IT hardware) are located outside the EEA (please note, specifically, that our website hosting company’s servers are based in California);
c) if you are based outside the EEA; or
d) where there is an international dimension to the services we are providing to you.
9.2. These transfers are subject to special rules under European and UK data protection law.
9.3. Non-EEA countries do not have the same data protection laws as the United Kingdom and the EEA. We will, however, ensure that any such transfer of data complies with applicable data protection law and that all personal information is secure. Our standard practice is to use template data protection clauses, that have been approved by the European Commission, in our contracts with the relevant third parties.
9.4. As detailed above, our website hosting company’s (SquareSpace) website servers are based in California. However, for the avoidance of doubt, SquareSpace are committed to treating personal information in accordance with the GDPR and as such have signed up to the Privacy Shield Framework; more details of which can be found in their privacy policy (which is readily available on the SquareSpace website).
9.5. If you would like further information, please contact us (see paragraph 15 below, ‘Contact’).
10. COOKIES
10.1. Our website is hosted by an IT service provider, SquareSpace, which deals with the use of cookies on our website. Cookies are text files placed on your computer to collect standard internet log-in information and visitor behaviour information.
10.2. Cookies are widely used in order to make websites work, or work more efficiently, as well as to provide information to us. These cookies help us recognise you and your device and store some information about your preferences or past actions and as such we use cookies and other similar tracking technologies on our website to help improve our site and to try and deliver a better and more personalised service.
10.3. You can block cookies by activating the setting on your browser which allow you to refuse the settings of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be to access all or parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon you visit our website.
10.4. Cookies do not contain any information that personally identifies you, but personal information that we store about you may be linked, by us, to the information stored in, and obtained from, cookies.
10.5. Our legitimate interests (or, as applicable, those of a third party), for using cookies, are so that we can distinguish you from other users of our website, which helps us to provide you with a better user experience when you browse our website, and also allows us to improve our website.
11. YOUR RIGHTS
11.1. You have the following rights, which you can exercise at no cost:
Access: The right to be provided with a copy of your personal information (the right of access).
Rectification: The right to require us to correct any mistakes in your personal information.
To be forgotten: The right to require us to delete your personal information, in certain situations.
NB: we are not required to delete your personal information if this is held (i) for the performance of a contract (during the term of the contract) or (ii) to comply with a legal obligation.
Restriction of processing: The right to require us to restrict the processing of your personal information in certain circumstances e.g. if you contest the accuracy of the personal information.
Data portability: The right to receive the personal information you have provided to us, in a structured, commonly used and machine-readable format, and/or to transmit that personal information to a third party, in certain situations.
To object: The right to object:
at any time to your personal information being processed for direct marketing purposes (including profiling); and
in certain other situations, to our continued processing of your personal information e.g. where such processing is carried out for the purpose of our legitimate interests.
NB: as above, we are not required to delete your personal information if this is held (i) for the performance of a contract or (ii) to comply with a legal obligation.
Not to be subject to automated individual decision-making: The right not to be subject to a decision which is based solely on automated processing (including profiling) and that produces legal effects concerning you or otherwise significantly affects you.
11.2. For further information on each of these rights, including the circumstances in which they apply, please contact us or see the guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
11.3. If you would like to exercise any of these rights, please:
a) email, call or write to us (see paragraph 15 below, ‘Contact’);
b) let us have enough information to identify you (e.g. your full name, address and any applicable reference/reference number);
c) let us have proof of your identity and address (e.g. a copy of your driving licence or passport and a recent utility bill); and
d) let us know what right you want to exercise and the information to which your request relates.
12. SECURITY
12.1. We have implemented appropriate security measures to prevent your personal information from being lost or used/accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
12.2. We also have procedures in place to deal with any suspected data security breach. We will notify you, and any applicable regulator, of any suspected data security breach where we are legally required to do so.
13. COMPLAINTS
13.1. Should you have a complaint about our use of your personal information, please contact us (see paragraph 15 below, ‘Contact’).
13.2. We hope that we can resolve any query or concern that you may raise about our use of your personal information. However, the General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of the relevant data protection laws has occurred.
13.3. The supervisory authority in the UK is the Information Commissioner who can be contacted at https://ico.org.uk/concerns or 0303 123 1113.
14. CHANGES TO THIS PRIVACY POLICY
14.1. This privacy policy was amended and published on 10 July 2020.
14.2. We may change this privacy policy from time to time. We will inform you via our website, or by email, as and when any changes are made.
15. CONTACT
15.1. Please contact us by email if you have any questions about this privacy policy or the information that we hold about you.
15.2. Our contact details are – contact@bobbridgesdesigns.co.uk