Personal data means data which relates to a living person who may be identified directly or indirectly from that data (“Personal Data”). The processing of Personal Data is governed by the General Data Protection Regulation 2016/679 (“GDPR”) and other applicable data protection laws (“Data Protection Law”).
Ultimate Windows Limited (“Senator Windows Dublin” “we” or “us”) is a data controller. This means that Senator Windows Dublin determines how Personal Data is used (“Processed” / “Process” / “Processing”).
2. Categories of Personal Data Processed
Senator Windows Dublin may process the following categories of Personal Data:
|Customers/customers||Name, address(es), telephone, mobile, email, ordered products, credit/payment history, direct debit details – bank a/c, sort codes, customer installation notes/special instructions, customer requests/queries by email, customer note/message log, credit and debit card details for payments & refunds, marketing permission preferences, and call recordings.|
|Individual contact persons in suppliers and other business contacts||Name, business address, telephone, mobile and email.|
- Orders fulfilled by Senator Windows Dublin for third parties to their customers and vice versa.
- Preferences for various types of marketing events.
- CCTV images.
- Digital information related to use of our websites, platforms and digital applications, including, traffic data, location data and other communication data.
Senator Windows Dublin will ordinarily obtain or Process Special Categories of Data (“SCD”) in very limited circumstances. Where it does so it shall Process such Personal data in accordance with Data Protection Law.
3. Purposes for which Personal Data is Processed
We may Process Personal Data for any of the following purposes:
- Fulfilment of quotations, orders and installation requests, related notifications (email and SMS), marketing and service updates, sales reporting and analysis, payment processing, payment analysis, refunds, credit notes, credit control purposes, legal requirements, customer complaints, operating of customer budget plans, to third party service providers for purchasing, polling, and invoicing purposes, sending of customer information to/ from third party third party manufacturers or contractors for delivery and installation of customer orders, etc.;
- complying with applicable law, including anti-money laundering legislation;
for administrative purposes, including to securing and maintaining our internal systems, platforms and digital applications;
upholding an adequate level of security;
- carrying out controls to prevent fraud; and/or managing business relationships.
4. Legal basis for Processing Personal Data
We use Personal Data when:
- we have consent to use Personal Data for a specific purpose;
- we are, or are considering, entering into an agreement;
- we have to comply with certain legal obligations; and/or
- we or the business are pursuing a legitimate interest. This could be where we have a business or commercial reason to use Personal Data. We will only do so if our interest clearly overrides the data subject’s interest in not having his/her Personal Data Processed by us.
From time to time, we may also Process Sensitive Personal Data (“SPD”) if required to do so by law. We will seek explicit consent to Process SPD, unless the law permits us to register such data without consent.
|Purpose/Activity||Lawful basis for processing|
|To manage our customer relationship|
- Performance of a contract
- Necessary to comply with a legal obligation
- Necessary for our legitimate interests (to keep our records updated and to study how customers use our services)
|To administer and protect our business|
- Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
- Necessary to comply with a legal obligation.
|To deliver relevant website content and advertisements and measure or understand the effectiveness of our advertising.|
- Necessary for our legitimate interests (to study how customers use our services, to develop them, to grow our business and to inform our marketing strategy).
|To make suggestions and recommendations about products services that may be of interest.|
- Necessary for our legitimate interests (to develop our services and grow our business).
5. Data Processors
Senator Windows Dublin may engage certain service providers to perform certain services on its behalf which may involve the Processing of Personal Data. To the extent that such Processing is undertaken based on the instructions of Senator Windows Dublin and gives rise to a data controller and data processor relationship, Senator Windows Dublin will ensure that such relationship is governed by a contract which includes the data protection provisions prescribed by Data Protection Law.
6. Record Keeping
As part of our record keeping obligations under the GDPR, Senator Windows Dublin retains a record of the Processing activities under its responsibility. This comprises the following:
- Name and contact details of the controller
- The purposes of the Processing
- Description of the categories of data subjects and of the categories of Personal Data.
- The categories of recipients to whom the Personal Data have been or will be disclosed.
- Where applicable, transfers of Personal Data to a third country outside of the EEA.
- Where possible, the envisaged time limits for erasure of the different categories of Personal Data.
- Where possible, a general description of the technical and organisational security measures adopted.
7. Individual Data Subject Rights
Data Protection Law provide certain rights in favour of data subjects. The rights in question are as follows (the “Data Subject Rights”): the right of a data subject to receive information on the Processing; the right of access to Personal Data; the right to rectify or erase Personal Data (right to be forgotten); the right to restrict Processing; the right of data portability; the right of objection; and the right to object to automated decision making, including profiling.
These Data Subject Rights will be exercisable subject to limitations as provided for under Data Protection Law. You may make a request to Senator Windows Dublin to exercise any of the Data Subject Rights by contacting firstname.lastname@example.org. Your request will be dealt with in accordance with Data Protection Law.
8. Data Security and Data Breach
We have technical and organisational measures in place to protect Personal Data from unlawful or unauthorised destruction, loss, change, disclosure, acquisition or access. Personal Data are held securely using a range of security measures including, as appropriate, physical measures such as locked filing cabinets, IT measures such as encryption, and restricted access through approvals and passwords. The GDPR obliges Data Controllers to notify the Data Protection Commission and affected data subjects in the case of certain types of Personal Data security breaches. Any data breaches identified in respect of Personal Data controlled by Senator Windows Dublin will be dealt with in accordance with Data Protection Law.
9. Disclosing Personal Data
From time to time, we may disclose Personal Data to third parties, or allow third parties to access Personal Data which we Process (for example where a law enforcement agency or regulatory authority submits a valid request for access to Personal Data). We may also disclose Personal Data to: (a) selected third parties including certain government bodies such as the Revenue Commissioners; and (b) service providers, such as distributors, hauliers, website providers, payment processing providers, IT support providers, etc.
10. Data Retention
We will keep Personal Data only for as long as the retention of such Personal Data is deemed necessary for the purposes for which that Personal Data are Processed (as described in this Privacy Notice). We will keep Personal Data for as long as we have a relationship with the data subject, and for a period of up 6 years thereafter. We will only retain Personal Data after this time if we are required to do so to comply with the law, or if there are outstanding claims or complaints that will reasonably require such Personal Data to be retained.
11. Data Transfers outside the EEA
From time to time, Senator Windows Dublin may transfer Personal Data to countries outside the EEA which may not have the same or equivalent Data Protection Law as Ireland. If such transfer occurs, Senator Windows Dublin will ensure that such Processing of Personal Data is in compliance with Data Protection Law and, in particular, that appropriate measures are in place such as entering into Model Contractual Clauses (as published by the European Commission) or ensuring that the recipient is Privacy Shield certified, if appropriate. If you require more information on the means of transfer of Personal Data or would like a copy of the relevant safeguards, please contact email@example.com .
12. Further Information/Complaints Procedure
For further information about this Privacy Notice and/or the Processing of Personal Data by or on behalf of Senator Windows Dublin please contact firstname.lastname@example.org . While you may make a complaint in respect of our compliance with Data Protection Law to the Irish Data Protection Commission, we request that you contact email@example.com in the first instance to give us the opportunity to address any concerns that you may have.
Senator Windows Dublin,
Unit 15 Airways Industrial Estate,
Old Airport Road,
Tel. 1850 83 99 99
This policy was last updated on 25th July 2018.