At C.P. Hart & Sons Ltd (including any group companies, ‘C.P. Hart’), we are committed to protecting and respecting your privacy. This Policy sets out when and why we collect personal information about people who visit our websites, write to us, or interact with us via social media, or use our products or services in our showrooms, over the telephone or online (together, our Services).
This Policy also explains what we do with your personal information, the conditions under which we may disclose it to others and what we do to keep it secure. It also sets out where and how we collect your personal information, as well as your rights over any personal information we hold about you.
This Policy gives effect to our commitment to protect your personal information.
We may change this Policy from time to time so please check this page occasionally to ensure that you are happy with any changes. By using our Services, you are agreeing to be bound by this Policy. Any questions regarding this Policy and our privacy practices should be sent by email to firstname.lastname@example.org or by writing to the C.P. Hart HR Dept. at 24 Quadrant Court, Dartford, Kent DA9 9AY. Alternatively, you can telephone us on 01322 422198.
Who we are
C.P. Hart is a limited company; its company registration number is 00889832. The registered address is Unit 40 Charles Park, Claire Causeway Crossways, Dartford, Kent, DA2 6QA.
For the purpose of data protection legislation, C.P. Hart is a “data controller” and is registered with the Information Commissioner’s Office under the following registration number: Z9618622.
How we collect information from you
We obtain information about you when you use our website, telephone us, email us, write to us, interact with us via social media, or when you come into our showrooms or offices to, for example, enquire or contact us about our products and services, or to make an order for products or services.
We may sometimes collect additional information from third parties including from specialist companies that provide customer information (like credit reference agencies, fraud prevention agencies, claims databases, marketing and research companies) and social media providers as well as information that is publicly available.
What type of information is collected from you
The personal information that we will collect:
- Your name, address, telephone number and email address;
- Your image via CCTV;
- Your online account login details, such as your user name and password;
- Details about how you have used or accessed our website or social media accounts, including device details, browser type or IP address;
- Information regarding what C.P. Hart web pages are accessed by you and when, including its social media accounts;
- Information about the services or products that we provide, or have provided, to you (including, for example, the products or services provided to you, when and where you ordered our products or services, and when and where we provided our products and services to you, the amount that you paid for our products or services, and the way you use our products or services);
- Any feedback you give to us;
- When reviewing your application for products and services offered by C.P. Hart (for example, a credit account) we will consider other information about you such as your employment details, financial position, date of birth;
- Details of the emails and other electronic communications that we have sent to you, including whether that communication has been opened and if you have clicked on any links within that communication;
- Details of the emails and other electronic communications that you have sent to us, including via of our online chat service; and
- If you make a payment online or purchase a product from us, your card information is not held by us, it is collected by our third-party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions, as explained below.
How we use your personal information
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform a contract we have entered into with you.
- Where we need to comply with a legal obligation.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We may also use your personal information in the following situations, which are likely to be rare:
- Where we need to protect your interests (or someone else's interests).
- Where it is needed in the public interest or for official purposes.
We use your information to:
- make our products or services available to you;
- process your orders;
- carry out our obligations arising from any contracts entered into by you and us;
- take payment from you or give you a refund;
- help us to prevent fraud;
- personalise your shopping experience, for example by understanding your location or how you use our websites to provide you with personalised offers or shopping ideas;
- conduct market research, either ourselves or with reputable agencies, to improve services;
- for statistical analysis to help us understand more about you as a customer, the products and services you consume, the way you consume them and how, and where, you shop so we can serve you better;
- improve our services, showrooms and websites;
- where you have given your consent (if necessary), contact you about our products and services, including to seek your views or comments on the products and services we provide;
- notify you of changes to our Services;
- provide for the safety and security of our colleagues and customers, for example via CCTV;
- help answer your questions and solve any issues you have; and
- process a job application.
If you fail to provide personal information
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you or provide you with our products or services, or we may be prevented from complying with our legal obligations.
Third parties that have access to your personal information
We will not sell or rent your information to third parties.
We will not share your information with third parties for their marketing purposes.
Third party service providers working on our behalf
We work with partners, suppliers, insurers and agencies for the purposes of completing tasks and providing services to us, or to you on our behalf (for example the provision of delivery of our products or services).
However, when we use third party service providers, we only share the personal information that allows them to provide their services to us or to facilitate them providing their services to you. We also have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
Please be reassured that we will not release your information to third parties for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
Other Organisations and Individuals
We may transfer your personal information to other organisations in certain scenarios. For example:
- We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation;
- If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or we are asked to do so by a public or regulatory authority such as the Police or the Department for Work and Pensions;
- If we need to do so to exercise or protect our legal rights, users, systems and Services;
- In response to requests from individuals (or their representatives) seeking to protect their legal rights or the rights of others.
We will take steps with the aim of ensuring that your privacy rights continue to be protected.
International Transfers of Your Personal Information
To ensure that your personal information does receive an adequate level of protection we have put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with, and which respects, the EU and UK laws on data protection: for example Binding Corporate Rules, or having our suppliers sign up to an independent privacy scheme approved by regulators (like the US ‘Privacy Shield’ scheme). If you require further information about these protective measures, you can request it by emailing email@example.com.
If you use our services while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.
Keeping You Informed About Our Products and Services
You have a choice about whether or not you wish to receive information from us. If you want to receive direct marketing communications from us about the great offers, ideas, products and services of C.P. Hart that we think you might be interested in, then you can opt-in via our Newsletter sign-up on our website or from within your web Account Information page. If you wish to opt-out, you can do so by following the ‘unsubscribe’ link on any of our marketing emails, or by updating your marketing preferences within your web Account Information page (if applicable).
We will not contact you for marketing purposes by email unless you have given your prior consent. We will not contact you for marketing purposes by post, phone or text message. You can change your marketing preferences at any time by contacting us by email: firstname.lastname@example.org, or telephone on 0345 600 1950, or by using our unsubscribe service.
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use your personal information to detect and reduce fraud and credit risk. You have the right to object to us using your personal data in this way.
Under certain circumstances, by law you have the right to:
Right to access
You have the right to access the personal information that we hold about you. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge.
Before providing personal information to you or another person on your behalf, we may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.
Right to correction
The accuracy of your personal information is important to us. If any of the personal information we hold about you is inaccurate or out of date, please get in contact with us and let us know.
Right to request erasure
You have the right to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Right to object to processing
You have the right to object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Right to request the restriction of processing
You may ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Right to request a transfer
You may ask us to transfer your personal information to another party. If you would like to exercise any of the above rights, please contact us as set out below.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us using the contact details provided below. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
How Long Will We Keep Your Information For?
We will retain a record of your personal information. This is done to provide you with a high quality and consistent service. We will always retain your personal information in accordance with law and regulation and never retain your information for longer than is necessary.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Links to Other Websites
We will not be liable to you for any issues arising in connection with such organisations’ use of your information, the website content or the services offered to you by such websites.
In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
Sharing your thoughts
When using one of our websites, you may be able to share information through social networks like Facebook and Twitter. For example, when you ‘like’, ‘share’ or review the services or products that we offer. When doing this your personal information may be visible to the providers of those social networks, and their other users. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts so you are comfortable with how your information is used and shared on them.
The security measures that we have in place to protect against the loss, misuse or alteration of your personal information are as follows:
- Limiting access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality;
- Anonymising or pseudonymising of data as appropriate;
- Making use of encryption technologies as appropriate;
- Limiting access to our buildings to those that we believe are entitled to be there (by use of passes, key card access and other related technologies);
- Implementing access controls to our information technology, such as firewalls, ID verification and logical segmentation and/ or physical separation of our systems and information;
- Making use of system, data, transmission and access controls and technologies as appropriate;
- Monitoring our systems for possible vulnerabilities and attacks;
- Implementing robust data back-up processes and procedures;
- Never asking you for your passwords. It is your responsibility to keep your passwords secure; you should never share them with anyone else. Account passwords are encrypted, which means we cannot see your passwords. Forgotten passwords cannot be resent; they can only be reset.
If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this Policy, the way your personal information is processed, please contact us by one of the following means:
By email: email@example.com
By post: HR Department, C.P. Hart, 24 Quadrant Court, Greenhithe, Kent DA9 9AY
You also have the right to lodge a complaint with the UK regulator, the Information Commissioner. Go to www.ico.org.uk/concerns to find out more.