DATA CONTROLLER FOR ALL CUSTOMERS AND EMPLOYEES – DM DESIGN BEDROOMS LTD.
DM Design Bedrooms Ltd treats the privacy of its customers and website users very seriously and we take appropriate security measures to safeguard your privacy. This policy explains how we protect and manage any personal data* you share with us and that we hold about you, including how we collect, process, protect and share that data.
*personal data means any information that may be used to identify an individual, including, but not limited to, a first and last name, a home or other address and an e mail address or other contact information.
Our lawful basis for processing your data – Legitimate Interest
We will use your personal information in the following circumstances:
Where we need to perform any contract we have entered into with you
Where it is necessary for our legitimate interests or those of a third party and your own interests – Fundamental rights do not override those interests
To comply with relevant legislation & regulations
How we obtain your personal data
Information provided by you
You provide us with personal data either on your contract, via an online contact form or over the telephone. This includes name, address, e mail address, telephone no, and D/D mandate instructions where applicable. We use this information to proceed with your order for goods & services.
We may also keep information contained in any correspondence you may have with us by post or by e mail. We also record telephone conversations.
We may obtain sensitive information directly from you in relation to any financial agreement you may wish to enter into and Credit Card or bank details for the payment of deposits and /or balances on your account(s) with us. the provision of this personal data is essential for us to be able to collect payments for supply of goods & services. This means that the legal basis of our holding your personal data is for the performance of a contract, and /or legitimate Interest.
Information we get from other sources
We only obtain information from third parties if this is permitted by law. This information (including your name, address and contact details), will only be obtained from reputable third-party companies that operate in accordance with the General Data Protection Regulation (GDPR). You will have already submitted your personal data to these companies and specifically given permission to allow them to pass this information to our company.
How we use your personal data
Do we use your personal data for marketing purposes?
Any information that you choose to give us will not be used for marketing purposes by us, except to inform you from time to time of any current offers that we feel may be attractive to you in any of our products.
We will keep information about you confidential and we will not share your information with any third-parties except for the purpose of obtaining funding for your purchase through a personal loan agreement with a financial institution which we may be using for this purpose.
Transfer of your personal data outside of the UK
We do not currently transfer your personal data outside of the UK.
How long do we keep this information about you?
We keep this information in line with the guarantee policy of our company, we need this information to ensure we can handle any claims under this guarantee. We also take into account our need to meet any legal, statutory and regulatory obligations. These reasons can vary from one piece of information to the next. In all cases, our need to use your personal information will be re-assessed on a regular basis and information which is no longer required will be destroyed.
Security of your data
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way or altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.
We have put in place procedures to deal with any suspected data security breach ad will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Data subject rights
Subject access requests
The General Data Protection Regulation (GDPR) grants you the right to access personal data that we may hold about you. This is referred to as a Subject Access Request. We shall respond promptly, and certainly within one month from the point of receiving the request and all necessary information from you. Our formal response shall include details of the personal data we hold about you, including the following:
Sources from which we acquired the information
The purposes for processing and storing the information
Persons or entities with whom we may be sharing the information.
Right to rectification
You, the data subject, shall have the right to ask us to amend or delete your information, if it is incorrect; out of date; or if there is no longer justification for us to hold it.
Right to object
You, the data subject, shall have the right to object, on grounds relating to your particular situation, at any time, to the processing of personal data concerning you, including any personal profiling. Unless this relates to processing that is necessary for the completion of any contracted works, or in defence of any legal claims, we will no longer process or retain any personal data.
Invoking your rights
If you would like to invoke any of the above data subject rights with us, please write to us at the address below.
Questions and queries
If you have a complaint
If you have a complaint regarding the use of your personal data or sensitive information then please contact us at the address below and we will do our best to help you. If your complaint is not resolved to your satisfaction and you wish to make a formal complaint, you can do so by contacting the ICO at ICO.org.uk or ICO, Wycliffe House, Water lane, Wilmslow, Cheshire, SK9 5AF.
The Data Protection Officer, DM Design, 1 Deerdykes Place, Westfield Industrial area, Cumbernauld, G68 9HE.