At Crane Garden Buildings, we are committed to protecting your privacy. This Policy explains when and why we collect personal information about different individuals, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
It applies to information we collect about:
- visitors to our websites;
- individuals in relation to an inquiry, quote, or a call back request;
- people who use our services; and
- job applicants and our current and former employees.
The personal information which we hold will be held securely in accordance with our internal security policy and the law. We will not transfer your data outside of the European Economic Area (EEA) unless adequate safeguards are in place.
We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes.
Any questions regarding this Policy and our privacy practices should be sent to the contact information provided at the end of this Policy.
Visitors to our websites
When someone visits www.cranegardenbuildings.co.uk we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way to monitor website performance and no information is used for additional targeted marketing uses. When personally identifiable information is collected, we will request permission before hand and will explain what we intend to do with it.
People who email us
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
People who make a complaint to us
When we receive a complaint, we will only use any personal information we collect to process the complaint and to check on the level of service we provide.
People who inquire with us, or request a quote or a call back from us
Where inquiries, quote requests, or call back requests are submitted to us we will only use the information supplied to us to deal with that inquiry or request. Personal data will be collected and used in these situations to enable us to provide you with the information you require to consider whether to enter into a contract for us to provide our services. Information relating to an inquirer or a quote or call back request will be retained for three years from closure in line with our data retention policy.
People who use Crane Garden Buildings’ services
Crane Garden Buildings offers various services to the public.
We have to hold the details of the people who have requested the service in order to provide it. This is a contractual obligation however we will only ask for the information that is necessary for the performance of the contract and we will only use the details given for this purpose. We will retain this information in line with our data retention policy; information relating to customers’ orders will be held for 40 years which is the anticipated lifetime of our buildings. This enables us to easily provide any appropriate related services such as supplying spares or additional paint.
If you make a purchase from us, your card information is collected by our third party payment processors who specialise in the secure capture and processing of credit/debit card transactions. Upon completion of a purchase, we retain partial transaction details for accounting and book-keeping purposes. This information is retained for 7 years to enable us to meet our financial and accounting requirements.
Job applicants, current, and former Crane Garden Buildings' employees
When individuals apply to work at Crane Garden Buildings, we will only use the information they supply to us to process their application and not for any other purpose. It is necessary for us to collect and use this information as part of our recruitment process before offering individuals an employment contract.
We may pass that information to our recruitment consultants for the purposes of processing their application on our behalf. However, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep the information secure and not to use it for their own direct purposes.
Where we want to disclose information to other third parties, for example where we want to take up a reference or obtain a ‘disclosure’ from the Criminal Records Bureau we do so on the basis that this is in our legitimate interests to protect our customers and our company’s reputation.
If an individual is unsuccessful in their application, we will hold their details on file for 6 months in accordance with our data retention policy.
Once a person has taken up employment with Crane Garden Buildings, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. It is a contractual obligation that the individual provides this information however we will only ask for the information that is necessary for the performance of the contract and we will only use the details given for this purpose.
Once their employment with Crane Garden Buildings has ended, we will retain the file in accordance with the requirements of our retention policy and then delete it. Our policy is to keep all information relating to employees’ pay for 3 years after the end of the tax year it relates to. Employment records not relating to pay are held for 6 years after the individual leaves our employment. After this time we will retain a permanent Employment Summary on file noting basic details of dates employed and reason for leaving our employment. This will be retained for the remainder of the individual’s working lifetime; it is in our legitimate interests to retain this information for the purpose of considering whether or not to re-employ an individual.
GDPR creates 8 new rights for individuals which are as follows:
- Right to be informed
- Right of access
- Where you seek to exercise this right we must verify your identify before we can process your request.
- We will not charge a fee for responding to requests unless they are deemed unfounded or excessive.
- We will respond to all requests within 1 month of the date of receiving the request.
- Where we refuse to respond to a request we will explain why. We will let you know without undue delay and at the latest within 1 month of the request.
- Right to rectification
You can request a copy of the information we hold on you and we will provide this if we can. The following points apply:
If your data is inaccurate, we will correct this.
- Right to erasure
In certain circumstances, you can ask us to delete your data.
- Right to restrict processing
In certain circumstances, you can temporarily ask us to stop using your data.
- Right to data portability
You have the right to obtain your data in an easily accessible format to take this elsewhere and we will provide this.
- Right to object
You can object to your data being used for direct marketing or research purposes. Where there is no other reason for us to hold your data, we will delete it from our systems if you object to receiving this type of communication.
- Rights relating to automated decision making including profiling
Automated decision-making and profiling is restricted under GDPR. We do not undertake any decision-making using these types of processes.
Who has access to your information?
We will not sell or rent your information to third parties.
Third Party Service Providers working on our behalf: We may pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purpose of performing a contract we have agreed with you, identifying and communicating with you, responding to your requests or enquiries, and improving our services.
However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
We may also pass your information to governmental or regulatory bodies where a legal obligation arises.
With your consent, we may use your personal information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.
Our policy towards children
Crane Garden Buildings services are not directed to individuals under 18. We do not knowingly collect Personal Information from children under 18. If we become aware that a child under 18 has provided us with Personal Information, we will take steps to delete such information. If you become aware that a child has provided us with Personal Information, please contact us.
Data storage, transfer and security
Crane Garden Buildings takes security seriously. We take various steps to protect information you provide to us from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.
Any sensitive information (such as credit or debit card details) is encrypted and protected using industry standard SSL (HTTPS). Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure.
Crane Garden Buildings hosts data with hosting service providers within the EEA. The servers on which Personal Information is stored are kept in a controlled environment. While we take reasonable efforts to guard your Personal Information, no security system is impenetrable and due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers. In addition, we cannot guarantee that any incidentally-collected Personal Information you choose to store on our Websites are maintained at levels of protection to meet specific needs or obligations you may have relating to that information.
Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Links to other websites
Complaints or queries
Crane Garden Buildings tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you believe we have processed your personal data in a way that does not comply with GDPR, we ask that in the first instance you contact us directly. Under GDPR you also have a right to make a complaint to the Information Commissioner’s Office (ICO) or other relevant supervisory body.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Crane Garden Buildings’ collection and use of personal information. However, we are happy to provide any additional information or explanation needed.
How to contact us
Crane Garden Buildings
Narford King's Lynn