PRIVACY POLICY

Thomas Sanderson Limited Privacy Notice

Last updated

16 January 2023

Who we are and how to contact us

We are Thomas Sanderson Limited (referred to in this document as ‘Thomas Sanderson’, ‘we’ or ‘us’)

We are committed to doing the right thing when it comes to how we collect, use and protect your personal data; in this notice we explain how we handle your personal data. Please read this privacy policy carefully to understand how our views and practices and your rights regarding your personal data. Our Data Protection Officer can be contacted at [email protected], and is referred to throughout this document as the DPO.

Alternatively you can write to us at Thomas Sanderson Limited, Colwick Business Park, Private Road No 2, Colwick, Nottingham NG4 2JR

Should you have any issues, concerns or problems in relation to your data, or wish to notify us of data which is inaccurate, please let us know by contacting us. In the event that you are not satisfied with our processing of your personal data, you have the right to lodge a complaint with the relevant supervisory authority, which is the Information Commissioner’s Office (ICO) in the UK, at any time.  The ICO’s contact details are available here: https://ico.org.uk/concerns/.

Changes to this privacy notice

We will update this privacy statement when necessary. When we post changes to this statement, we will revise the “last updated” date at the top of the statement and highlight what has changed. If there are any changes as to how Thomas Sanderson use will use your personal data, we will notify you by directly sending you a notification. We encourage you to periodically review this privacy statement to learn how Thomas Sanderson is protecting your information.

The legal bases that we rely on

Data Protection law sets out a number of different reasons why a company can collect and process your personal data.  The bases that we use as a company are:

Contractual obligations

Where we have a contact with you, we will use your personal data to fulfil the contract, for example we collect your address details in order to measure and fit the products that you wish to buy from us.

Legal compliance

In some cases the law requires us to collect and pass on your data, for example we pass on details of people involved in fraud or other criminal activity affecting us to law enforcement.

Legitimate interest

In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example we will use your purchase history to send you direct marketing information about products and services that are available and we believe are of interest you.

What personal data is

Under GDPR and the Data protection Act 2018 personal data is defined as ‘any information relating to an identified or identifiable living individual’.  This will include facts and opinions about that person and any other information that we use to form an opinion or judgement about them.

For example your name, address and telephone number are your personal data as they are facts about you as a person, as are notes made about you.  Your blind measurements are not your personal data as they are facts about your blinds, not about you, and we do not use them to form an opinion about you.

How and why we use personal data

We want to give you the best possible customer experience. One way to achieve that is to get the richest picture we can of who you are by combining the data we have about you.  We then use this to offer you promotions, products and services that are most likely to interest you.

The data privacy law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service. If you wish to change how we use your data, you’ll find details in the ‘What are your rights?’ section below.

If you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.

  • To confirm your appointment date and time and assist you to order products

In order to pursue our legitimate interests to allow you to book appointments, we will contact you with to confirm your appointment details.  This may be via email, SMS or telephone.  If you request a quote from us, we may also contact you following your appointment to see if you wish to place an order with us.

To send you a brochure or samples when you request one

We will process your personal information to send you a brochure or samples of our products when requested.

  • To provide you with the goods and services which you have ordered from us

We need your personal data to comply with our contractual obligations so that we can manage your customer account and provide you with the goods and services you want to buy, including sending any relevant and necessary documentation and communications regarding the product or service and help you with any orders and refunds you may ask for.  Sometimes we may need to share your details with a third party who is providing a service (such as delivery couriers or a fitter visiting your home).  We do this to be able to fulfil our contract with you.

  • To allow you to pay for the goods and services that you have received

In order pursue our legitimate interests we may need to contact you to take payment, check your credit rating or pass your details onto third parties for debt collection purposes.

If you wish to pay for your goods and services through a Finance Agreement we will pass your details to our finance partner.

  • Manage and improve our day-to-day operations

To improve your customer experience we use cookies and similar technologies on our Website as part of our legitimate interests.  For information concerning your choices when it comes to cookies, and how you can control your online behavioural advertising preferences please visit https://www.thomas-sanderson.co.uk/legal/cookie-policy/.

We have a legitimate interest to improve our product range and ensure that it is tailored to our customers’ needs.  We do this by carrying out market research relating to our product range and internal research and development, and may need to process your personal data to do so.

As a business we have a legitimate interest to ensure that you can safely use our services.  To do this we will use your personal data to detect and prevent fraud and other crimes. If we discover or suspect criminal activity through this monitoring we may pass your personal information to law enforcement to help protect individuals from criminal activities.

  • To improve our business

We may also use the personal data that we collect about you to improve our efficiency and service levels across our group of companies and to analyse our customer segments to determine customer overlap between group companies and use this information to inform future group strategies (including marketing strategies).  We undertake these activities in our legitimate interest to make improvements across our business.  As set out in more detail below, we may share your data with other companies in the Hunter Douglas group of companies for this purpose.

  • Personalise your shopping experience

To enhance your use of our services, and provide you with a personalised shopping experience, we will use your online browsing behaviour as well as previous purchases to help us better understand you as a customer and provide you with personalised offers and services as part of our legitimate interests.

We want to provide you with marketing communications, including online advertising, that are relevant to your interests as part of our legitimate interests. To achieve this we measure your responses to marketing communications relating to products and services we offer, which also means we can offer you products and services that better meet your needs as a customer. You can change your marketing choices at any time, for details of how to do this see the ‘your rights’ section below.  For information concerning your choices when it comes to cookies, and how you can control your online behavioural advertising preferences please visit https://www.thomas-sanderson.co.uk/legal/cookie-policy/.

Cookies can be blocked by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

  • Contact and interact with you

We want to serve you better as a customer so we use personal data to provide clarification or assistance in response to communications you have sent to use, including social media posts and live chat via our website, that you have directed at us as part of our legitimate interests to interact with our customers and improve their experience.

We carry out market research to exercise our legitimate interests to improve our Services, and may invite you to take part in and manage customer surveys, questionnaires and other market research activities carried out by us and by other organisations on our behalf. However, if we contact you about this, you do not have to take part in the activities. This will not affect your ability to use our Services.

  • To administer any promotions or competitions that you choose to take part in

If you choose to take part in a promotion or competition, including those we run with our suppliers and Retail Partners, we need to process your personal data with your consent so that we can manage the promotions or competitions.

  • Understand and improve service levels

In order to pursue our legitimate interests as a company, we want to improve the service that we provide to our customers and understand the cause of any issues that might have arisen during the order process. 

To do this we may process your personal data to monitor the status and outcome of your order and to generate a range of internal analysis aimed at identifying any areas of improvement.

  • To comply with our legal obligations

In some cases we will need to process your personal data to comply with our legal obligations.  For example we sometimes need you to verify your identity before responding to your requests.

To send you communications required by law, or which are needed to inform you about changes to products or services that have been provided to you.  For example updates to this Privacy notice, product recall notices or information we are legally required to communicate to you regarding your order.  These messages will not include any marketing content.

To comply with any legal obligations to share data with law enforcement, for example if a court order is submitted to us requiring that we share your personal data.

  • To ensure your safety and detect and prevent crime

In order to pursue our legitimate interests as a company, we have installed CCTV in some of our premises.  This allows us to monitor the safety of visitors, assists in day to day management, and acts as a deterrent against crime, vandalism and disruption.

 

 

When we collect personal data, and what data we collect

This section lets you know under what circumstances we may collect personal information from you, and what personal data we may collect.

  • When you contact us to request a brochure, order samples or book an appointment, you may provide us with:
  • Your personal contact details, including your name, postal address, email address and telephone number
  • When you purchase products from us, you may provide us with:
  • Your personal contact details, including your name, postal address, email address and telephone number
  • Information about your purchase, for example what you have bought, when you bought it, what the installation address is and financial information relating to how you paid for it.
  • When you browse our websites we may collect:
  • Information gathered by the use of cookies in your web browser.  Learn more about how we use cookies at https://www.thomas-sanderson.co.uk/legal/cookie-policy/.
  • Information about the device you have used to access the Website (including the make, model and operating system, IP address, browser type and mobile device identifiers)
  • Your IP address is unique identifier used to identify the computer or device that you are using to access the internet.
  • Information about your online browsing behaviour on our Website, including which site you came from and products that you are interested in, and information about when you click on one of our adverts, including those shown on other organisations’ websites.
  • When we contact you we may collect:
  • Details of the emails and other digital communications we send to you that you open, including any links in them that you click on
  • Copies of documents you provide to prove your age or identity where the law requires this. (including your passport and driver's licence). This may include details of your full name, address, date of birth and facial image. If you provide a passport, the data will also include your place of birth, gender and nationality.
  • When you contact us (including via social media) we may collect:
  • Personal data you provide about yourself any time you contact us about our Services (for example, your name, social media username and contact details), including by phone, email or post or when you speak with us through social media
  • Details of your interactions with us through contact centres, in store or with our Advisors.  For example we may collect notes of conversations with you, details of any complaints or comments you have made and copies of emails that you have sent us.
  • When you take part in any promotions or competitions of ours, or chose to complete any surveys we send you we may collect:
  • Your feedback and contributions to customer surveys and questionnaires
  • Details of the promotion, including your responses and any prizes won.
  • When you comment on or review our products and services online we may collect:
  • Your comments and product reviews if posted online
  • When you visit our shops or other premises we may collect:
  • Images of you during your visit

It is important that personal data we hold about you is accurate and up to date. Please keep us informed if your personal data changes during your relationship with us. Our contact details can be found at the end of this privacy notice or at the ‘Contact Us’ tab of our website.

How we protect your data

We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.

We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.

Where we engage with third parties to process personal data on our behalf, we do so, on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

How long we keep your data for

We will not keep your personal data for longer than is necessary for the purpose or purposes that it was initially collected.  At the end of that retention period, your data will either be securely deleted or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

Some examples of retention periods are below:

When you call our contact centre we may record the conversation, if we do this will be held for a maximum of 12 months unless the call is required for the resolution of an ongoing dispute.

If you place an order with us we have to retain the details of the order, including your personal data, for 10 years to comply with our legal and contractual obligations.  If the order included a warranty which was for a longer period than this, and you have registered that warranty with us, we will keep details of the warranty period and any associated personal data for the duration of the warranty period.

 

 

Who we share your personal data with

We will share your personal information with third parties (including companies in the Thomas Sanderson group) set out below the purposes set out in the ‘How and why we use personal data?’ section above

Sharing your details within the Hunter Douglas group

We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.

We share personal data with group companies to provide centralised services, such as shared deliveries and customer services. We also share personal data to review, analyse and improve service levels across the group and to analyse customer overlap between our group companies to inform our future strategy.

We will only do so if the company is located in the EEA, in a country on the EU adequacy list or if data is required to leave the EEA we will ensure that the transfer is risk assessed and if deemed necessary the transfer will take place under an International Data Transfer Agreement.

For a list of companies included in the Hunter Douglas group please see our latest annual report which is available at http://investor.hunterdouglasgroup.com/

Partners and Service providers

We apply the following policy when we share your personal information with external organisations

  • We provide only the information they need to perform their specific services.
  • They may only use your data for the exact purposes we specify in our contract with them.
  • We work closely with them to ensure that your privacy is respected and protected at all times.
  • If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

We work with carefully selected Service Providers that carry out certain functions on our behalf. These include, for example, companies that help us with technology services, storing and combining data, processing payments and delivering orders. We only share personal data that enable our Service Providers to provide their services.

Some of the Service Providers we work with operate online media channels, and they place relevant online advertising for our products and services, as well as those of our suppliers and our Retail Partners, on those online media channels on our behalf. For example, you may see an advert for our products and services as you use a particular social media site or watch television through your pay TV account.

In addition to our use of service providers, we may also disclose your personal data to our suppliers or subcontractors in order to provide you with the Services you have requested from us.

We may disclose your personal data on the basis of our legitimate interests to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

Financial transactions relating to our website and services are handled by our payment services providers.   We share your information with them in so that we can process your payments, and deal with complaints and queries relating to these payments and/or refunds.

See Appendix 1 for more information.

Other organisations

We may share personal data with other organisations not included in the list in the previous section in the following circumstances:

  • if the law or a public authority says we must share the personal data;
  • if we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk);
  • to an organisation we sell or transfer (or enter into negotiations to sell or transfer) any of our businesses or any of our rights or obligations under any agreement we may have with you to. If the transfer or sale goes ahead, the organisation receiving your personal data can use your personal data in the same way as us; or
  • to any other successors in title to our business.

Additionally, we will disclose your personal information to the relevant third party:

  • In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
  • If we are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets; or
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of our customers, our regulator, or others. [This includes exchanging information with other companies and organisations for the purposes of fraud protection and prevention of money laundering and credit risk reduction].

International transfers of your personal data

At Thomas Sanderson we take your safety and security very seriously and we are committed to protecting your personal and financial information. All information kept by us is stored on our secure servers.

We do not routinely transfer your data outside the European Economic Area ("EEA"). If we do need to transfer your data outside the EEA, we will only do so if adequate protection measures are in place in compliance with data protection legislation. Any international transfers required within our Group of Companies are transferred under an International Data Transfer Agreement.

 

What are your rights?

Under General Data protection Regulation (GDPR) you have a number of rights.  Some of these are complex and not all of the details have been included in our summaries below.  Please read the relevant guidance from the Information Commissioner’s Office on their website at https://ico.org.uk/for-the-public/ for a full explanation of these rights.

You have the right:

  1. To ask us not to process your personal data for marketing purposes. We will inform you  if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes;
  2. To ask us not to process your personal data where it is processed on the basis of legitimate interests provided that there are no compelling reasons for that processing;
  3. To request from us access to personal information held about you;
  4. To ask for the information we hold about you to be rectified if it is inaccurate or incomplete;
  5. To ask for data to be erased provided that the personal data is no longer necessary for the purposes for which it was collected, you withdraw consent (if the legal basis for processing is consent), you exercise your right to object, set out below, and there are no overriding legitimate ground for processing, the data is unlawfully processed, the data needs to be erased to comply with a legal obligation or the data is children’s data and was collected in relation to an offer of information society services;
  6. To ask for the processing of that information to be restricted if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected or you exercise your right to object (pending verification of whether there are legitimate grounds for processing);

Where use of your personal data is based on consent, you can withdraw that consent at any time.

If you wish access to a copy of your personal data held by us, please click here for details

If you wish us to erase your personal data from our files please click please click here for details

If you wish to no longer be marketed to please see the next section

For all other enquiries about your rights please email our DPO at [email protected]

How to stop the use of your personal data for direct marketing

You can stop direct marketing from us in a number of ways:

  • Click the ‘unsubscribe’ link included in all emails we send you. We will then stop any further emails from that particular division
  • Reply to any SMS message following the instructions contained in the message. We will then stop contacting you via SMS for marketing.
  • Call the Customer Hub on 0800 014 2525 or email [email protected] to opt out of receiving telephone, post, SMS or direct mail.
  • Write to us at Marketing Preferences, Thomas Sanderson Limited, Colwick Business Park, Private Road No 2, Colwick, Nottingham NG4 2JR

Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.  

 

Appendix 1 – List of Data Processors

We may share your personal data with the following categories of service providers:

 

  • Advertising agencies
  • App developers
  • Courier services
  • Data Analytics companies
  • Government bodies
  • HMRC and the courts
  • Thomas Sanderson Designers and Sales Agents
  • Insurance providers
  • IT consultants
  • IT service providers
  • Legal Advisors
  • Online review providers
  • Payment providers
  • Postal services
  • Supplier
  • Tracing and tracking agents

 

If you are referring to an offline version of this document this list may have changed.  Please refer to the version available on our website for an up to date list. 

 

 

 

Home > Home > Home > Vinyl / UPVC