Privacy Policy
We are committed to respecting and protecting your personal data.
This policy applies when you choose to use this website, and to personal information which we process further to supplying goods to our customers. This Policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and what choices you have. It relates to all our business activities, not just this website.
We may change this Policy from time to time so please check this page occasionally to ensure that you are happy with any changes. By using our services, you are agreeing to be bound by this Policy.
Any questions regarding this Policy and our privacy practices should be sent by email to: [email protected]
Updated: 18 October 2018
1. Who are we?
We are Convertaloft Ltd, provide loft conversion services to customers in the UK. Throughout the site, the terms “we”, “us” and “our” refer to Convertaloft Ltd. We are registered in the UK under company number 10316774 and with our registered office at 28 Lawnswood Drive, York, England, YO30 5QL. Full contact details can be found here: https://convertaloft.co.uk/contact
We are a ‘data controller’ for the purposes of the General Data Protection Regulation (“GDPR”) where we control the purposes for which we process your personal information. We will take all appropriate steps to ensure compliance with the GDPR and all other applicable legislation relating to data protection.
2. How do we collect information from you?
We obtain personal information about you (such as your name, address, email address, contact number) contact us to enquire about our services.
3. What information do we collect & how is it used?
We collect information to allow us to fulfil our business obligations to our customers, and to respond to business enquiries. The information in section 3.4 outlines exactly what information we collect, and for what purpose.
3.1. Sensitive Data
We do not gather sensitive personal data (e.g. health, genetic, biometric data; racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sexual orientation, and criminal convictions). We expressly request that you do not provide any such sensitive data to us.
3.2. Children's information
Our services are not directed to children under 13. If you learn that a child under 13 has provided us with personal information without consent, please contact us immediately.
3.3. Third Parties
We will not sell or rent your information to third parties. We may pass your information to third party service providers who we have engaged for the purpose of completing tasks and providing services to you on our behalf. We disclose only the personal information that is necessary to deliver the service.
We also use a number of 3rd party services to help us fulfil our contractual obligations. These 3rd party services are listed in full below; we have verified that these 3rd party services are GDPR compliant (or are working towards GDPR compliance).
We only send your data outside the European Economic Area (“EEA”) where there are appropriate legal safeguards in place. For example, we only use third parties in the US that are certified under the EU-US Privacy Shield Framework (or are working towards certification).
3.4. Details
The following information outlines the personal data we collect and for what purpose. Where applicable the information also outlines the 3rd parties the data is processed by or shared with:
3.4.1. Email
- Data collected/stored
- Customer & supplier contact information, details of enquiries and current contracts.
- Legal Ground
- Contract.
- Purpose
- To fulfil business obligations, allow initial and ongoing contact with prospective / existing customers, suppliers etc.
- 3rd Parties
- G Suite.
- Data Retention
- Until request for deletion.
3.4.2. Invoicing
- Data collected/stored
- Customer & supplier purchase history & contact/billing info.
- Legal Ground
- Legal obligation.
- Purpose
- For invoicing.
- Data Retention
- Indefinitely, for on-going invoicing and accounting records.
3.4.3. Analytics
- Data collected/stored
- Website visitor behaviour (anonymised – full IP address is NOT stored).
- Legal Ground
- Legitimate interests.
- Purpose
- To analyse popular content, website performance, etc – so we can further improve.
- 3rd Parties
- Google Analytics – We have signed DPA & anonymised IP addresses.
- Data Retention
- 26 months.
3.4.4. Server Logs
- Data collected/stored
- IP address.
- Legal Ground
- Legal obligation.
- Purpose
- To help prevent DoS (Denial of Service) attacks; for website security and diagnostics.
- 3rd Parties
- Paragon Internet Group Ltd.
- Data Retention
- Indefinitely.
3.4.5. DNS Log Data
- Data collected/stored
- IP address, system configuration information, etc.
- Legal Ground
- Legitimate interests.
- Purpose
- Cloudflare provides DNS, web optimization and security services for our website.
- 3rd Parties
- Cloudflare.
- Data Retention
- Indefinitely.
4. Use of ‘cookies’
Like many other websites, our website uses cookies. Cookies are small pieces of information that are stored on your computer or electronic device when you visit a website.
The following list outlines what we use cookies for:
- Google Analytics
- Google Analytics sets cookies to help us accurately estimate the number of visitors to the website and what content is most popular. This helps to ensure that our website is responding to your needs in the best way possible.
- Cloudflare
- We use Cloudflare to provide web optimization and security services for our website. A cookie is set by the CloudFlare service to identify trusted web traffic. It does not store any personally identifiable information.
- Third party cookies
- These are cookies set on your machine by external websites. Links are currently provided to Facebook and Twitter. You should check the respective privacy policies of these sites to see how they use your information and to find out how to opt out, or delete, such information before you access them. We are not responsible for third party policies or uses of your personal data.
By using and browsing the Convertaloft Ltd website, you consent to cookies being used in accordance with this Policy.
If you do not consent, you must turn off cookies or refrain from using the site. Most browsers allow you to turn off cookies. To do this, look at the ‘help’ menu on your browser. Switching off cookies should not noticeably restrict your use of this website.
5. Social Media
Any social media posts or comments are subject to the terms of the relevant social media platform. We are not responsible for this kind of sharing and encourage you to view the privacy policy and terms of use for each platform.
Any comments you make on these social media platforms must not generally be offensive, insulting or defamatory. You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable user of those services.
6. Controlling your information
You have the following rights concerning the information we hold about you, under the General Data Protection Regulation;
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object to processing
- Rights in relation to automated decision making and profiling
6.1. Requesting a copy of your information
You may request a copy of any data we hold about you. Upon request, we will provide all of the personal data we hold on record about you. You may email a request to [email protected] or send a request in writing to:
Convertaloft Ltd
28 Lawnswood Drive
York
North Yorkshire
YO30 5QL
6.2. Updating or correcting your information
The accuracy of your information is important to us. If you change any personal data including Company name, customer name, customer, address, customer contact numbers, customer email address, or any of the other information we hold is inaccurate or out of date, please contact us so we may correct our records.
6.3. Deleting your information
You have the right to request erasure of your personal information. Unless there is a compelling reason for the data not to be erased (for example, if we need to use that data to fulfil our contractual or legal obligations), your personal data will be deleted on request.
6.4. Automated decision making
We do not use any personal information for automated decision making or profiling.
7. Retention Periods
We will not keep your personal information longer than is necessary other than for the purposes outlined above and any legal, statutory or regulatory obligations.
8. Security
Convertaloft Ltd takes security seriously. In order to protect your information from loss, misuse or unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. These steps include the following:
- Data minimisation
- Password best practice
- Security best practice concerning devices (PCs, laptops, mobile devices), online accounts, website hosting, physical access and storage
- Staff training and accountability on data protection
9. Complaints
If you wish to raise a complaint on how we have handled your personal information, you can contact us directly and we will investigate the matter.
You have the right to complain to the Information Commissioner's Office (ICO) which is the supervisory authority in the UK. Their contact details and the procedure can be found at ico.org.uk