Privacy Policy

We are committed to respecting and protecting your personal data.

This policy applies when you choose to use this website, and to personal information which we process further to supplying goods to our customers. This Policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and what choices you have. It relates to all our business activities, not just this website.

We may change this Policy from time to time so please check this page occasionally to ensure that you are happy with any changes. By using our services, you are agreeing to be bound by this Policy.

Any questions regarding this Policy and our privacy practices should be sent by email to: neil@convertaloft.co.uk

Updated: 18 October 2018

1. Who are we?

We are Convertaloft Ltd, provide loft conversion services to customers in the UK. Throughout the site, the terms “we”, “us” and “our” refer to Convertaloft Ltd. We are registered in the UK under company number 10316774 and with our registered office at 28 Lawnswood Drive, York, England, YO30 5QL. Full contact details can be found here: https://convertaloft.co.uk/contact

We are a ‘data controller’ for the purposes of the General Data Protection Regulation (“GDPR”) where we control the purposes for which we process your personal information. We will take all appropriate steps to ensure compliance with the GDPR and all other applicable legislation relating to data protection.

2. How do we collect information from you?

We obtain personal information about you (such as your name, address, email address, contact number) contact us to enquire about our services.

3. What information do we collect & how is it used?

We collect information to allow us to fulfil our business obligations to our customers, and to respond to business enquiries. The information in section 3.4 outlines exactly what information we collect, and for what purpose.

3.1. Sensitive Data

We do not gather sensitive personal data (e.g. health, genetic, biometric data; racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sexual orientation, and criminal convictions). We expressly request that you do not provide any such sensitive data to us.

3.2. Children's information

Our services are not directed to children under 13. If you learn that a child under 13 has provided us with personal information without consent, please contact us immediately.

3.3. Third Parties

We will not sell or rent your information to third parties. We may pass your information to third party service providers who we have engaged for the purpose of completing tasks and providing services to you on our behalf. We disclose only the personal information that is necessary to deliver the service.

We also use a number of 3rd party services to help us fulfil our contractual obligations. These 3rd party services are listed in full below; we have verified that these 3rd party services are GDPR compliant (or are working towards GDPR compliance).

We only send your data outside the European Economic Area (“EEA”) where there are appropriate legal safeguards in place. For example, we only use third parties in the US that are certified under the EU-US Privacy Shield Framework (or are working towards certification).

3.4. Details

The following information outlines the personal data we collect and for what purpose. Where applicable the information also outlines the 3rd parties the data is processed by or shared with:

3.4.1. Email

Data collected/stored
Customer & supplier contact information, details of enquiries and current contracts.
Legal Ground
Contract.
Purpose
To fulfil business obligations, allow initial and ongoing contact with prospective / existing customers, suppliers etc.
3rd Parties
G Suite.
Data Retention
Until request for deletion.

3.4.2. Invoicing

Data collected/stored
Customer & supplier purchase history & contact/billing info.
Legal Ground
Legal obligation.
Purpose
For invoicing.
Data Retention
Indefinitely, for on-going invoicing and accounting records.

3.4.3. Analytics

Data collected/stored
Website visitor behaviour (anonymised – full IP address is NOT stored).
Legal Ground
Legitimate interests.
Purpose
To analyse popular content, website performance, etc – so we can further improve.
3rd Parties
Google Analytics – We have signed DPA & anonymised IP addresses.
Data Retention
26 months.

3.4.4. Server Logs

Data collected/stored
IP address.
Legal Ground
Legal obligation.
Purpose
To help prevent DoS (Denial of Service) attacks; for website security and diagnostics.
3rd Parties
Paragon Internet Group Ltd.
Data Retention
Indefinitely.

3.4.5. DNS Log Data

Data collected/stored
IP address, system configuration information, etc.
Legal Ground
Legitimate interests.
Purpose
Cloudflare provides DNS, web optimization and security services for our website.
3rd Parties
Cloudflare.
Data Retention
Indefinitely.

4. Use of ‘cookies’

Like many other websites, our website uses cookies. Cookies are small pieces of information that are stored on your computer or electronic device when you visit a website.

The following list outlines what we use cookies for:

Google Analytics
Google Analytics sets cookies to help us accurately estimate the number of visitors to the website and what content is most popular. This helps to ensure that our website is responding to your needs in the best way possible.
Cloudflare
We use Cloudflare to provide web optimization and security services for our website. A cookie is set by the CloudFlare service to identify trusted web traffic. It does not store any personally identifiable information.
Third party cookies
These are cookies set on your machine by external websites. Links are currently provided to Facebook and Twitter. You should check the respective privacy policies of these sites to see how they use your information and to find out how to opt out, or delete, such information before you access them. We are not responsible for third party policies or uses of your personal data.

By using and browsing the Convertaloft Ltd website, you consent to cookies being used in accordance with this Policy.

If you do not consent, you must turn off cookies or refrain from using the site. Most browsers allow you to turn off cookies. To do this, look at the ‘help’ menu on your browser. Switching off cookies should not noticeably restrict your use of this website.

5. Social Media

Any social media posts or comments are subject to the terms of the relevant social media platform. We are not responsible for this kind of sharing and encourage you to view the privacy policy and terms of use for each platform.

Any comments you make on these social media platforms must not generally be offensive, insulting or defamatory. You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable user of those services.

6. Controlling your information

You have the following rights concerning the information we hold about you, under the General Data Protection Regulation;

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object to processing
  8. Rights in relation to automated decision making and profiling

6.1. Requesting a copy of your information

You may request a copy of any data we hold about you. Upon request, we will provide all of the personal data we hold on record about you. You may email a request to neil@convertaloft.co.uk or send a request in writing to:

Convertaloft Ltd
28 Lawnswood Drive
York
North Yorkshire
YO30 5QL

6.2. Updating or correcting your information

The accuracy of your information is important to us. If you change any personal data including Company name, customer name, customer, address, customer contact numbers, customer email address, or any of the other information we hold is inaccurate or out of date, please contact us so we may correct our records.

6.3. Deleting your information

You have the right to request erasure of your personal information. Unless there is a compelling reason for the data not to be erased (for example, if we need to use that data to fulfil our contractual or legal obligations), your personal data will be deleted on request.

6.4. Automated decision making

We do not use any personal information for automated decision making or profiling.

7. Retention Periods

We will not keep your personal information longer than is necessary other than for the purposes outlined above and any legal, statutory or regulatory obligations.

8. Security

Convertaloft Ltd takes security seriously. In order to protect your information from loss, misuse or unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. These steps include the following:

  • Data minimisation
  • Password best practice
  • Security best practice concerning devices (PCs, laptops, mobile devices), online accounts, website hosting, physical access and storage
  • Staff training and accountability on data protection

9. Complaints

If you wish to raise a complaint on how we have handled your personal information, you can contact us directly and we will investigate the matter.

You have the right to complain to the Information Commissioner's Office (ICO) which is the supervisory authority in the UK. Their contact details and the procedure can be found at ico.org.uk