This privacy policy sets out how we, Tile Merchants Limited, obtain, store and use your personal information when you use or interact with our company or any staff of our company, or where we otherwise obtain or collect your personal information. The effective date of this privacy policy is 21st May 2018.

Please read this privacy policy carefully. We recommend that you print off a copy of this privacy policy and any future versions in force from time to time for your records. Any future versions of this privacy policy will be emailed directly to you.

Our Details

The data protection officer for our company is based at our company head office (30 – 36 Ivatt Way, Westwood Industrial Estate, Peterborough, PE3 7PN). If you have any questions about this privacy policy, please contact the data protection officer in writing.

How we collect or obtain personal information about you

We collect personal information about you when you provide it to us, such as when you place an order, request a quotation, open an account with our company and fill in an account application form, when you contact us directly by email, phone, in writing or via social media, when you order goods, when you use any of our other websites or any other means by which you provide personal information to us.

Personal information we collect about you

The type of information we collect about you may include (but is not limited to) information such as:

· Your name

· Your email addresses

· Your physical address

· Your phone numbers

· Your payment information (e.g. your credit or debit card details)

· Your bank account details

· Driving License information

· Medical Information

We may also obtain personal information about you from certain publicly accessible sources, including (but not limited to) online customer databases, business directories, media publications, social media, credit checking databases, websites and other publicly accessible sources.

Please note that there are circumstances in which we may not be required to provide you with the information contained in this privacy policy, for example, if you already have the information.

In addition, where we obtain personal information about you from a source other than yourself we are not required to provide you with certain information contained in this privacy policy if:

· You already have the information

· Providing you with the information would prove impossible or would involve a disproportionate effort

How we use your personal data

I. When new companies apply for an account with our company then we employ credit checking databases to ensure the viability of these new customers. During this checking it may be that we gather personal information on any directors of the new company. This information will be cross-checked against the account application form that the company has provided but no data will be recorded over and above what information the new company has provided on their account application form.

Once this account application form has been completed by the customer the relevant information is entered into our accounts programme (sage 200) online database. The information transferred includes (but is not limited to:

a. Names

b. Physical Addresses

c. Phone numbers

d. Email addresses

Once this data has been entered into our accounts programme the original account application form is filed in a filing cabinet within a secure office at our head offices in Peterborough.

II. We use your personal data to fulfil any orders that you have placed and we may need to pass personal information onto haulage companies in order for deliveries of orders to be delivered as requested

III. Where payment is taken from credit/debit cards the information provided is either entered directly onto an online secure payment portal or payment is taken via a physical card and no details are stored at any point in the processing of these card payments.

IV. As we operate an uninsured account facility it might be the case that on non-payment from customers we will use the personal information that has been provided on account application forms in order to chase for payment. In rare and extreme cases we might pass this data onto agencies in order to identify if there is any chance to reclaim any funds that have been lost. It might also be possible that we will have to pass on information in the event that we have to pursue any debt through the courts.

V. Our company will also use email addresses that have been provided for the purpose of marketing. This marketing will come directly from our company (using mail chimp as a marketing portal). We will never pass on any personal information to third party companies for the purposes of marketing. All marketing that our company sends is relevant and applicable to our business and our product and will be of direct interest to our customers


How long we store your personal information

Our company will store personal information for the duration of our business relationship and for a period of 7 years after it is clear that the relationship is no longer a trading relationship. All order information will be stored within our accounts application.

Legal basis for storing and processing your personal information

We collect and use your personal information under Article 6 section 1 (a), (b) and (f) and Article 9 section 2 (a) of the General Data Protection Regulation.

I. CONSENT We are entering into a business relationship with the customer and the information has been given freely and willingly by the customer in the form of an account application form. Employees have consented to providing personal information and it has been given freely & willingly. On any ecommerce site consent is requested and given via an opt in consent tick box prior to any personal information being submitted.

II. CONTRACT To carry out the business relationship a contract is in place through the customer signing the original account application form. In retail situations the customer has entered into a contract by way of an invoice whereby a cash transaction for the supply of goods has occurred. All personal data we receive from employees is processed either for insurance purposes (driving licence information) or in order to adequately and sufficiently provide salaries.

III. LEGITIMATE INTERESTS The information that has been provided is only processed in order to carry out the supply of goods as agreed upon on the signing of the contractual account application form, or for the fulfilment of the invoice/order that has been placed by a retail customer. The marketing that our company might send out will be of direct interest to the customer and relevant to them in terms of our business relationship. It is of legitimate interest to employees that we control and process their personal information to ensure that appropriate care is given where necessary and in ensuring correct salaries are paid etc.

How we secure your personal information

I. Personal information is kept in its original form in filing cabinets located within secure offices at our head office address in Peterborough. The data that is entered into our accounts system can only be accessed by those people that have been allocated a username and the programme is password protected with each user having their own unique password. Records of all passwords are kept securely by our IT manager.

II. Our company employs our own specific, dedicated servers that are fully protected with appropriate anti-virus software. There are security measures in place that ensure that no software can be installed on any computer without permission (and password access) from our IT manager.

III. On level 1 (hardware) and level 2 (software) of our internal network we have dedicated firewall technologies in place to prevent malicious attacks. We have an in-house IT team that regularly ensure that these technologies are the most relevant and appropriate and are updated on a regular basis.

Transfers or personal information to other countries and safeguards

In the case of any dealings with countries outside of the European economic area, for instance, in the situation of direct deliveries to customers, the relevant staff that are involved with the organising of these deliveries have been provided with training to ensure that no transfer of personal information must occur and only company information will be submitted for the purposes of successful delivery. In any instances where personal information does have to be processed the individual concerned will be made fully aware of this transfer of data before it occurs and full consent will be sought. In any instance the information that would be transferred will be limited to name, email address and phone number.

Your rights in relation to your personal information

I. RIGHT OF ACCESS Personal information can be accessed by the individual in question at any time. In order to access this information requests must be made to the data protection officer in writing at our Peterborough head office address. On such requests you will be provided with a PDF document detailing any/all of the data that we hold on you.

II. RIGHT TO RECTIFICATION AND DATA QUALITY All customers and employees will be contacted via email at the beginning of each new fiscal year (01st October) to ensure that the personal information we hold on them is still relevant and up to date. This process is an ongoing process and whenever we are directly contacted to update personal information that this will be actively updated at the point of contact. All irrelevant/old data will be destroyed/deleted.

III. RIGHT TO RESTRICT PROCESSING AND TO DATA PORTABILITY Any requests to restrict processing or access personal data must be made in writing to the data protection officer at our Peterborough head office. These requests will be responded to within 4 weeks of being received. As long as these requests are reasonable and acceptable then this data will cease to be processed. All organisations that have been sent this personal data will be informed that there is a restriction on the processing of this data where it is reasonable and feasible to do so. If for any reason this restriction on processing is lifted then the individual will be informed by our company. Where data portability is requested the same time constraints as above apply and the individual will be provided with their data in PDF format.

IV. YOUR RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL INFORMATION FOR CERTAIN PURPOSES Individuals have a right to object to the processing of their personal information. As per the right to restrict processing any requests to object to the processing of personal information must be made in writing to the data protection officer at our Peterborough head office. If data is processed for marketing purposes then this right to object is absolute and will be ceased with immediate effect on receipt of the objection. For all other purposes the right to object will be considered and actioned within 4 weeks if deemed legitimate and acceptable. All organisations that have been sent this personal data will be informed that there is a restriction on the processing of this data where it is reasonable and feasible to do so. If for any reason this restriction on processing is lifted then the individual will be informed by our company.

Recruitment and employment

In order to comply with our contractual, statutory and management obligations and responsibilities we process personal information, including ‘sensitive’ personal data, from job applicants and employees. Such data can include, but is not limited to, information relating to health and criminal convictions. Further information on what data is collected and why it is processed is given below.

I. CONTRACTUAL RESPONSIBILITES Our contractual responsibilities include those arising from the contract of employment and the letter of appointment. The data processed to meet contractual responsibilities includes, but is not limited to, data relating to: payroll, bank account, postal address, sick pay; leave, maternity pay, pension and emergency contacts.

II. STATUTORY RESPONSIBILITIES Our statutory responsibilities are those imposed through law on the company as an employer. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax, national insurance, statutory sick pay, statutory maternity pay, family leave, work permits and equal opportunities monitoring.

III. MANAGEMENT RESPONSIBILITIES Our management responsibilities are those necessary for the organisational functioning of the organisation. The data processed to meet management responsibilities includes, but is not limited to, data relating to: recruitment and employment, training and development, absence, disciplinary matters, email address and telephone number.

Breach Notification

Any breach of personal information, including, but not exhaustive to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal information will be reported to the ICO without undue delay and no later than 72 hours after becoming aware of it. Where this breach is considered a high risk to the right and freedom of individuals we will notify those concerned directly and without undue delay.

IP Addresses

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns and does not identify any individual.

Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and allows us to improve our site. They enable us to:

· Estimate our audience size and usage patterns.

· Store information about your preferences, and so allow us to customise our site accordingly to your individual interests.

· Speed up your searches.

· Recognise you when you return to our site.

· You have consented to accept our cookies. Our system will issue cookies to your computer when you log on to our site.

· Please note that our advertisers and approved third party links may also use cookies, over which we have no control.

· Restricting or blocking cookies used on www.tileweb.co.uk may impact the functionality or performance of the website or prevent you from using certain services provided through www.tileweb.co.uk. It will also affect our ability to update www.tileweb.co.uk to remember user preferences and improve performance.

· For more information about cookies we recommend visiting www.allaboutcookies.org. For further details about controlling and deleting cookies we recommend www.aboutcookies.org.

Changes to our privacy policy

This policy will be published on all company websites and a full copy will be located at each branch. A full copy will emailed to our current customer database and all staff members will be provided with a copy. Any changes to this policy will be made as soon as necessary and an updated policy will be emailed to all customers and staff and all published policies will be replaced by the newly updated policy.