1. FINBRA AND YOUR PERSONAL DATA
This privacy notice outlines the data protection policies and procedures we have adopted. It explains how we collect and use your personal data and your statutory rights.
Finbra Ltd is registered as a Data Controller on the Register kept by the Information Commissioner’s Office.
2. PERSONAL DATA WE COLLECT
We currently collect and process the following information:
Your contact details and contact details of people associated with your account: information that allows us to contact you directly such as your name, email address, phone numbers and addresses associated with your account or job.
• Vulnerability information: information that allows us to understand whether you are in a vulnerable situation, including health and disability information.
• Audio and video recordings: records of site surveys and inspection visits by members of staff for the purposes of providing an estimate of work or assessing the standard of workmanship.
• Financial information: information that allows us to understand your creditworthiness and financial position.
• Purchase and account history: records relating to the materials/equipment and services which you have purchased or used from us.
• Records of your emails: when you communicate with us, ask us questions or make a complaint we will keep a record. This includes when you send us emails, write us a letter or contact us via webchat or through social media such as on Facebook or Twitter.
• Exercising your rights: if you exercise any of your statutory rights under data protection law, we will keep a record of this and how we respond.
3. HOW WE GET THE PERSONAL DATA AND WHY WE HAVE IT
We shall only process your personal data to fulfil and/or enable us to satisfy the terms of our obligations and responsibilities in our role as your Plumbing and Heating Contractor or for any other specific purposes permitted under current data protection law. Should we consider it necessary to process your personal data for purposes outside and/or beyond the reasons for which it was originally collected, we will contact you first, to inform you of those purposes and our intent and may also apply for your consent.
|Reason or Purpose||Personal data used|
|Provide our services to you and maintain your account (including pricing, description of works undertaken and handling any complaints).||All personal data we collect listed in section 2.|
|Provide quotes and estimates for work.||Your contact details, email, telephone and address details.|
|Completing online forms.||Your contact details, email, telephone and address details.|
|Billing activities such as sales invoices and statements to you.||Your contact details, email, telephone and address details.|
|Take payment for our services and debt collection.||Your contact details, and address details. No record of card details is ever written down or stored on file.|
|Manufacturers’ warranties and guarantees.||Your contact details, email, telephone and address details.|
|Deal with your complaints or queries.||All personal data required to deal with your complaint – contact details, account, transaction and payment information.|
|Attending to emergency situations (including gas leaks).||Your contact details, email, telephone and address details. Vulnerability information.|
|Understand the information we hold to ensure compliance with data protection legislation.||All personal data we collect listed in section 2.|
|Look after customers who have a vulnerability (eg. self-isolating during the COVID pandemic).||Your contact details, email, telephone and address details. Vulnerability information.|
|Direct marketing. If you have not specifically consented to receiving direct marketing, we will only send you direct marketing materials where we are permitted by law. We will not send you direct marketing where you have opted out of receiving direct marketing communications.||Your contact details, email, telephone and address details. Purchase and account history. Advertising and direct marketing preferences and responses.|
|Management information reporting||Your contact details, email, telephone and address details. Purchase and account history.|
|Protection of our staff||All personal data we collect listed in section 2.|
|Staff training||All personal data we collect listed in section 2.|
|For the establishment, exercise or defence of legal claims||All personal data we collect listed in section 2.|
|Maintaining accuracy and relevance of your data||All personal data we collect listed in section 2.|
4. SOURCES OF PERSONAL DATA
We will only collect and process your Personal Data to the extent that it is needed to fulfil our operational and contractual needs or to comply with any legal requirements. We shall access and use your personal data in accordance with your instructions and as is reasonably necessary:
• to fulfill our contractual obligations and responsibilities to you;
• to provide, maintain and improve our plumbing and heating services;
• if we intend to use your personal data for the advertising and marketing of our services and/or the services of our affiliates, we shall seek your separate express consent and you are entitled to opt out of these services at any time; and to respond to your requests, queries and problems.
We will collect personal data from a number of sources:
• Directly from you: when you agree a job with us, purchase materials or services from us, submit information via our website, complete forms we provide to you, make a complaint, exercise your statutory rights, contact us by phone, email or communicate with us.
• Other companies we work with such as lead generation providers: eg. Boiler Guide • Social media: information you submit to our social media account.
• Landlords, letting agents and developers: provide us with tenants’ information to enable us to make contact to carry out work on their behalf.
5. WE MAY SHARE YOUR PERSONAL DATA WITH
• Any party approved by you: a finance company, if you want to take out a financing service, or a manufacturer where you are entitled to a warranty on a product purchased.
• Delivery companies: when materials or equipment are delivered directly to your property.
• Debt collection agencies and solicitors: for the recovery of debt and monies owed.
• Law enforcement agencies and other public authorities: police forces and HMRC.
• Software providers: we store and process personal data electronically using Xero and ServiceM8. These providers state that they are data protection compliant and/or apply equivalent/adequate safeguards. Their privacy notices can be found here: https://www.xero.com/uk/about/privacy/ and https://www.servicem8.com/uk/privacy-policy
6. HOW WE STORE YOUR PERSONAL DATA
Our employees and contracted personnel are bound to our privacy policies, procedures and technologies which maintain the security of all your personal data from the point of collection to the point of destruction.
We maintain data security by protecting the confidentiality, integrity and availability of your personal data. We follow best practice:
• Confidentiality: we ensure that the only people authorised to use your personal data can access it. Employees are prohibited from accessing and viewing your personal data unless it is necessary to do so and they are given explicit permission by management.
• Integrity: we will make certain that your personal data is accurate and suitable for the purpose for which it is processed.
• Availability: we have established procedures which mean only our authorised Data Users should be able to access your personal data if they need it for authorised purposes.
• Security: desks and cupboards shall be kept locked if they hold your personal data. • Methods of disposal: paper documents containing personal data are shredded and digital storage devices shall be physically destroyed when they are no longer required.
• Data users: shall be appropriately trained and supervised in accordance with this Notice which include requirements that computer monitors do not show confidential information to passers-by and that data users log off from or lock their PC/electronic device when left unattended.
• Our computers: have appropriate password security, boundary firewalls and effective anti-malware defences. We routinely back-up electronic information to assist in restoring information in the event of disaster and our software is kept up-to-date with the latest security patches.
• Our Privacy Officer: will ensure that this Notice is kept updated in response to any amendments to the Law.
7. THE TIMELY PROCESSING OF THE DATA
We will not keep personal data longer than is necessary for the purpose or purposes for which it was collected. Once personal data is no longer required, we will take all reasonable steps to destroy and erase it.
8. YOUR DATA PROTECTION RIGHTS
Under data protection law, you have rights including:
• Your right of access: you have the right to ask us for copies of your personal information.
• Your right to rectification: you have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Your right to erasure: you have the right to ask us to erase your personal information in certain circumstances.
• Your right to restriction of processing: you have the right to ask us to restrict the processing of your personal information in certain circumstances.
• Your right to object to processing: you have the the right to object to the processing of your personal information in certain circumstances.
• Your right to data portability: you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us:
If, at the conclusion of our complaints procedure, you do not feel that we have adequately dealt with your complaint you may make a complaint directly to ICO: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow Cheshire SK9 5AF (Helpline number: 0303 123 1113) (ICO website https://www.ico.org.uk