Privacy Policy Notice
This Privacy Policy Notice is being served by Valmac Ltd, a company registered in England & Wales with company number 11603745 and registered office address: 18 Sun Park Close, Bognor Regis, West Sussex, PO21 5TY. This notice applies to the following websites:
The purpose of this Privacy Policy Notice is to explain how we control, process, handle and protect your personal information through our business activities and while you browse or use these websites. If you do not agree to the following policy or any parts thereof, you may wish to cease viewing/using the websites, and/or refrain from submitting your personal data to us. You may also contact the designated Data Protection Officer by post at the above business address, by phone on (0)7720 213831 or by email using dpo@valmac-ltd.co.uk.
Policy key definitions
"I", "our", "us", or "we" refer to the business entity, Valmac Ltd.
"you", "the user" refer to the person(s) using this website.
GDPR means General Data Protection Regulation.
PECR means Privacy & Electronic Communications Regulation.
ICO means Information Commissioner's Office.
Cookies mean small files stored on a user’s computer or device.
Explanation of the GDPR
The GDPR is an initiative that has been designed to harmonise data regulations across the European Union. It was adopted by all member states and came into force as law in May 2018. All companies must observe the regulations and abide by them when handling personal information relating to individuals.
Key principles of the GDPR
The GDPR has a number of key principles underpinning the use of personal data which can be summarised as follows:
(1) Data must be processed lawfully, fairly and in a transparent manner.
(2) Data must be collected for specified, explicit and legitimate purposes.
(3) Data collected must be adequate, relevant and limited to what is necessary.
(4) Data collected and stored should be accurate and kept up to date where necessary to do so.
(5) Data collected should only be retained for as long as necessary.
(6) Data should be processed in a manner to maintain security.
(7) The Data Controller should be able to demonstrate accountability.
Processing of your personal data by Valmac Ltd
There are a number of lawful bases we can use in order to control and/or process any personal information about you. Those which apply to Valmac Ltd are as follows:
Consent – A data subject gives consent for one or more specific purposes
For example, you have registered on one of our websites in order to contribute to blog topics or have elected to opt-in to receive email newsletter communications we may send out.
Contract – Processing is necessary to meet contractual obligations entered into by the data subject.
For example, we have completed works for you and we need to process your personal details to conclude our obligations to you, (such as raising an invoice).
Legal Obligation – Processing is necessary to comply with the legal obligations of the Data Controller
By law we are required to register a range of works with relevant bodies in relation to the Building Control Regulations. In these instances we must submit the homeowner details and a description of the installation to the relevant control body in order to comply with the law.
Legitimate Interests – Processing is for the purposes of legitimate interests pursued by the controller.
We may on occasion obtain contact information obtained from reputable data providers based in the UK and registered with the Information Commissioners Office for the sole purpose of conducting sales and marketing activities.
GDPR and the ICO
Due to the limited nature of our business activities, Valmac Ltd is not required to register with the Information Commissioner’s Office, but we are legally required to comply with the GDPR in all aspects that relate to our business activities.
How we obtain your Information
There are a number of ways we obtain your information:
1 You may have made an enquiry regarding our services either by phone, email or through our website or social media pages.
2 You have subscribed to emails we might send out.
3 We have sourced your information as part of our marketing activities.
4 You are a registered user of our website.
5 We have purchased your information as outlined above under Legitimate Interest.
Disclosure to Third Parties For Marketing Purposes
It is important to state that we do not share the information we have obtained directly from you with any third parties for marketing purposes.
Changes to the Legal Basis for Processing Personal Information
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change. We shall stop processing your personal information if the lawful basis used is no longer relevant.
Your individual rights
Under the GDPR you have a number of rights which are outlined below. You can read more about you rights in detail here.
The right to be informed: You have the right to be informed by us that we hold your information and the purposes it will be used for.
The right of access: You have the right to request copies of the personal information we hold on you.
The right to rectification: You have the right to ask us to correct information we hold about you that may be inaccurate. You can even ask for incomplete information to be enhanced with additional information you provide.
The right to erasure: You have the right in certain circumstances to ask us to erase your personal information from our systems.
The right to restrict processing: You have the right to request that we restrict the processing of your personal information in some instances.
The right to data portability: If you have provided us with information, you have the right to ask us to transfer this information to another organisation, but only if we process your information on the basis of consent, contract or legal obligation.
The right to object: You have the right to object to the processing of your information if it is being done so by us on the basis of Legitimate Interest.
Complaints Directly to the ICO
You have the right to complain to the ICO if you feel there is a problem with the way we are handling your information. More information can be found here:
Information Access Requests
We handle all Information Access Requests, (also known as Subject Access Requests), in accordance with the guidelines outlined in the GDPR regulations. This allows us up to a month to respond to you. However, we will endeavour to complete your request as quickly as we can.
Internet cookies
We may use cookies on this website to provide you with a better user experience. We do this by placing a small text file on your device or computer in order to track how you use the website, to record or log whether you have seen particular messages that we display, or to keep you logged into the website where this is an option. Some cookies are required to enjoy and use the full functionality of our websites.
We may use a cookie control system which allows you to accept the use of cookies, and control which cookies are saved to your device or computer. Some cookies will be saved for specific time periods, where others may last indefinitely. Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options for further information.
Data security and protection
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.
Fair & Transparent Privacy Explained
We have provided some further explanations about user privacy and the way we use this website in order to help promote a transparent and honest user privacy methodology.
Email Marketing Messages & Subscription
Under the GDPR we use the lawful basis of consent for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the "processing of your personal data" above. Any email marketing messages we send are done so through an Email Marketing Services Provider, or EMS.
An EMS is a company that provides software/Applications that allows marketers to send out email marketing campaigns to a list of users.
Email marketing messages that we send may contain tracking beacons/tracked clickable links or similar server technologies in order to track subscriber activity within the email marketing messages. Where used, such marketing messages may record a range of data such as the following: times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences/the information we hold about you at any time.
Blog Discussions/Contributors
When visitors leave any comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection using our third party spam detection service.
An anonymised string created from your email address (also called a hash) may also be provided to the WP Avatar service to see if you are using it. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Analytics
We use MonsterInsights Google Analytics plugin on our websites to track user behaviour. The GDPR compliant features included automatically anonymising or disabling personal data tracking as well as enabling consent box Integrations. An easy opt-out of data tracking is also provided. Full details can be found here:
How Long We Retain Data From This Website
If you leave a comment on one of our websites, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue. For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Your Right to Access
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where Your Data Resides
European data protection law requires data about European residents which is transferred outside the European Union to be safeguarded to the same standards as if the data was in Europe. The service providers we use for the provision of our business and website services adhere to these requirements whether through an agreement such as Privacy Shield, model clauses in contracts or binding corporate rules.
Sharing Your Data with Third parties
In addition to our service providers, we may also provide your information to other third parties such as regulators and law enforcement agencies, where we are required by law to do so, and where necessary for the purposes of preventing and detecting fraud, other criminal offences and/or to ensure network and information security. For example, visitor comments may be checked through an automated spam detection service.
Changes to the Privacy Policy Notice
We keep our Privacy Policy Notice under review with any updates resulting in amendments to the Privacy Policy Notice Pages on our websites.