Privacy Policy

Towy Works Privacy Policy

Towy Works, whose trading premises is at The Quay, Carmarthen, SA31 3JR.

Your Privacy

At Towy Works, we are committed to protecting your personal information and respecting your privacy.  The following privacy policy details information on when and why we collect your personal information, how we use it, and how we keep it secure.

For the purposes of the General Data Protection Regulation (GDPR), the Data Controller is Towy Works Limited.


This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us.  It also explains how we will store and handle that data and keep it safe.

We know that there is a lot of information here, but we want you to be fully informed about your rights, and how Towy Works uses your data.  We hope the following sections will answer any questions you have but if not, please do get in touch with us.

Collection and Use of Personal Information

Personal information means any information that may be used to identify you, such as your name, title, phone number, email address or postal address.

Data Protection Principles

We comply with data protection law.  This says that the personal information we hold about you must be:

  1. Used lawfully, fairly and in a transparent way.
  2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  3. Relevant to the purposes we have told you about and limited only to those purposes.
  4. Accurate and kept up to date.
  5. Kept only for as long as necessary for the purposes we have told you about.
  6. Kept securely.

The legal basis we rely on

The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:


In specific situations, we can collect and process your data with your consent for example when you contact us via our website.

Contractual Obligations

In certain circumstances, we need your personal data to comply with our contractual obligations.

Legal Compliance

If the law requires us to, we may need to collect and process your data.

Legitimate Interest

In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact upon your rights, freedoms or interests.

When do we collect your personal data?

  • When you visit our website
  • When you engage with us on social media
  • When you contact us by any means with queries, complaints etc.
  • When you ask us to email you information about our service
  • When you book an appointment with us
  • When you comment on or review our service
  • When you complete any forms

What sort of personal data do we collect?

  • Your name, address, email and telephone number.
  • Details of your visits to our websites.
  • Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.

How we will use information about you

We will only use your personal information when the law allows us to.  Most commonly, we will use your personal information in the following circumstances:

  1. Where we need to perform the contract we have entered into with you.
  2. To process your appointments.
  3. Where we need to comply with a legal obligation.
  4. Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.
  5. To maintain our records and other administrative purposes, including updating your details and preferences;
  6. To assist with queries, complaints and dispute resolution. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service.
  7. To comply with our legal obligations to share data with law enforcement.

We may also use your personal information in the following situations, which are likely to be rare:

  1. Where it is needed in the public interest or for official purposes.

We will generally process your personal data for contractual obligations in providing the services that you have requested.  We may also use personal information for additional relevant and related purposes where you might reasonably expect us to do so, where the benefits of doing so are not outweighed by your own interests or fundamental rights or freedoms.

Of course, you are free to opt out of hearing from us by any of these channels at any time.

We will ask for your explicit consent IF we intend to use your personal data for marketing purposes.  Where our processing of personal data is based on your having given consent, you have the right as a data subject to withdraw that consent at any time.  If you wish to invoke this right, please email us at

You have the right to lodge a complaint with the ICO.  Full details of the ICO can be found at

Where your Personal Information is Held

Information will be held at our premises.

How we protect your personal data

We know how much data security matters to all of our clients.  With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.  We limit access to your personal information to those who have a genuine business need to know it.  Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.  We also have procedures in place to deal with any suspected data security breach.  We will notify you and the ICO of a suspected data security breach where we are legally required to do so.  We regularly monitor our system to for possible vulnerabilities and attacks.

How Long Your Personal Information will be Kept

Whenever we collect or process your personal data, we will only keep it for as long as is necessary for the purpose(s) for which it was collected.  At the end of that retention period, your data will either be deleted or completely anonymised so that you cannot be identified.  If you have any queries, then please email us at

Who do we share your personal data with?

We may use the assistance of specialist providers to assist us in providing you with our services.  Personal data may be transferred to such specialist providers, who act for us, for further processing in accordance with the purpose(s) for which the data was originally collected or may otherwise be lawfully processed.  More specifically:

  • IT companies who support our website and other business systems.
  • Accountants and other special service providers.

Such third parties have contracted with us as data processors under the requirements in the GDPR.  They are contractually bound to only use personal data for the agreed purpose(s) only.  Relevant persons working for these third parties will have access to your personal data under the terms of the data processor contract, but only to the extent necessary to perform their services for us.

These data processors agree to implement reasonable organisational and technical protections, to keep your data confidential, not to sell your personal data to third parties and not to disclose your personal data to third parties except as may be required by law, as permitted by us or as stated in this Privacy Policy.

If we stop working with them, any of your data held by them will either be deleted or anonymised.

In appropriate circumstances we may disclose data to authorised bodies as required by law.

What are your rights over your personal data?

You have the following rights, which you can exercise free of charge:

Access                          The right to request access to the personal data that we hold about you.

Rectification                The right to require us to correct any mistakes in your personal information.

Erasure                        The right to require us to delete your personal information – in certain situations.

Restriction on              the right to require us to restrict processing of your personal information

Processing                    – in certain circumstances e.g. if you contest the accuracy of the data.

Data Portability           The right to receive the personal information, you provided to us, in a structured, commonly used and machine-readable format.

To object                     The right to object:

  • At any time to your personal information being processed for direct marketing
  • In certain other circumstances to our continued processing of your personal information e.g. processing carried out for the purpose of our legitimate interests.

Your right to withdraw consent

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

Where we rely on our legitimate interest

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.  We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

If you would like to exercise any of those rights, please:

  • email, call or write to us;
  • let us have enough information to identify you;
  • let us have proof of your identity and address; and
  • let us know the information to which your request relates

Updating Your Personal Information and Unsubscribing 

If you want to update your personal information or exercise one of your rights, please contact us at

Our Website

This privacy policy only relates to your use of our website and not any third-party websites.

This website is not intended for use by children and we do not knowingly collect or use personal information relating to children.

Transfer of your information out of the EEA

We do not transfer your personal information to the following which are located outside the European Economic Area (EEA).


We would like to send you information about our services, which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, telephone, text message (SMS) or automated call.

We will only ask whether you would like us to send you marketing messages when you tick the relevant boxes when you complete our online form for the first time.

If you have previously agreed to being contacted in this way, you can unsubscribe at any time by:

—contacting us at

—using the ‘unsubscribe’ link in emails

It may take up to 7 days for this to take place.

You have the right to stop the use of your personal data for direct marketing activity by contacting us at  We must always comply with your request.

Changes to this Privacy Policy

We may change this Privacy Policy from time to time and without notice, so make sure you check occasionally.  You should check this policy occasionally to ensure you are aware of the most recent version that will apply each time you access this website.

If you have any questions or concerns about our collection, use or disclosure of your personal information, please contact us at

How to Complain

We hope that we can resolve any query or concern you may raise about our use of your personal information.

The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority who in the UK is the Information Commissioner who may be contacted at or telephone: 0303 123 1113.

How to contact us

Please contact Nigel McCall, if you have any questions about this privacy policy or the information we hold about you.

If you wish to contact us, please send an email to or write to us at The Quay, Carmarthen, SA31 3JR or call us on 01267 236601.