Towy Works, whose trading premises is at The Quay, Carmarthen, SA31 3JR.
For the purposes of the General Data Protection Regulation (GDPR), the Data Controller is Towy Works Limited.
This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we will store and handle that data and keep it safe.
We know that there is a lot of information here, but we want you to be fully informed about your rights, and how Towy Works uses your data. We hope the following sections will answer any questions you have but if not, please do get in touch with us.
Collection and Use of Personal Information
Personal information means any information that may be used to identify you, such as your name, title, phone number, email address or postal address.
Data Protection Principles
We comply with data protection law. This says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only for as long as necessary for the purposes we have told you about.
- Kept securely.
The legal basis we rely on
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
In specific situations, we can collect and process your data with your consent for example when you contact us via our website.
In certain circumstances, we need your personal data to comply with our contractual obligations.
If the law requires us to, we may need to collect and process your data.
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact upon your rights, freedoms or interests.
When do we collect your personal data?
- When you visit our website
- When you engage with us on social media
- When you contact us by any means with queries, complaints etc.
- When you ask us to email you information about our service
- When you book an appointment with us
- When you comment on or review our service
- When you complete any forms
What sort of personal data do we collect?
- Your name, address, email and telephone number.
- Details of your visits to our websites.
- Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
How we will use information about you
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform the contract we have entered into with you.
- To process your appointments.
- Where we need to comply with a legal obligation.
- Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.
- To maintain our records and other administrative purposes, including updating your details and preferences;
- To assist with queries, complaints and dispute resolution. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service.
- To comply with our legal obligations to share data with law enforcement.
We may also use your personal information in the following situations, which are likely to be rare:
- Where it is needed in the public interest or for official purposes.
We will generally process your personal data for contractual obligations in providing the services that you have requested. We may also use personal information for additional relevant and related purposes where you might reasonably expect us to do so, where the benefits of doing so are not outweighed by your own interests or fundamental rights or freedoms.
Of course, you are free to opt out of hearing from us by any of these channels at any time.
We will ask for your explicit consent IF we intend to use your personal data for marketing purposes. Where our processing of personal data is based on your having given consent, you have the right as a data subject to withdraw that consent at any time. If you wish to invoke this right, please email us at firstname.lastname@example.org
You have the right to lodge a complaint with the ICO. Full details of the ICO can be found at https://ico.org.uk/global/contact-us
Where your Personal Information is Held
Information will be held at our premises.
How we protect your personal data
We know how much data security matters to all of our clients. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and the ICO of a suspected data security breach where we are legally required to do so. We regularly monitor our system to for possible vulnerabilities and attacks.
How Long Your Personal Information will be Kept
Whenever we collect or process your personal data, we will only keep it for as long as is necessary for the purpose(s) for which it was collected. At the end of that retention period, your data will either be deleted or completely anonymised so that you cannot be identified. If you have any queries, then please email us at email@example.com
Who do we share your personal data with?
We may use the assistance of specialist providers to assist us in providing you with our services. Personal data may be transferred to such specialist providers, who act for us, for further processing in accordance with the purpose(s) for which the data was originally collected or may otherwise be lawfully processed. More specifically:
- IT companies who support our website and other business systems.
- Accountants and other special service providers.
Such third parties have contracted with us as data processors under the requirements in the GDPR. They are contractually bound to only use personal data for the agreed purpose(s) only. Relevant persons working for these third parties will have access to your personal data under the terms of the data processor contract, but only to the extent necessary to perform their services for us.
If we stop working with them, any of your data held by them will either be deleted or anonymised.
In appropriate circumstances we may disclose data to authorised bodies as required by law.
What are your rights over your personal data?
You have the following rights, which you can exercise free of charge:
Access The right to request access to the personal data that we hold about you.
Rectification The right to require us to correct any mistakes in your personal information.
Erasure The right to require us to delete your personal information – in certain situations.
Restriction on the right to require us to restrict processing of your personal information
Processing – in certain circumstances e.g. if you contest the accuracy of the data.
Data Portability The right to receive the personal information, you provided to us, in a structured, commonly used and machine-readable format.
To object The right to object:
- At any time to your personal information being processed for direct marketing
- In certain other circumstances to our continued processing of your personal information e.g. processing carried out for the purpose of our legitimate interests.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
If you would like to exercise any of those rights, please:
- email, call or write to us;
- let us have enough information to identify you;
- let us have proof of your identity and address; and
- let us know the information to which your request relates
Updating Your Personal Information and Unsubscribing
If you want to update your personal information or exercise one of your rights, please contact us at firstname.lastname@example.org
This website is not intended for use by children and we do not knowingly collect or use personal information relating to children.
Transfer of your information out of the EEA
We do not transfer your personal information to the following which are located outside the European Economic Area (EEA).
We would like to send you information about our services, which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, telephone, text message (SMS) or automated call.
We will only ask whether you would like us to send you marketing messages when you tick the relevant boxes when you complete our online form for the first time.
If you have previously agreed to being contacted in this way, you can unsubscribe at any time by:
—contacting us at email@example.com
—using the ‘unsubscribe’ link in emails
It may take up to 7 days for this to take place.
You have the right to stop the use of your personal data for direct marketing activity by contacting us at firstname.lastname@example.org. We must always comply with your request.
If you have any questions or concerns about our collection, use or disclosure of your personal information, please contact us at email@example.com
How to Complain
We hope that we can resolve any query or concern you may raise about our use of your personal information.
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority who in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.
How to contact us
If you wish to contact us, please send an email to firstname.lastname@example.org or write to us at The Quay, Carmarthen, SA31 3JR or call us on 01267 236601.