James Gilbert & Son | Privacy Policy

Our values on user privacy and data protection
  • User privacy and data protection are human rights.
  • We have a duty of care our customers, staff and stakeholders with their data.
  • Data is a liability and should only be collected and processed when absolutely necessary
  • We dislike spam as much as you do.
  • We will never sell, rent or otherwise distribute or make public your personal information.
1.      Relevant legislation
Along with our business and IT solutions systems, this website is designed to be used by our customers worldwide. It complies with the following national and EU legislation with regards to the data protection of our customers, partners and user privacy.
2.      Personal data that this website collects and why we collect it
This website collects and uses personal information for the following reasons:
 
2.1 Website Visitor Tracking
This website uses Google Analytics to track user interaction. We use this information to determine the number of people using our website, to better understand how you find and use our website, your journey to and from our site but also how you travel through it.
Google Analytics records data that does not identify you as an individual such as geographical location, your type of device, your type of internet browser, operating system and age group.
Google Analytics is a third party data processor as listed under 6. Google Analytics uses cookies at the heart of its application, details of which can be found on https://support.google.com/analytics/answer/6004245
Disabling cookies on your internet browser will stop Google Analytics from tracking any part of your visit to any area of our website. For further information on cookies in section 4. Disabling cookies via our pop up reminder may also prevent some areas of our website to operate in the way they are intended.
 
2.2 Contact Forms
We do not use contact forms on this website.
 
2.3 Payment Details
Any purchases made on our website are processed by one of our payment portal options, depending on your choice. We offer payment by PayPal and Worldpay. PayPal and Worldpay are third party data processors as listed under 6. For your information security, we ensure that our website does not process or store your payment information. Payment is processed by PayPal following which our accounting system Kashflow is informed of your successful or unsuccessful payment.
Kashflow is a third party data processor as listed under 6.
We offer specialist products and services for which you may be able to receive a VAT exemption. Customers providing us with information for such exemption are advised that relevant details will be provided to HMRC to validate the purchase in compliance with section 2.7.
HM Revenue & Customs is a third-party data processor as listed under 6.
2.4 Delivery
Purchases made on this website are processed for production and delivery by our in-house staff. Delivery of your purchase is arranged with Interparcel, Transglobal Express, Deadline or Linked Couriers, all of which are third party data processors as listed under 6.
2.5 Email Links
We provide email links for your convenience on our website. Should you choose to contact us by using our email links, none of the data that you supply will be stored by this website. You will essentially transfer off of our website and into your own email system.
 
2.6 Other Websites
Our website may contain links to enable you to visit other sites of interest easily. Once you have used these links to leave our site you should note that we do not have any control of the other website. We cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Data collected about your interaction with this website is not transferred to or otherwise shared with the website you are transferring to.
 
2.7 Other People’s data
You must not send us personal information about someone else without first getting his or her consent for it to be used and disclosed in the ways set out in this statement. This is because we will assume he or she has agreed, although we may still ask for confirmation from them. Where you do give us information about someone else, or someone else discloses a connection with you, that information may be taken into account with your other personal information.
 
2.8 Customer Login
Our customer login section is padded with additional security for your protection. Passwords are hashed and salted where each salt is unique each time with up to 64 characters. We do not store your card or bank information on our servers, ever.
In order to secure your login, our website supports multi-factor authentication with username and password.
 
 
3.      Cookies
A cookie is a small text file containing information that our website transfers to your computer’s hard disk or other electronic devices for record-keeping purposes and allows us to analyse our site traffic patterns.
We use cookies to make our website work, or to work more efficiently, we do not use them to hold any private information. They help us to understand how you use our website and indeed help us develop and improve its design, layout, content and function.
You can disable cookies by changing settings in the preferences or options menu in your browser. You can set your browser to reject or block cookies or tell you when a website tries to put a cookie on your electronic device. You can also delete cookies that are already stored on your device. Please be aware deleting and blocking all cookies from our website may stop parts of the site from working.
To find out more about cookies, including seeing what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org 
If you do not wish to accept cookies from our website, please leave this site immediately and then delete and block all cookies from this site. Alternatively, you may opt out of receiving information from us by e-mail, telephone or post. Our number is 0208 743 1586 you can e-mail us at jo@jamesgilbertandson.com or write to us at 129 The Vale Acton London W3 7RG.
 
4.      How we store your personal information
We endeavour to take all reasonable steps to protect your personal information. However, we cannot guarantee the security of any data that you disclose online and we will not be responsible for any breach of security unless this is due to our negligence or wilful default.
Once we receive your information into our systems, your data will be stored securely in line with legal and regulatory requirements by using third party data processors as outlined under 6.
 
5.      About this website’s server
  • This website is hosted by Nick Wooley Limited on a London, UK based server.
  • Some of the data centre’s more notable security features are as follows:
  • Optical, ionisation and heat detection sensors
  • 24/7 On-site security teams
  • CCTV with PIR motion detectors, beam detectors and alarms
  • Bullet proof lobbies
  • Dual-factor entry system
  • Surplus generators and multiple power feeds to support ongoing operation
  • All traffic (transfer of files) between this website and your browser is encrypted and delivered over Hyper Text Transfer Protocol Secure (HTTPS).
 
6.      Our Third-Party Data Processors
We use a number of third parties to process personal data on our behalf. These third parties have been carefully selected and all of them comply with the legislation set out in section 2.
  • Google Analytics is based in the U.S. and complies with the EU-US Privacy Shield.
  • PayPal (Europe) is a licenced as a credit institution in Luxembourg and complies with the prevailing UK legislation as outlined under 2.
  • Worldpay is based in the UK with Worldpay Group Plc based in the U.S. Worldpay services provided through this website comply with Worldpay’s Privacy Policy.
  • KashFlow is a trading style of Iris Software Group Limited and are based in the UK with servers located in London. KashFlow complies with the prevailing UK legislation as outlined under 5 and specified on their website.
  • Interparcel are based in the UK with servers based in London.
  • HM Revenue & Customs are based in the UK and complies with the prevailing UK legislation as outlined under 2.

Additional third-party data processors may apply to your unique circumstances, including courier services and other suppliers. Please contact us for an up to date list.

 

7.      Marketing
Although we do not currently undertake any marketing, on registering, we will specifically ask you if you would like to opt-in to receiving our newsletter.  Enabling us to contact you in the future with offers of products and services does not prevent you from removing yourself from our distribution lists in the future.  You may unsubscribe from the newsletter at any time via your online account.  
 
8.      Data Breaches
We will report any unlawful data breach relevant to this website or the database of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach, if it is apparent that personal data stored in an identifiable manner has been lost, stolen or accidentally destroyed.
Our first point of contact in such cases is the Information Commissioners Office (ICO) as our regulatory authority in all aspects of privacy and data protection. The ICO can be contacted via www.ico.org.uk and our registration under A8344252 Decomet with them can be found on the public register.
 
9.      Data Controller
The data controller of this website is Decomet Limited. Our registration with the ICO can be found on the public register under our registered address Savoy House, Savoy Common, 78-80 Old Oak Common Lane, London, W3 7DA with registration number A8344252.
 
10.   Data Protection Officer
We do not have an ICO registered DPO. We do, however, have an Internal Data Protection lead who will handle all data protection queries:
Jo Rutherford
Decomet Limited
129 The Vale Acton London W3 7RQ
jo@jamesgilbertandson.com
 
11.   Your Rights under the GDPR from May 2018
a)     The right to be informed
We meet your rights by providing you with this Privacy Statement.
b)    The right of access.
You have the right to obtain confirmation that your data is being processed and access to your personal information, also known as Subject Access Rights.
c)    The right of rectification.
You have the right to update us with any changes to your personal information if it is inaccurate or incomplete.
d)    The right of erasure.
The right to erasure is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable you to request the deletion or removal of personal data whether there is no compelling reason for its continued processing.
e)    The right to restrict processing.
When processing is restricted, you permit us to store your personal data, but do not allow us to further process it. We can retain just enough information about you to ensure that the restriction is respected in future.
f)     The right to data portability.
It allows you to obtain and reuse your personal data for your own purposes across different services.  It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
g)    The right to object.
You have the right to object to processing on legitimate interests or the performance of a task in the public interest, direct marketing and processing for purposes of scientific or historical research and statistics.
h)    The right to lodge a complaint with a supervisory authority.
The supervisory authority with regards to data protection and privacy is the Information Commissioners Office (ICO). Contact them on www.ico.org.uk or telephone 0303 123 1113.

 

 

12.   Data Retention

Once you have provided us with your information, we will retain your data as outlined below. The Data Protection Officer is responsible for all records.
This listing does not including external mailing lists which you may join and leave at your leisure.
Record Type
Retention Period
Staff records
6 years after termination
Staff records (H&S)
40 years after termination
Staff records (Pensions)
6 years after scheme end
Company accounts, Finance & VAT records
6 years and current
Money Laundering
5 years
Communication records (including enquiries)
12 months from transaction
Waste
3 years from transaction
Electronic Waste (WEEE)
4 years from transaction
Record destruction records
6 years after activity
 
13.   Subject Access Request
You have the right to see your personal data as defined under the legislation that we keep about you upon receipt of a written request and payment of a fee of £10 until and including April 2018. Any such requests will be fulfilled free of charge from May 2018.  Any request should be sent to:
      Jo Rutherford
Decomet Limited
129 The Vale Acton London W3 7RQ
jo@jamesgilbertandson.com
We will ask you to verify your identity and will not provide such information until such time as we are satisfied that you have a right to this information.
Information will be provided to you within 30 days unless in exceptionally challenging situations where we may advise you of an extension of up to 60 days.
 
14.   Changes to our privacy statement
This privacy statement may change from time to time in line with legislation, industry changes and internal company developments. We will not explicitly inform our customers, partners or website users of these changes.
Instead we recommend that you check this page occasionally for any changes to this statement. Specific statement changes and updates are mentioned in the change log below.
 
Version
Date
Version Update Detail
1.0
21.May.18
Released

 

 

 

Looking for Bespoke Products or Services? Have a Drawing You Would Like to Send us?

Our Customer Promise

We guarantee that you will be more than happy with our decorative grilles and outstanding levels of customer service. If you have any queries, please get in touch.