Privacy Policy

1. Introduction

Nylacast takes your privacy seriously.  This Privacy Policy describes how and why we obtain, store and process data which can identify you.

We may update this policy from time to time and shall indicate on the web site when changes have been made.

2. What data we collect from you

We collect information you provide, like your name, company name, job title, address, telephone number (mobile or landline) and email address when processing your enquiries, delivering services or products you have ordered from us and providing business related transactional communications (e.g. Quotes, Invoices).

We may also collect access data such as Google Analytics cookies to collect information about how visitors use our site.  This is used for the continued optimisation of our website.  The cookies collect information in an anonymous form, so we don’t know who is using our site.

Data is collected from either our enquiry forms or via direct communication.

We utilise the following Google Analytics features: Remarketing, or Google Analytics Demographics and Interest Reporting.  Google’s Ad Settings www.google.com/settings/ads allow you to opt-out of Google Analytics Remarketing.  Alternatively you can opt-out of Google Analytics tracking altogether via the following browser extension: tools.google.com/dlpage/gaoptout/

3. What data we collect from third parties

We collect no other data from third party services.

4. How we use your data

We will use your telephone number and / or email address to contact you for transactional communications (e.g. Quotes or Invoices), in addition to details on our products, services, events and offers.

We may use your email address to send you direct marketing, but only if you have opted in to receive emails about our services.

We do not store credit / debit card details on our systems.

5. Legal basis under the GDPR by which we process your data

We will process personal data where this is necessary to provide support for our products and services you have already acquired from us or enquired about where

  1. The data subject (you) has given consent to the processing of his or her personal data for one or more specific purposes;
  2. Processing is necessary for the performance of a contract to which the data subject (you) is party or in order to take steps at the request of the data subject prior to entering into a contract;

6. Protection and security

Nylacast is registered with the Information Commissioner in the UK as a “data controller” in accordance with the provisions of the Data Protection Act 1998.  Further details of registration are available at www.dpr.gov.uk

We employ safeguards, such as formal Data Protection and Data Retention policies to protect your privacy.

To opt out of any of the above processing, please contact us on info@nylacast.com

You are under no legal requirement to provide your personal data and you are not required to provide your personal data to us.  However, your failure to do so may affect our ability to provide the services you request – for instance, letting you know about important support issues, such as expected maintenance and downtime of services we provide.  We will not be liable for compensation if we are not able to contact you.

We will collect, process and store your data safely and securely.  Our staff are trained in current Data Protection regulations and are required to abide by our Data Protection Policy.

 

Keeping information about you secure is very important to us and certain sections of the site may encrypt data using SSL or a comparable standard.  However, no data transmission over the internet can be guaranteed to be totally secure.  As a result, whilst we strive to protect your personal information, we cannot ensure or warrant the security of any information which you send to us, and you do so at your own risk.

7. Automated decisions

Parts of our websites are automatic and we may process your data as part of www.nylacast.com or www.chockliner.com

8. Data subject rights

Under the GDPR you, as the data subject have the following rights:

-You have the right to ask us for a copy of the data we hold about you.

-You have the right to ask us to correct any data we hold about you.

-You have the right to ask us to delete the data we hold about you.

-You have the right to ask us to stop processing your data.

-You have the right to ask us to provide you with your data in a common, machine readable format.

-You have the right to restrict the processing of your data to specific purposes.

-You have the right to withdraw your consent at any time.

-You have the right to make a complaint to the Information Commissioner’s Office.

See https://ico.org.uk/concerns.

We will not charge you for a copy of the data we hold about you and we will respond to requests within 30 days.

If any of the information we have is wrong, let us know on info@nylacast.com and we’ll correct it.

9. Sharing your data

We will never sell your personal data to another organisation.

We may disclose your personal data if required by law or to enforce our legal right.

We may disclose your data to service providers who render services to us or you on your behalf (all of which are contractually obligated to act only on our instructions and in accordance with applicable laws, including GDPR), which includes our accountants.

10. How long we will hold your data

We will keep your information for as long as you are a customer or prospect with Nylacast Ltd.  After you stop your contract or no longer purchase our services and goods, we will hold your personal data for a maximum of 7 years before gaining further consent (6 years from the end of the company’s last financial year), unless instructed differently by you.  This is in compliance with HMRC for invoice and tax purposes (see https://www.gov.uk/self-employed-records#6).

We will review our criteria for determining our retention period regularly.

11. Data Breaches

Nylacast, as a data controller, will comply with the GDPR guidelines surrounding data breaches, such as notification of clients within 72 hours of a breach being detected.  (Further details can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/)