This Privacy Notice aims to inform you about the data processing in connection with our website and related services. The processing of personal data takes place exclusively within the framework of the respective valid legal data protection regulations, in particular the Data Protection Act 2018 and General Data Protection Regulations (hereinafter referred to as “GDPR”).

 

General Information

 

Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); a natural person is considered as being identifiable, directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics expressing the physical, physiological, genetic, mental, economic, cultural, or social identity of this natural person.

 

Who we are

Windows Plus Roofs & Kitchens Plus Bathrooms are trading styles of Windows Plus Roofs Limited (“we”, “our”, “us”). Our company number is 11590335. Our ICO registration number: ZB502678.

We are the data “controller”, which means we are responsible for deciding how and why your personal Information is used. We are also responsible for making sure it is kept safe, secure and handled legally.

We operate to the highest standards when protecting your personal information and respecting your privacy. You can contact our Data Protection Officer by sending an email to [email protected], or by writing to us at Diamond House Kingsway North Team Valley NE11 0JH

 

Personal Data which we may collect about you and how it is used

Most commonly, we will collect your Personal Data in the following circumstances:

  • When you provide your contact details to us requesting a quote for windows and doors either by telephone, online chat, website quote form or 3rd party quote form.
  • In response to surveys we have sent you.
  • Through social media platforms such as Facebook, Twitter, Instagram, and other openly available public sources.
  • When you visit our website, the lawful basis we rely on to process your personal data is either Article 6(1)(a) of the UK GDPR, for example when we require your consent for the optional cookies we use, or Article 6(1)(f) which allows us to process personal data when it is necessary for our legitimate interests.

We may collect, use, store and transfer different kinds of Personal Data from and about you through a number of different methods, which may include:

 

Source of data Categories of personal data Purpose Lawful Basis
Website Visit IP Address, location data Your device’s IP address may tell us an approximate location when you connect to our websites, but this will be no more precise than the city, state, or country you are using your device in. (Please see our Cookie Policy). Consent or legitimate interest (please see our Cookie Policy)
Lead Generation 3rd Party Supplier LI under Lead generators Title, Surname, Email address, Postcode, Contact Number To enable us to respond to your request Consent or legitimate interest (please see our Cookie Policy)
Quote request Title, Surname, Email address, Postcode, Contact Number To respond to your request for a quote and to provide pre-contract information Contract
Brochure request Title, Surname, Email address, Postcode, Contact Number To follow up your request for a brochure Legitimate Interest
Chat enquiry Name, Postcode, Contact Number, Email address To respond to your chat enquiry Legitimate Interest
Social Media interaction Title, Surname, Email address, Postcode, Contact Number To assist in your social media enquiry Legitimate Interest
Email enquiry Title, Surname, Email address, Postcode, Contact Number To assist in your email enquiry Legitimate Interest
Telephone canvassing Title, Surname, Email address, Postcode, Contact Number To market similar products to you Legitimate Interest
Door to door canvassing/instore pop-ups/Showroom visit Title, Surname, Email address, Postcode, Contact Number To respond to your request for a quote and to take necessary steps to fulfil that Contract
Your communication Vulnerability information (health & disability) Information that allows us to understand whether you are in a vulnerable situation; information that will help us to better help you. Consent
Your call into our Helplines Name, address, DOB, email address, telephone numbers When you share comments and opinions with us, ask us questions or make a complaint we will keep a record of this, which may include call recordings. Contract where there is an agreement between us.
Legitimate interest where you are not a customer
Placing an order Name, Address, Contact Number, Email Address, Date of birth, unique order number. Other details may include:

 

  • property ownership details,
  • people with power of attorney and their details,
  • marketing preferences,
  • complaint details,
  • -appointment details; and notes added to your account
Providing the service requested and fulfilling obligations and customer service Contract
Survey platform Records of any responses to surveys you have volunteered To gather feedback to help improve services and promote the company Legitimate interest
Advertising and direct marketing preferences and responses Telephone number, Name, Address To adhere to any requests for these communications to stop. Regulatory
Public registers, such as Land Registry Name, address ownership details To check ownership status Legitimate interest

 

Our services are not aimed at children.

Direct Marketing

From time-to-time we may contact you by telephone with information about our products and services we believe you may be interested in.

If you have not consented to receiving marketing communications, we will only send these communications to you when permitted to do so by law – using the basis of Legitimate Interests, but in all circumstances, we will respect your preferences as may be updated from time to time. You can let us know at any time that you do not wish to receive marketing calls including by sending an email to us at [email protected].

Your rights regarding your personal data

You have a number of ‘Data Subject Rights’ under UK data protection law. If you would like to exercise any of these rights or have any associated query please contact us at [email protected]. More information can be found on the Information Commissioners website www.ico.org.uk.

These are as follows:

  • Informed: You have the right to be informed about how we handle your personal data. This privacy statement provides this information, and we will always make this clearly accessible whenever we collect personal information from you.
  • Access: You have the right to ask for a copy of the personal data we hold about you and the purposes for which we are using it. On receipt of such a request we will endeavour to respond to you as soon as possible and within one calendar month. We will confirm the personal data being processed, but this does not necessarily mean providing copy documents with non-personal information, within which your personal data might be contained.
  • Rectification: You have the right to request that we amend any personal data which is incorrect or requires updating.
  • Erasure: You have the right to request that we delete any personal information pertaining to you. We will assess any deletion request on a case-by-case basis and will endeavour to respond to you as soon as possible, and within one calendar month. Please note this is not an absolute right and there may be circumstances in which we can justifiably retain information about you.
  • Object: You have the absolute right to object to receiving direct marketing from us.  You also have the right to raise an objection about how we are handling your personal data.
  • Restriction: You have the right to request that we restrict or suppress your personal data, so we would only store it but not use it.
  • Portability: You have the right to obtain and reuse your personal data for your own purposes across different services. Due to the nature of our business and the limited nature of the personal data we handle, we do not believe this right is likely to apply.

 

We do not conduct any automated decision-making or profiling.

Where we rely upon your consent to process data, you have the right to withdraw that consent and to do so please contact us using the information above.

In order to fulfil a data subject rights request, we may need to ask you for proof of identity, depending on the circumstances.

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as taking account of any disability).

If you have any concerns about the manner in which we have collected and used your personal data, please contact us and we will do our best to help. If you are unhappy with the way in which we have handled your personal data you have the right to raise a complaint with the UK’s Information Commissioner’s Office.

How long we store your personal data for

We will only keep a copy of your personal information for as long as is reasonably necessary for the purpose for which it was collected, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint, or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.

At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data, so that it can be used in a non-identifiable way for the purposes of statistical analysis and business planning.

In some circumstances, we will anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

How we protect your personal data

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We always hold your Personal Data securely and to prevent unauthorised disclosure or access to your Personal Data, we have implemented strong security safeguards including operating our website over the https protocol. We also follow stringent procedures to ensure we work with all Personal Data in line with current data protection legislation.

Who we may share your personal data with

We share personal data with the following categories of third parties. We never share or sell your data to anyone outside the group for their own marketing use.

Who Examples (not exhaustive)
Any party approved by you A finance company if you want to take out a financing service
Other people you have authorised to access your account Joint account holder, e.g. we may provide your personal data to the other joint account holder where they submit a subject access request
Advertising partners Google, Facebook
Industry partners Partners, suppliers & contractors for the performance of any contract we enter into with them or you, for example scaffolding companies, Locksmiths, product manufacturers, insurers
Examples include Assure Certification Ltd, The Consumer Protection Association, GGF, FENSA, Clayton Glass, UK Windows & Doors Group
To comply with financial audit regulations: Deloitte, Grant Thornton.
The government or our regulators Information Commissioner’s Office (ICO), HMRC, Financial Conduct Authority (FCA) Ombudsman services
Trial partners Companies we work with to test our new products and services
Companies that help us run our business, help customers complete sales or appointment bookings, support our IT infrastructure and to further understand our customers IMA Home, Ebiz, MBN, Rackspace, Yomdel, Freshworks, Trustpilot, Researchbods, SiteSpect, DataBowl, CustomerGauge.

 

Data sharing within Windows Plus Ltd

Personal data may be shared across any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries. We do this so that we have a single, joined-up view of our customers, to offer you the best possible experience. In particular, we do this for the following purposes:

  • Understanding your use of products and services from across the group
  • Improving the products and services offer by group companies (including market research), and customer relationship management strategy
  • Product development, and
  • Marketing products and services that you might be interested in.

Links to other websites

This privacy notice does not cover any links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

Changes to this privacy notice

We keep our privacy notice under regular review. This privacy notice was last updated on the 02nd July 2024.