GDPR Privacy Notice
How we use your information
This Privacy Notice addresses information provided to The Chord Company Ltd (Chord Company) and confirms what to expect when Chord Company collects personal information. It includes but is not limited to information we collect about:
- visitors to our website;
- product registrations (electronic/paper);
- people who use our services, e.g. contacts within client customers; individuals who subscribe to our newsletter etc
- contributors to our social media;
- people requiring support and service;
- applicants for vacancies;
- complainants and other individuals in relation to a data protection or freedom of information complaint or enquiry;
This Privacy Notice relates to our online services available via our website (https://chord.co.uk/), any of our other online content and telephone, hard copy contact and all interactions that you might have with us during the provision of our services (collectively, the ‘Service’).
Personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal information about you which we have grouped together follows:
- Identity Data includes first name, last name, username or similar identifier, title.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details (although this is not ‘personal information’ as it will be the details of your business, we are still including this within this Privacy Notice for completeness).
- Transaction Data includes details about transactions and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Profile Data includes your username and password, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
The amount and type of information we store depends on the purposes for which it was collected. For example:
- When you sign up to our newsletter, the information we collect consists of name, email address, and what construction categories you’re interested in hearing about.
- When you make a purchase on behalf of a corporate customer, we will store transaction data including your trading history and payments.
- If you contact us with an enquiry, enter a competition or survey, we will collect your contact details for response purposes only, unless you opt-in and sign up to our newsletter. Depending on your preference, we will respond to your enquiry via telephone, post or email.
We do not collect any Special Categories of Personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Our legal basis for processing personal information
We will only use your personal information when the law allows us to.
We have set out below, in a table format, a description of all the ways we plan to use your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal information where more than one ground has been set out in the table below.
|Type of data||Lawful basis for processing including basis of legitimate interest|
|To register your company as a new customer and record you as a point of contact||(a) Identity|
|(a) Necessary for our legitimate interests (for establishing your company as a new customer and running our business)|
|To process and deliver your order including:|
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
(e) Marketing and communications
|(a) Necessary for our legitimate interests (to perform our contractual obligations, run our business, recover debts due to us)|
|To manage our relationship with you which may include but is not limited to:|
(a) Notifying you about changes to our terms or privacy notice
(b) Asking you to leave a review or take a survey
(d) Marketing and communications
|(a) Necessary to comply with a legal obligation|
(b) Necessary for our legitimate interests (to run our business, keep our records updated and to study how customers use our products/services)
|To enable you to partake in a prize draw, competition or complete a survey||(a) Identity|
(e) Marketing and communications
|(a) Performance of a contract with you|
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) Identity|
|(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)|
(b) Necessary to comply with a legal obligation
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||(a) Identity|
(e) Marketing and communications
|Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)|
|To use data analytics to improve our website, products/services, marketing, customer relationships and experiences||(a) Technical|
|Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|To make suggestions and recommendations to you about goods or services that may be of interest to you||(a) Identity|
|Necessary for our legitimate interests (to develop our products/services and grow our business)|
Automated decision making
We do not make automated decisions about you based on your information. If this changes then we will let you know.
How we share your personal information with third parties
We occasionally employ other companies and individuals to perform functions on our behalf. Examples include shipping and delivering goods, sending postal mail and e-mail, removing repetitive information from customer lists, analysing data, professional advisers, IT support, providing marketing assistance, processing credit card payments and providing customer service. In the event that Chord Company engages with a third-party service provider, to whom we may pass your personal information or to whom you may be expected to provide your personal information, your information will be handled by that third-party service provider as if it were being handled by us, they may not use it for any other purposes and they must process personal information in accordance with this Privacy Notice and in accordance with GDPR.
We may release your account details and other personal information when we believe release is appropriate to comply with law, to enforce or apply our Terms and Conditions and other agreements or to protect the rights, property or safety of Chord Company, our users or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction. Obviously, however, this does not include selling, renting, sharing or otherwise disclosing personal information for commercial purposes in a way that is contrary to this Privacy Notice.
As we continue to develop our business, we might, during the process of growth and evolution, sell elements of the business (or subsidiaries) or add to it. In such transactions, customer information generally is one of the transferred business assets but remains subject to any pre-existing Privacy Notice (unless, of course, the customer consents otherwise). Also, in the unlikely event that Chord Company or substantially all of its assets are acquired by a third party, personal information held by Chord Company about the customers will of course be one of the transferred assets.
Please also read our Terms and Conditions, which applies to our website, any email correspondence and governs your use of our Service. By using the Service, you consent to the collection, storage and use of your personal information as described below. If you do not agree to this Privacy Notice, you may request us to remove all record of your details as set out below.
Your Information and marketing preferences
By registering with the Chord Company website or otherwise using the Services, you consent to Chord Company storing, using and disclosing the data you provide in the manner and for the purposes described in this Privacy Notice. You agree to provide accurate, current, and complete information required to register with any Service and at other times as may be required in the course of using any Service. You further agree to maintain and update your data as required to keep it accurate, current, and complete. Chord Company may terminate your right to use any or all of any Service if any information you provide is false, inaccurate or incomplete as determined by Chord Company in its sole discretion. You agree that Chord Company may store and use the data you provide for use in providing any Service, including but not limited to, maintaining your account and billing fees to your credit card (if applicable).
The main source of data collection is via our product registration and other website-based enquiry forms. If you do not want Chord Company to send you information you can deselect this option when setting your preferences when you register. If you have already registered you can change your preferences by emailing firstname.lastname@example.org or writing to The Chord Company Ltd, Chord Company House, Millsway Centre, Amesbury, SP4 7RX, UK.
From time to time Chord Company may hold competitions or prize draws, as part of which we may request contact information from you when you enter. If you are a winner, we will notify you and with your permission, display your first name and city, on our media channels, or wherever we announce the winners.
We may occasionally ask you to participate in voluntary surveys. These surveys are intended to improve our service. Any personal information collected will be used only by Chord Company (unless we specify otherwise in advance of your participation).
We do not disclose information about identifiable individuals to our advertisers. However, we may share with them aggregate survey result information about our customers/users.
International transfers of personal information
As a general rule, your personal information is not transferred outside of the EEA. Our servers and back-up systems are all located within the EEA.
However, whenever we do need to transfer personal information to countries outside of the European Economic Area in the course of sharing personal information as set out above, we will take all steps reasonably necessary to ensure that your data is transferred securely and in accordance with this Privacy Notice and in accordance with GDPR. This is usually done by using appropriate contractual clauses approved by the EU Commission.
The Service is controlled by us from our offices in the United Kingdom (UK). Personal information collected from the Service is processed in accordance with the Data Protection Act 1998 (the Act) and the General Data Protection Regulation (GDPR), which regulates the processing of personal information in the UK. We comply with UK and GDPR data protection and privacy laws. For the purpose of the regulation, the Data Controller is The Chord Company Limited, Chord Company House, Millsway Centre, Amesbury, Wiltshire SP4 7RX, UK. Our Data Protection Officer is Alan Gibb and he can be contacted on DPO@chord.co.uk.
Chord Company does not knowingly collect personal information from persons who are under 16 years of age. By agreeing to use our products or services, you represent that you are 16 years or older.
If you choose to use the Service from outside the UK, you do so at your own risk, with the understanding that personal information collected from the Service may be collected, stored and used in a country whose privacy laws may be different and less protective than those of your home country.
Under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), you have rights as an individual which you can exercise in relation to the information we hold about you. More information can be found at https://ico.org.uk/
Retention of personal information
Unless otherwise stated in this Privacy Notice, we retain personal information for the duration of our customer relationships and for 7 years thereafter.
Access to personal information
Chord Company tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Act or the Regulation. If we do hold information about you, we will:
- give you a description of it;
- tell you why we are holding it;
- tell you to whom it could be disclosed; and
- let you have a copy of the information in an intelligible form.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
To make a request to Chord Company for any personal information we may hold, write to our compliance department at the address provided at the end of this document.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone. If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting the compliance department.
Under the Data Protection Act 2018 and the General Data Protection Regulation, you also have the following rights with respect to your personal information:
- to have any inaccuracies corrected;
and in certain circumstances, you have the right to:
- Request erasure of your personal information;
- Object to processing of your personal information;
- Request restriction of processing your personal information;
- Request transfer of your personal information;
- Right to withdraw consent.
To make a request to Chord Company exercise any of the above rights, write to our compliance department at the address provided at the end of this document.
Visiting our website
When you browse this website, you do so anonymously. We use a third-party service, Google Analytics, to collect standard Internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. Neither Google nor the Chord Company will make any attempt to find out the identities of those visiting our website.
You understand and agree that any material downloaded from the website is downloaded at your own discretion and risk and that you will be solely responsible for any damages to your computer system or loss of data that may result from any such material downloaded.
Chord Company uses a third-party service, TJC, to help maintain the security and performance of Chord Company website. To deliver this service it processes the IP addresses of visitors to Chord Company website.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Unfortunately, the transmission of information by the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our website. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try and prevent unauthorised access.
We may obtain information about your general internet usage by using a cookie file which is stored on your device. Cookies contain information that is transferred to your device. They help us to improve our website to deliver a better and more personalised service. They enable us to estimate our audience size and usage pattern, store information about your preferences and so allow us to customise our website according to your individual interests, speed up your searches and recognise you when you return to our website.
The “Help” menu on the menu bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. If you leave cookies turned on, be sure to sign off when you finish when using a shared computer/device. You can always choose not to provide information and not to accept cookies, even though it might be needed to take advantage of certain website features.
As is true of most websites, we gather certain information automatically and store it in log files. This information includes Internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exiting pages, operating system, date/time stamp and clickstream data.
We use this information, which does not track or identify individual customers, to analyse trends, administer the website, track customer movements around the website and to gather demographic information about our customer base as a whole. The Chord Company Ltd will not use the information collected in this way to market directly to a customer.
In some of our e-mail messages we use “click-through URLs” linked to content on our website. When a customer clicks one of these URLs, they pass through our web server before arriving at the destination page. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of communications with our customers.
Our website may, from time to time, contain links to and from the websites of our partner networks, distributors, advertisers and affiliates. If you follow any link to any of these websites, please note that these website have their own privacy policies and that we do not accept any responsibility or liabilities for these policies or usage of data you may provide to them. Please check these policies before you submit any personal information to these websites. GDPR gives you the right to access information held about you. Your right of access can be exercised in accordance with the regulation.
Service providers reporting a breach
Public electronic communications service providers are required by law to report any security breaches involving personal information, to the Chord Company. If we are advised of any breach that affects the data that we hold about you, we will inform you if the breach is likely to adversely affect you “without undue delay”.
We use a third-party provider (Adestra) to deliver e-newsletters to recipients who have requested it. We gather statistics around email opening and clicks using industry standard technologies.
Contact by telephone or email
We will record and process any given personal information for as long as is necessary to ensure the support has been given effectively. If the caller is a registered customer, the personal information will be handled in accordance with this Privacy Notice . If not, the caller’s personal information will be retained for 6 months from the date of the last call.
We use Transport Layer Security (TLS) to encrypt and protect stored email, registration & contact form information. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you, as the sender, has the responsibility to ensure that any email you send is within the bounds of the law.
Recruitment via recruitment agencies
We sometimes advertise through recruitment agencies which will collect application information. Such information will be handled In line with the requirements of the General Data Protection Regulation. Please note that these recruitment agencies are data controllers in their own right and you should request a copy of their own Privacy Notice to ascertain how they handle your personal information. We are not responsible for how they handle your personal information.
Recruitment via Chord Company
Alternatively, applicants are invited to apply to Chord Company directly.
What information do we ask for, and why?
We do not collect more information than we need to fulfil our stated purposes. The information we ask for is used to assess your suitability for employment (for example, qualifications and details of experience relevant to the role).
What will we do with the information you provide to us?
All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area.
The information you provide will be held securely by us whether the information is in electronic or physical format.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.
How long do we keep information?
If your application is successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment. If you are unsuccessful, information is retained for six months following confirmation of the decision.
If you have any queries about the process or how your information is handled, please contact us at email@example.com .
Complaints or queries
Chord Company tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of personal information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you want to make a complaint about the way we have processed your personal information, please contact our Data Protection Officer in the first instance at firstname.lastname@example.org. If you are not satisfied with our response, you can contact the Information Commissioner’s Office in their capacity as the statutory body that oversees data protection law.
When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint. We will only use the personal information we collect to process the complaint and to check on the level of service we provide.
We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record of events is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. During this time, it will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
When we take enforcement action against someone, we may publish the identity of the defendant in our Annual Report or elsewhere. Usually we do not identify any complainants unless the details have already been made public.
Governing Law & Jurisdiction
This legal notice shall be governed by and construed in accordance with English law. Disputes arising in connection with this legal notice shall be subject to the exclusive jurisdiction of the English courts.
© The Chord Company 2018
If you are a registered member of the website and wish to terminate your account with us, please email a request to email@example.com, specifying the account/s you wish to be terminated.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 21 September 2018.
How to contact us
If you want to request information about our privacy notice or provide feedback regarding this notice, please email firstname.lastname@example.org or write to The Chord Company Ltd, Chord Company House, Millsway Centre, Amesbury, Wiltshire, SP4 7RX, UK.