Wren Kitchens Limited (“we” “us”
“our”) are committed to protecting and respecting your privacy.
For the purposes of data protection legislation, we are the data controller and we will process your
personal data in accordance with the General Data Protection Regulation (EU) 2016/679 along with European
and national laws which relate to the processing of personal data. Please read the following carefully
to understand our views and practices regarding your personal data and how we will treat it.
2 How we use your personal data
We may collect details such as your name, contact details, home and business address,
CIS registration details, company registration as appropriate, bank details, national insurance number
and vehicle registration number to verify your suitability to provide installer services on our behalf,
to contact you about customer visits we require you to attend, for tax purposes and to pay you
for the services supplied.
We may also use your personal data to:
to contact you about previous customer jobs you have worked on (note that this may also
include contacting you when your contract with us has come to an end/terminated); and
share your personal data with the third parties referred to in section 6 of this policy.
3 If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you
fail to provide the data when requested, we may not be able to perform the contract we have or are trying
to enter into with you.
4 Monitoring and recording
We may monitor and record communications with you (such as telephone communications) for the purpose of
quality assurance, training, fraud prevention and compliance. We also have CCTV cameras installed in our
premises and delivery vehicles for the purpose of crime prevention and for health and safety reasons.
5 Legal basis for processing your personal data
We will only use your personal data where the law allows us to. Most commonly, we will use
your personal data in the following circumstances:
for performance of a contract we enter into with you;
where necessary for compliance with a legal or regulatory obligation we are subject to; and
for our legitimate interests (as described within this policy) but only if your
interests and fundamental rights do not override these interests.
6 Disclosure of personal data to third parties
We may disclose your information to the following third parties for our legitimate interests:
to staff members internally to allow us to manage our customers' journey;
our affiliated entities to support internal administration;
to our customers to notify them of your visit before arrival;
to the British Institute of Kitchen, Bedroom and Bathroom Installation (“BiKBBI”) for
them to undertake necessary compliance checks. BiKBBI may contact you direct in order
to obtain documentation/information from you in order to commence the BiKBBI membership
process which will be handled in accordance with their own privacy policies;
IT software providers that host our website and store data on our behalf;
Furniture Industry Research Association (“FIRA”) as part of our accreditation audits;
professional advisers including consultants, lawyers, bankers and insurers who provide us
with consultancy, banking, legal, insurance and accounting services;
HM Revenue and Customs, regulators and other authorities who require reporting
of processing activities in certain circumstances; and
to third parties with whom we may in the future negotiate a sale, transfer or merger of our business.
We may also disclose personal data to the police, regulatory bodies, legal advisors or similar
third parties where we are under a legal duty to disclose or share personal data in order
to comply with any legal obligation, or in order to enforce or apply our website terms and conditions
and other agreements; or to protect our rights, property, or safety of our customers, or others.
We will not sell or distribute personal data to other organisations without your approval.
7 Cross-border data transfers
Our IT software providers and developers may process your personal data to the United States and other
jurisdictions outside the European Economic Area (‘EEA’). We will ensure that adequate levels of protection
approved by the European Commission are in place for the security of the processing of your personal data outside the EEA.
8 Data security
Information you provide to us is shared on our secure servers. We have implemented appropriate physical,
technical and organisational measures designed to secure your information against accidental loss and
unauthorised access, use, alteration or disclosure. In addition, we limit access to personal data to those
employees, agents, contractors and other third parties that have a legitimate business need for such access.
9 Access to, updating, deleting and restricting use of personal data
It is important that the personal data we hold about you is accurate and current.
Please keep us informed if the personal data we hold about you changes.
Data protection legislation gives you the right to object to the processing of your personal data
in certain circumstances, and to withdraw your consent to the processing of your personal data
where this has been provided. You also have the right to access information held about you and
for this to be provided in an intelligible form. If you would like a copy of some or all of
your personal information, please send an email to our Data Protection Officer at email@example.com.
In certain circumstances we reserve the right to charge a reasonable fee to comply with your request.
You can also ask us to do the following (although please see section 9.4, which might apply to your request):
update or amend your personal data if you feel this is inaccurate;
remove your personal data from our database entirely;
send you copies of your personal data in a commonly used format, and transfer your information to another entity; or
restrict the use of your personal data.
If you make this type of request we may request specific information from you to help us
confirm your identity and verify your request. Data protection legislation may allow or require us
to refuse your request. If we refuse your request, we will inform you of the reasons why,
subject to any legal or regulatory restrictions.
Please send any requests relating to the above in writing to our Data Protection Officer at
firstname.lastname@example.org specifying your name and the action you would like us to undertake.
10 Retention of personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected
it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature,
and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure
of your personal data, the purposes for which we process your personal data and whether
we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available upon
request by contacting us on email@example.com.
collected personal data for different purposes than those we notified you about at the time of collection,
we will provide you with notice and, where required by law, seek your consent, before using your
personal data for a new or unrelated purpose. We may process your personal data without your knowledge
or consent where required by applicable law or regulation.
12 Contact us
comments or requests regarding this policy or how we use your personal data please contact our Data Protection
Officer at firstname.lastname@example.org. This is in addition to your right to contact the Information Commissioners
Office if you are unsatisfied with our response to any issues you raise. The contact details for the ICO
can be found here: https://ico.org.uk/global/contact-us/
Last updated: October 2019.