THIS WEBSITE IS OPERATED BY “BSS INDUSTRIAL”
BSS Industrial is a member of the Travis Perkins Group (the “Travis Perkins Group” means Travis Perkins plc and its subsidiaries). Travis Perkins Group is committed to protecting your privacy and comply with data protection laws applicable to the United Kingdom, including the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA).
We can be contacted via the following:
Lodge Way House, Lodge Way, Harlestone Road, Northampton, NN5 7UG
1. PERSONAL INFORMATION
Personal information is any information relating to an individual who can be identified directly or indirectly, often by name, account number, location, an online identifier or other factors specific to their identity.
Personal information may include “special category data” relating to racial or ethnic origin, political opinions, religious beliefs, membership of a trade union, physical or mental health and criminal records and allegations.
When we collect personal information from you we will indicate whether it is mandatory or voluntary – this is done on the website by using asterisks to mark mandatory fields.
1.1 WHO THE INFORMATION CONCERNS
This privacy notice applies to personal information we (as well as any subsidiaries, affiliates and applicable 3rd parties) process concerning the following data subjects:
- Visitors to our website
- Customers who purchase goods or services or create an account with us
- Our suppliers
1.2 TYPES OF DATA
The types of information we may process on you includes but is not limited to:
Personal details: Name, address, email address, telephone number, date of birth, copies of identification, account name
Order details: Delivery addresses, payment details, contact information, complaint / enquiry information, delivery photographs, survey and installation details
Account details: Identification, purchase history and trends, credit limits, contact information, account activity, log in details
Fraud prevention Website Details: AML and credit check results, fraud investigation, like many websites, our server logs capture details of your operating system, browser software, IP (Internet Protocol) address and Uniform Resource Locator (URL), including the date and time of your visit.
1.2 PURPOSES OF PROCESSING
You can visit and browse our website without providing your name or contact details.
If you purchase products or services from us, we may process the information you provide us for the purposes of:
- Responding to your enquiries, complaints or rights requests
- Providing a service or quoting for a service
- Keeping you informed about our products and services (including marketing)
- Processing your order and to follow up on orders that are not completed
- Arranging visits to your home (e.g. to carry out a survey or installation)
- Managing your account, including carrying out identity checks where relevant
- Managing your credit account (if applicable) including carrying out credit checks
- Using your purchase history to manage rebates and supplier claimbacks
- Market research
- Publishing trends and/or to improve usefulness and content of our website
- Tracking activity on our site and to provide a more personalised online experience
- Linking with social media sites and services, for example, for advertising purposes
- Notifying you about important changes or developments to our site or services
- Managing deliveries, returns and refunds
- Processing competition entries
- Product liability purposes
- Dealing with enquiries and complaints
- Claims management and insurance purposes
- Record keeping
If you supply products or services to us, we may use your personal information for the purposes of:
- Processing and managing orders
- Managing deliveries, installations, returns and refunds Product liability
- Managing accounts, including conducting credit and other background checks where applicable
- Market research
- Notifying you about important changes or developments to our websites, services and policies
- Supply chain management
- Handling rights requests, enquiries and complaints
- For claims management and insurance purposes
- For record keeping purposes
If you are a supplier and you have any questions about how we use your personal information, please contact the Commercial Team or your usual business contact.
1.3 THIRD PARTY SOURCES
Information about you may also be provided to us indirectly by:
- Next of kin / delegated authorities
- Business associates
- Your employer in partnership/business with the Travis Perkins Group
- ‘Trusted Sources’:
- Credit / Default Agencies
- Financial Institutes
- Insurance Companies
- Health providers
- Third-party service affiliates or suppliers who have sought your consent
1.4 CALL RECORDING
Some telephone calls may be recorded and/or monitored, for example calls to our customer services teams. Call recording and monitoring may be carried out for the following purposes:
- Training and quality control
- As evidence of conversations
- For the prevention or detection of crime (e.g. fraudulent claims)
2. LEGAL BASIS FOR PROCESSING
The legal basis we use to process your personal information may differ for each processing activity. Dependent upon the purpose for processing, as outlined above, and the business area processing your data one of the following lawful basis of processing may apply:
- Article 6 (1) (a) GDPR Consent: Where your permission and consent has been provided to allow processing to be undertaken
- Article 6 (1) (b) GDPR Performance of a contract:
- Where you have set up an account with us
- To process your orders
- Where you (or your employer) have or will enter into a contract with us and we need to process your information as part of this contract
- To provide quotations and / or estimates as a preliminary step towards providing a service
- Article 6 (1) (c) GDPR Legal Obligation: Where we are bound by further laws and regulations to process your information, affecting areas such as:
- Privacy and Electronic Communications Regulation
- Crime and anti-money laundering
- Financial Services
- Welfare and health and safety
- Article 6 (1) (f) GDPR Legitimate interests: These include:
- Suppression lists and managing communication opt-out requests
- Training, communication and awareness
- Direct marketing
- Monitoring and web analytics
- Cloud storage
- Track and trace requirements
- To keep in touch with current, past and prospective customers
- To provide online account management and related services
- To gain an understanding of how our customers interact with us so we can provide the most relevant products and services
- To monitor the use of our website and improve its facilities
As a rule, we do not collect “special category data” about visitors to our website or our customers or suppliers. The exception is where we identify suspected criminal activity such as fraudulent claims or the use of stolen payment card details. In this case we will record details of the suspected criminal activity and may take appropriate action, including refusing to accept orders, make payments or give refunds. We may also report the incident to the relevant bank or payment card issuer or to the police or other appropriate authorities.
Should we process information defined as ‘special category’ the following lawful basis for processing may be relied upon:
- Article 9 (2) (a) GDPR Explicit Consent: Your permission has been granted and documented directly to us
- Article 9 (2) (f) GDPR Establishing, exercising or defending a legal claim: Such as litigation against a business, supplier, fraudulent person We may also process criminal conviction data under:
- Schedule 1, Part 3, Paragraph 33 DPA 2018 Legal claims: In connection with legal, or potential legal proceedings, obtaining legal advice or establishing, defending and /or exercising legal rights
We may collect and process your personal data for humanitarian purposes, such as the monitoring of epidemics and their escalated spread (Recital 46) and in compliance with those purposes as defined by the appropriate authority/government under the lawful basis of “public interests” in order to protect our customers and employees.
3. DATA SHARING
Like most organisations, we engage service providers to assist us in ensuring optimum business functionality and the ability to provide continued services. We also work with a large number of suppliers who provide products and delivery services to us.
We will only provide these third parties with the information they need to deliver the service we have engaged them for and they are prohibited from using that information for any other purpose. Whenever we share personal information about our customers or visitors to our website with these third parties, we will put in place contracts which require the protection of the personal information.
Your information may be shared within the Travis Perkins Group for account management (including credit accounts), analysis and reporting.
Your personal data may be disclosed to the following third parties:
- Tax, customs and excise authorities
- Regulators, courts and the police
- Fraud screening agencies
- Duplicate payment reviewers
- Central and local government
- Insurance companies
- Other professional advisors
In order to process your application we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at experian.co.uk/legal and transunion.co.uk/legal/privacy-centre.
We may also disclose your personal information if we believe that the disclosure is necessary to enforce or apply our terms and conditions or otherwise protect and defend our rights, property or the safety of our customers and other users of the website.
We may disclose and/or transfer your personal information in connection with a reorganisation of all or part of our business, if the majority of our shares are bought by another company or if we transfer all or some of our assets to another company.
3.1 LINKS TO OTHER WEBSITES
Links may be provided on our website to other websites that are not operated by us. If you use these links, you will leave our website. You should note that we are not responsible for the contents of any third party website. External sites will have their own privacy policies which you should read carefully.
4. INTERNATIONAL TRANSFERS
Some of the companies who provide services to us may be located outside the United Kingdom. As a result, your personal information may be transferred outside the UK. We will ensure your personal information is provided with the same adequacy of data protection adopted in the UK, by following legislation and ICO guidelines and requirements, such as using Binding Corporate Rules, Adequacy Rulings and Model Clauses.
We maintain administrative, technical and physical safeguards designed to protect against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of information you submit via our website and any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organisational measures to safeguard your personal data against loss, theft and unauthorised use, access or modification.
If you have created an account or registered to use any online services, your account details may be password protected. It is your responsibility to keep your password confidential and to sign out once you have finished browsing.
Access to personal data is restricted only to those who have a legitimate business need and data processed by third parties is only done so under strict instruction from us, as per the terms of their contract. We contractually require service providers and processors to safeguard the privacy and security of personal information they process on our behalf in line with data protection obligations and authorise them to use or disclose the information only as necessary to perform services on our behalf and under our instruction or to comply with legal obligations and requirements.
Information is retained in line with its purpose of processing and only for as long as necessary in line with business requirements, legitimate interests and statutory or legal obligations. For specific retention schedules please email customer services.
You can exercise certain rights in regards to your data:
- The right to receive a copy of the information we hold about you
- The right to have inaccurate information corrected or incomplete information completed
- The right to have your information erased
- The right to have the processing of your information restricted
- The right to withdraw your consent or object to processing reliant upon legitimate interests
- The right to have your information transferred to another organisation
- The right to request human intervention in regards to automated decision making
The applicability of these rights is dependent upon our purpose and the lawful basis of processing relied upon. For example:
• The right to Erasure is only applicable when you have provided us with your consent or we are relying upon a legitimate interest
• The right to Object is only applicable when you have provided us with your consent or we are relying upon a Public Task or legitimate interest
• Should your request be one that we cannot process you will be informed of this, along with the reasons as to why your request cannot be carried out
You can exercise your rights either verbally or in writing. However, should you make a request verbally we recommend that you follow this up in writing to provide a clear correspondence trail. Requests in relation to accessing your personal data, having your information erased or to opt out of marketing material can be made by sending an email to email@example.com with ‘Opt Out’ in the subject line. If you are making a request on behalf of someone else please clearly state this in the body of the email.
We have an obligation to respond within one month of receiving your request. Should we deem the request to be complex the response time can be extended by up to two months and you will be informed of the extended response date, alongside an explanation, within the original one-month time frame.
If required, identification will be requested within the one-month time frame and only limited to what is necessary for confirmation, such as a copy of your driving licence, passport or utility bill. Once ID has been confirmed we will then process your request.
Should we refuse to comply with a request we will inform you of this within the one-month time frame and provide an explanation outlining our justification, our internal complaints procedure and your right to complain to a supervisory authority and to enforce your rights through a judicial remedy.
Contact information for submitting a request can be found at the bottom of this privacy notice.
7.1 DIRECT MARKETING
You may receive direct marketing from us if you have signed up to this or where we have a legitimate interest to provide the material to you. Regardless of the lawful basis we rely upon you have the right to stop receiving this marketing material at any time.
If you have an online account you can access, update and correct your personal information – including your marketing choices – using the account management facilities.
You can opt out of receiving emails or text marketing at any time by using the unsubscribe option in the message.
You can opt out of postal and telephone marketing by contacting us with your BSS account number at firstname.lastname@example.org
If you prefer not to receive marketing which is tailored to suit your customer profile, please contact us at: email@example.com and confirm which accounts this affects. You will still receive generic marketing unless you opt out of receiving marketing entirely.
We may use direct or anonymised information to engage in data analysis, data matching and profiling activities for a variety of purposes, including, but not limited to:
- Website Activity (cookie history)
- Business conduct
- Investigation and identification of fraud, money laundering and other potential unauthorised activities
- Financial Viability analysis/reports
- Business partner/client portfolio position, performance, risk positions
- Anti-money laundering
- Tax reporting
- Credit defaulting / exposure
8. LODGING A COMPLAINT
If you are not satisfied with our use of your personal information or our response to any request made by you in relation to your personal information, you have a right to make a complaint to the Information Commissioner:
Information Commissioner’s Office, Wycliffe House, Water Lane Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545745 (national rate) Email: firstname.lastname@example.org
The ICO currently recommends you contact them within 3 months of your last contact with us and advises you to contact them once the company’s complaints process has been exhausted.
9. CONTACT DETAILS
Travis Perkins Group Data Protection Officer, Travis Perkins plc c/o General Counsel Office, Rye Hill House, Rye Hill Close, Lodge Farm Industrial Estate, Northampton, NN5 7UA
Or emailing them at: email@example.com (marking emails for the attention of the Data Protection Officer)
10. VERSION CONTROL
This Notice is a live document and can be updated at any time therefore it is recommended you regularly review to ensure you remain informed.