Privacy and Cookie Policy

We are committed to ensuring that your privacy is protected.

Flexible Roofing Supplies site is a trading style of Stephens Industries Ltd, Monks Park, Monks Lane, Corsham, Wiltshire, SN13 9PH, a company incorporated in England and Wales under company number 572598 (from now on referred to as “we” and by related words such as “us” and “our”). Contact details: 01225 810324 | [email protected].

We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

This policy includes all customers that we provide services to, all potential customers who may be interested in our products and services and all business partners that assist us in the provision of our services.

Please note that this website is not intended for children and we do not knowingly collect data relating to children.

Stephens Industries is the ‘data controller’ for the purposes of the General Data Protection Regulation (GDPR) and all other data protection law.

 

  1. Personal data we may collect

We collect and retain personal information about you when you have an interaction with us including when you register with us, place an order (by any means) for products or services or contact us by any medium (including queries, completing surveys, providing feedback and competitions). Website usage information is also collected using cookies on flexibleroofingsupplies.co.uk and during our business processes.

We may collect, use, store and transfer different kinds of personal data:

TYPE

DATA INCLUDES

Personal

 

Name, title, username, gender, date of birth

Contact

 

Delivery and billing addresses, email address, telephone numbers

Payment

 

Bank account, payment card details

 

Transaction

 

Payments to and from you, details of products and services you have purchased from us

 

Technical

 

Internet Protocol (IP) address, login data, browser type and version, time-zone settings and location, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website

 

Profile

 

Usernames, orders made by you, preferences, feedback and survey responses

 

Usage

 

Information about how you use our website, products and services

 

Marketing

 

Preferences in receiving marketing and communications

 

 

We may also collect any other information necessary to meet our contractual obligations or provision of better service to meet your requirements.

We do not collect any ‘Special Category’ of personal data about you. This more sensitive data includes information regarding your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, and genetic and/or biometric data. We also do not collect any data about criminal convictions and offences.

 

  1. How we collect your data

We obtain your personal data from the following sources:

TYPE

 

INTERACTION

 

Direct from you

 

When you interact with us, including correspondence (post, phone or electronic means), placing an order, creating an account, subscribing, requesting marketing, or providing feedback

 

From other individuals

 

Where you have given that individual permission to pass on your details, for example, when an order is placed by one individual for delivery to another individual

 

Automated Technologies

 

When you use our website

 

Third-Party Suppliers

 

Where a company collects additional information from you above the information we already hold. This may include payment processors, delivery companies, public sources (Companies House), credit agencies.

 

Third Parties (with whom we have a trading relationship)

 

Where you have placed an order with a third party that we are delivering directly, we need to process this data to fulfil your order

 

 

  1. How we use your personal data

Your personal data is only utilised by us when the law allows us to. Most commonly, we will use your personal data under the following lawful basis’s:

to perform a contract, we are about to enter or have entered into with you;

if it is necessary for our legitimate interests (or those of a third party) and these are not overridden by your rights and interests;

where we need to comply with a legal or regulatory obligation

We always ensure that we have a lawful reason to process your data. Below is a more detailed table showing the lawful basis we use to process your data. It should be noted that sometimes, more than one lawful basis can apply to the processing of a piece of data. If you would like further detail regarding the specific legal grounds we are relying on to process your personal data, please contact us.

 

LEGAL BASIS

 

MEANING

 

PURPOSE

 

Contractual Necessity

 

The processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract

 

Identifying you, responding to you queries (including pre-contractual and post-contractual queries), to complete the contract (including delivering goods and services to you), invoicing and administrative activities

 

Legitimate Interest

 

The processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests

 

To conduct our business, carry out our services, ensure the ongoing security of our websites, protect our company interests, improve our services, communicate with you regarding our products and services which we think may be of interest to you.*

 

Legal Obligations

 

The processing is necessary for us to comply with the law (not including contractual obligations)

 

To comply with applicable laws, protect our business

 

Consent

 

You have given clear consent for us to process your personal data for a specific purpose

 

We don’t usually rely on consent for processing your data, apart from in relation to third party direct marketing communications to you via email (or SMS). You have the right to withdraw consent to marketing at any time by contacting us.*

 

 

3.1. Marketing

*All marketing activities are only undertaken to the extent that we are permitted to do so by applicable direct marketing rules.

We will always be clear whenever we intend to process on the basis of consent, and we will process lawfully and only for the purpose for which consent was given.

 

3.2. Change of purpose

We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

 

4. Do we share your personal data?

We may disclose your personal data to:

Other companies within our group

Our offices, employees, consultants, workers and agents to the extent that they reasonably require it

Our service providers

Law enforcement and regulatory agencies in connection with any investigation to help prevent unlawful activity or as otherwise required by applicable law

Third parties to whom we may sell, transfer or merge parts of our business or assets.

We require all third parties to keep your details securely and use them only to fulfil the service they provide you on our behalf. We do not allow third-parties to use your personal data for their own purposes.

For a full list of all our third parties, please contact us.

 

5. Transfer of your personal data outside of the EEA

We may on rare occasions need to share personal information with a recipient located outside the European Economic Area (EEA) (e.g. an advisor or third party engaged by us or you as part of our work). Where we use data servers that may transfer data out of the EEA we will take steps to ensure adequate protections are in place to ensure the security of your information and give you remedies in the unlikely event of a security breach.

Our employees may occasionally remotely access their email accounts when working abroad (including from jurisdictions outside the EEA). Where they do so they are required to use our systems and access any personal data in accordance with all the usual policies and procedures.

Please note that we review all processors we utilise and ensure that there are adequate safeguards in place to protect your personal data, such as adherence to binding corporate rules or compliance with the EU-US Privacy Shield Framework, which is a mechanism that ensures compliance with EU data protection requirements when transferring personal data from the European Union to the United States. You can learn more about Privacy Shield here: https://www.privacyshield.gov/welcome.

 

6. Data security

Stephens Industries is committed to ensuring that your information is secure. We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

7. How long will your personal data be kept for?

All personal data is carefully considered and will only be held in a form which identifies you for as long as is necessary for the purpose of processing.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We do not store credit card details.

By law, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.

In some circumstances you can ask us to delete your data: see Request erasure below for further information.

In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

8. Your legal rights

Under certain circumstances, the law grants you specific rights. These are summarised below. Please note that your rights may be limited and subject to restrictions in certain situations:

Right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.

Right of access. You have the right to access the data that we hold on you. To do so, you should make a subject access request.

Right of correction. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it.

Right of erasure. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.

Right to object to processing. Where we are relying on a legitimate interest (or those of a third party) and there is something in your particular situation which makes you want to object to processing on this ground.

Right to restrict processing. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct.

Right to portability. You may transfer the data that we hold on you for your own purposes.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

 

  1. Exercising your rights

If you would like to exercise any of your rights as set out above, or make a Data Subject Access Request, please contact us at:

Flexible Roofing Supplies, Monks Park, Monks Lane, Corsham, Wiltshire, SN13 9PH,

Or email: [email protected]

The information that you request will be provided within a maximum of one calendar month and we will not charge unless the request requires a lot of effort. We try to ensure that the information we hold is accurate, up to date and relevant and we’ll be happy to correct any inaccuracies.

 

  1. Making a Complaint

The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO.

 

  1. Cookies

A cookie is a small text file which is placed on your computer and helps us analyse web traffic. A cookie in no way gives us access to your computer or any personally identifiable information about you or your debit or credit cards.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customers needs. We only use this information for statistical analysis purposes. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not.

You may also see Flexible Roofing Supplies adverts and content on other websites. For these adverts, our third-party providers may use software that can set a cookie to your browser This will enable us to monitor whether you see the adverts, click on them and buy from our website.

Cookies are placed on your computer if your browser is set to allow these. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

 

  1. Policy Amendments

We reserve the right to update this privacy notice at any time and will provide a new privacy notice on our website when we make substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

If you have any questions about this policy notice, please contact:

Flexible Roofing Supplies, Monks Park, Monks Lane, Corsham, Wiltshire, SN13 9PH

Telephone 01225 810324              Email [email protected]