Customer Privacy Notice
Classic Windows Limited (“Classic”)
An explanation from Classic (“we” or “us”) regarding how, why and when we use and process your data
As a business, we need to obtain, keep, use and process your personal data (data) for normal business and contractual purposes. The data we hold and process will be used to perform our obligations towards you as a goods and service provider, as well as for administrative purposes to enable us to pursue our legitimate business interests.
If in the future we intend to process your personal data for a purpose other than that which it was collected, we will provide you with information on that purpose in advance and any other relevant information.
Personal Data and Special Categories of Personal Data – what do these terms mean?
Personal data means any data that identifies, or could identify you. Examples of personal data include your name, home address, phone number or an online identifier such as an IP address. Personal data also includes physical, physiological, genetic, economic, cultural or societal data that identifies you.
Special categories of personal data is a term used to describe what is reasonably understood to mean sensitive data. Examples of special categories of personal data include data relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric or health data or data concerning sex life of sexual orientation.
Data Subject and Data Controller – What do these terms mean?
A data subject is the person whose data is processed by a controller or processor. You are a data subject.
A data controller is responsible for determining the means and purpose of the processing of a data subject’s personal data. We are a data controller.
How
We process customer data both manually and electronically using all reasonable security measures available to us to protect your personal data.
Why
We keep and use your personal data to enable us to perform and manage our contractual relationship with and legal obligations to you effectively, lawfully and appropriately and to enable us to run our business. If you do not provide the necessary data to us, we may be unable to comply with our obligations to you, for example, to deliver and install products to you.
What is meant by the term “our legitimate business interests?”
We may need to process your personal data to pursue our legitimate business interests (LBI). From time to time processing your data for LBI reasons means processing your data for reasons other than routine processing. It may be necessary for us to deal with a health and safety issue or an insurance claim, to deal with a customer complaint or to report a potential crime.
CCTV
We use CCTV to protect against crime, such as theft, to ensure the security of customers and visitors to our premises, our employees and company assets and for health and safety. Access to CCTV and material is restricted to authorised personnel. Recorded images are retained for a maximum of 30 days after which they are erased. We reserve the right in yours and our best interests to retain the recorded images for more than 30 days where there are objective health and safety, security or criminal investigation reasons for doing so.
The personal data we collect from you
If at any stage you have a query in relation to our processing of your personal data, we have a dedicated privacy officer and deputy privacy officer in place to process your query.
The categories of personal data collected by us in the course of your contract with us include the following:
- Name and surname.
- Contact information, including home address, email address and phone number.
- Credit/debit card information only to the extent of the card’s last four digits on the merchant copy receipt, the remainder being redacted.
How do we secure your data?
We protect electronic data in accordance with IT industry standards such as controlled authorised access to all systems, using strong passwords and firewalls. We protect hard copy files via a controlled access system to such records, which are kept under lock and key.
How long do we keep your data for?
Your personal data will be stored for as long as the law requires us to do so, to facilitate your need for information from us in the future and/or in the defence of legal proceedings.
Do we ever share your data?
We may be obliged to process your personal data to cooperate with a third party such as our insurers, the Health and Safety Authority, the Revenue Commissioners or An Garda Siochána.
Your rights
Under the General Data Protection Regulation (GDPR) and the Irish Data Protection Acts 1988 to 2018, you have a number of rights regarding your personal data. These are as follows:
- The right to request access to your personal data and to submit an information request (known as a data subject access request).
- The right to request rectification of your personal data in certain circumstances, for example in the event of a change of address.
- The right to request the erasure of your personal data (to the extent that this is possible).
- The right to request restriction of processing and to object to the processing of your personal data (to the extent that this is possible).
- The right to request data portability (to the extent that this is possible).
All requests will be considered on a case-by-case basis and will be facilitated where possible and reasonably practicable. You will always be provided with a written response to your information request, together with an explanation (where relevant) in relation to our response.
If you have provided consent for the processing of your personal data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
You have the right to lodge a complaint to the Data Protection Commission if you believe that we have not complied with the requirements of the GDPR or Irish data protection legislation with regards to our processing of your personal data.
Privacy Officer and Deputy Privacy Officer
If you have any queries please contact:
Melissa Mealy
Privacy Officer
Classic Commercial Park, 1, Killumney, Co. Cork
In the Privacy Officer’s absence, please contact:
Mary O’Sullivan
Deputy Privacy Officer
Classic Commercial Park, 1, Killumney, Co. Cork