Privacy policy

 

What data do we collect?

  • We do collect and process personal data (see section 4 for what personal data is), but only in relation to you at work within your company environment. However, we are careful how we handle the data and what we do with it.
  • We do store the data in our CRM system which is hosted in our office within the UK.
  • We do not collect or store any ‘special category’ data.

How do we collect your data?

  • When you provide it to us. (e.g., where you contact us via email, telephone, a contact form on our website, or request something from us by any other means)
  • When you visit or access any resources available on our website. (IP address only) 
  • If you create a login on our website to access our resource centre.

Who do we share your data with?

  • We use a small number of third-party external service providers who ensure we adopt best practice methods, e.g. for marketing and data back-up. 
  • We are satisfied that our third-party service providers are compliant with the GDPR regulations for data processors. 
  • All your data is stored or hosted within the UK.
  • We will not supply or sell your data to any third-parties for their own use.

How do we use your data?

We may process your data for the following purposes:
  • As part of a contract for sale
  • For providing a quotation or any other information about our business to you
  • For marketing purposes

How can you change what we do with your data?

You can request that we stop holding or processing your data at any time. There are several ways that you can do this which are explained in more detail below, but you can email data@nicholsonsts.com any time with any queries that you may have about your data.
 

How do I contact you?

You may contact us by one of the following methods:
 
By mail:        Nicholson STS LLP, Unit 13 Wireless Station Park, Bassingbourn,
                      Hertfordshire, SG8 5JH.
By email:      data@nicholsonsts.com
By Phone:    0845 0098 980
 
Please address all communications to the to the Data Manager.
 

 

1 Introduction

Nicholson STS LLP (Nicholson) understand the importance of data privacy. This policy explains in more detail how Nicholson collects, stores and uses your personal data. 
 

2 Definitions

  • ‘Data controller’ (us/we) – For the purposes of this policy, Nicholson are the data controller. Contact details are provided in section 12
  • ‘Data subject’ (you/your) Individuals that in some way interact with us and where we have access to the personal data of that individual. 
  • ‘Data processing’- Any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc.
  • ‘Personal data’ - Means information that is about any individual, or from which any individual is identifiable. Examples of personal data that we may process are provided in section 4.
  • ‘Special Category data’ – refers to sensitive categories of personal data. E.g. age, race, religion. 

3 This Policy

This policy is addressed to individuals outside our organisation who interact with us in some way, including visitors to our website and other users of our services.
 
We might make changes to this statement from time-to-time, so you should check back occasionally to make sure you are happy with any changes.
 
We will make it easy for you to see any changes to this policy by highlighting relevant sections at the top of this page.
 
 

4 Personal Data

When we refer to personal data throughout this policy, we are referring to the following:
  • Personal details: given name(s), preferred name, user name (on website account only)
  • Contact details: business telephone number, mobile number, email address, business postal/billing address.
  • Professional details: professional profile details, company data.
  • Device details: device type, operating system, browser type, browser settings, IP address, machine generated visitor ID, dates and times of connecting to our website.
  • Usage details: records of your use of our website and other services, including: logins, details of content with which you interact/download, page views, total number of visits to the site, number of pages viewed and traffic source information.
  • Analysis data: keywords and trends.
  • Payment details: If applicable

4.1 Collection of personal data:

We collect your personal data from the following sources:
 

4.1.1 When you provide it to us 

Where you contact us via email, telephone, a contact form on our website, create an account on our website, request something else from us on our website or by any other means. E.g. if you complete a form to request a quote or register on our website.
 

4.1.2 When you visit our website

We use a third-party service, Google Analytics, to collect standard device information and details of users who access our website. We do this to gain insight into things like -  the number of visitors to the various parts of the site and how they found us.
 
Google Analytics does not collect personally identifiable information. We have restricted Google from tracking your full IP address via a process known as IP Masking. For more information, please review Google Analytics privacy policy
 
You can opt-out from Google Analytics tracking via your browser privacy settings or by using a browser add-on.
 

4.1.3 If you attend one of our CPD training sessions

Contact details are likely provided to us by your company for the purpose of sending individual certificates of attendance.
 
We do not collect any special category data relating to your age, race, religion, genetics or health etc. 
 

4.2 Storage of personal data

  • Your data is stored within our CRM system - hosted in our office in the UK 
  • Your data is stored in an on-site back up system with cloud replication - hosted in the UK
  • Your data is stored in a marketing automation system -  hosted in the UK

4.3 Sharing of personal data

We use external third-party service providers to enable us to adopt best practices in being compliant as a data controller. The following providers may have access to your personal data.
 

4.3.1 Marketing Automation

We use an external marketing automation provider to manage our email marketing. Their software is used to send our marketing emails, provide reporting on your interaction and manage your preferences on what information you receive from us.
 

4.3.2 Data hosting and back-up

We use an external data back-up service provider who supply us with hosting at their UK based datacentre as well as cloud-based services. 
 
We are satisfied that our third-party service providers are compliant with the GDPR regulations for data processors. 
We will not supply or sell your data to any third-parties for their own use.
 
 

4.4 Processing of personal data

We may process your data for the following purposes:
  • As part of a contract for sale
  • For providing a quotation or any other information about our business to you
  • For marketing purposes
 

5 Purposes for which we may process personal data: 

The purposes for which we may process personal data, include:
 
  • To provide a service to you: if you purchase from us, we will process your personal details to supply to you.
  • To process a request: if you request any information from us (i.e. a quotation), we will process your details to ensure you receive the correct information from us.
  • To improve your experience on our website: We may use your data to improve your experience on our website. E.g. to show you pop-ups just once rather than every time you visit.
  • To promote our products or services to you: We may email or call you from time-to-time to provide information about our products or services. We will endeavour to ensure to the best of our ability that the communications you receive from us are relevant to you in your role and/or your company. 
  • Service delivery: to keep you informed about alterations to our usual service – i.e. public holiday office closing times and last dispatch times/dates
 

6 Lawful bases for processing personal data: 

We rely on the following three grounds for lawful processing:
 

6.1 Contract:

The processing is necessary in connection with any contract that you may enter with us. Some examples of our ‘contract to supply basis’ include but are not limited to:
 
  • Enquiry from a business or individual within that business looking for guidance on best practice or regulatory requirements
  • Enquiries for pricing or quotations
  • Orders for our products

6.2 Consent:

You have taken a physical action to agree for us to contact you. An example of our ‘consent basis’ includes but is not limited to:
 
  • Ticking a consent box on our preference centre page – which allows you to choose which communications you receive from us

6.3 Legitimate interest:

We have a legitimate interest in carrying out the processing for managing, operating or promoting our business. Read our legitimate interest statement to understand how you may fall into this category. 
 

6.3.1 Legitimate interest statement. 

To existing customers or those that have a prior business relationship with us
 
Our products and systems are specifically aimed at the construction, roofing and solar industries. If there has been an enquiry, request for technical information or a purchase of one of our product lines it is very probable that our other product lines will be of interest too. 
Therefore, we may email you from time-to-time with relevant details about our products or services. You can opt-out of these communications at any time by clicking on the unsubscribe link at the bottom of all our emails, or by emailing data@nicholsonsts.com and requesting that we remove your details from our marketing system. Please see point 9.1.1 to find out about our suppression list.
 
To prospect customers who have no prior business relationship with us
 
Our products are specifically aimed at the construction, roofing or solar industries, and all our products are designed to help the execution and construction of challenging details that are commonly encountered on site by specifiers and contractors both at specification and construction stages of a project.  Some of our products and systems are also specifically designed to meet building regulation requirements. These products can prove time-saving for situations where these regulations apply.
 
We view our prospective customers as:
  • Businesses (or employees of that business) in the construction industry 
  • Businesses (or employees of that business) involved in the manufacture of roofing products within the construction industry
  • Businesses (or employees of that business) involved in the design, specification or construction of buildings
  • Businesses (or employees of that business) involved in the installation of solar systems
  • Individuals that attend a CPD course that we offer
  • Anyone that creates a login on our website to access our resource centre
We may email you as a prospective customer from time-to-time with relevant details about our products or services. You can opt-out of these communications at any time by clicking the unsubscribe link at the bottom of all our emails, or by emailing data@nicholsonsts.com and requesting that we remove your details from our marketing system. Please see point 9.1.1 to find out about our suppression list.
 
 

7 Data security

We have implemented appropriate technical and organisational security measures designed to protect your personal data. You are responsible for ensuring that any personal data that you send to us is sent securely.
 
 

8 Data accuracy

We take every reasonable step to ensure that:
  • your personal data that we process is accurate and, where necessary, kept up-to-date
  • any of your personal data that we process that is inaccurate is rectified or erased without delay.

9 Data retention

We will not store your details for any longer than we need to. 
 

9.1 Personal data

Your personal data will be kept for as long as is reasonable and necessary unless applicable law requires a longer retention period. This includes the retention of details in a suppression list.  
 

9.1.1 what is a suppression list and why do we have one?

A suppression list contains email addresses that cannot be sent to. Suppression lists are integral to preventing the sending of unwanted emails to those recipients who have explicitly requested not to be contacted by these means.  E.g. If you were to unsubscribe from our marketing emails your details would be removed from our active send list and placed in our suppression list. 
 
 

9.2 Website registration details

Details that you provide at point of registration will be retained for as long as you are registered on the site.
 

9.3 Device, Usage and analysis details/information

Details of your interaction with our website are retained for a period of 38 months.
 

9.4 Payment details 

Payment details are stored for no longer than 18 months. Details that enable the authorisation of a payment are deleted daily. For more specific information about your payment details please contact us. See section 12.
 
 

10 Your legal rights

You have a number of legal rights regarding the processing of your personal data. These are outlined below.
 

10.1 Requesting a change 

You have the right to request a change or update any of the details that we hold about you at any time. To request a change please see section 12 for our contact details.
 
If you would like to change the information that we send you, you can click on the unsubscribe link in any of our emails which will give you the option to choose what we send you.
 

10.2 Requesting not to be contacted

You have the right to object or restrict processing of your personal details at any time. You can also request us to terminate contact and that we erase the personal details that we hold about you.  Please see section 9.1.1 for details of our suppression list. To contact us please see section 12 
 

10.3 The right to access your data

You have the right to request access or copies of the data that we hold about you. 
 

10.4 The right to withdraw consent 

Where we process your personal data on the basis of your consent, you have the right to withdraw that consent at any time.
 

10.5 Lodge a complaint

You have the right to lodge a complaint with the ICO. 0303 123 1113 Email
 
 

11 Cookies

A cookie is a small file that is placed on your device when you visit our website. It records information about your device, your browser and, in some cases, your preferences and browsing habits. 
 
We use reports provided by Google Analytics software to gain insight into how our site is being used, how users are getting to our site and what the most popular areas are.
 
Find out more about our use of cookie technology in our Cookie Policy.
 
 

12 Contact details

If you have any comments, questions or concerns about any of the information in this policy, or any other issues relating to the processing of personal data by Nicholson, please contact us by one of the following methods:
 
By mail:        Nicholson STS LLP, Unit 13 Wireless Station Park, Bassingbourn,
                      Hertfordshire, SG8 5JH.
By email:      data@nicholsonsts.com
By Phone:    0845 0098 980
 
Please address all communications to the to the Data Manager.