Privacy Notice – Sanifix Limited

 

About this document


This Privacy Notice will help you understand how we collect, use and protect your personal information. You should also show this notice to anyone who may be insured under your policy. If you have any queries about this Privacy Notice or how we process your personal information, please contact the Data Protection Officer by email: info@sanifix.co.uk or by post: Sanifix Ltd. Unit 68, Morgan Close. Willenhall. West Midlands. WV12 4LH.

 

Who we are


The organisation responsible for the processing of your personal information is Sanifix Ltd. Unit 68, Morgan Close. Willenhall. West Midlands. WV12 4LH. This means that we are a ‘data controller’ under the Data Protection Act 1998 (and, once in force, to the General Data Protection Regulation (also known as the GDPR)). Our registration number with the Information Commissioner’s Office is Z2507231. 

 

What information we collect about you


The personal data you have provided, we have collected from you, or we have received from third parties includes:

  • name, address, contact details, including telephone numbers and email address  
  • Credit/debit card details (although we do not retain these details)  
  • details about your product warranty and product service history
  • Product serial numbers

How we collect information about you


Most of the personal information we hold about you is that which we collect directly from you, for example:

  • when you purchase our products or services
  • when you register to receive information from us
  • each time you interact with us, respond to communications or surveys, or enter competitions
  • when you make enquiries or raise concerns with our customer service team.

What we use your information for and the legal bases for processing


We may store and use your personal information for the purposes of:

  • administering our service to you (as is necessary for performance of a contract between you and us and/or as is necessary for our legitimate interests);

    (b) carrying out anti-fraud and anti-money laundering checks and verifying your identity (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests);

    (c) assessing financial risks, including by carrying out credit reference checks and credit scoring assessments (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
    (d) using your payment details to process payments relating to your purchases or our products, services and refunds (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
    (e) communicating with you about your products and services, including responding to your enquiries (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
    (f) administering debt recoveries, where you owe us money under a contract or otherwise (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
    (g) undertaking market research and statistical analysis, including analysing your use of our website. This allows us to develop new, or improve existing, products and services (as is necessary for our legitimate interests); and
    (h) fulfilling our obligations owed to a relevant regulator, tax authority or revenue service (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests).Our "legitimate interests" as referred to above (and below) include our legitimate business purposes and commercial interests in operating our business in a customer-focused, efficient and sustainable manner, in accordance with all applicable legal and regulatory requirements.

Using your personal data for marketing


We will send you marketing about similar products and services by post, telephone, email, SMS and through digital channels. Digital channels includes social media and similar such digital marketing channels. We may upload and match the personal data you provide to us with the data you provide to social media and similar such digital marketing channels. This allows us to improve our knowledge of you and, in return, serve you with relevant marketing messages.

You can object to receiving marketing from us at any time. Please send us your name and address via email to the Data Protection Officer by email: info@sanifix.co.uk or by post: Sanifix Ltd. Unit 68, Morgan Close. Willenhall. West Midlands. WV12 4LH

We consider that it is within our legitimate interests to send you information about our products and services for marketing purposes.

Consequences of processing
If we, or a fraud prevention agency, determine that you pose a risk of fraud or money laundering, we may refuse to provide the products, services and financing you have requested. We may also stop providing existing services to you. A record of any fraud or money laundering risk will be retained by us and the fraud prevention agencies. It may also result in others refusing to provide products, services, financing or employment to you. If you have any questions about our processing of your data for fraud purposes, please contact our Data Protection Officer at the details provided above.

 

Who we share your data with


Where relevant given the nature of the products and services provided to you, we may also share your information with the following categories of third parties:

  • Other specific companies that have an interest in your product such as the original supplier or their agent (as is necessary for the performance of a contract between you and us);
  • third party service providers who we instruct for the purposes of handling service issues, including repairers, surveyors, solicitors, third parties involved in the service issue (as is necessary for the performance of a contract between you and us);
  • third party data suppliers, as explained under “How we collect information about you” (as is necessary for our legitimate interests);
  • third party service providers who support the operation of our business, such as IT and marketing suppliers, financial service providers, and debt collection agencies (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
  • fraud prevention agencies and associations, (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests);
  • regulators and law enforcement agencies, including the police, the Financial Conduct Authority, HM Revenue and Customs or any other relevant authority who may have jurisdiction (as is necessary for compliance with our legal obligations).

As explained under “Using your data for fraud prevention”, the personal data you have provided, we have collected from you, or we have received from third parties, may be shared with fraud prevention agencies. Please contact our Data Protection Officer if you would like details of the agencies we share your data with.

 

Processing outside of the European Economic Area (EEA)


The personal information that we collect from you, and which is shared with some fraud prevention agencies, may be transferred to and processed in a destination outside of the EEA. It may also be processed by staff operating outside the EEA who work for one of our suppliers. In these circumstances, your personal information will only be transferred on one of the following bases:  

  • the country that we send the data is approved by the European Commission as providing an adequate level of protection for personal information; or
  • the recipient has agreed with us standard contractual clauses approved by the European Commission, obliging the recipient to safeguard the personal information (in particular, our transfer of personal information to suppliers in India and the United States for marketing, IT development and IT testing purposes are protected in each case by the use of appropriate model clauses); or
  • there exists another situation where the transfer is permitted under applicable data protection legislation (for example, where a third party recipient of personal data in the United States has registered for the EU-US Privacy Shield). 

How long your information is kept


We will retain your personal information for a number of purposes, as necessary to allow us to carry out our business. Your information will be kept for up to 7 years on our main systems after which time it will be archived, deleted or anonymised. Some of the archived information may be retained for up to 50 years for the purposes of processing of your existing or future claims. Records created for fraud prevention purposes will be deleted 7 years after creation. Fraud prevention agencies can hold your personal data for different periods of time, depending on how that data is being used. If you are considered to pose a risk of fraud or of money laundering, your data can be held by fraud prevention agencies for up to 6 years from its receipt by them. Please contact them for more information. Any retention of personal data will be done in compliance with legal and regulatory obligations and with industry standards. These data retention periods are subject to change without further notice as a result of changes to associated law or regulations. If you have any questions in relation to the retention of your personal data, please contact our Data Protection Officer at the details provided above.

 

Your rights


Under the Data Protection Act 1998 you have the following rights:  

  • to obtain access to, and copies of, the personal information that we hold about you;
  • to require that we cease processing your personal information if the processing is causing you damage or distress; and
  • to require us not to send you marketing communications.


Once the GDPR comes into force on 25 May 2018, you will also have the following rights:

  • to require us to erase your personal information;
  • to require us to restrict or object to our data processing activities;
  • to receive from us the personal information we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal information to another data controller; and
  • to require us to correct the personal information we hold about you if it is incorrect. 

Please note that these rights may be limited by data protection legislation, and we may be entitled to refuse requests where exceptions apply. If you are not satisfied with how we are processing your personal information, you can make a complaint to the Information Commissioner. You can find out more about your rights under data protection legislation from the Information Commissioner's Office website: www.ico.org.uk.