Bathrooms at Source Ltd are committed to protecting and respecting your privacy.
This policy, together with any other documents referred to in it, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
By visiting this website, you are accepting and consenting to the practices described in this policy.
Along with our business and internal computer systems, this website is designed to comply with the following national legislation with regards to data protection and user privacy:
This site’s compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether this site is compliant with your own country of residences’ specific data protection and user privacy legislation you should contact our data protection officer (details of whom can be found below) for clarification.
We will collect and process the following categories of data about you:
We operate social media platforms. These platforms are, in most cases, operated outside of the EU and do not comply with current Data Privacy Act and subsequent GDPR provision although they may well conform to the U.S Privacy Shield protocol.
It is our process and protocol that any personally identifiable data gathered on these platforms is only in response to users interacting out of their own volition with our marketing pages. The contact is deemed as a legitimate business enquiry. The personal contact data is removed from the site once the enquiry is processed or the user has requested so.
Our website uses Google Analytics to collect information about how visitors use our website. We anonymise this data at the point of collection and automatically delete user and event data that is older than two years.
All information about you that we collect or receive, whether of a personal or technical nature, may be used by us in the following ways:
We use some third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation set out above. Some of these third parties are based in the USA and are EU-U.S Privacy Shield compliant.
If you submit a query on this website by the contact forms on any of our pages or an email link, some personal information will be sent by email.
Pseudonymisation is a recent requirement of the GDPR which many web application developers are currently working to fully implement. We are committed to keeping it as a high priority and will implement it on this website as soon as we are able to.
All information that you provide to us is stored on a third party secure server, and we will take reasonable steps to protect your information in accordance with this policy, including (without limitation):
All data sent via website forms is passed through a third party relay service and deleted after 30 days. All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of any information transmitted to the Site; and any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We may have to share your personal information with the parties set out below:
We require all third parties to whom we transfer your personal information to respect the security of your personal information and to treat it in accordance with the law. We only allow such third parties to process your personal information for specified purposes and in accordance with our instructions.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. By law we must keep basic information about our customers (including Contact, Identity, Financial and Transaction information) for six years after they cease being customers for tax purposes. In some circumstances you can ask us to delete your information: see below for further information. In some circumstances we may anonymise your personal information (so that it can no longer be associated with you).
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Please note: We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further details in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
You have the following rights under law in respect of your personal information:
Should you wish to exercise any of these rights, you may do so at any time by writing to us at the address given below.
If you feel that your rights have been breached in any way, you should contact (insert person’s name) at the email address given below or lodge an official complaint with the Information Commissioner’s Office via their website (https://ico.org.uk) or by writing to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
The Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We will report any unlawful data breach of this website’s server or of our email server, or any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.