Data Protection Information Notice
Introduction and scope
The Gratefulpain policy towards privacy is clear: we are committed to protecting the privacy and personal data of all those whose data we are handling and to working within the guidelines set out by data protection law. This privacy information notice aims to provide you with information about how and why Gratefulpain may be using information about you. It also explains how you can execute the rights you have set out in the law and how you can contact us if you have any concerns or questions about data protection.
This policy relates to personal data collected and processed via websites controlled by Gratefulpain
Information we may be holding about you
We collect and process the following types of personal data:
- Personal identifiers such as name, address, employer, job title which you provide to us through our enquiry or contact forms and which we use: a) to fulfil any request you make (e.g. registering a warranty service agreement, subscribing to a communications service, fulfilling requests for information etc.); and b) to create a database of people who have expressed interest in our companies, products or services. We may also use this information to validate your identity via Facebook authentication services if you sign up for our services via social media.
- Feedback and opinions which you provide to us through our enquiry or contact forms are processed to allow us to answer queries and complaints you may have and to help us evaluate the quality and consistency of our services.
We may also use the information we hold about you to create a profile of you to segment our database and for direct marketing purposes including sending you marketing and promotional materials.
If you join our communications program we collect information about each email we have sent to you and your interaction with them including the number of times opened, deliverability, which sections you clicked on etc. which we use to measure the effectiveness of our email campaigns, to plan marketing campaigns and to segment our database.
We may also undertake additional data processing activities but will ensure they are compatible with the purposes above. If we chose to process your personal data for any purpose incompatible with those described above we will provide you with appropriate information at the point where you come across those additional purposes and prior to commencing any such additional processing activities.
The legal basis for processing
The legal basis for processing personal data is the pursuit of our legitimate interests which are seeking to promote, develop and grow our group of businesses through the sale of products and services and to provide excellent customer services.
If you buy any products or services from our website the legal basis for processing personal data about you in those circumstances is the fulfillment of the contract with you brought about by the transaction.
If you subscribe to our marketing communications program we may send to you unsolicited direct email marketing materials but only where you have granted your consent or if they relate to products and services similar to those you have previously bought from us or expressed interest in.
Disclosing, sharing and transferring your personal data
The table below indicates categories of organizations to whom we may disclose information about you which includes suppliers processing data on our behalf to help us to provide services to you. We disclose personal data in this manner to procure high quality, cost-effective services which we believe to be in our legitimate interests.
|Categories of Organisation||Purpose||Location|
|Marketing agencies, database hosting companies, data cleansing companies, mailing housing, and email broadcasters.||To provide marketing services and fulfill our CRM and email program.||UK|
|Banks, card payment companies, mailing houses, retail partners.||To fulfill any order that you place with us.||Various|
|Social Media which may include but not be limited to: Facebook, Twitter, Linked In, Instagram, Pinterest, YouTube.||If we need to contact in order to notify about competitions or promotions. If you use these as a means of registering your details on our site||United States|
We may also share information about you with other companies within our group (see Introduction and Scope) where we think you may have an interest in their products and services. We undertake this on the basis of their legitimate interests in promoting their products and services and undertaking direct marketing.
We may also disclose your personal information to other third parties from time to time:
a) if we are under a duty to disclose or share your personal data in order to comply with any legal obligation;
c) to protect the rights, property, or safety of Gratefulpain Companies, our customers, or others including exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
Other than the circumstances set out above information about you will not be passed to a third party for any other purposes.
We will hold information about you in our data systems only for as long as we need to hold it which is generally as follows:
- As long as you continue to use our services and log into our website we will retain and process information about you. User accounts are automatically suspended when they have been inactive (i.e. users have not logged in and/or have not opened our emails) for a period of two years. Inactive accounts are still maintained on our data systems indefinitely.
- We will hold information about how you interact with our electronic communications while ever the data is relevant for as long as a) the individual remains in their job; b) they have an interest in Gratefulpain’s products; c) Gratefulpain’s products remain relevant for their organization.
- When personal data is deleted from our database we retain secure records on for back up purposes which are only used in business-critical circumstances
- Any personal data linked to insurance claims are retained indefinitely.
We reserve the right to review our retention policy and to shorten our retention periods if we feel this is appropriate. We will not lengthen our retention periods without letting you know.
Data protection law grants you certain rights (‘information rights’) which provide you with:
|Right of access and of data portability.||You have the right of access to information we hold about or concerning you and/or to have it transferred to another data controller in some circumstances. If you would like to exercise this right you should contact our Data Protection Officer.|
|Right of rectification or erasure.||If you feel that any data that we hold about you is inaccurate you have the right to ask us to correct or rectify it. You also have a right to ask us to erase information about you where you can demonstrate that the data we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data. Your right of rectification and erasure extends to anyone we have disclosed your personal information to and we will/shall take all reasonable steps to inform those with whom we have shared your data about your request for erasure.|
|Right to restriction of processing.||You have a right to request that we refrain from processing your data where you contest its accuracy, or the processing is unlawful and you have opposed its erasure, or where we don’t need to hold your data anymore but you need us to in order to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data.|
|Right to object.||You have a right to object to our processing of your personal data where the basis of the processing is our legitimate interests including but not limited to direct marketing and profiling.|
|Right to Withdraw Consent.||You have the right to withdraw your consent for the processing of your personal data where the processing is based on consent. To withdraw consent please select the unsubscribe option in the most recent electronic marketing communication you have received or alternatively you can write to us email@example.com|
|Right of Complaint.||You also have a right to lodge a complaint about any aspect of how we are handling your data with the UK’s Information Commissioner’s Office who can be contacted at www.ico.org.uk.|
If you would like to find out more about your rights please contact our Data Protection Officer.
Information Governance and our Data Protection Officer
We have appointed a data protection officer (DPO) who is responsible for helping us to comply with our legal obligations set out in the GDPR. The DPO monitors our data protection compliance and provides advice and guidance as to how we can improve our data handling practices. The contact details of our DPO are available on our website and may change from time to time. At the time of writing our DPO is:
Data Protection Officer
We reserve the right to change our DPO without informing you directly and will publish our DPO’s contact details on our website.