Joseph Griggs & Co Ltd respects the privacy of its customers and any data provided by you is used only in accordance with your wishes. We want you to feel confident about the privacy and security of your personal information.
The website URLs this policy applies to are:
- Explaining the legal bases we rely on
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
Consent – In specific situations, we can collect and process your data with your consent. An example would be, when you tick a box to receive an email regarding our product information.
Contractual obligation – In other occasions, we need your personal data to comply with our contractual obligations. An example would be, if you order an item from us for home delivery, we will collect your address details to deliver your purchase and/or pass them to our suppliers for direct deliveries.
When collecting your personal data, we’ll always make it clear to you which data is necessary in connection with a particular service.
Legal obligation – When the law requires us to, we may need to collect and process your data. An example would be, when we pass on details of people involved in fraud.
Legitimate interest – In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights. An example of this interest would be us using your purchase history to send you or make available personalised offers.
We will use your address details to send you direct marketing information by post, telling you about products and services that we think might interest you.
We will combine the shopping history of many customers to identify trends and ensure we can keep up with demand or develop new products.
If you disclose your personal information to other companies, then that information will be dealt with according to their privacy practices.
- When do we collect your personal data?
There are different ways that we will collect your personal data. These are:
- When you visit our websites and download anything from it.
- When you open an account with us.
- When you purchase a product or service in store or by phone but don’t have (or don’t use) an account.
- When you engage with us on social media.
- When you enter any of our competitions, promotions, prize draws.
- When you book any kind of appointment with us or book to attend an event.
- When you ask us to email you information about a product or service.
- When you choose to complete any surveys we send you.
- When you comment on or review our products and services.
- When you contact us by any means with queries, complaints etc.
- When you fill in any forms. As an example, if an accident happens in store or outside when our staff members are involved, we will collect your personal data.
- When you have given a third party permission to share with us the information they hold about you.
- When you use our car parks and shops which usually have CCTV systems operated for the security of both customers and our business. These systems may record your image during your visit.
We collect data from publicly available sources when you have given your consent to share information or where the information is made public as a matter of law.
- What personal information do we collect about you?
We ask you for information to enable us to provide a service to you and we collect this information by either telephone, written correspondence, email or via a website contact form.
- We ask you for your name, private/business address, contact names, telephone numbers and email addresses.
- We may ask you for copies of documents you provide to prove your age or identity where the law requires this, including your passport and driver’s licence. This will include details of your full name, address, date of birth and facial image. If you provide a passport, the data will also include your place of birth, gender and nationality.
- We also ask you for other information that relates to products/services you are using or ordering. For example:
- we may need your credit card number to charge you for your orders and services,
- your comments and product reviews,
- your image may be recorded on CCTV when you visit a shop or car park,
- your social media username when you interact with us through these channels.
But of course, it’s always your choice whether you share these with us.
- We collect notes from our conversations with you, details of any complaints or comments you make, details of purchases you made.
- Details of your visits to our websites and which site you came from to ours.
We have information about your use and purchase of our products and services (such as the number of transactions/amount of spend with us etc), which we use to manage our business, the services we offer to you and for billing. We may also use this information for marketing products and services, but we will give the option to opt out of receiving this material.
- How and why do we use your personal data?
We want to give you the best possible customer experience and service. One way to achieve this is to combine the data we have about you. We then use this to offer you promotions, products and services that are most likely to interest you.
The data privacy law allows this as part of our legitimate interest in understating our customers and providing the highest levels of service.
If you wish to change how we use your data, you’ll find details in section 10, the ‘What are my rights?’ below.
Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for. For example, if you have asked us to let you know when an item is back in stock, we can’t do that if you’ve withdrawn your general consent to hear from us.
Below you will find how we will use your personal data and why:
- To process any orders that you place with us. If we don’t collect your personal data at the end of the sales order, we won’t be able to process your order and comply with our legal obligations. As an example, your details may be passed to a third party in order for them to deliver the products to you. We may keep your details for a reasonable period afterwards in order to fulfil any contractual obligations such as refunds, guarantees and so on.
- To respond to your queries, refund requests and complaints. Handling the information you sent enables us to respond. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interest in providing you with the best service and understanding how we can improve our service based on your experience.
- To protect our business and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account.
- To protect our customers, premises and assets from crime, we operate CCTV systems in our stores and car parks which record images for security. We do this on the basis of our legitimate business interests.
- To process payments and to prevent fraudulent transactions and to protect our customers from fraud. We do this on the basis of our legitimate interests.
- If we discover any criminal activity or alleged criminal activity through our use of CCTV, fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts. We aim to protect the individuals we interact with from criminal activities.
- With your consent, we will use your personal data, preferences and details of your transactions to keep you informed by email, web, text and telephone about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on.
- To send you relevant, personalised communications by post in relation not updates, offers and products. We’ll do this on the basis of our legitimate business interest.
Of course, you are free to opt out of hearing from us by any of these channels at any time.
- To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. As an example, updates to this Privacy Notice, product recall notices, and legally required information relating to your orders. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we don’t use your personal data for these purposes, we would be unable to comply with our legal obligations.
- To administer any of our prize draws or competitions which you enter, based on your consent given at the time of entering.
- To develop, test and improve the systems, services and products we provide you with. We will do this on the basis of our legitimate business interests.
- To comply with our contractual or legal obligations to share data with law enforcement. As an example, when a court order is submitted to share data with law enforcement agencies or court of law.
- To send you survey and feedback requests to help improve our services. These messages will not include any promotional content and do not require prior consent when sent by email or text message. We have a legitimate interest to do so as this helps make our products and services more relevant to you.
Of course, you are free to opt out of receiving these requests from us at any time by letting us know either in writing or over the phone.
- To process your order requests, sometimes we will need to share your details with a third party who will be providing a service such as direct delivery. Without sharing your personal data, we’d be unable to fulfil your request.
- Combining your data for personalised direct marketing
We want to bring you offers and promotions that are most relevant to your interests at particular times. To help us form a better, overall understanding of you as a customer, we combine your personal data gathered as described above, for example your shopping history. For this purpose, we also combine the data that we collect directly from you with data that we obtain from third parties to whom you have given your consent to pass that data onto us.
- Do we share your personal information with anyone else?
We sometimes use other companies to provide services to you or to provide services to us. To enable them to do this, we may need to share your personal information with them. When we do so, these companies are required to act in accordance with the instructions we give them, and they must meet the requirements of the GDPR to keep the information secure.
This is the policy we apply to those organisations to keep your data safe and protect your privacy:
- We provide only information they need to perform their specific services.
- They may only use your data for the exact purposes we specify in our contract with them.
- We work closely with them to ensure that your privacy is respected and protected at all times.
- If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Examples of the above would be:
- IT companies who support our website and other business systems.
- Delivery couriers.
- Suppliers who deliver to our customers directly.
- Google/Facebook to show your products that might interest you while you are browsing the internet. This is based on your acceptance of cookies on our website. See our Cookies Policy for details.
We may share your personal information with other companies so that they can contact you with details of other products or services you may be interested in. We will only do this if you have given consent to this at the time you supply your personal data and where the companies agree to use your personal information for that purpose only. An example of this would be when Joseph Griggs & Co runs a joint event with a supplier, and you agree to receive direct communication from them.
For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
- We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
If you have agreed to receive information about products and services from another company and later decide not to, you will need to contact that company yourself to let them know.
- For how long does Joseph Griggs & Co keep personal information?
The time period for which we keep information varies according to what the information is used for.
In some cases, there are legal requirements to keep data for a minimum period. At the end of that retention period, your data will be deleted completely. Examples of customer data retention periods would be:
- Orders – when you place an order, we’ll keep the personal data you give us for six years so we can comply with our legal and contractual obligations. In the case of certain products, the data will be kept for up to 10years.
- How we protect your personal data
We know how much data security matters to all our customers and all parties that work with us. Therefore, we will treat your data with the utmost care and take all appropriate steps to protect it.
We secure access to all areas of our websites and apps using ‘https’ technology.
Access to your personal data such as payment card information is secured and tokenised to ensure it is protected.
We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.
- What are your rights over your personal data?
You have the right to request access to the personal data we hold about you. In such case, please put your request either verbally or in writing. Our main contact details are:
- Phone no: 0117 906 3060
- Email address: email@example.com
- Address: Joseph Griggs & Co Ltd, Olympus House, Britannia Road, Patchway, Bristol, BS34 5TA
You have the right to request:
- Access to the personal data we hold about you.
- The correction of your personal data when incorrect, out of date or incomplete.
- The deletion of the data we hold about you, in specific circumstances; for example, when you withdraw consent or object, and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end.
- A computer file in a common format (CSV or similar) containing the personal data that you have previously provided to us, and the right to have your information transferred to another entity where this is technically possible.
- That we stop processing your personal data, in specific circumstances; for example, when you have withdrawn consent, or object for reasons related to your individual circumstances.
- That we stop using your personal data for direct marketing (either through specific channels, or all channels).
- That we stop any consent-based processing of your personal data after you withdraw that consent.
- If we choose not to action your request, we will explain the reasons for our refusal.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
There are several ways you can stop direct marketing communications from us:
- Click the ‘unsubscribe’ link in any email communication that we send you.
- If you have an account, you can change your preferences by calling us.
- Write to Joseph Griggs & Co Ltd, Olympus House, Britannia Road, Patchway, Bristol, BS34 5TA
Please note that you may continue to receive communications for a short period after changing your preferences while your systems are fully updated.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
A “cookie” is a text file which is allocated by our server to your personal computer (PC) when you visit our website. If you want to know more about cookies please go to www.allaboutcookies.org or refer to our Cookies Policy, which explains how cookies work and how you can manage their use.
Joseph Griggs & Co’s cookies do not collect any information regarding the use of your PC or your Internet browsing in any way.
- Are third party sites covered by this policy?
Joseph Griggs & Co accepts no responsibility or liability for these sites. Other companies which advertise or offer their products or services on our website may also allocate cookies to your PC.
The types of cookies they use and how they use the information generated by them will be governed by their own privacy policies and not ours.
- Contacting the regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioners’ Office.
You can contact them by calling 0303 123 1113.
Or go online to www.ico.org.uk/concerns (opens in a new window; please note that we can’t be responsible for the content of external websites).
Website design, images, logos and content remain copyright of Joseph Griggs & Co Ltd. No part of www.griggstimber.co.uk should be reproduced or used without written permission from the marketing department of Joseph Griggs & Co Ltd.
Browsers are permitted to copy and to print all or part of this website for the purpose of reviewing your information regarding Joseph Griggs & Co Ltd.
Information included within these websites has been compiled with care to ensure it is correct. However, any information is subject to change without notice. We advise you to contact any of our branches for clarification on any points, or alternatively you may contact our Admin Support Department on 0117 906 3060.
Joseph Griggs & Co Ltd does not have any control of sites which are accessible through website links.
Joseph Griggs & Co Ltd nor any of its directors, employees, affiliates or other representatives will be liable for damages of any kind, including (without limitation) compensatory, direct, indirect or consequential damages, loss of data, income or profit, loss or damage to property and claims of third parties arising out of or in connection with the use of this website or the information and content.
- Any questions?
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.
If you have any questions that haven’t been covered, please contact us, and we will be pleased to help you:
- Email us at: firstname.lastname@example.org
- Or write to us at: Joseph Griggs & Co Ltd, Olympus House, Britannia Road, Patchway, Bristol, BS34 5TA
This notice was last updated on 25/05/2018