Privacy Policy GDPR

Who are we?

Heating Appliances & Spares Ltd T/A HASL – 10 Grange Road, Houstoun Industrial Estate, LIVINGSTON West Lothian, EH54 5DE. Tel: 01506 438083 Registered in Scotland SC078742. We are an independent specialist building services equipment distributor providing a bespoke marketing & distribution service for clients throughout the United Kingdom & Ireland.

What does this Policy cover?

This policy relates to individuals outside our organisation with whom we interact, including (but not limited to) Customers, Clients, Sources and visitors to our website.

This policy:
– sets out the types of Personal Data that we collect and/or create about you;
– explains how and why we collect and/or create and use your Personal Data;
– explains how long we keep your Personal Data for;
– explains when, why and with who we will share your Personal Data;
– sets out the legal basis we have for using your Personal Data;
– explains data security, accuracy and minimisation;
– explains the different rights and choices you have when it comes to your Personal Data;

– your obligations;
– explains how we contact you; and
– explains how you can contact us.

This Policy may be amended or updated from time to time to reflect changes in applicable law or in our practices with respect to the Processing of Personal Data. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Policy.

Defined terms used in this Policy are explained further at the end of this policy.

What Personal Data do we collect and/or create about you?

The categories of Personal Data about you that we may Process include:

  • Personal details: given name(s); preferred name; job title; employer; department.
  • Contact details: home address (*only for HASL employees or if given as place of work); work address; home telephone number (*); work telephone number; work mobile number; personal mobile telephone number (*); personal email address (*); work email address; and social media profile details.
  • Employment records: dates and details of current and former positions held; details of current and former employers; dates of employment; job titles; job locations; subject matter of previous experience with HASL.

We do not seek to collect or otherwise Process your Sensitive Personal Data, except where:

  • the Processing is required or permitted by applicable law (e.g., to comply with our diversity reporting obligations);
  • the Processing is necessary for the detection or prevention of crime;
  • the Processing is necessary for the establishment, exercise or defence of legal rights;
  • or we have, in accordance with applicable law, obtained your prior explicit consent before Processing your Sensitive Personal Data (as above, this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way).

Where do we collect Personal Data about you from?

We may collect Personal Data about you, such as your name, address and contact details. Examples of sources from which we may collect Personal Data include the following:

  • We may obtain your Personal Data when you provide it to us (e.g., where you contact us via email, telephone, or by any other means).
  • We may collect your Personal Data during the course of our relationship with you (e.g., if we offer to connect you with our products & services we may collect your Personal Data that are related to such Client opportunities, such as industry referral).
  • We may collect Personal Data that you choose to make public, including via social media (e.g., we may collect information from your social media profile(s), to the extent that you choose to make your profile publicly visible).
  • We may receive your Personal Data from third parties who provide it to us (e.g., past suppliers; referees; sources and industry bodies).
  • We may, with your prior express written consent following completion of our Credit Rating Application, conduct background / credit checks, in accordance with the protections provided by applicable law.
  • We may also create Personal Data about you, such as records of any meetings you attend. This Personal Data helps us to conduct our operations and manage our workforce.

In some circumstances, you may provide us with Personal Data about others. For example, you might act as a Source and provide comments on an opportunity. Whenever you provide any such Personal Data, we rely on you to ensure that you have a lawful basis for providing such Personal Data to us, and that you have complied with applicable law and with the terms of this Policy. If you are unable to do so, please refrain from providing the Personal Data of third parties to us.

How and why we use your Personal Data?

The purposes for which we may Process Personal Data, subject to applicable law, include:

  • Sales & Marketing activities on behalf of our Suppliers: Trading operations; advertising Client opportunities; providing services to our Clients; enabling Clients to understand which Customers are interested in their products & services; record-keeping; and performing trading credit checks.
  • Provision of services to you: attending meetings with you; attending telephone calls with you; and otherwise communicating with you in relation to those services.
  • Training: providing you with product / application training and preparation for operation of our equipment.
  • Newsletters and other marketing communications: communicating with you via any means (including via email, telephone, text message, social media, post or in person) news items and possible opportunities in which you may be interested.
  • Communications and IT operations: management of our communications systems; operation of IT security; and IT security audits.
  • Health and safety: health and safety assessments and record keeping; and compliance with related legal obligations.
  • Financial management: sales; finance; corporate audit; and vendor management.
  • Surveys: engaging with you for the purposes of obtaining your views on relevant issues and topics.
  • Improving our services: identifying issues with existing services; planning improvements to existing services; creating new services.
  • Future planning: succession and organisational planning, including budgeting.

How long do we keep your Personal Data for?

We will retain your Personal Data for as long as we have your permission to contact you. Should you wish to withdraw that permission, you may do so using the contact details noted at the end of this Policy.

Please be advised that we may retain some of your information after you cease to use our services, for instance if this is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes.

When determining the relevant retention periods, we will take into account factors including:

a) our contractual obligations and rights in relation to the information involved;

b) legal obligation(s) under applicable law to retain data for a certain period of time;

c) statute of limitations under applicable law(s);

d) (potential) disputes;

e) if you have made a request to have your information deleted; and

f) guidelines issued by relevant data protection authorities.

Who do we share your Personal Data with?

We may disclose your Personal Data with our Clients, trusted associates and advertisers for the purposes outlined in this Policy.

In addition, we may disclose your Personal Data to:

  • legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
  • our Clients, for the purposes of providing services to those Clients, in accordance with the provisions of this Policy;
  • accountants, auditors, lawyers and other outside professional advisors, subject to binding contractual obligations of confidentiality;
  • third party Processors (such as providers of background credit checking services), located anywhere in the world, subject to the requirements noted below;
  • any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defence of legal rights;
  • any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security;
  • any relevant third party acquirer(s), in the event that we sell or transfer all or any portion of our business or assets (including in the event of a reorganisation, dissolution or liquidation).

If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to only Process the Personal Data in accordance with our prior written instructions and use measures to protect the confidentiality and security of the Personal Data.

What legal basis do we have for using your information?

In Processing your Personal Data in connection with the purposes set out in this Policy, we may rely on one or more of the following legal bases:

  • we have obtained your prior explicit consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way);
  • the Processing is necessary in connection with any contract that you may enter into with us;
  • the Processing is required by applicable law;
  • the Processing is necessary to protect the vital interests of any individual; or
  • we have a legitimate interest in carrying out the Processing, which is not overridden by your interests, fundamental rights, or freedoms. Where we rely on this legal basis, our legitimate interests are:
    – our legitimate interest in the management and operation of our business;
    – our legitimate interest in the promotion of our business; and
    – our legitimate interest in the provision of services to our Clients.

Do we make automated decisions concerning you?

No, we do not carry out automated profiling.

Do we use Cookies to collect Personal Data on you?

We do not use Cookies.

Do we transfer your data outside the EEA?

We may need to transfer your Personal Data to clients or third parties in countries outside the EEA.

These countries privacy laws may be different from those in your home country. Where we transfer data to a country which may not have been deemed to provide adequate data protection standards we always have security measures in place to protect your Personal Data.

Data Security, Accuracy and Minimisation

Data Security

We have implemented appropriate technical and organisational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of Processing, in accordance with applicable law.

You are responsible for ensuring that any Personal Data that you send to us are sent securely.

Data Accuracy

We take every reasonable step to ensure that your Personal Data that we Process is accurate and, where necessary, kept up to date.

Any of your Personal Data that we Process that is inaccurate (having regard to the purposes for which they are Processed) are erased or rectified without delay.

From time to time we may ask you to confirm the accuracy of your Personal Data.

Data Minimisation

We take every reasonable step to ensure that your Personal Data that we Process are limited to the Personal Data reasonably required in connection with the purposes set out in this Policy.

What rights do you have in relation to the data we hold on you?

By law, you have a number of rights when it comes to your Personal Data. Further information and advice about your rights can be obtained from the data protection regulator in your country.

Rights                                What does this mean?

The right to be informed – You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Policy.

The right of access – You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Policy). This is so you’re aware and can check that we’re using your information in accordance with data protection law.

The right to rectification – You are entitled to have your information corrected if it’s inaccurate or incomplete.

The right to erasure – This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.

The right to restrict processing – You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.

The right to data portability – You have rights to obtain and reuse your Personal Data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.

The right to object to processing – You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential product opportunities).

The right to lodge a complaint – You have the right to lodge a complaint about the way we handle or process your Personal Data with your national data protection regulator.

The right to withdraw consent –  If you have given your consent to anything we do with your Personal Data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your Personal Data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your Personal Data for marketing purposes.

We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:

  • baseless or excessive/repeated requests, or
  • further copies of the same information.

Alternatively, we may be entitled to refuse to act on the request.

Please consider your request responsibly before submitting it. We will respond within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.

How will we contact you?

We may contact you by phone, email or social media. If you prefer a particular contact means of contact, please let us know.

Your obligations

If, and to the extent that, you are a customer or potential client, we rely on you to provide us with complete and accurate Personal Data about you, so that we can provide appropriate services to you and to our Clients.
If, and to the extent that, you are a Source, we rely on you to ensure that you are lawfully able to disclose Personal Data to us, as set out in this Policy.

How can you contact us?

If you are unhappy with how we’ve handled your information or have further questions on the processing of your Personal Data, contact Heating Appliances & Spares Ltd T/A HASL – 10 Grange Road, Houstoun Industrial Estate, LIVINGSTON West Lothian, EH54 5DE. Tel: 01506 438083 or [email protected]

Definitions:

“Customer” an individual or organisation who has expressed an active interest in a product or service.
“Client” a client of Heating Appliances & Spares Ltd T/A HASL.
“Data Controller” the entity that determines the purposes and means of Processing of Personal Data.
“Data Processor” an entity that Processes Personal Data on behalf of the Controller.
“Data Subject” the individual that the Personal Data relates to.
“ICO” the Information Commissioner’s Office (the UK regulator for data protection).
“Personal Data” information that relates to a person who can be identified directly or indirectly (e.g. email and contact details, information held about that individual such as job role, organisation, interactions and references).
“Processing”/”Process” doing anything to Personal Data including collecting, storing, amending, using, disclosing, erasing it.
“Prospect” an individual who has been identified as someone who could possibly become a customer for a new product or service.
“Source” an individual who provides informal information on a Customer or Prospect.
“Referee” an individual who provides formal information on a Customer.