At Ayjay Group, we’re always eager to deliver clear and transparent policies for our customers and employees. This Privacy Data Policy (GDPR Policy) has been designed to do just that.
Below you will find information on how Ayjay Group use the information we collect about you.
This is a brief summary:
- We collect your email address and name so we can keep in touch with you with our latest information, updates and any other communication.
- We will keep your details you provide to us until such time as you tell us not to.
We take privacy very seriously which means that if you are no longer interested in our services and communications, there are a number of ways the data we hold about you can be removed from our company and our marketing platform. Please read this document for further information.
Data Privacy Notice
|Language used in this policy||Clear definition|
|You/ your/ data subject||Relates to you as a living person|
|We/ our / us||Ayjay Group and companies affiliated with Ayjay Group|
|Your representative||A person acting legally on your behalf|
|Third party/parties||External suppliers who your personal data may be shared with (E.G. delivery companies)|
|Data||Personal information we hold on you|
|GDPR||General Data Protection Regulation|
|ICO||Information Commissioner’s Office|
|Legitimate Interest||3 elements according to the ICO:
1. Identify a legitimate request
2. Show the processing is necessary to achieve it
3. Balance it against the individuals’ interests, rights and freedoms
|HMRC||Her Majesty’s Revenue and Customs|
Clarity of Privacy Notice
Under GDPR, we are data controllers for your personal data that we collect, and a data processor or a data controller for any of your data shared with us by a third party.
Data Controller Contact Information and complaints
You are welcome to contact our company Data Protection Officer (DPO) via email: firstname.lastname@example.org or in writing: Ayjay House, Greenway, Bedwas House Industrial Estate, Caerphilly, Mid-Glamorgan, CF83 8DW.
We welcome the opportunity to rectify any issues resulting in a complaint regarding our data policy. If you are unhappy or wish to speak to our DPO, the contact details are in the section above, at the end of this document and on the website.
The ICO are also available to be contacted regarding a complaint at: https://ico.org.uk/concerns
This Privacy Notice applies to data that you have either supplied to us, we have collected, or acquired from reputable and compliant sources.
Data that you supply to us
- Personal information from yourself that you share with us through the completion of online forms or paper forms, by email, post, telephone or any other communication means. Any information you communicate to us verbally will be available to be viewed by yourself to confirm consent if required. Personal information will usually include your full name, photo, home/business address/delivery address, personal/business email address, telephone/mobile/work number.
- When a payment is made, information such as bank details, credit card information, and credit checks may be kept as personal information. This will be with your consent and understanding. The accounting platform in which we use are fully GDPR compliant and secure. Details of this platform can be provided on reasonable request if needed. You can contact us via details provided at the end of this policy.
- If you apply for a role with us, we will keep your information for a set amount of time, including your personal information mentioned above, and further information supplied by you, such as employment history, qualifications, schools/colleges/university attended, proof of identity, etc which will be securely kept within the recruitment team.
Data that we collect
- We generate data in order to understand customer and market trends.
- On our website we use Google Analytics to gather statistical data such as how many visits to our site, amount of time spent browsing, and other information to better understand and improve service levels. Occasionally this will include IP addresses, but no other personal information.
Information we receive from third-parties
- Business Partners – when we make formal relationships with business partners who may introduce sales opportunities or new customers to us, we will obtain data including personal contact details, information on the area of interest and data required to fulfil a request, product or service.
- Social Media – if you respond to our accounts on Twitter/LinkedIn/Instagram/ Google+, we may receive profile information about you, including name, address and contact numbers/email addresses. We may use this to contact you based on your interests, to fulfil a request, and send you further information where you have given us consent to do so.
- References – Occasionally, based on new trading accounts, increase in credit limits, or employment opportunities, we may obtain references form third- parties. We will always ensure these sources are also GDPR complaint.
- Publicly Available Information – We may obtain personal information from you sometimes from publicly available sources, including names and contact details. We will endeavour to ensure all third-parties are GDPR compliant and come from a reputable source.
How we use your data
We collect data as a way of keeping our business in operation and delivering products and services to you. We will only use data supplied by you, with appropriate consent, or from a reputable third-party source. We may send relevant information in line with the consent given by yourself, which could include via email, telephone, and any other communication methods. All methods of communication have the option for you to opt out or unsubscribe in a very simple manner.
Third-party data usage
Due to the nature of our business, and the services you require, we engage with reputable third-party delivery companies. These companies receive the minimum amount of data about you from us, and their compliance covers the data in which they hold for you. Usually this data is kept for a set length of time before being discarded. An exception to this is when manufacturers may keep details for product cover or warranty purposes, which will be communicated to you upon purchase.
We will share personal information with relevant agencies and authorities without notice if we are requested to do so based on suspicion of fraudulent activity, money laundering, terrorist related or any other legal requirement.
We will keep and use your data in terms of any legal or regulatory requirements that we have and can use your data to protect our legal position, if legal action is required, including the recovery of any outstanding debts.
Standard Business Operation
At Ayjay Group, our standard business operation is to:
- Provide service, products and any other contracted responsibilities we have with you
- Provide you with information that you request from us
- Confirm your identity
- Organise payments, billing and recovery process.
We will on occasion need to make credit checks with agencies for purposes such as new accounts being opened and therefore confirming identity and credit history. We may also inform the credit agency of any new agreements made with you, which they will keep for 7 years post the settlement/agreement/termination as a legal requirement.
We have a CCTV system that covers the whole of the estate. We have carried out a data protection impact assessment (DPIA) to justify our requirement to record footage. This is based on these factors:
- Data must be used and kept only to fulfil its original purpose. For instance, if the purpose of holding data is to identify individuals engaged in criminal activity, the footage should be of sufficient quality to do so and be available to the police should they request to view it.
- CCTV recordings and other logs must be stored securely and encrypted wherever possible.
- Individuals have the right to request a copy of any CCTV footage in which they are in focus and/or clearly identifiable. If the request is valid and permissible, the organisation must supply the individual with that footage within 30 days of the validation. The same is true of other kinds of data relating to employee monitoring.
Digital signatures will be captured when required and stored in an encrypted location, backed up by servers.
Children under the age of 16
Our business, service and products are not intended to be used by anyone of an age under 16, and therefore we will never knowingly collect any data from a child. If you are aware of us having any information of a child on our database, please contact us using the relevant channel on the homepage/ details in this policy. We will rectify such an instance immediately.
We will use your data for any legal or general statistical analysis, although this rarely includes specific data – just number form (for example, 200 people completed a survey). We use this to judge performance within our business and improve how we operate.
We will not process any data deemed sensitive i.e. politics, beliefs, health/medical information -or anything else under this category stated on the ICO website.
Storage of Personal Data
All of our I.T platforms are secure and complaint along with GPDR guidelines. Ayjay Group have an internal network in which servers and databases are secure and encrypted. The Apps which are used on engineers’ phones are all encrypted and securely backed up by external servers.
Selling/Hiring/ Transferring your data
We do not sell your data or customer lists to any third-parties. As mentioned previously, we may engage a trusted third-party to contact you on our behalf, using the minimal amount of data possible. This could be in the form of email/phone/post etc. This will be on your contractual agreement with us.
In the following circumstances, we may share or disclose your data: if we buy, sell or merge any business and are required to share data as part of the agreement. We may also share data within the group and companies affiliated with Ayjay Group. Or, if our website is acquired by a third-party, where data is transferred as part of the purchased asset.
When we have your data, we will ensure the strictest data process and security procedures are in place to protect it. Any data transmitted to us by you via our website, before it reaches us is at your own risk.
Timescales in which we hold your data
The amount of time in which we hold your data depends on the requirement. For example, we will keep certain data for product warranty purposes and service agreements. This will be within your agreement and contract with us. We will also need to legally keep data for a set amount of time for HMRC purposes.
In accordance with the contractual agreement, we will keep your data you have consented to plus 3 years in case of any queries you may have, or for legal HMRC reasons which can sometimes be up to 7 years.
Your Data Protection & Privacy Rights
There are various rights that you have as a UK natural living person (individual) under the GDPR. Below are the abbreviated ICO definitions and include:
- The right to be informed – Individuals have the right to be informed about the collection and use of their personal data
- The right of access – Individuals have the right to access their personal data and supplementary information
- The right to rectification – Individuals have the right to have inaccurate personal data rectified, or completed if it is incomplete
- The right to erasure – The right for individuals to have personal data erased. This is also known as ‘the right to be forgotten’. Please note this right is not absolute and only applies in certain circumstances
- The right to restrict processing – The right to request the restriction or suppression of their personal data. Please note this is not an absolute right and only applies in certain circumstances
- The right to data portability – The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services
- The right to object – Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling), direct marketing (including profiling) and processing for purposes of scientific/historical research and statistics
The full ICO rights under GDPR can be seen at the Internet link below or calling them on 0303 123 1113:
We are registered in the UK (Reg- 3255933) and our address is: Ayjay House, Greenway, Bedwas House Industrial Estate, Caerphilly, Mid-Glamorgan, CF83 8DW
Write to us at our address:
Ayjay House, Greenway,
Bedwas House Industrial Estate,
By telephone: 02920 887222
By e-mail: email@example.com