Who is this privacy notice for
This Privacy Notice applies to information we collect about businesses and their representatives who interact with ‘Crest’, whether that be purchasing a product via us, contracting our installation services, receiving our newsletter or seeing our advertisements on social media platforms. It explains what personal information may be collected and how we use it.
Who we are
We are Crest Contract Interiors Ltd. A UK-based registered company (registration number 03898891) specialising in tailored corporate and office furniture solutions serving the business community. We are committed to protecting data shared with us and complying with data protection law to its fullest extent. This Privacy Notice explains how we use and protect personal information, to show that we are adhering to the DPA 2018 and UK GDPR, and the Privacy and E-Communications Regulations in respect of marketing compliance.
The DPA 2018 and UK GDPR requires every organisation that processes personal information to be registered with the Information Commissioner’s Office (ICO). Our registration number ZA757305 and you can find us on the Information Commissioner’s register and search for us by using our registration number.
How to contact us
If you have any questions about how your personal information is used, please contact our Director, David Knight, by email at: david@crest.london
Our address is: Unit 211 13, Westfield Street, London, SE18 5PH
What Personal Information do we collect about you and how can we use this lawfully
The following sections explain the types of data we collect and the legal basis, under current data protection legislation, on which this data is processed. Most of the information we process is provided to us directly by you for one of the following reasons:
A Product or Service Enquiry
Tendering or pricing a product or installation service
Purchasing a product
Contracting our installation services
Administering your account with us
Invoicing and financial transactions
Collecting client reviews to evaluate and promote our products and services
Receiving relevant and proportionate marketing content
Limited analytics on our web traffic
Legal compliance and financial audit purposes
Service enquiry – If you enquire about our services we will collect your name, email address, telephone number, organisation you work for, your job title and your message.
This will be collected either via the website, email or telephone depending on your preferred contact method. As it is necessary for us to collect that data to enable us to respond to your enquiry in the way you would expect we have a legitimate interest to process that data. You can request for your information to be deleted at any time, however we might not be able to provide you with our services or a reply if you request deletion of your information.
Product purchase – If you purchase a product via us, we will be entering into a contractual relationship with you and this is our legal basis for processing your information. We will collect your organisation’s details; your contact details and any details of contacts you provide us with to enable us to fulfil our contractual obligations towards you.
Contracting our installation services – If you further contract our installation services, we will be entering into a contractual relationship with your organisation and this is our legal basis for processing your information. We will collect your organisation’s details; your contact details and any details of contacts you provide us with to enable us fulfilling our contractual obligations towards you. We also will process limited financial details for the purpose of invoicing and financial transactions.
After engaging our services we may send you a short feedback form. The information you provide will only be used to improve our services and, where you have agreed, to promote our products and services to potential clients via our websites and social media channels.
Website traffic analytics – We use Google Analytics to monitor website traffic. This helps us understand how you interact with our websites, measure the effectiveness of our websites and improve user experience. When you accept cookies on our sites you are consenting to the cookie being deployed. We consider it is our legitimate interest to understand the nature of your engagement if you accept cookies.
Types of information
The types of information that we may collect or hold about you are:
Where you have purchased a product or contracted our services, we will hold your business contact details including your name, email address, and phone number (mobile and occasionally landline)
Where it differs from the billing address, we may hold the delivery address for a purchased product or installation service
For service enquiries, we will simply hold your name, email address, and phone number
For marketing and newsletter purposes we may hold your name, contact details including email, and communication preferences
We cannot identify individuals from our web analytics data, although Google Analytics does capture such aspects as date and time of visits, pages visited and scrolled, and outbound clicks.
Sources of information
Your information may be sourced directly from you or your representative when you contact us. This information will be captured from enquiries and requests for product or services details.
Occasionally your business contact information may be passed to us by product manufacturers where your business may have approached a manufacturer direct in respect of wanting to make a purchase. Our suppliers only permit sales via approved trade organisations. Your information is only shared with us with your explicit agreement.
If you book or attend an event that we are exhibiting at, the event organiser may collect and share your details with us to be used for marketing purposes. You may of course unsubscribe from our marketing emails at any time.
Legal basis for communications
Where we send marketing emails, we will only contact you:
(a) where you are a business and our services may be of specific relevance to you (Legitimate Interest); or
(b) where you have signed up to our newsletter (Consent)
You may unsubscribe at any time via the link at the bottom of any marketing email from us, or by contacting: admin@crest.london
Who may we share your information with
We, like many businesses, work in partnership with a number of third-party suppliers:
Partner
Purpose
Location
MONDAY.com
Monday provide CRM services to us
MONDAY.COM are a US and Israeli based global provider of cloud services but which have UK representation.
MONDAY.COM are signatories to the EU-US Data Privacy Framework and under the UK Data Protection (Adequacy) (USA) Reg 2003 (known as the UK-US ‘data bridge’) are deemed to meet the required standards to maintain the privacy of citizens when data is transferred to and processed by them on behalf of UK based organisations.
Their data processing addendum for the UK is here
Mailchimp (Intuit)
Electronic Marketing and newsletter service provider
Mailchimp are part of the Intuit global brand. They most commonly provide services to enable electronic marketing.
Mailchimp are signatories to the EU-US Data Privacy Framework and under the UK Data Protection (Adequacy) (USA) Reg 2003 (known as the UK-US ‘data bridge’) are deemed to meet the required standards to maintain the privacy of citizens when data is transferred to and processed by them on behalf of UK based organisations.
Their privacy notice is here
Xero
Accounting software
Xero are our accounting software providers. Xero are based in New Zealand but have dedicated servers and offices in the EU for EU and UK based users. Their privacy notice is here
PAYPAL
Payment provider
PayPal UK are a designated data controller in their own right but operate globally ensuring the highest standards of security and compliance to allow your information to be processed within the EU or further afield. Their Privacy notice is here
Warehouse Companies
We partner with a limited number of warehousing companies across the UK in order to store and distribute orders for products. We share your contact and delivery details in order to expedite the most effective delivery and installation process. We ensure that any warehouse partner we share contact data with upholds the same high standards of data protection and care that we apply ourselves.
Courrier Services
We partner with a number of courier services across the UK to ensure the smooth delivery of our products to your installation or business. The partner may vary depending on the location and the size of the product to be installed. We share your contact and delivery details in order to expedite the most effective delivery and installation process. We ensure that any courier partner we share contact data with upholds the same high standards of data protection and care that we apply ourselves.
EU based suppliers
We partner with suppliers of furnishings who are outside of the UK (but not outside of the EU). In these instances, we may share contact and delivery information where suppliers arrange direct delivery to your preferred location.
In some instances, these suppliers may add you to their marketing platforms and contact you for their own marketing purposes where they believe they have a legitimate interest in suggesting products that you may be interested in, based upon your previous purchases.
Outside of our contracted suppliers we will only share your information where we may be legally required to do so.
How long we keep your data
We take the principles of data minimisation seriously and ensure that we only ever ask for the minimum amount of data for the associated purpose and delete that data once it is no longer required.
PayPal, as our payment provider, defaults to a seven-year retention period for financial transactional data, even if you close a PayPal account. This is for audit, fraud prevention and AML (anti money laundering) purposes
XERO, as our accounting platform, also defaults to a seven-year retention period for financial transactional data.
Where we send you marketing information, we will keep you on our marketing database (Mailchimp) indefinitely. If you unsubscribe, we will retain your information as a suppressed contact to ensure you receive no further marketing from us.
We have long-term relationships with most of our customers, who often return to us on a repeat basis. We therefore maintain customer details on our database (MONDAY.com) for at least 12 years in order to provide the best possible customer experience to our customers.
Security
We ensure that your contact information is kept safe and secure and have appropriate technical and organisational security measures are in place to protect the limited amount of identifiable data that we do hold. We are certified to Cyber Essentials standard.
Where we outsource data processing, we ensure that robust and appropriate contracts are in place and of course, we excel at exacting rigorous due diligence on our suppliers.
Rights you have over your data
You have a number of rights under UK data protection law. These are listed below, along with our contact details, should you wish to make a request.
Informed: You have the right to be informed about how we handle your personal data. This privacy statement is one of the ways we do this.
Access: You have the right to ask for a copy of the personal data we hold about you and the purposes for which we are using it. ‘Personal data’ is any information which can directly, or indirectly, identify you.
Rectification: You have the right to ask us to change any details that we hold which are incorrect, inaccurate or need updating.
Erasure (known as the ‘right to be forgotten’): You have the right to ask us to delete your personal details under certain circumstances. We will assess any deletion request on a case-by-case basis. If you subscribe to our email list, we can quickly fulfil your request, but in other circumstances there may be reasons why we need to keep information about you.
Object: You have the absolute right to object to receiving direct marketing from us. You also have the right to raise an objection about how we are handling your personal information.
Restriction: You have the right to ask us to restrict or suppress your personal information. This would mean we’d store it but not use it.
Portability: You have the right to obtain and reuse your personal data for your own purposes across different services. Due to the nature of our organisation, we do not believe this right is likely to apply.
You also have the right to make a complaint if you believe we have not handled your information appropriately. We would prefer that you contact us in the first instance so we can discuss your concerns and put things right, but you also have the right to escalate your concerns at any time to the UK Regulator (The Information Commissioner’s Office) by contacting them here
If you would like to access the rights listed above, or any other legal rights you have over your data under current legislation, please get in touch with us by emailing at: admin@crest.london
Marketing
E-mail campaigns and newsletters
Crest issues periodic newsletters to those businesses who have engaged with us or signed up to our newsletter. Business to business marketing does not require explicit consent provided the content of the communication is relevant to the recipient.
We also run periodic email campaigns, again where the topic and content may be relevant to the recipient business.
Recipients may unsubscribe at any time but simply hitting the unsubscribe link in the email.
Social Media Advertising
Crest do not undertake paid advertising on social media platforms, although you may come across us naturally in your newsfeed as we post regularly about our products, services and exhibition attendance.
Cookies
Our site uses very few cookies, but we do utilise Google Analytics to track engagement with our websites. We will always ask for your Consent before deploying non-essential cookies to your devices.
Our promise to you
• We will keep your information secure and confidential.
• We do not spam you with marketing although we do send business to business marketing emails from time to time – you are in control of how we communicate with you – you can opt in or out or change your preferences at any time through the ‘unsubscribe’ link at the bottom of any marketing email received.
• We will not sell your data to a third party.
• We will not share your data with a third party save for our contracted suppliers and delivery agents in order to fulfil a product delivery or installation service.
• We know how to manage your information appropriately and in line with legal and regulatory requirements.
