The Door Depot Data Protection Notice
The protection of your personal data is important to the Door Depot. The Door Depot have adopted strong principles in respect of the protection of personal data.
This Notice provides you with detailed information relating to the protection of your personal data by the Door Depot (“we”).
We are responsible for collecting and processing your personal data in relation to our activities. The purpose of this Notice is to let you know which personal data we collect about you, the reasons why we use and share such data, how long we keep it, what your rights are, and how you can exercise them.
1 WHICH PERSONAL DATA DO WE USE ABOUT YOU?
We collect and use your personal data to the extent necessary when conducting our business activities and to achieve a high standard of personalised products and services.
We may collect various types of personal data about you, including:
- identification information (eg. name, ID card, passport, driving licence, nationality, place and date of birth, gender, photograph, IP address);
- contact information (eg. postal address and e-mail address, phone number);
- banking, financial and transactional data (eg. credit card number, bank account details, payment data);
- data relating to you, your habits and preferences:
- data relating to your use of our products and services and transactional data;
- data from your interactions with us; our branches (contact reports), our internet websites, our apps, our social media pages, meetings, calls, chat, email, interviews, phone conversations
We never ask for personal data related to your racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data or data concerning your sexual orientation, unless it is required because of a legal obligation.
The data we use about you may either be collected from you directly or from any of the following sources to verify or enrich our databases:
- publications/databases made available by official authorities
- third parties such as credit reference agencies and fraud prevention agencies or data brokers in conformity with the data protection legislation;
- websites/social media pages containing information made public by you (eg. your own website or social media); or
- databases made publicly available by third parties.
2 SPECIFIC CASES OF PERSONAL DATA COLLECTION, INCLUDING INDIRECT COLLECTION
In certain circumstances, we may collect and use personal data of individuals with whom we have, could have, or used to have a direct relationship (eg. prospects).
3 WHY AND ON WHICH BASIS DO WE USE YOUR PERSONAL DATA?
a. To comply with our legal and regulatory obligations
We use your personal data to comply with various legal and regulatory obligations, including banking and financial regulations, which may require us to:
- set up security measures to prevent abuse and fraud;
- detect transactions which deviate from the normal patterns;
- record, when necessary, communications such as, phone calls, chats and emails;
- prevent money laundering and financing of terrorism
b. To perform a contract or to take steps at your request before entering into a contract with you
We use your personal data to enter into a perform our contracts with you, including to:
- evaluate if we can offer you a product or service, and under what conditions;
- provide you with information regarding our products and services;
- schedule and manage our services such as the delivery, return, maintenance and repair of products supplied to you;
- manage the resolution of disputes (eg. for debt collection) and to assist you with queries, requests and complaints;
- handle billing, invoicing and recovery.
c. To fulfil our legitimate interest
We use your personal data to deploy and develop our products or services, manage the contractual relationship with our clients to improve our risk management and to defend our legal rights.
For example, we have a legitimate interest in using your personal data for:
- proof of transactions;
- fraud prevention;
- IT management, including infrastructure management (eg. shared platforms), business continuity and IT security;
- training of our personnel by recording phone calls;
- personalising our offers through:
- improving the quality of our products or services (including via client satisfaction surveys)
Your data may be aggregated into anonymised statistics that that may be offered to professional clients to assist them in developing their business. In these circumstances, your personal data will never be disclosed and those receiving the anonymised statistics will be unable to ascertain your identity.
d. To respect your choice and if we requested your consent for a specific processing
In some cases, we must have your consent to process your data, and in those circumstances we will always obtain your consent first. If we need to carry out further processing for purposes other than those above in section 3, we will inform you and, where necessary, obtain your consent.
Where the above purposes lead to a solely automated decision (where no human has yet reviewed the outcome and criteria for the decision), you have a right for this decision to be reviewed by us. In which case, we will inform you separately about the logic involved, as well as the significance and the possible consequences.
4 WHO DO WE SHARE OUR PERSONAL DATA WITH?
To fulfil the purposes listed in section 3 above, we only disclose your personal data to:
- service providers which perform services on our behalf;
- independent agents, intermediaries, brokers, banking and commercial partners, financial, regulatory and judicial authorities as well as state agencies and public bodies, upon request and to the extent permitted by law; and
- certain regulated professionals such as lawyers or auditors.
5 HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?
Whenever we collect or process your personal data, we’ll only keep it for as long as it is necessary for the purpose for which it was collected (as set out above) or as required by law. In most circumstances this means we will retain your personal data for the longest period required to comply with our regulatory, legal and contractual obligations whilst at all times having regard to our operational requirements, such as proper account maintenance, facilitating client relationship management, and responding to legal claims or regulatory requests, as well as balancing these requirements with your right to be forgotten. For instance, most of our client’s information is kept for the duration of the contractual relationship and after the end of the contractual relationship for the period needed to meet regulatory requirements and to ensure the exercise or defence of legal claims.
6 WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
In accordance with applicable regulations, you have the following rights:
- To access: you can obtain access to the personal data we hold about you, and a copy of such personal data, free of charge in most cases.
- To rectify: for out of date, inaccurate or incomplete, personal data to be corrected.
- To erase: you can require the deletion of your personal data, to the extent permitted by law.
- To restrict: you can request the restriction of the processing of your personal data.
- To object: you can object to the processing of your personal data, for reasons connected to your individual situation and we must stop unless we have a legitimate overriding reason to continue. You have the absolute right to object to the processing of your personal data for direct marketing purposes, which includes profiling related to such direct marketing. We must always comply with your request.
- To withdraw your consent: where you have given your consent to the processing of your personal data, you have the right to withdraw your consent at any time.
- To data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically feasible, transferred to a third party.
If you wish to exercise the rights listed above, please send a letter or e-mail to the following address shown on our contact page. We will ask you to verify your identity before processing with any request.
If you feel that your data is not being handled correctly, or you are unhappy with our responses to any request, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113 or go online to www.ico.org.uk/concerns.
7 HOW CAN YOU KEEP UP WITH CHANGES TO THIS DATA PROTECTION NOTICE?
In a world of constant technological changes, we may need to regularly update this Notice.
We invite you to review the latest version of this Notice only and we will inform you of any material changes through our website or through our other usual communication channels.
8 HOW TO CONTACT US?
If you have any questions relating to our use of your personal data or this Notice, please send a letter for the attention of Shirley Williamson at the address shown on our contact page or contact us through GDPR Contact Form.