GDPR Privacy Notice

Abbey Kitchens & Bathrooms Limited understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all our customers and will only collect and use personal data in a way that is consistent with our obligations and your rights under the GDPR.

Information About Us

Abbey Kitchens & Bathrooms Ltd, a Limited Company registered in Northern Ireland, Company Number NI029404

Registered Address

46 Old Carrickfergus Road, Newtownabbey, Co Antrim, BT37 0UE

What does this Notice Cover?

This Privacy Notice explains how we use your personal data, how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.

What is Personal Data?

Personal data is defined by the General Data Protection Regulations (EU Regulation 2016/679 GDPR) as any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier.

Personal data is, in simple terms, any information about you that enables you to be identified.
Personal data covers obvious information such as your name, address and contact details, but it also covers less obvious information such as id numbers, electronic location data and other online identifiers.

The personal data that we hold will be set out in a section below.

What are My Rights?

Under the GDPR, you have the following rights, which we will always work to uphold.

• The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions.
• The right to access the personal data we hold about you.
• The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
• The right to be forgotten i.e. the right to ask us to delete or otherwise dispose of any personal data that we have.
• The right to restrict (i.e. prevent) the processing of your personal data.
• The right to object to us using your personal data for a purpose or purposes.
• The right to data portability. This means that you can ask us for a copy of your personal data held by us to re-use with another service or business in many cases.

Further information about your rights can also be obtained from the Information Commissioners Office or the local Citizens Advise Bureau.

If you have any cause for complaint about our use of your personal data, please contact us using the details proved in the Privacy Notice and we will do our best to solve the problem for you. If we are unable to help, you also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioners Office.

What Personal Data do we Collect?

We may collect some or all of the following personal data; -
• Name
• Address
• Email Address
• Telephone Numbers
• Payment information, including the amount, method, date of any payment and bank details or credit card details where applicable
• Sales log of goods purchased
• Images on CCTV

How Do We Use Your Personal Data?

Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data or used for warranty on goods purchased.

Your personal data will be used for the following purposes

• Warranty issues on goods purchased
• Supplying our products to you
• Where requested by you, to provide you with a quotation for any of our products.
• To validate invoices
• Communicating with you, this may include responding to you via email or telephone calls
• CCTV to maintain security of the premises and prevention and investigation of crime.

We will not use your personal information for any marketing schemes via ourselves or a third party

How Long Will We Keep Your Personal Data?

We will not keep your personal data for any longer than is necessary considering the reasons for which it was first collected. Your personal data will therefore be kept for the following periods at most.

• Personal data in our customer files – 10 years from the end of the month in which we delivered the product.
• Personal data in our Sage Accounting Files – As long as required for warranty and future sales
• Personal data will be kept complying with the statutory retention periods for accounting records as set out by the Companies Act and HMRC
• Any credit card details given to us by you to make payment are shredded immediately after use.
• CCTV images, max of 6 months

How and Where Do We Store Your Personal Data?

We store all of your personal data safely and securely using the Sage Cloud System which is located within the European Economic Area and comes under the GDPR. The inhouse info is stored using memory drives and external hard drives which are securely located in our 24-point safe.

Abbey Kitchens & Bathrooms have implanted appropriate technical and organisational measures to protect the confidentially of the personal data that you entrust to us. We update and test our physical, logical and procedural security controls on an ongoing basis. These include limiting access to your personal data to those who requireit and give advanced training to our employees about the importance of maintaining the privacy and security of your personal data.

Do We Share Any ofYour Personal Data?

Abbey Kitchens & Bathrooms Ltd does not share any of your personal data with any third partymarketing companies.

Where necessary we may share your information with select companies for internal admin purposes, auditing and monitoring and research and development. We may also share your personal data with suppliers and sub-contractors who are directly involved with the supply of
products and services related to your project. Your personal data may also be shared with the following categories of third parties;

• Debt Collection Agencies, to help us recover any outstanding debt.
• Printing and Distribution Services.
• Industry Regulators, Legal and Tax Services, to help us comply with our legal and regulatory obligations
• The PSNI, should we be required to provide any info to support an investigation.
• Dispute and Complaints Services
• IT Service Providers, to enable use to manage and host our IT Platforms.
• Social Media Platforms, to enable us to respond to any communications with you via our social media channels.

How Can I Access My Personal Data?

If you want to know what personal data we hold about you, you can ask us for a copy.

This is known as a “subject access request”

All subject access requests should be made in writing and be sent to the email or postal address show in this privacy notice.

We will respond to your subject access request within no more than one month of receiving it.
Normally we aim to provide a complete response, including a copy of your personal data within that time frame.

You will be kept fully informed during this process.

Data Breaches

We will report any unlawful data breaches as stated under article 33 & 34 of the GDPR to the Data Protection Authorities within 72 hours
The UK Regulator is the Information Commissioners Office (ICO)

How do I Contact the Person in Charge of the GDPR?

To contact us about anything to with your personal data and data protection under the GDPR, including to make a subject access request, please use the following details;

For the attention of the GDPR, Data Protection Officer, Mr Geoffrey Eakin

• Email Address : g.eakin@abbeykitchensandbathrooms.co.uk
• Telephone Number : 02890853277
• Postal Address : 46 Old Carrick Road, Newtownabbey, Co Antrim, BT37 0UE

In the event of the absence of the above please contact the Managing Director, Mr Stuart Barnett

• Email Address : s.barnett@abbeykitchensandbathrooms.co.uk
• Telephone Number : 02890853277
• Postal Address : 46 Old Carrick Road, Newtownabbey, Co Antrim, BT37 0UE

Changes to This Privacy Notice

We may change this privacy notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection under the GDPR.