Privacy Policy

A1 Delegation Privacy Policy

A1 Delegation is committed to
protecting your privacy and complying with data protection laws applicable to
the United Kingdom, including the UK General Data Protection Regulation (“GDPR”)
and the Data Protection Act 2018 (“DPA”).

Our primary means of contact can be found
here: 

By Email: [email protected]

By Post:

A1 Delegation, 111 New Union St, Coventry CV1 2NT

1. PERSONAL INFORMATION

Personal information is any information relating to
an individual who can be identified directly from the information or indirectly
from the information in combination with other information.

Personal information may include “special category
data” relating to racial or ethnic origin, political opinions, religious
beliefs, membership of a trade union, physical or mental health and criminal
records and allegations.

When we collect personal information from you we
will indicate whether it is mandatory or voluntary – for instance, this is done
on the website by using asterisks to mark mandatory fields. Where we need to
collect personal information by law, or under the terms of a contract we have
with you, and you fail to provide that data when requested, we may not be able
to perform the contract we have or are trying to enter into with you (for
example, to provide you with goods or services). In this case, we may have to
cancel an order for a product or service you have with us.

1.1 WHO THE INFORMATION CONCERNS

This privacy notice applies to personal information
we (as well as any subsidiaries, affiliates and applicable third parties)
process concerning the following data subjects:

• Visitors to our website
• Customers who purchase goods or services or create
  an account with us
• Our suppliers

1.2 WEBSITE AND APP DETAILS

The types of information we may process about you
includes but is not limited to:

1.3 PURPOSES OF PROCESSING

Website Visitors:

You can visit and browse our website without
providing your name or contact details. We use cookies to analyse how our site
is used by visitors and to provide some of the functionality – see our Cookies
Policy link for more information.

Customers:

If you purchase products or services from us, we
may process the information you provide us for the purposes of:

• Responding to your enquiries, complaints or rights
  requests
• Providing a service or quoting for a service
• Keeping you informed about our products and
  services (including marketing)
• Processing your order and to follow up on orders
  that are not completed
• Arranging visits to your home (e.g. to carry out a
  survey or installation)
• Managing your account, including carrying out
  identity checks where relevant
• Managing your credit account (if applicable)
  including carrying out credit checks
• Using your purchase history to manage rebates and
  supplier claimbacks
• Market research
• Seeking your views on products and services
  purchased from us
• Publishing trends and/or to improve usefulness and
  content of our website
• Tracking activity on our site and to provide a more
  personalised online experience
• Linking with social media sites and services, for example,
  for advertising purposes
• Notifying you about important changes or
  developments to our site or services
• Managing deliveries, returns and refunds
• Processing competition entries
• Product liability purposes
• Dealing with enquiries and complaints
• Claims management and insurance purposes
• Record keeping

Suppliers:

If you supply products or services to us, we may
use your personal information for the purposes of:

• Processing and managing orders
• Managing deliveries, installations, returns and
  refunds
• Product liability
• Managing accounts, including conducting credit and other
  background checks where applicable
• Market research
• Notifying you about important changes or
  developments to our websites, services and policies
• Supply chain management
• Handling rights requests, enquiries and complaints
• For claims management and insurance purposes
• Record keeping

If you are a supplier and you have any questions
about how we use your personal information, please contact the Commercial Team
or your usual business contact.

1.4 THIRD PARTY SOURCES

Information about you may also be provided to us
indirectly by:

• Next of kin / delegated authorities
• Business associates
• Your employer in partnership/business with the
  Travis Perkins Group
• Other trusted sources such as: 
• Credit Default Agencies
• Financial Institutes
• Insurance Companies
• Health providers
• Third party service affiliates or suppliers who have obtained your consent

1.5 CALL RECORDING

Some telephone calls may be recorded and/or
monitored, for example calls to our customer services teams. Call recording and
monitoring may be carried out for the following purposes:

• Training and quality control
• As evidence of conversations
• For the prevention or detection of crime (e.g.
  fraudulent claims)

2. LEGAL BASIS FOR PROCESSING

The legal basis we use to process your personal
information may differ for each processing activity. Dependent upon the purpose
for processing, as outlined above, and the business area processing your data
one of the following lawful basis of processing may apply:

• Article 6 (1) (a) GDPR Consent: Where your
  permission and consent has been provided to allow processing to be undertaken
• Article 6 (1) (b) GDPR Performance of a contract:
• Where you have set up an account with us to process your orders
• Where you (or your employer) have or will enter into a contract with us and we need to process your information as part of this contract
• To provide quotations and / or estimates as a preliminary step towards providing goods and/or a service

• Article 6 (1) (c) GDPR Legal Obligation: Where we
  are bound by further laws and regulations to process your information, in
  relation to areas such as:
• Privacy and Electronic Communications Regulation
• Crime and anti-money laundering
• Financial Services
• Employment
• Welfare and health and safety

• Article 6 (1) (f) GDPR Legitimate interests: These
  include:
• Suppression lists and managing communication opt-out requests
• Training, communication and awareness
• Direct marketing where a valid legitimate interest applies as our lawful basis for that activity (such as a validly formed soft opt-in)
• Monitoring and web analytics
• Cloud storage
• Track and trace requirements in response to public health concerns
• To keep in touch with current, past and prospective customers
• To provide online account management and related services
• To gain an understanding of how our customers interact with us so we can provide the most relevant products and services
• To monitor the use of our website and improve its facilities
• Seeking your views on products and services purchased from us

As a rule, we do not collect “special category
data” about visitors to our website or our customers or suppliers. The
exception is where we identify suspected criminal activity such as fraudulent
claims or the use of stolen payment card details. In this case we will record
details of the suspected criminal activity and may take appropriate action,
including refusing to accept orders, make payments or give refunds. We may also
report the incident to the relevant bank or payment card issuer or to the
police or other appropriate authorities.

Should we process information defined as ‘special
category’ the following lawful basis for processing may be relied upon:

• Article 9 (2) (a) GDPR Explicit Consent: Your
  permission has been granted and documented directly to us
• Article 9 (2) (f) GDPR Establishing, exercising or
  defending a legal claim: Such as litigation against a business, supplier,
  fraudulent person

We may also process criminal conviction data under:

• Schedule 1, Part 3, Paragraph 33 DPA 2018 Legal
  claims: In connection with legal, or potential legal proceedings, obtaining
  legal advice or establishing, defending and /or exercising legal rights

We may collect and process your personal data for
humanitarian purposes, such as the monitoring of epidemics and their escalated
spread (Recital 46 GDPR) and in compliance with those purposes as defined by
the appropriate authority/government under the lawful basis of “public
interests” in order to protect our customers and colleagues and others with
whom we may be in contact.

3. DATA SHARING

Like most organisations, we engage service
providers to assist us in ensuring optimum business functionality and the
ability to provide continued services. Service providers may also be used by us
to carry out a range of activities on our behalf such as distributing our
marketing, carrying out market research for us and seeking your views on
products and services purchased from us.

We also work with a large number of suppliers who
provide products and delivery services to us. We will only provide these third
parties with the information they need to deliver the service we have engaged
them for and they are prohibited from using that information for any other
purpose.

Whenever we share personal information about our
customers or visitors to our website with these third parties, we will put in
place contracts which require the protection of the personal information.

Your personal information may be shared within the
Travis Perkins Group for IT and system administration services, account
management (including credit accounts), analysis and reporting.

Your personal data may also be disclosed to the
following third parties:

• Tax, customs and excise authorities
• Regulators, courts and the police
• Fraud screening agencies
• Duplicate payment reviewers
• Central and local government
• Insurance companies
• Other professional advisors

In order to process your application we will supply
your personal information to credit reference agencies (“CRAs”) and they
will give us information about you, such as about your financial history. We do
this to assess creditworthiness and product suitability, check your identity,
manage your account, trace and recover debts and prevent criminal activity.

We will also continue to exchange information about
you with CRAs on an ongoing basis, including about your settled accounts and
any debts not fully repaid on time. CRAs will share your information with other
organisations. The identities of the CRAs, and the ways in which they use and
share personal information, are explained in more detail at experian.co.uk/legal and transunion.co.uk/legal/privacy-centre.

We may also disclose your personal information if
we believe that the disclosure is necessary to enforce or apply our terms and
conditions or otherwise protect and defend our rights, property or the safety
of our customers and other users of the website.

We may disclose and/or transfer your personal
information in connection with a reorganisation of all or part of our business,
if the majority of our shares are bought by another company or if we transfer
all or some of our assets to another company. Alternatively, we may seek to
acquire other businesses or merge with them. If a change happens to our
business, then the new owners may use your personal data in the same way as set
out in this privacy notice.

3.1 LINKS TO OTHER WEBSITES

Links may be provided on our website to other
websites that are not operated by us. If you use these links, you will leave
our website. You should note that we are not responsible for the contents of
any third party website. External sites will have their own privacy policies
which you should read carefully.

4. INTERNATIONAL TRANSFERS

Some of the companies who provide services to us
may be located outside the UK. As a result, your personal information may be
transferred outside the UK. We will ensure your personal information is
provided with the same adequacy of data protection adopted in the UK, by
following legislation and ICO guidelines and requirements, such as using
Binding Corporate Rules, Adequacy Rulings and Model Clauses.

5. SECURITY

We maintain administrative, technical and physical
safeguards designed to protect against accidental, unlawful or unauthorised
destruction, loss, alteration, access, disclosure or use.

Unfortunately, the transmission of information via
the internet is not completely secure. Although we will do our best to protect
your personal information, we cannot guarantee the security of information you
submit via our website and any transmission is at your own risk.

Once we have received your information, we will
take appropriate technical and organisational measures to safeguard your
personal data against loss, theft and unauthorised use, access or modification.

If you have created an account or registered to use
any online services, your account details may be password protected. It is your
responsibility to keep your password confidential and to sign out once you have
finished browsing.

Access to personal data is restricted only to those
who have a legitimate business need and data processed by third parties is only
done so under strict instruction from us, as per the terms of their contract.

We contractually require service providers to
safeguard the privacy and security of personal information they process on our
behalf in line with data protection obligations and authorise them to use or
disclose the information only as necessary to perform services on our behalf
and under our instruction or to comply with legal obligations and requirements.

6. RETENTION

Information is retained in line with its purpose of
processing and only for as long as necessary in line with business
requirements, legitimate interests and statutory or legal obligations. For
specific retention schedules please email us.

7. RIGHTS

You can exercise certain rights in regards to your
data:

• The right to receive a copy of the information we
  hold about you
• The right to have inaccurate information corrected or incomplete information completed
• The right to have your information erased (also known as the “right to be forgotten”)
• The right to have the processing of your information restricted
• The right to withdraw your consent or object to processing reliant upon legitimate interests
• The right to have your information transferred to another organisation
• The right to request human intervention in regards to automated decision making

The applicability of these rights is dependent upon
our purpose and the lawful basis of processing relied upon. For example the
right to have your information erased is not absolute and only applies in
certain circumstances, such as when you have provided us with your consent,
which we rely on as our lawful basis for holding your personal information, and
you subsequently withdraw your consent.

Should your request be one that we cannot process
you will be informed of this, along with the reasons as to why your request
cannot be carried out.

You can exercise your rights either verbally or in
writing. However, should you make a request verbally we recommend that you
follow this up in writing to provide a clear correspondence trail.

Requests in relation to accessing your personal
data, having your information erased or to opt out of marketing material can be
via email to [email protected].

We have an obligation to respond within one month
of receiving your request. Should we deem the request to be complex, the
response time can be extended by up to two months and you will be informed of
the extended response date, alongside an explanation, within the original
one-month time frame.

If required, identification will be requested
within the one-month time frame and only limited to what is necessary for
confirmation, such as a copy of your driving licence, passport or utility bill.
Once your ID has been confirmed we will then process your request.

Should we refuse to comply with a request we will
inform you of this within the one-month time frame and provide an explanation
outlining our justification, our internal complaints procedure and your right
to complain to a supervisory authority and to enforce your rights through a
judicial remedy.

Alternative contact information for submitting a
request can be found below.

7.1 DIRECT MARKETING

You may receive direct marketing from us if you
have signed up to this, or where we have a legitimate interest to provide the
material to you. Regardless of the lawful basis we rely upon you. You have the
right to stop receiving this marketing material at any time. If you have an
online account you can access, update and correct your personal information –
including your marketing choices – using the account management facilities.

If you would prefer not to receive marketing which
is tailored to suit your customer profile, please contact us at [email protected] and
confirm which accounts this affects. If you decline tailored marketing, for as
long as we have a lawful basis for marketing to you, you will still receive
generic marketing unless you tell us you’d like to opt out of receiving
marketing entirely, e.g. by clicking ‘unsubscribe’ in the associated email or
text message.

7.2 PROFILING

We may use direct or anonymised information to
engage in data analysis, data matching and profiling activities for a variety
of purposes, including, but not limited to:

• Website Activity (cookie history)
• Business conduct
• Investigation and identification of fraud, money
  laundering and other potential unauthorised activities
• Financial Viability analysis/reports
• Business partner/client portfolio position,
  performance, risk positions
• Anti-money laundering
• Tax reporting
• Credit defaulting / exposure

8. CONTACT DETAILS

If you have a query about this privacy policy or
wish to exercise your rights, please contact us by writing to:

Data Protection Team

A1 Delegation

111 New Union St, Coventry CV1 2NT

Or emailing us at [email protected]
(marking emails for the attention of the Data Protection Officer).

9. LODGING A COMPLAINT

If you are not satisfied with our use of your
personal information or our response to any request made by you in relation to
your personal information, you have a right to make a complaint to the
Information Commissioner:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545745
(national rate)

Email: [email protected]

The ICO currently recommends you contact them
within 3 months of your last contact with us and advises you to contact them
once the company’s complaints process has been exhausted.

10. VERSION CONTROL

This Notice is a live document and can be updated
at any time therefore it is recommended you regularly review to ensure you
remain informed.