Policy date: 24th May 2018
We are committed to protecting your privacy and the security of all the information that you provide us with. On the 25th May 2018, a new European directive concerning privacy and personal data comes into effect, known as the GDPR – General Data Protection Regulation.
• Your rights relating to the information that we hold about you
• How we keep your information safe
• The types of personal information we collect and how we use it
• The legal basis we rely on to use your information
Who is collecting the data?
ZLT Electrical Ltd. (Direct Electrical) is the data controller for information that we collect through all of our channels including our website, over the phone and through e-mail.
What personal data do we collect?
We collect the following information:
How do we collect the personal data?
We collect personal data through our checkout process when you place orders on our website, through our contact us forms, and over the telephone if you place your order in this manner. We also collect information by e-mail or social media if you contact us relating to a previous order or current order in this way.
What information is collected during checkout?
When you place your order with us, the payment will be completed through either PayPal or SagePay. If you pay with SagePay, your credit card information will be inputted and stored in their secure payment gateway and will not be stored on our systems. SagePay also collect your IP address for security reasons and as part of their process of preventing online fraud.
What do we do with the information we collect?
The information you provide us with is required in order to process your order; including taking the payment and delivering the goods. We may also need to contact you if we need to discuss any aspect of your order, for example stock delays, discontinued products, recalls or if we believe you have ordered incorrect items. We will not use your contact information to send you marketing, unless you have given us permission to do so. Any additional systems that your information is processed through are detailed below.
Internal System & Website
Orders and enquiries that go through our website are processed in a bespoke system developed by our web developers. Completed orders are forwarded from this system to our internal stock management system. This internal system allows us to process the fulfilment and delivery of all orders.
Who do we share your information with?
DPD & Royal Mail
When you place an order with us, we will use either Royal Mail or DPD to ship your order. To enable us to complete this, we will enter the delivery name, delivery address and e-mail address and/or phone number from your order into the DPD or Royal Mail system. The contact information is necessary as, where relevant, it allows DPD to send you important information relating to your delivery, for example, expected delivery windows.
On occasion, we may need to share your information with our suppliers. This enables us to organise direct-to-site deliveries, or deal with enquiries, warranties or problems you may have relating to specific products more efficiently.
MailChimp are based in the United States and participate in, and have certified their compliance with the EU-US Privacy Shield Framework. You can view MailChimp’s certification here or find out more about the Privacy Shield Framework and what it means for your data.
We use Trustpilot to collect service reviews from customers who have placed orders with us. With your consent, we will send a copy of your order invoice to Trustpilot. This allows them to e-mail you an automatic invitation to leave us a review a period of time after your order was placed. In this respect, Trustpilot act as our data processor. Trustpilot may use data processors and third parties that are located outside of the European Union, for example, in the United States. Trustpilot use data processors in countries where there is a legal framework governing and protecting the transfer of personal data, such as the EU-US Privacy Shield Framework.
When you send us an e-mail, use the contact form on our website or place an order, all of the emails generated (either by yourself or automatically) are forwarded through Mimecast. Mimecast is a cloud based service that we use solely for the purposes of e-mail security and spam prevention.
Our site uses various Google services in order to provide you with a personalised service and to help us to understand how you use our site. Google Analytics uses small text files known as cookies to keep track of how our site is used, what content is viewed and how long our visitor’s stay for amongst other statistics. The information that we collect from Google can be used to influence our advertising and how we develop our website in the future.
You can find more information about how Google uses this information and how it is stored here.
How long do we keep your data?
The policy of ZLT Electrical Ltd. is to only keep information for as long as required for the purpose or purposes for which we use it. For example, we will store details of your invoices in order to process return requests, warranty claims or queries relating to any orders that you have placed with us in the past.
We will determine how long to retain different data based on how long we need the information for and what it is used for, as well as any legal or regulatory requirements that require us to retain records and details of purchases for an additional period of time.
Legal basis for data processing
ZLT Electrical Ltd. will always get your consent at the point of collecting your information. We will tell you why the information is necessary at the point of data collection. We do not collect special categories of personal data and will not transfer your data to another company or country without informing you.
Under the definitions outlined in the General Data Protection Regulation (GDPR), we process information under the lawful bases of Consent, Contract and Legitimate Interest.
When you place an order on our website, or, begin to and abandon the basket, arrange a delivery or request to return a purchase, we process your information under the definition of “Contract” (the sale or request for a quote, services or information relating to a sale). This means that the information you give us, such as billing information, delivery information and contact information is necessary for us to provide you with a service. This information will therefore only be used for purposes that are required and will not be used for a secondary purpose without your express permission.
Once your order has been placed and fulfilled, invoices containing the details of what you have ordered, your address(es) and contact information are stored on our internal system and our bespoke web system. This allows us to refer back to the information at a later date if necessary due to a recall, product warranty, return, refund or any other query you may have relating to a previous order.
When it comes to secondary purposes such as marketing and the use of non-essential cookies, we will always ask for your explicit consent with a positive opt-in action. You can manage what subscriptions you have opted-in to through our subscription centre at www.directelectrical.co.uk/subscribe.
For more information about how you can manage cookies within your browser, you can visit www.aboutcookies.org
How can you control your personal information or withdraw consent?
Under the General Data Protection Regulation (GDPR) individuals are entitled to the rights to be informed, to access, to rectification, to erasure, to restrict processing, to data portability and to object.
You can exercise these rights by contacting us on [email protected] or by writing to us at ZLT Electrical Ltd, Unit 1 Brookfield Industrial Estate, Leacon Road, Ashford, TN23 4TU. We will process each request according to GDPR guidelines.
If you have previously given consent for us to use your information for e-mail marketing purposes, you may change your mind at any time by writing to us or e-mailing [email protected]
If you believe that the information we have for you is incorrect, please write to or e-mail us as soon as possible to enable us to rectify incorrect data.
You may request details of the personal information that we hold about you under the terms outlined in the Data Protection Act 1998 and General Data Protection Regulation (GDPR). Please write to ZLT Electrical Ltd, Unit 1 Brookfield Industrial Estate, Leacon Road, Ashford, TN23 4TU.