Spire Framing collects data from customers and subscribers to the company website in order to complete a job form or send out emails with regard to company news, tips and offers.
Spire Framing respects your privacy so we will not sell your data to third parties, allow any access to the data that isn’t necessary to honour any other contracts we have in place or store excessive amounts of data we no longer need.
Spire Framing will comply with the General Data Protection Regulation (GDPR) (EU May 25th 2018).
Data Subject – any living person.
Third Party – another company who Spire Framing works with to provide services to the Data Subject.
Personally Identifiable Information – data belonging to the Data Subject that can be used to uniquely identify them.
Data Controller – any organisation that stores Personally Identifiable Information, Spire Framing.
Data Processor – any organisation that works on (processes) Personally Identifiable Information.
How we obtain your data
Spire Framing obtains your data via subscriptions and details entered on the frame pricing software, ‘Framiac’.
How we use your data
Spire Framing primarily uses data from the Data Subject either to serve a contract between Spire Framing and the Data Subject, or to provide information to the Data Subject about latest news, tips and offers.
Third parties which have access to the data collected
Data will not be sold on to third parties.
Spire Framing will allow Google Analytics to operate on their website in order to provide necessary anonymous analytical data. This may result in a small amount of Personally Identifiable Information being collected but this is only used as statistics and not for identification purposes.
Data will also be stored on the server of website hosting service, names.co.uk.
Data security and storage
Spire Framing will store data for only as long as necessary to fulfil the purpose for which it was obtained. Some data may be held for longer if it is either held on other systems that have not been updated, in backup data that has not expired or because of another lawful basis.
Personal data protection principles
We adhere to the principles relating to processing of Personal Data set out in the GDPR (as follows) which require Personal Data to be:
- processed lawfully, fairly and in a transparent manner (Lawfulness, Fairness and Transparency)
- collected only for specified, explicit and legitimate purposes (Purpose Limitation)
- adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (Data Minimisation)
- accurate and where necessary kept up to date (Accuracy)
- not kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is processed (Storage Limitation)
- processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage (Security, Integrity and Confidentiality)
- not transferred to another country without appropriate safeguards being in place (Transfer Limitation)
- made available to Data Subjects and Data Subjects allowed to exercise certain rights in relation to their Personal Data (Data Subject’s Rights and Requests).
Updates to our privacy notice
This Privacy Notice will be reviewed regularly and this page will be updated with changes.