PRIVACY NOTICE FOR THIS WEBSITE
The Consumer Code for Home Builders (“the Code”, “we”, “our” or “us”) respects the privacy of visitors to our website and is committed to the protection of their personal data. This privacy notice applies to the Code’s website www.consumercode.co.uk (“website”), and explains the data collection and use practices of our website.
This privacy notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
1. IMPORTANT INFORMATION AND WHO WE ARE
PURPOSE OF THIS PRIVACY NOTICE
The Code processes personal data to enable us to carry out our duties which may include the consideration and investigation of complaints, providing advice and information, undertaking research and corporate administration.
This privacy notice aims to give you information on how the Code collects and processes your personal data through your use of our website, including any data you may provide through our website.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
The Consumer Code for Home Builders Limited (a company incorporated and registered in England with company registration number 07081414) whose registered office is Westgate House, Royland Road, Loughborough, Leicestershire, LE11 2EH is the controller and responsible for your personal data (collectively referred to as the “Code”, “we”, “us” or “our” in this privacy notice).
Our Company Secretary is appointed as our data privacy manager and is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the Company Secretary using the details set out below.
Our full details are:
Company Secretary at Consumer Code for Home Builders Limited
Email address: firstname.lastname@example.org
Postal address: Westgate House, Royland Road, Loughborough, Leicestershire, LE11 2EH.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES
The data protection law in the UK will change on 25 May 2018. Although this privacy notice sets out most of your rights under the new laws, we may not yet be able to respond to some of your requests (for example, a request for the transfer of your personal data) until May 2018 as we are still working towards getting our systems ready for some of these changes.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Save as set out below, we do not disclose your individual visits to our website, or personal data that you provide, such as your name, e-mail address, postcode, etc., to any outside parties, except when we believe the law requires it.
As stated below, we may record and share aggregated and anonymous information with our Partners. We are not responsible for any information inputted outside our website, including on our Partner’s registration pages, as that information will be dealt with by our Partners and not us.
If you follow a link to any of these websites, please note that these websites have their own privacy notices or policies and that we do not accept any responsibility or liability for these policies. Please check these notices or policies before you submit any personal data to these websites.
2. THE DATA WE COLLECT ABOUT YOU
We may collect and process the following data about you:
- The Code only collects personal data (i.e. information from which you can be identified, such as name, address, telephone number or e-mail address) through our website, when it is voluntarily submitted by you, for instance when you submit an enquiry/complaint. This information is only used for the specific purpose for which it is submitted.
- We may also ask you for personal data when you report a problem with our website.
- If you contact us, we may keep a record of the personal data submitted.
- Details of visits to our website including, but not limited to, traffic data, location data and the resources that are accessed.
3. HOW IS YOUR PERSONAL DATA COLLECTED?
In general, we gather information about all of our users collectively, such as what areas you visit most frequently and what services you access the most. We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
We only use this anonymously and aggregated with other users’ information to protect your privacy. The information collected helps us determine what features and services are of most benefit to you in order to create the best possible service for you.
We may share this information with our website designers, but only anonymously and in the aggregate, so that they may also understand how you use the features and services of our website, and may also help to provide the best possible service to you.
We do not link a user’s IP address to personally identify information of that user, which means each user’s session will be logged, but the user remains anonymous to us.
Like many websites, our website uses a technology called ‘cookies’, which are small computer files that are placed in your computer’s memory by the computer that provides or ‘hosts’ the website. Cookies are used to track data such as the total number of visits to a website. We use this information, which remains in aggregate form, to understand how our visitors use our website, so that we may improve the services we offer.
They help us to improve our website and to deliver a better service. Some of the cookies we use are essential for our website to operate.
The Code does not use ‘cookies’ to collect your personal data.
The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States with a relevant Privacy Shield agreement in place. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage.
Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google undertakes not to associate your IP address with any other data held by Google.
As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the ICO Cookies website which offers guidance for all modern browsers.
4. HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following ways:
- To respond to enquiries or to provide you with the information that you request from us only. Please see our retention of records policy. For individual consumers we will not use your information to keep you informed by e-mail or direct mail about Code matters without your consent
- To send out regular email bulletins and our newsletters, together with briefing notes on Code activity. This will be to business to business customers, companies, corporate bodies and sole traders only unless you ask us not to. We will treat sole-traders as business to business customers as we have a legitimate interest to make contact in relation to Code compliance.
- To undertake research, compliance audit and mystery shopping.
- To administer the on-line training and ensure its efficiency and effectiveness.
- To ensure that content from our site is presented in the most effective manner for you and for your computer and make improvements where appropriate.
- To notify you about changes to our Code
- To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- As part of our efforts to keep our website safe and secure.
PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
|Type of data
|Lawful basis for processing including basis of legitimate interest|
|Respond to enquiries||Individual name, address, email address||Legitimate interest (to provide information to consumers, home builders, industry representatives and other interested parties).
To be able to identify any issues/trends and where the Code might need to be amended to provide better protection for the consumer.
|Provide bulletins, newsletters, together with briefing notes on Code activity||Individual name and email address||Legitimate interest/consent (to keep our records updated and provide information to consumers, home builders, industry representatives and other interested parties)|
|Monitoring compliance with the Code through research, compliance audit and mystery shopping||Individual name, address email address||Legitimate interest (to keep our records updated and for providing our services and provision of administration)|
|Administration of the on-line training to ensure its efficiency and effectiveness||Individual name, email address||Legitimate interest (for providing our services and provision of administration)|
|Ensuring content from our website is presented in the most effective manner and to make improvements where appropriate.||IP address, operating system and browser type||Legitimate interest (for providing our services and provision of administration)|
|To notify about changes to the Code||Individual name, address, email address||Legitimate interest (to keep our records updated and provide information to consumers, home builders, industry representatives and other interested parties)|
|To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes||Individual name, email, address, IP address, operating system and browser type||Legitimate interest (for providing our services, provision of administration and IT services and network security)|
|To keep website safe and secure||IP address, operating system and browser type||Legitimate interest (for providing our services, provision of administration and IT services and network security)|
5. WHERE WE STORE YOUR PERSONAL DATA
We will take all reasonable care to keep your personal data secure and prevent unauthorised access to it. All personal data you provide to us is stored on our secure servers within the EU.
In collecting personal data, obligations are imposed upon us under the data protection laws and we have to comply with the rules of good information handling practice, known as the data protection principles which require, amongst other things, that your personal data is processed fairly and lawfully, is accurate and relevant and is subject to appropriate security.
6. DISCLOSURE OF YOUR PERSONAL DATA
Your personal date may be shared securely with our Partner organisations, which means our supporting Home Warranty Bodies (LABC Warranty; NHBC and Premier Guarantee); our Independent Dispute Resolution Scheme provider (CEDR Ltd) and our contracted service provider who undertakes our compliance and auditing (Quincetree Ltd).
In addition to the specific disclosures of personal data set out in this Section 6, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
7. DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. in addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. DATA RETENTION
HOW LONG WILL YOU USE MY PERSONAL DATA FOR?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can be seen here:http://www.consumercode.co.uk/wp-content/uploads/2018/05/Retention-of-records-May-2018.pdf
In some circumstances you can ask us to delete your data: see Request erasure below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
9. YOUR RIGHTS
You have the following rights under data protection laws in relation to your personal data and you should contact the Code Secretariat at email@example.com to request these. You have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
NO FEE USUALLY REQUIRED
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
WHAT WE MAY NEED FROM YOU
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
TIME LIMIT TO RESPOND
We try to respond to all legitimate requests within 30 days. Occasionally it may take us longer than 30 days if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.