Wintech Engineering Ltd – Privacy Policy

At Wintech Engineering Ltd, we are committed to ensuring your privacy. Our Privacy Policy describes how we collect and process your Personal Data. We encourage you to read this Privacy Policy as well as our Terms and Conditions (referred to throughout as our “Terms“).

In order to comply with the requirements of the General Data Protection Regulation (GDPR) this Privacy Policy outlines the legal basis on which we process your Personal Data and provides other information required by the GDPR.

Contents

  1. Who We Are
  2. Information About Your Personal Data
  3. How We Collect and Use Personal Data
  4. How We Disclose Personal Data
  5. Legal Basis for Processing
  6. Consent as a Basis for Processing
  7. Your Rights
  8. Opting Out
  9. Data Retention
  10. Security
  11. Cookies
  12. Google Analytics
  13. Links to Other Websites
  14. Photography
  15. Data Transfers
  16. Data Backups
  17. Transferring Data Packs – Dropbox
  18. Mobile Device
  19. CCTV
  20. Personal Data Breach
  21. How to Contact Us

1.            Who We Are

We are Wintech Engineering Ltd (referred to herein as “Wintech,” “we,” “us,” or “our“). We are a UKAS accredited testing laboratory and certification body providing a comprehensive range of services to the building and construction industries, either onsite or at our own state-of-the-art test laboratory in Telford, Shropshire, in the heart of the United Kingdom.

2.            Information About Your Personal Data

This Privacy Policy relates to data about you. “Personal Data” is information that can be used to identify you, directly or indirectly, alone or together with other information. This includes things such as your full name, email address, phone number and precise location.

Wintech collects, uses and processes Personal Data as outlined in this Privacy Policy, including to operate and improve the Services we offer and our business; for advertising and marketing, as further described in this Privacy Policy.

3.            How We Collect and Use Personal Data

We collect your Personal Data in a number of ways and for various purposes, including:

a. When you contact us to request our Services.
We collect Personal Data when you request our Services, including when you email us, telephone us or talk to us face to face. This Personal Data may include name, address, phone number, email address and payment information. We use this data to create your account, enable you to purchase our Services, and to provide the services generally, including to develop, enhance, and improve our Services and your experience. We also use this data for internal purposes related to certain research, analytics, innovation, testing, monitoring, customer communication, risk management, and administrative purposes. We also provide an optional live messaging service, ‘Tawk.to’, to correspond with users on our website. Tawk.to stores information you provide to us as a transcript which we can use to provide quotations and advice on our services. Tawk.to servers are based in the US.

b. When you connect with us through social media.
You may choose to connect with us through various social media or social networking services, such as Facebook and Twitter (“Social Networking Service” or “SNS“). When you connect using your SNS accounts, we may collect Personal Data that you have provided to that SNS.

c. When we collect data from third parties or publicly-available sources.
We may obtain certain data about you from third party sources to help us provide and improve the Services and for marketing and advertising. We may combine your Personal Data with data we obtain from our Services or third parties to enhance your experience and improve the Services, such as informing you of changes in legislation new industry initiatives.

4.            How We Disclose Personal Data

We may disclose your Personal Data for the purposes as described in the prior section of this Privacy Policy in the following ways:

a. For Advertising and Marketing.
With advertising and marketing partners for advertising and marketing purposes on Wintech’s behalf.

5.            Legal Basis for Processing

This section addresses the legal basis for processing your data. Some processing is addressed in multiple sections because more than one legal basis may apply depending on the circumstances or service.

For the purposes of GDPR, Wintech is the controller of the Personal Data you provide to us (“Data Controller”). As a Data Controller, we process the Personal Data we maintain about you in accordance with this Privacy Policy. If you have any questions or concerns regarding the processing of your Personal Data, or if you have questions regarding this Privacy Policy, please see contact us.

We collect and process your Personal Data for a variety of purposes outlined in this Privacy Policy. In certain cases, separate consent is not required, including:

a. For the performance of a contract
To perform our contractual obligations to you, including initial enquiries, fulfilling orders (including processing of payment), contacting you in relation to any issues with your order, in relation to the provision of the Services.

b. To meet legal obligations
To comply with laws, regulations, court orders, or other legal obligations or to assist in an investigation.

c. For Legitimate Interests
To operate our business and provide the Services, other than in performing our contractual obligations to you for Wintech’s “legitimate interests” for the purposes of GDPR – except where overridden by the interests or fundamental rights and freedoms that require protection of Personal Data. For example, the following areas include processing covered by Legitimate Interests, subject to applicable law:

  • Communication
    To communicate with you regarding the Services, including to provide you important notices regarding changes to our Services and also to address your requests, enquiries, and complaints. We may send strictly necessary communications, including emails, even if you have opted out of receiving other Wintech emails or communications. These types of communications do not require consent.
  • Respond to Your Requests
    To respond to your requests for technical support, product information or to any other communication you initiate. This includes accessing your account to address technical support requests.
  • Promotional Messages
    We process your non-sensitive Personal Data to provide you with promotional messages and marketing, including when you communicate with us or sign up for promotional materials.
  • Surveys
    To send you surveys in connection with our Services, unless commercial in nature. In those cases, a survey request may be sent to you if you have given us your consent to receive marketing from us.
  • Compliance with Law and Public Safety
    To assist in the investigation of suspected illegal or wrongful activity, including sharing information with other entities for fraud, loss, and crime prevention purposes. To protect and defend our rights and property.
  • Improvement and Development
    To develop, provide, enhance, and improve our Services and your experience, including to enable you to use the full range of our Services. For internal purposes related to certain research, analytics, innovation, testing, monitoring, customer communication, risk management, and administrative purposes.
  • Enforcing Terms and Conditions
    To enforce our Terms and Conditions or this Privacy Policy.
  • Merger or Acquisition
    To support a contemplated reorganization or an actual reorganization of our business, in connection with financing, a sale, or other transaction involving the disposal of all or part of our business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction.

6.          Consent as a Basis for Processing

In some cases, we will ask for your consent to process your Personal Data. You may indicate your consent in a number of ways, including ticking a box (or equivalent action) to indicate your consent when providing us with your Personal Data through our Services or a form (including enrolling in Promotion). We may request your consent for a number of activities including:

a. Wintech Marketing and Communication.
We may ask for your consent to contact you by telephone and/or email about other offers, products, Promotions, events, or services that we think may be of interest to you and for other marketing purposes.

b. Promotions.
We may ask you for permission to use your Personal Data for special offers, events, and other Promotions. We may use the Personal Data we collect during Promotions, to administer the Promotion, verify identity, and to communicate with you about the Promotion.

7.           Your Rights

a. Right of access
You have the right to request a copy of the information that we hold about you. You can request this data, free of charge, by contacting us using the details in Section 21. You have the right to obtain:

  • Confirmation that your data is being processed;
  • Access to your personal data; and
  • Other supplementary information

We will provide you with this information within 1 month from the date of your request. This may be extended to 3 months where your request is particularly complex.

Should you make multiple requests, or where your request is deemed to be complex or excessive, we may charge you a reasonable administration fee so supplying you with the data.

b. Right to rectification
You have the right to request updates to the information that we hold about you if that information is incorrect or incomplete. You can request an update, free of charge, by contacting us using the details in Section 21. We will update your information within 1 month from the date of your request. This may be extended to 3 months where your request is particularly complex.

Should you make multiple requests, or where your request is deemed to be complex or excessive, we may charge you a reasonable administration fee so supplying you with the data.

c. Right to erasure (also known as ‘the right to be forgotten’)
You have the right to request the information that we hold about you to be erased. You can request deletion of this data, free of charge, by contacting us using the details in Section 21. Your right to erasure only applies in certain circumstances.

You have the right to have your personal data erased if:

  • Your personal data is no longer necessary for the purpose which we originally collected or processed it for;
  • You object to the processing of you data, and there is no overriding legitimate interest to continue this processing;
  • We are processing your personal data for direct marketing purposes and you object to that processing;
  • You feel that we have processed your personal data unlawfully.

Where your request is acceptable, we will erase your information within 1 month from the date of your request. This may be extended to 3 months where your request is particularly complex.

Should you make multiple requests, or where your request is deemed to be complex or excessive, we may charge you a reasonable administration fee so supplying you with the data.

d. Right to restrict processing
You have the right to request to restriction processing of the information that we hold about you. You can request this, free of charge, by contacting us using the details in Section 21. Your right to restrict processing in the following circumstances:

  • Where you contest the accuracy of your personal data and you are verifying the accuracy of the data;
  • Where you feel that the data has been unlawfully processed and the you oppose erasure and request restriction instead;
  • Where you feel that we no longer need your personal data but you need us to keep it in order to establish, exercise or defend a legal claim; or
  • Where you have objected to us processing your data under Article 21(1), and we are considering whether our legitimate grounds override your request.

We will restrict processing of your information within 1 month from the date of your request. This may be extended to 3 months where your request is particularly complex.

Should you make multiple requests, or where your request is deemed to be complex or excessive, we may charge you a reasonable administration fee so supplying you with the data.

e. Right to data portability
You have the right to request a copy of your personal information so that it can be reused. You can request this, free of charge, by contacting us using the details in Section 21. We will provide you with a copy of your information in .csv format within 1 month from the date of your request.

f. Right to object
You have the right to object to us processing your personal information. You can object by contacting us using the details in Section 21. You can object to:

  •  Processing based on legitimate interests;
  • Direct marketing

We will update your information and preferences within 1 month from the date of your request.

8.            Opting Out

You may at any time “Opt Out” from receiving communications from us, without affecting the lawfulness of processing of your Personal Data before “Opting Out”. Depending on the Service, collection and use of Personal Data, processing may be required for the Services to work.

If you want to “Opt Out” you can do so by replying to any email communication from us or by contacting us directly.

9.            Data Retention

We will retain your Personal Data for as long as you continue to use our Services or as otherwise necessary to provide you the Services. We will also retain your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Where we no longer need to process your Personal Data for the purposes set out in this Privacy Policy, we will delete your Personal Data from our systems.

10.          Security

We implement appropriate technical and organisational safeguards to protect against unauthorised or unlawful processing of Personal Data and against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data. Please be advised, however, that we cannot fully eliminate security risks associated with the storage and transmission of Personal Data.

11.          Cookies

Our website uses cookies – these are small text files that are placed on your device to help our website to provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.

12.          Google Analytics

Our website sets “first party” cookies through its use of Google Analytics. We use Google Analytics to provide us with non-personal site analytics, which in turn help us improve this website. Google Analytics tracking uses cookies in order to provide meaningful reports about web site visitors’ but they do not collect personal data about you. Google Analytics sets or updates cookies only to collect data required for the reports. Additionally, Google Analytics only uses first-party cookies. This means that all cookies set by Google Analytics cannot be altered or retrieved by any service on any domain other than wintechtesting.com. Further detailed information on Google Analytics cookies can be found here.

13.          Links to Other Websites

Please note that this Privacy Policy does not apply to the practices of companies that we do not own or control or to people that we do not employ or manage. Our Services may provide a link or otherwise provide access to Third Party Sites. We provide these links merely for your convenience. We have no control over, do not review, and are not responsible for Third Party Sites, their content, or any goods or services available through the Third Party Sites. Our Privacy Policy does not apply to Third Party Sites, and any data you provide to Third Party Sites, you provide at your own risk. We encourage you to review the privacy policies of any Third Party Sites with that you interact with.

14.          Photography

We often use photography equipment to photograph/video record tests. The images and video content that we record is transferred direct to our secure servers as soon as possible before being deleted from the camera/mobile phone/tablet to ensure its security.

15.          Data Transfers

Should we need to transfer personal data from our secure server to another location. We will ensure that the data is transferred in a secure manner protected by encryption. We will never transfer personal data by USB, Cloud Storage or unencrypted email.

16.          Data Backups

As part of our disaster recovery process, we keep a backup of all of our data at a location remote from our head office. This contains all business critical information as well as personal information. Our backups are either transferred securely and secured on a 3rd party server or a kept on an encrypted external hard drive.

17.          Transferring Data Packs – Dropbox

Part of our unique onsite testing and certification service requires us to transfer and store data packs online for fast and easy access between our remote testing/certification personnel and our office teams. The data transferred is limited to project related details and onsite contact details. We utilize Dropbox for this service as it employs specific data encryption to protect your personal data. Your personal data is stored on Dropbox for the duration of the testing/certification project before being removed and stored on our secure server. All IT equipment and mobile devices with access to this data are password protected to ensure your personal data remains confidential.

18.          Mobile Device

Our onsite test/certification teams utilize mobile devices on a day to day basis. The data on these mobile devices is protected by data encryption and are password protected. We only store personal data on mobile devices to enable testing and certification activities to be completed and any personal data is deleted upon completion of this work.

19.          CCTV

CCTV is used for maintaining the security of property and premises and for preventing and investigating crime, it may also be used to monitor staff when carrying out work duties. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, security organisations and persons making an enquiry.

20.          Personal Data Breach

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, including breaches that are the result of both accidental and deliberate causes, we will notify the Information Commissioner’s Office of the breach within 72 hours from its discovery. We will also contact individuals where the breach is likely to result in a high risk to the rights and freedoms of those individuals.

21.          How to Contact Us

If you have any questions, comments, or concerns about how we handle your Personal Data, then you may contact us at:

Wintech Engineering Limited

Halesfield 2,
Telford,
Shropshire,
TF7 4QH
Tel: +44 (0)1952 586580
Email: testing@wintechtesting.com

If you have a concern about how we handle your data, or you would like to lodge a complaint, you may do so by contacting The Information Commissioners Office.