Privacy and Cookies Policy

This Privacy Policy applies to Hayley Group Limited and all the companies in the Hayley group, in other words, our ultimate holding company (and any of its subsidiaries) as well as any subsidiary companies we may have from time to time. When we use the phrases “us”, “we”, “our”, we mean any and all of the companies in our group, so you can be assured that everyone in our group is committed to protecting and respecting your privacy.

This Privacy Policy applies to the personal data of anyone who uses our website, customers, client suppliers and other people with whom we may need to have contact.

Here we explain how we use any personal information we collect about you when you use this website, visit one of our locations and/or our wider services and how, when we do so, we comply with our legal obligations to you.

Topics:

  • Terms used in this policy
  • What information do we collect about you and how?
  • Cookies
  • Other websites
  • How will we use the information about you and why?
  • Marketing
  • Access to your information, correction and deletion-your rights
  • How long will we hold your data for?
  • Transferring your information outside of the EEA
  • Complaints
  • Changes to our Privacy Policy
  • How to contact us

Terms used in this policy:

Personal Data means any information relating to an identified or identifiable natural person, including, but not limited to, a first and last name, a home or other physical address and an email address or other contact information.

Data Controller means the person or organisation who determines the purposes for which and the manner in which any  personal data is processed. The Data Controller is Hayley Group Limited of Shelah Road, Halesowen, B63 3XL. Our Data Protection Officer is Garth Brinton. Any queries about this Policy should be directed to Garth who can be contacted at gdpr@hayley-group.co.uk. In the event of a serious data protection issue, there is a Group DPO who can be reached at the following email: dpo_sogedesca@descours-cabaud.net

Data Processor means a person or organisation which processes personal data for the Data Controller. Data Processing is any activity that involves the use of Personal Data.

What information do we collect about you and how?

We may process the following types of personal information: your name, email address, mobile phone number, other contact details and your preferences for types of marketing events or materials. We may also process your image through the CCTV equipment we use at our sites, as we explain further below.

We collect information about you when you register with us, place an order for products or services or fill in any of the forms on our website i.e. by sending an enquiry to us, signing up for an event or our newsletter, filling in a survey, giving feedback or taking part in any competitions or promotions we may run. We may also keep information contained in any correspondence you may have with us by telephone, post, email or other communication.

We may collect personal information from you directly or automatically when you use our website. We may also collect and use small pieces of personal information from our suppliers (for example bank details) so that we can be in touch with you and also pay you.

We operate CCTV at our locations and we may therefore collect your image when you visit any one of our locations. Our CCTV policy can be viewed at www.hayley-group.co.uk.

Our legal bases for handling this data are therefore to enable us to perform a contract with you and in addition, processing the data is necessary for the purposes of what we refer to as our “legitimate interests”. In other words, processing personal information about you is necessary for the purposes of our legitimate interests in ensuring we provide to you the business services you want to receive from us. If we do not collect and handle the personal data you provide to us, we will not be able to provide to you those services.

Website usage information is collected using cookies.

Cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser, and stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies can be used by web servers to identity and track users as they navigate different pages on a website and to identify users returning to a website.

Cookies may be either "persistent" cookies or "session" cookies. A persistent cookie consists of a text file sent by a web server to a web browser, which will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before the expiry date). A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

  1. Essential Cookies
    These cookies are essential for the running of our websites. Without the use of these cookies parts of our websites would not function, these are typically used within contact forms or the secure login section of our site.
  2. Analytical Cookies
    We use these types of cookies to monitor the usage of our website. These cookies provide us with information that helps us provide a better service / product to our customer, they also identify any areas that may need maintenance.
  3. Third Party Cookies
    We may also track IP addresses. An IP Address is a number that can identify an Internet Service Provider and country location. It cannot provide personal information.

How to control the use of cookies

You are not obliged to accept cookies and may modify your browser so that it will not accept cookies. The browser you use allows you to see cookies and control their use.

You can control them by allowing them, deleting them individually or deleting all of them. You can also set your browser to not accept cookies altogether. If this option is selected, you should be aware that many websites will not function properly or at all. It may be possible to set your browser to not accept cookies and ask for your consent before each cookie is set on your device. This gives you control over what is set on your device, however has the drawback of slowing down your browsing experience.

There are different levels of control too. You are able to prevent just third party cookies being deployed, effectively opting out of behavioural advertising, and some even allow you to block specific companies you do not wish to deploy a cookie, instead of selecting all companies.

In order to manage your cookies, please select your browser from the list below and follow the instructions:

Other Websites

Our website contains links to other websites. However, this privacy policy only applies to this website so when you link to other websites you should read their own privacy policy.

How will we use the information about you and why?

We will only use your personal information to:

  • Fulfil our contracts with you and supply you with the goods and services you have asked for;
  • Manage our relationships with you (for example customer services);
  • Provide to you promotional material about our products and services that we think you may be interested in;
  • Carry out other business purposes, such as audits, internal communications and/or other administrative purposes;
  • Monitor and assess compliance with various laws and our policies and standards;
  • Advise you about changes to our terms and conditions, policies or other administrative information;
  • For your security and safety whilst you are at any of our locations.

Our work for you may require your information to be passed between the companies within the Hayley Group, as we explained earlier.

In addition, and as we describe below, in the course of providing our goods and services to you, we may also need to pass your information to various, specific third parties. In these instances, we will only provide the personal information necessary to deliver our services and we require those third parties to keep secure your Personal Data so that they may not use it for their own direct marketing purposes.

The categories of third parties to whom we may need to forward your Personal Data are:

  • Any third-party contractors/service providers (including their sub contractors) that provide a service to us or act as our agents, on the understanding they keep the information confidential. These may include, but are not limited to, any third parties that process information on our behalf (e.g. IT support services in areas such as internet service and platform providers, other software and service providers that provide business solutions, and any payment processing providers), or any logistical services, such as delivery agents we use to deliver our goods to you;
  • Our professional advisers, including our legal advisers and our auditors, all of whom are under a duty to keep confidential any information we provide to them;
  • third parties we use for our marketing purposes, in areas such as digital and social media communications, customer care, advertising and market research, all of whom are required to keep your Personal Data secure and not to be used for their own purposes;
  • Credit reference agencies and other companies for use in credit decisions, for fraud prevention and to pursue debtors, on the understanding they keep the information confidential;
  • Insurance companies or regulatory authorities so as to comply with any legal and regulatory issues and disclosures;
  • Any legal or crime prevention agencies and/or to satisfy any regulatory request if we have a duty to do so or if the law allows us to do so;
  • any other organisations if we sell or buy (or negotiate to sell or buy) any business or assets.

We will only use this information subject to your instructions, data protection law and our duty of confidentiality. We will not share your information for marketing purposes with companies outside of our group.

Marketing

We would like to send you information about services and products of ours and other companies in our group which may be of interest to you. You have a right at any time to stop us from contacting you for marketing purposes or giving your information to other members of our group.

If you no longer wish to be contacted for marketing purposes, you can stop us contacting you by sending an email to: nomarketing@hayley-group.co.uk.

Access to your information, correction and deletion- your rights

The GDPR gives you certain rights in relation to the data we hold about you. You have the right to access particular Personal Data that we hold about you. You therefore have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email us at gdpr@hayley-group.co.uk or write to us at the following address: Shelah Road, Halesowen, B63 3XL. We shall respond promptly to any such request and in any event, within one month from the point of receiving the request and all necessary information from you. In certain (very limited) circumstances, we may make a small charge for this service. Our formal response will include details of the Personal Data we hold about you, including the following:

  • Sources from which we acquired the information;
  • The purposes for Processing; and
  • The persons or entities with whom we are sharing the information.

You also have the right to receive your Personal Data in a structured, commonly used and machine-readable format and have the right to ask us to transmit it to another controller if technically possible. We want to make sure that your Personal Data is accurate and up to date. You may ask
us to correct or remove without delay any information about you that you think is inaccurate by emailing us at gdpr@hayley-group.co.uk or writing to us at the above address.

You have the right to seek a restriction of the Processing of your Personal Data in certain circumstances. Further, you have the right to lodge an objection if you feel that one of the grounds relating to your particular situation apply. When you exercise your right to object, we must stop any processing unless we can show compelling legitimate grounds for the Processing, which override your interest, rights and freedoms, or the Processing is for the establishment, exercise or defence of legal claims.

Should you wish for us to completely delete all information that we hold about you, you should please contact the Data Protection Officer, who can be contacted at gdpr@hayley-group.co.uk.

How long will we hold your data for?

We operate data retention provisions that set out the length of time certain types of records will be maintained by us. Where those records contain Personal Data, we will ensure that the records are destroyed securely and are only kept for as long as necessary to deliver your goods or services, administer your account and therefore fulfil our professional obligations to you, also taking into account our need to meet any legal, statutory and regulatory obligations with which we are bound to comply. Further, our need to use your personal information will be reassessed on a regular basis and we will dispose securely and safely of Personal Data which we no longer require. You will have the opportunity to opt out or update or delete data at any point should you need to do so and details are set out in this policy as to how to achieve this.

Transferring your information outside of the UK

As part of the services offered to you through this website, the information which you give to us may be transferred to countries outside of the UK. For example, some or our third-party providers may be located outside of the UK. Where this is the case, we will take steps to make sure the right security measures are taken so that your privacy rights continue to be protected as outlined in this policy. By submitting your Personal Data, you are agreeing to this transfer, storing or processing.

If you use our services while you are outside the UK, your information may be transferred outside the UK to give you access with those services.

Complaints

If you feel that your personal data has been processed in a way that does not comply with the GDPR, you have a specific right to lodge a complaint with the relevant supervisory authority. The supervisory authority will then inform you of the progress and outcome of your complaint. The supervisory authority in the UK is the Information Commissioner’s Office.