Privacy Policy

What data do we collect?

Through normal operations, Plug&Cool may collect and process the following types of data from you:

Information acquired/provided through our Website such as using the Contact Us Form to request a call back or quotation. We will also ask you for contact information when you enter a competition or promotion, when you respond to a survey and/or when you report a problem.

  • If you contact us, we will keep a record of that correspondence. If you send us personal information which identifies you via email, we may keep your email and email address.
  • We may ask you to complete a data capture form such as a Credit Application Form or Service Provider questionnaire.
  • Any information we require to process orders as our Customer, for example, name, address, contact telephone number and/or email address.
  • Details of transactions you carry out through the Websites, over the phone, in person and the fulfilment of online orders placed.
  • Details of your access to our online resources or other materials, such as email campaigns.
  • Providing CVs or other information about yourself for specific purposes.

We review information of visits to our Website including, but not limited to, traffic data, location data, other communication data, and the resources that you access however this is statistical data about our browsing actions and patterns and will not identify any individual.

How do we use your data?

Your data will only be used for the purposes indicated when you submit the data or as detailed under this privacy policy.

We use personal information held about you in the following ways:

  • to update and enhance our records
  • to compile information relating to your use of our products and services and make recommendations about goods and services and other areas that may interest you
  • to carry out our obligations arising from any contracts entered into between you and us to provide you with the information, products and services that you request from us
  • to provide you with information about our goods and services which may interest you.

If you are an existing customer, we will only contact you by electronic means (e-mail) or post with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, we will contact you by electronic means or by post only if you have consented to this.

  • to invite you to participate in events or advise of events we are displaying at
  • we may analyse your data to create a profile of your interests and preferences so that we can contact you in the most appropriate way and with the most relevant information, for example, filtering by industry type.

You can opt-in/out of such notifications by following the instructions on the relevant areas of our emails or at any time.

How do we disclose your data?

All members of Plug&Cool have the ability to access Customer data records but are trained to meet GDPR standards on confidentiality and data processing.

We will not transfer any of your data to any third parties without your recorded permission, except for if the following applies.

We will disclose your personal information to third parties without obtaining additional consent if:

  • our business partners, suppliers and/or subcontractors require the information for the performance of any contract we enter into with you
  • we outsource any of our business functions under which we collect or store your data, in which case we will ensure that any such service provider adheres to at least the same obligations of security with regard to your data as undertaken by us
  • where we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms & Conditions or other agreements; or to protect our rights, property, or safety of our employees, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We will never sell your data to third parties.

Where do we store your data?

The data that we collect from you may be transferred to, and stored at, a destination within the European Economic Area (‘EEA’). It may be processed by staff who work for us or one of our sub-processors. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of agreed support services.

We utilise these support services in order to provide you with an efficient and high-quality service, the level of access and role of each service provider is detailed below, defined as subprocessors. We ensure that each sub-processor used have their own policies and procedures in place to comply with EU GDPR. Copies of their Privacy Policies can be found on their
website(s) or we can send you copies if requested.

Sub-Processors:

Strident Technology

IT support service and management of all Gibbons’ servers and systems.

May have access to personal data held on Gibbons’ servers and systems including sensitive data held in protected folders. No requirement or authorisation to view, use or process this data.

M2M Sage Support Service

M2M staff can potentially access personal data held on within Sage database. Database contains contact information and account details for all. Customers that have placed orders and/or Suppliers that Gibbons’ have purchased from. No requirement or authorisation to view, use or process this data.

Salesforce CRM System Platform

CRM Database used for Marketing and Quote to Order part of sales Process. Contains contact
information for the purpose of Marketing, Quotes/enquiries and Orders. No requirement or authorisation to use or process this data. Statement taken from Salesforce website (accessed May 2018) to reassure security: “Salesforce has security built into every layer of the Platform. The infrastructure layer comes with replication, backup, and disaster recovery planning. Network services has encryption in transit and advanced threat detection. Our application services implement identity, authentication, and user permissions. We also offer an additional layer of trust with Salesforce Shield, including Platform Encryption, Event Monitoring, and Field Audit Trail.”

Zynk Salesforce Support Service

Zynk staff can potentially access personal data held on within Salesforce database. The database contains contact information and marketing preferences for all Customers that have placed orders, received a quotation, or enquired about products and services. No requirement or authorisation to view, use or process this data.

By submitting your personal data to us, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. All sensitive data is secured and protected by way of encryption or equivalent measures to prevent theft or loss as far as is reasonably practicable.

Your Rights

You have the right to ask us not to process your personal data for marketing purposes at any time. We will usually inform you (before collecting your data) if we wish to use your data for such purposes and request your consent to these activities. If you wish to change your mailing preferences or opt-out of specific marketing communications sent from Plug&Cool, you may notify us at info@gibbonsgroup.co.uk.

Alternatively, you may contact us on 01621 868138. It may take up to 48 hours for the changes to come into effect.

You may also unsubscribe at any time following the link found at the bottom of all marketing sent via electronic mail.

The Website and our electronic mails may, from time to time, contain links to and from the websites of partners and affiliates.

If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please review these policies before you submit any personal data to these websites.

If you believe that we have not complied with this policy or have acted otherwise than in accordance with GDPR, you should notify the Data Controller(s). You can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with us wherever possible before involving them.

Access to Information

The Act gives you the right to access information held about you and your right of access can be exercised in accordance with this. Any access request may be subject to a fee (as amended from time to time) to meet our costs in providing you with details of the information we hold about you dependant on the scale and type of information requested.

If you would like to request a copy of your personal data under the Act or have any other related queries, please email info@gibbonsgroup.co.uk.

Accuracy

We will take reasonable steps to create an accurate record of any personal data you have submitted. However, we do not assume responsibility for confirming the ongoing accuracy of your personal data. You can update your personal data by emailing us at info@gibbonsgroup.co.uk or by calling us 01621 868138.

Please note that it can take up to 7 days for the changes to come into effect.

Questions/Contact

Questions, comments, and requests regarding this privacy policy are welcomed and should be addressed to Data Controllers amy@gibbonsgroup.co.uk.