Here at FENSA, we are committed to a policy of protecting the rights and privacy of individuals. Protecting your personal information is of high priority for both the staff and management of FENSA.
FENSA has created this policy to ensure that:
* It complies with GDPR, PCI-DSS, UK PII and follows good practice.
* Both the PCI DSS and the GDPR aim to ensure organisations keep personal data in a secure way. The PCI DSS focuses on payment card and cardholder data, while the GDPR covers regulation for EU residents’ personal data. The important difference is that GDPR is more general than PCI DSS.
* It is open about how it processes and stores your personal information
* It demonstrates our accountability and responsibility for data protection
* It has implemented a GDPR compliant Subject Access Request (SAR) procedure for responding to all types of data privacy related requests.
FENSA is a government authorised Competent Person Scheme for the replacement of windows, doors, roof windows and roof lights in England and Wales against the relevant Building Regulations. FENSA is registered at Companies House as FENSA Limited (hereafter referred to as FENSA) as a limited company, registration number 03058561 and registered address of Newspaper House, 40 Rushworth Street, London, SE1 0RB
You’re advised to review their privacy policies before providing your personal data.
There are different ways in which we collect information about you. This includes when you use any of our websites and when you contact us via email, phone or post. In some instances, they will have a legal basis for us doing so.
FENSA collects certain personal information about you. These would include your name, business contacts, address, email address, IP address and in certain circumstances, employee details. FENSA does not hold/store any credit/debit card detail after the product and/or service has been paid in full.
FENSA may use your personal data:
* To notify you about changes to our services
* To fulfil our legal obligation under government licence and regulation
* To process financial payments
* To carry out obligations arising from any contracts entered into
* For market research, user trend studies, website user improvements and customer services
* To provide you with obligatory information
* To third parties who undertake services on our behalf in relation to our business operations, or where you have otherwise provided consent for us to do so (e.g. for promotional material)
* To provide you with information, products or services which you have requested or which we believe may be of interest to you
* To seek your views or comments on the services we provide
* To process job applications.
Your personal information will not be retained beyond what is required and will be held on our system for as long as it is necessary in relation to the purpose for which it was collected or for which it was further processed. The length of time for which we retain your personal information will take into account the legal and contractual requirements that influence the retention period.
Your personal information will be deleted or destroyed within a set time after it has been confirmed that it is no longer required to be retained.
FENSA work with third party service providers, who are a natural or legal person, public authority, agency or body other than the data subject (you), the controller (FENSA), a processing internal or external person or entity who, under the direct authority of FENSA or a processor, are authorised to process your data, such as Local Authorities, External Printing and Insurance companies.
All processing of personal data requires a lawful basis, e.g. Contractual or Legal Obligation, where Consent provides one such lawful basis.
Your consent is considered to be freely given, specific, informed and an unambiguous indication by you, through a statement or by a clear affirmative action, which signifies agreement to the processing of your personal data. For example, depending on the circumstances, valid consent could be provided verbally, in writing, by ticking a box on one of our web pages, by choosing technical settings in an app, or by any other statement or conduct which clearly indicates in this context your acceptance of the proposed processing of your personal data.
Your consent can be withdrawn at any time; however, your right to withdraw consent is not retrospective (i.e. you cannot withdraw consent to processing that has already taken place).
You have the right to obtain confirmation that your data is being processed and to access your personal data that we hold about you, which is known as a Subject Access Request (SAR). We will typically provide this information free of charge; however, we may charge a ‘reasonable fee’, when a request is unfounded or excessive, to cover administrative cost.
We take all reasonable steps to ensure that the information we hold about you is up to date and accurate. If, however, you change any of the information we hold about you, such as your address, then please contact us on email: firstname.lastname@example.org or write to us at: Newspaper House, 40 Rushworth Street, London, SE1 0RB.
How secure is your information?
All data held is protected by multiple layers of data and system security, i.e. (but not limited to) Data encryption, firewalling, intrusion detection, malware prevention, conforming to least privilege model (data held on our networks has access restrictions according to individuals, teams and business entity needs, which is reviewed on a regularly basis).
All data transfer to external entities, will be encrypted, transferred over a secure network and conform to 2FA (two factor Authentication
You may, at any time, prevent the setting of cookies through our websites by means of a setting on your Internet browser, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time using your Internet browser or other software programs. This is available in all popular Internet browsers.