1. ABOUT US
1.1. This website is operated by CES Quarry Products Limited, a company incorporated in Northern Ireland with its registered address at 124 Crossgar Road, Saintfield, County Down, BT24 7JQ with company registration number: NI005383. We are registered with the Information Commissioners Office (ICO) as a Data Controller and our registration number is ZA313857. The website is published under our trading name Urban Quarry Outlet. We manufacture a range of products including ready mix concrete, screed, masonry units, aggregates, asphalt, bitmac and associated services and niche products (Goods and Services).
2. WHO DO WE HOLD DATA ABOUT?
2.1. The nature of our Goods and Services means that we may obtain and use Personal Data (that is information relating to an individual who can be identified) which we collect about or from our customers or prospective customers. This can be divided into 2 categories of individuals:
(i) Prospective Customers: that is people which might be interested in becoming a customer of ours. Any reference in this notice to Prospective Customer Data means Personal Data about Prospective Customers;
(ii) Customers: that is people who place an order for the provision of our Goods and Services. Any reference in this notice to Customer Data means Personal Data about Customers;
We will hold Personal Data about the categories of individuals listed above (each such individual, a Data Subject) as a Controller, which means that we make decisions about what data we collect and how it should be used to best serve our purposes. The reason for this notice is so that each Data Subject is clear as to what data we collect about them, what we do with that data, how long we store it for and their rights in relation to that data.
3. ABOUT THIS NOTICE
3.1. Under the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act 2018, we are required to provide individuals about whom we hold data as a Controller certain information about what we are doing with their data. This notice is intended to do just that. We’ve listed the individuals this notice is addressed to at paragraph 2.1 above.
3.2. This notice only deals with our use of Personal Data. If you click on any links to third party sites or products, you should check their privacy notices before disclosing any Personal Data to them.
3.3. We might need to change this privacy notice from time to time. We will publish our privacy notice on our website (www.urbanquarryoutlet.com) and do our best to update you directly if we think the changes might affect you. Please do keep an eye on our notice before sending us any Personal Data.
3.4. If you have any questions about this notice feel free to send us an email to sales@cesquarryproducts.com.
4. WHAT PERSONAL DATA DO WE COLLECT AND WHERE DO WE GET IT FROM?
Prospective Customers
4.1 There are a number of ways we might collect Prospective Customer Data:
(i) If a Prospective Customer contacts us directly (whether by calling us up, sending us an email, filling in a contact query on our website or if we meet you somewhere in person) and the Prospective Customer asks for information about our Goods and Services, we may retain information about that request, including the name and contact details of the Prospective Customer.
Customer Information
4.2 We may collect Customer Data in the following ways:
(i) Primarily we will obtain Customer Data from our customers when they place an order for Goods and Services on our website urbanquarryoutlet.com. This includes their name, address, and payment information to set them up as a customer and avail of our rights and fulfil our obligations under any goods and services agreement we enter into with them. This is likely to include Customers’ financial data as well as details of any past transactions and payment history with us.
Visiting our Stores
4.3 We collect CCTV images of everyone visiting our sites, so if you visit our shop as a Prospective Customer or Customer, we will record CCTV images of you during your visit.
Website & Social Media
4.4 Our website at www.urbanquarryoutlet.com is for promotional purposes and for the ordering of Goods and Services. Please note the ‘contact us’ operation will temporarily store the information entered. The website does utilise ‘cookies’. Please see our cookie policy for further information.
4.5 Website Security - We use a third-party service to help maintain the security and performance of our website. To deliver this service it processes the IP addresses of visitors to our website.
4.6 Social Media – We only use social media platforms / aggregator applications for sharing information about our company, engaging with those that have interacted with us and contributing to news / comments / groups that are relevant to our service offerings.
5. SPECIAL CATEGORIES OF DATA AND CRIMINAL OFFENCE DATA
5.1 In the UK some types of Personal Data are afforded special status because they are considered to be more sensitive in nature and could potentially cause more harm to an individual if the data was misused. These are:
- Special Categories of data include details about an individual’s race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data; and
- Criminal Offence Data means data relating to an individual’s criminal record.
5.2 We do not require nor request any data of this nature from Prospective Customers or Customers for the provision of our Goods and Services.
6. HOW WE USE PERSONAL DATA AND OUR LAWFUL BASES FOR DOING SO
Prospective Customer Data
6.1 We may use Personal Data about Prospective Customers as set out in the table below.
|
Purpose |
Description |
Lawful Basis |
|
To provide you with information about our goods and services |
If you have asked us to do so, we may use the details you give us to provide you with further information about our Goods and Services. We would usually do this by email. |
Legitimate Interest |
|
To secure our premises |
CCTV images are recorded at our premises for safety and security of everyone who visits or works at our sites |
Legitimate Interest |
|
To manage our website |
Customise our website and its content to your particular preferences based on a record of your selected preferences or on your use of our website. Further information can be found in our cookie policy (a link to which is provided above at paragraph 4.4) |
Consent
Legitimate Interest |
|
To manage our website |
Retaining and evaluating information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive or to check our website is working as intended. Further information can be found in our cookie policy (a link to which is provided above at paragraph 4.4) |
Consent
Legitimate Interest |
Customer Data
6.2 We may use Personal Data relating to Customers for the following purposes:
|
Purpose |
Description |
Lawful Basis |
|
To provide our Customer with goods and services |
This includes recording and retaining communications with our clients about their order and using that information to fulfil our contractual obligations with a customer. |
Necessary for the performance of the contract / Legitimate Interest. |
|
Administration and Dispute Resolution |
We may also need to process Personal Data about Customers to meet our internal administration requirements, to facilitate payments and, as well as for matters such as dispute resolution. |
Legitimate Interest |
|
To secure our premises |
CCTV images are recorded at our premises for safety and security of everyone who visits or works at our sites |
Legitimate Interest |
|
To manage our website |
Customise our website and its content to your particular preferences based on a record of your selected preferences or on your use of our website. Further information can be found in our cookie policy (a link to which is provided above at paragraph 4.4) |
Consent
Legitimate Interest |
|
To manage our website |
Retaining and evaluating information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive or to check our website is working as intended. Further information can be found in our cookie policy (a link to which is provided above at paragraph 4.4) |
Consent
Legitimate Interest |
7. DISCLOSURE OF PERSONAL DATA
7.1 We may disclose the Personal Data that we hold to our employees as well as other third parties who we engage to help us provide our Goods and Services. For example, we use third parties to provide the following services for the following services:
- Payment services provider
- Email provider
- Host Server provider
- Security Clearance Provider/CCTV Provider
- Hauliers and specialist contractors
- Certification Bodies
- Financial services provider
Any such parties contracted by us will be acting as our Processors and will be subject to strict contractual requirements only to use Personal Data in accordance with our privacy notice. If you would like more information about third party processors used by us, please contact us at sales@cesquarryproducts.com
7.2 We may also disclose Personal Data if:
7.2.1 We are under a duty to do so in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements or to protect the operation of our website, or the rights, property, or safety of us, Permitted Users, or others; or
7.2.2 To any buyer if we sell, transfer or merge parts of our business or our assets. If a change happens to our business, then the new owners will only be entitled to use Personal Data in accordance with the provisions set out in this privacy notice.
8. WHAT SECURITY MEASURES ARE IN PLACE?
8.1 We are aware how important it is for us to keep the data we hold about Users and other parties secure and have implemented the following processes and procedures:
8.1.1 Our employees are required to hold any data which they handle on our behalf securely and confidentially and are contractually bound to do so.
8.1.2 We make sure that any data processors (such as Microsoft) we use have a strong reputation for data security and are contractually obliged to implement adequate security measures to safeguard the data held.
8.1.3 We have physical and administrative security measures at our offices.
8.1.4 There are individual and company boundary firewalls.
8.1.5 Continuously updated anti-virus programmes minimise the likelihood of a phishing attack.
8.1.6 Encrypted file storage solutions with data access controlled on a ‘need to know’ basis.
8.1.7 On expiry of document retention date paper documentation is securely shredded by accredited professional confidential waste shredding services.
9. WHERE DO YOU STORE THE PERSONAL DATA YOU COLLECT?
9.1 We store any Personal Data we hold within the EEA and only use processors with servers in the EEA.
- Secure cloud storage (Microsoft) with data centres in the EEA.
- Secure cloud storage (One drive) with data centres in the EEA.
- Both Microsoft and OneDrive are signatories to the Privacy Shield Framework.
- CCTV images are held by onsite encrypted hard drive by Wilson Security Solutions.
9.2 We will only transfer Personal Data outside the EEA if:
- The territory has been deemed by the European Commission to implement adequate safeguards;
- Appropriate measures (such as model contract clauses) have been put in place;
- The company has registered with an EU recognised framework such as the EU-US Privacy Shield;
- The transfer is necessary for the performance of the contract with the Data Subject in question – for example, if users are based outside the EEA and it is necessary to contact them in connection with our Services to Users; or
- If we have obtained explicit consent from the Data Subject.
10. OUR RETENTION POLICIES
a. Our retention policies are as follows:
|
Type of data |
Retention Policy |
|
Transaction data |
For the life of the client contract + 7 years to ensure that we have sufficient records from an accounting and tax perspective |
|
Financial data |
For the life of the client contract + 5 year in case of renewed contract and/or any payment issues outstanding after the contract is completed. |
|
Emails |
Retained for life of the contract with automatic archiving after 10 years |
|
Usage data |
For the life of the client contract + 6 years in case of any dispute arising. |
|
Third party representative personal data |
This will be kept for the duration of our engagement with this party and an additional 5 years in case of any dispute arising. |
|
CCTV data |
The CCTV data is held for approximately 6 weeks from date of recording |
|
Integrated management system (IMS) data |
IMS related documentation will be retained in accordance with retention periods from the date of issue as specified in Document Register IF 13 |
11. RIGHTS OF A DATA SUBJECT
11.1 Data Subjects have the following rights against the Controller in respect of Personal Data held by the Controller which relates to them.
(a) Right to be informed: the right to be informed about what Personal Data the Controller collects and stores about you and how it’s used.
(b) Right of access: the right to request a copy of the Personal Data held, as well as confirmation of: • The purposes of the processing; • The categories of personal data concerned; • The recipients to whom the personal data has/will be disclosed; • For how long it will be stored; and • If data wasn’t collected directly from you, information about the source.
(c) Right of rectification: the right to require the Controller to correct any Personal Data held about you which is inaccurate or incomplete. (d) Right to be forgotten: in certain circumstances, the right to have the Personal Data held about you erased from the Controller’s records. (e) Right to restriction of processing: the right to request the Controller to restrict the processing carried out in respect of Personal Data relating to you. You might want to do this, for instance, if you think the data held by the Controller is inaccurate and you would like to restrict processing until the data has been reviewed and updated if necessary.
(f) Right of portability: the right to have the Personal Data held by the Controller about you transferred to another organisation, to the extent it was provided in a structured, commonly used and machine-readable format.
(g) Right to object to direct marketing: the right to object where processing is carried out for direct marketing purposes (including profiling in connection with that purpose).
(h) Right to object to automated processing: the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects (or other similar significant effects) on you. We do not carry out any automated decision-making process.
11.2 If you want to avail of any of these rights, you should contact us immediately at sales@cesquarryproducts.com. If you do contact us with a request, we will also need evidence that you are who you say you are to ensure compliance with data protection legislation.
11.3 We will confirm to you in writing to acknowledge receipt of any request we receive relating to your rights as a Data Subject, and we will let you know if we have complied with your request. If having, carried out an assessment, we believe we have an overriding reason for retaining the data, we will let you know why we have reached that conclusion.
12. WHAT HAPPENS IF YOU REQUEST US TO STOP PROCESSING PERSONAL DATA RELATING TO YOU?
12.1 You may notify us at any time that you no long want us to process Personal Data about you for particular purposes or for any purposes whatsoever. This may have an impact on the services you receive from us.
13. DETAILS FOR QUESTIONS OR COMPLAINTS ABOUT HOW WE PROCESS PERSONAL DATA RELATING TO YOU
13.1 If you have any questions or concerns about how we are using Personal Data about you, please contact our Data Protection Officer immediately at our registered address (see paragraph 1.1 above) or by email to sales@cesquarryyproducts.com. If we are processing Personal Data about you on behalf of Users, we will need to pass your complaint to Users – we will only do so with your consent.
13.2 We take any complaints or criticisms we receive very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. When we receive a complaint, we make up a report containing the details of the complaint, which we sometimes term a ‘non-conformance’. This normally contains the identity of the complainant and any other individuals involved in the complaint. We will only use the personal information we collect to process the complaint and to check on the level of service we provide.
13.3 We will keep records of complaints for a minimum of 2 years.
13.4 You may lodge a complaint with the Information Commissioner’s Office by following this link: https://ico.org.uk/concerns/.