Privacy Policy
You should know what information about you we collect and how we use it. This issue is very important to us, so we have set out full details in this policy.
Please take the time to read this policy in full and understand it.
You have complete control over your personal data processed by us and you have a genuine choice to accept or decline our requests to process your data.
We will only process your personal data with your consent, which we will confirm is freely given, specific, informed and unambiguous. You may withdraw your consent at any time where our right to process your personal data is based only on your consent.
To be helpful, we’ve included some links to other websites in this policy. Please note that these websites are controlled by other people, not us, and we are not responsible for them.
WHO ARE WE?
Balcas Timber Limited is a company incorporated in Northern Ireland (registration number NI 26014) and having its registered office at 75 Killadeas Road, Laragh, Ballinmallard, Enniskillen, Co. Fermanagh, Northern Ireland, BT94 2ES. Balcas Limited, incorporated in Northern Ireland (registration number NI 5325) and having its registered office at 75 Killadeas Road, Laragh, Ballinmallard, Enniskillen, Co. Fermanagh, Northern Ireland, BT94 2ES (collectively “Balcas”).
Our websites www.balcas.com, www.balcasdirect.com and www.balcasenergy.com and the related products, services and materials available thereon (together, the “Website“) is owned and operated by Balcas Limited, a company incorporated in Northern Ireland (registration number NI 5325) and having its registered office at 75 Killadeas Road, Laragh, Ballinmallard, Enniskillen, Co. Fermanagh, Northern Ireland, BT94 2ES.
We are what is known as ‘data controller’ of the information you provide to us. This term is a legal phrase used to describe the person or entity who controls the way information is used and processed. We will never wilfully disclose your personal data to any third parties without your prior consent.
We are registered under the Data Protection Act 1998 with the UK Information Commissioner’s Office. Our registration number is Z1019191
Balcas sells and supplies its products directly and through the Website (the “Products“).
WHAT INFORMATION DO WE COLLECT AND WHEN?
We only collect information that we will genuinely use for the purposes set out in this policy.
Specifically, we collect:
- All information you choose to submit to us. You can choose to submit information to us through a lot of different ways:
- Through hard copy paper product supply agreements signed by you;
- By entering your details into our website;
- Through forms, for example in signing up to an offers, news or a competition;
- By sending us emails and text messages (SMS or MMS);
- By adding posts, reviews and other comments to any of our websites, apps or other community forums;
- By interacting with us on social media platforms (such as Facebook, Twitter or LinkedIn);
- By speaking to us in our offices or over the telephone, for example in making an enquiry about a purchase or order for supply you have made, or a complaint; or
- By registering accounts on any of our websites or mobile apps including setting up passwords and preferred user names, contact details, account details, details of friends and relatives, your preferences and interests.
(Please note: If you submit details to us of any other person (e.g. a friend) please make sure you have their permission before doing so.)
- ‘Sensitive’ information on you, but far less frequently than the above information. ‘Sensitive’ information includes your racial or ethnic origin, religious beliefs or other beliefs of a similar nature and your physical condition. This may be submitted by you to us via forms so you have the choice as to whether to provide this information, however we may also obtain it though social media or through our analysis of your preferences, behaviours, and product usage patterns (see below).
- Full details of the purchases you make and products used on our websites, through our mobile apps or due to our product deliveries, including the time and date of purchase, the products supply you purchase from us, any relevant delivery address and details of any relevant payment card (such as a credit or debit card) you use.
- Your Balcas account number and related product transaction details such as the amount of product you bought or used, and the time and place you bought or used it;
- Information on what you view, click on and access in and through our marketing emails and text messages (SMS or MMS), websites and mobile apps. We may collect the time and geographic location of your device when you do so. For websites, this information may also include where you came to our site from, and where you went when you left it. We also track how often you visit and use our websites and mobile apps. We do this through the use of email and website cookies and similar tracking technology built into our mobile apps. We make cookie policies available on each of our websites to give you more detailed information on how we use them. The cookie policy for this website is set out https://www.balcasdirect.com/cookie-policy/
- Technical information about the devices you use to access our websites and on which you use our mobile apps. We may collect each device’s unique identifying code (MAC address), relevant IP address, operating system and version, web browser and version, and geographic location.
- Your social media content where this is in the public domain, and any messages you send direct to us via social media. This information can include posts and comments, pictures and video footage. You should review the terms and conditions and privacy policies of the social media that you use to ensure you understand what information relating to you may be placed in the public domain and how you can stop or limit it from happening.
- Postcode information. We sometimes use and process postcode data.
- Information from banking, credit card and credit reference agencies about your financial status and the status of any payment card presented to us (e.g. if it has been reported stolen) to check we are likely to be paid for any transaction, and to reduce the risk of fraud (see below);
- Profile information and insight from companies who already have information on you, such as credit reference agencies (“customer insight companies”). They give us their views on what your household may look like, your status, likely preferences and behaviours.
This information includes the likely makeup of your household (e.g how many children you may have and their likely average age) and what your household affairs may be like, the type of car you may have, your interests (including what magazines and newspapers you may read, your holidays and whether you are environmentally conscious or not) and where you may currently shop. It includes observations about your likely education and employment status, the type of job you may have and your likely financial status (including your mobile phone expenditure, what credit, debit and other cards you may hold, your current account status and the extent of any loans, investments and savings you may have).
It also places you into one or more defined behavioural and socio-economic groups. Information collected by smart meters, which may include telemetric data;
- Information collected independently by online advertising networks (for example Google) through whom we place advertisements. The information we obtain varies from network to network. It often summaries the actions of lots of people, and so does not enable us to identify you individually. It relates to what you view, click on, and access through websites in their network, including the subject matter of the site you started at and where you subsequently go. It may also include their analysis of your behaviour across the wider internet and a profile of you. If you are unhappy about this happening you should look out for “settings” and Do Not Track options in online advertisements and in the privacy and cookies functionality on your devices and consider changing your settings to block third party cookies in particular. We do not control the information on you that such networks obtain, or the technology they use to do so.
Employee Information
Employee Personal information includes personal identification, name, home address, gender, date of birth, personal email address, marital status, emergency contacts, social security or other taxpayer/government identification number, residency and work permit status, nationality, payroll/banking details, health data where required for Health and Safety/legislative purposes, information provided voluntarily during the course of an your application and employment term, information related to your employment, termination, performance during employment term, and any other information necessary to Balcas’s business purposes.
HOW DO WE USE YOUR INFORMATION?
We use the information we collect for many different things:
- To supply you with products and offer you supply of products;;
- To supply you with safety and technical information in relation to your product purchase;
- To ensure the product we supply to you is delivered and properly stored;
- To provide you with our websites and mobile apps, which require a certain amount of technical information in order to work properly.
- To power security measures and related services relating to your access to our website and mobile apps for example to enable us to recognise your username and password, but also reset those if you forget them;
- To enable you to buy products and services from us, which again requires a certain amount of information to be collected, for example your payment card details so we can take payment and so we can provide you with a receipt;
- To enable us to run competitions and offers for which you have signed up, about which we need to be able to communicate with you;
- To gather feedback from you about our products, websites, mobile apps, other services and activities from time to time. We may invite you to provide this feedback on occasion, for example by emailing you to ask you if you would like to review a product you have bought or a service you have used. We may use independent research and feedback providers to do so on our behalf.
- To contact you from time to time about things you have told us you want to hear about, for example our products, news, offers, new competitions and sponsored events;
- To respond to any questions, suggestions, issues or complaints you have raised with us;
- To respond to any social media posts or other public comments you makewhere these are made directly to or about us, our products, websites, mobile apps, services or other activities;
- To communicate with you about operational changes to our products, services, websites and mobile apps, for example if we were to withdraw one of our products, or change this privacy policy;
- To perform any purchase contract or supply agreement we have entered into with you but also to enforce a contract against you if you do not honour it, including seeking to collect any debts that we may be owed;
- To gather statistics about how you and other people use our website and mobile apps and what you think of our adverts, offers, news, product information, competitions, sponsored events, social media and other digital content. We then analyse these statistics to understand if these things appear interesting and meet most people’s needs, or if they should be improved, and if so, what design or other changes (e.g. around the nature and timing of communications) would be most beneficial both for our customers, and for our business.
- To check that you have or are likely to have the means to pay us for any products you have ordered from us;
- To monitor use of our websites and mobile apps to see if they are being abused or threatened for example by people posting inappropriate comments in review areas or by potential hackers looking to undermine their security;
- To protect you and our business against any other potential criminal behaviour, including potential identity theft and fraud;
- To understand you better and in particular, your habits and use of our products, , where you are from time to time, your personal circumstances and those of your firm, family or household.
Our aim is to excite you as much as possible and provide great service and value to you in everything we do.
By having really good information about you, we can focus on the things we think are most likely to be of real interest to you in everything we do, and especially when we send you offers, news, information on our products and details of new competitions and sponsored events, or present you with adverts and content online.
We can then, for example, provide you with money-off vouchers and rewards for the things you are actually buying from us, or for the product you are using, and for the things we think you might be most interested in from us in the future. We can also tailor these to your precise location, for example if there is a promotion local to you we think you may be interested in.
- To maintain administrative and statutory records about our business to enable us to understand what products we have sold, how, when, where and at what price and account to the tax authorities for the related taxes that we have to pay;
- To enable us and our third party service providers, to plan and manage our day-to-day business and related services as effectively as possible, for example in predicting likely sales volumes of any one product or geographic area, so we can try and make sure we have enough stock to meet likely demand;
- To enable us to understand what our customer and user base looks likeacross all our products and geographic areas. We do this by combining your information with information about our other customers and users of our products, websites, mobile apps, so we can spot trends and common factors amongst everyone. We can then further tailor our business approach and in particular, our marketing communications, use of digital media, products and services to the things we think you and other people like you would be most interested in. This process involves analysis of many human traits and is sometime called “market segmentation” or “customer segmentation”. We look at common trends or “segments” based on people’s geographic location, behaviours, shopping experience, financial standing, things they do on special occasions and the benefits they look for from products, amongst other things.
- To enable us to conduct focused market research based on those trends and factors, which we can then use to further improve our products and services for all of our customers;
- In the process of anonymising your information so that you are no longer identifiable to us or our third party service providers;
- To track your product use for the purpose of billing and planning supply, which may include telemetry, which is an automated communications process by which measurements and other data are collected and transmitted to receiving equipment in Balcas for monitoring.
- To comply with our commitment to reduce harmful emissions;
- To test new products and delivery systems and processes as we roll them out (but generally only in anonymous form) to make sure they work and will meet the high expectations we set for ourselves;
- To assist us in the development of new products and services over time, for example to gauge whether a new product is likely to be appealing to a large proportion of our customer base or not; and
- To analyse whether the money we spend on advertising, on any media and in search engines represents good value for us or not.
We do so in part by matching information common to the various different sources of information we have about you, to build a bigger, richer picture. So for example, if you sign up to a Balcas competition and provide your email address, and then register for an online account with us using the same email address, we link those two pieces of information together. We can achieve the same effect through matching product order transaction details and use data as well. By doing so, we can understand you better and provide a better service to you, as we set out above.
Employee information
Employee information is used and disclosed for our business purposes. These include but are not limited to establishing, maintaining or terminating employment relationships. This information may be used for any additional purposes that we advise you of and where your consent is required by law we have obtained your consent in respect of the use or disclosure of your personal information.
WHO DO WE SHARE YOUR INFORMATION WITH?
We cannot run our business or provide many of the services, product supply, and benefits you expect to receive without involving other people and businesses, and sometimes we pass your information to these other people and businesses as set out below.
We only share your information where we can do so in accordance with our legal data protection and privacy obligations.
We may share the information we collect with:
- all of our group companies, brands and business units that have relationships with our customers;
- other people and businesses who help us provide our installations, websites, mobile apps, products, and related services to you, for example, information technology companies who design and host our websites, and payment services companies who enable you to use credit or payment cards with us;
- our insurers and insurance brokers where required in order for us to be able to obtain insurance against risks we face in running our business. [They may retain this information for the purpose of ongoing risk assessment and insurance broking and underwriting services].
- credit reference agencies who provide anti-fraud and credit-insight information to us, central and local government departments, for example, banks and finance companies who also provide anti-fraud services, and customer insight companies (as set out above) in each case as necessary in order to benefit from their services. [Where we do so for anti-fraud purposes, the recipient organisation may hold your information on file for the purpose of their fraud-prevention services in future].
- any new business partners we may have over time, for example a joint venture, reorganisation, business merger or sale affecting us.
- our professional advisors for example our lawyers, accountants, auditors, and technology consultants when they need it to provide advice to us.
- the Police Services, local authorities, the Courts and any other central or local government bodies where they request it and we may lawfully disclose it, for example for the prevention and detection of crime.
- other people who make a subject access request or “SAR” to us, where we are allowed to do so by law (see “Managing Your Information” below for what we mean by a “subject access request”).
We also may share the information we collect where we are legally obliged to do so, for example e.g. to comply with a court order.
Employee Information
Employee information is shared as outlined in this Privacy policy. Other than this, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance we may need to pass on certain information to our payroll provider, pension or health insurance schemes. You have the right to withdraw this consent at any time.
Social media, blogs, reviews, and similar services
Any social media posts or comments you make to us will be shared under the terms of the relevant social media platform (e.g. Facebook, Twitter or LinkedIn) on which they are made and could be made public by that platform. These platforms are controlled by other people, not us, so we are not responsible for this sharing. You should review the terms and conditions and privacy policies of the social media platforms you use to ensure you understand how they will use your information, what information relating to you they will place in the public domain and how you can stop them from doing so if you are unhappy about it.
Any blog, review or other posts or comments you make about us, our products and services on any of our blog, review or user community services will be shared with all other members of that service and the public at large.
You should ensure any comments you make on these services, and on social media in general are fit to be read by the public, and in particular are not offensive, insulting, defamatory, or infringing upon any of Balcas’s trademarks. You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.
SECURITY OF YOUR INFORMATION
Much of the information we receive is provided in paper form, on our product supply contracts, or electronically, originating with your relevant device and then transmitted to us by your relevant telecoms network provider.
Where it is within our control, we put measures in place to ensure this “in flight” data is reasonably secure.
Once your information is received by us, we take its security very seriously.
We use appropriate procedures and technical security measures (including strict encryption, and archiving techniques) to safeguard your information across all our computer systems, networks, websites, mobile apps, offices and stores as much as possible.
We follow the Payment Card Industry’s Data Security standards (otherwise known as “PCI-DSS”).
We also use secure means to communicate with you where appropriate, such as ‘‘https’’ and other security and encryption protocols.
If you have any concerns about the security of your own personal computers and mobile devices, we suggest you read the advice of Get Safe Online, which can be accessed here. https://www.getsafeonline.org
INTERNATIONAL TRANSFER OF YOUR INFORMATION
Although we are a business based in Ireland and the United Kingdom, we need to use suppliers who are of an international standing on occasion to help ensure you receive the very best in products and services from us.
To allow us to run our business on this basis, the information we collect may be transferred to, stored and used at premises in countries around the world, outside of the EEA.
Please note that information protection laws do vary from country to country. In particular, the law of the country in which you are resident or domiciled may offer a higher standard of protection than the laws of those other countries in which we store and use the information we collect.
Our transfer of information to other countries could result in that information being available to government and other authorities in those countries under their laws.
Balcas will never transfer data abroad without strict adherence to the requirements of the General Data Protection Regulation (“GDPR”) and EU law to ensure your personal data enjoys the same safeguards elsewhere as it would at home.
HOW LONG DO WE KEEP YOUR INFORMATION FOR?
In accordance with our legal data protection, marketing and privacy obligations, we will only retain your information for as long as we actually need it to achieve the purpose(s) for which we obtained it in the first place.
We will then either securely delete it or anonymise it so that it cannot be linked back to you.
See ‘How do we use your information?’ above for full details of those purposes.
MANAGING YOUR INFORMATION
You can contact us to discuss your information at any point in time using the details provided below.
It is very important to us that all the information we hold about you remains accurate and up-to-date at all times to reduce the chances of us having a misunderstanding. We try hard to make sure this is the case at all times regardless of what information we hold about you.
We need your help in doing so though. If you have any account with us or are a Balcas employee, please ensure that the information you provide to us through that account /registration (e.g. any contact information you provide) remains accurate and up-to-date. Please review and update it regularly. You have a number of rights which we respect and aim to uphold in all that we do. These rights include:
- Correcting inaccurate information. If you have reason to believe any of the information we collect on you may be inaccurate, and you cannot correct such inaccuracy yourself through your registered accounts with us, please contact us (see below for how to do this).
- Stopping our marketing. We provide the means for you to stop all email and test (SMS or MMS) communications you receive from us – please see the ‘unsubscribe’ link and ‘STOP’ details we include in each email and text respectively. We also check all our post and telephone marketing activity against the Ireland and UK mail and telephone preference services, so you can register with these services as one way of stopping any such communications from us. You can also contact us at any time using the details below and let us know what you would like us to change.
- Asking us about your information. You have the right to ask us whether we hold information about you and if so, for us to give you certain details about that information and/or the information itself. This right is commonly known as a ‘subject access request’ or SAR. Certain exemptions and conditions apply to this right, including that it should be in writing and that you give us reasonable details about the information you seek.
- Reviewing our use of automatic computer processing. You can ask us to have one of our staff review a decision about you which has been taken automatically by computer. One common example is if we decline an order for product you place with us for anti-fraud or credit check reasons. Please note that these decisions can come about due to policy decisions taken by banks, card and payment processing companies, and credit reference agencies who separately hold information about you and to resolve them you may have to speak to them directly.
- Asking us to forget you. You have the “right to be forgotten” and we will erase your personal data held and processed by Balcas where we do not need to hold it for regulatory or legislative reasons.
We reserve the right not to comply with any requests we receive where we may lawfully do so, for example if we reasonably believe a request to be malicious, technically very onerous, to involve disproportionate effort or harmful to the rights of others.
If you have any complaints about our use of your information, please contact us. We will do our very best to resolve any complaint to your satisfaction. If, for whatever reason, you feel we do not meet the high standards we expect of ourselves, you have a right to complain to the UK Information Commissioner’s Office (or “ICO”). Please see the section “Where to go if you want more information about your privacy rights” for further details.
Please don’t forget that with modern technology you increasingly have personal control over what information we and other organisations collect. For example, you can delete cookies and tracking technologies stored on your own device through your web browser, and change related settings to restrict them going forward, for example by using private browsing modes (although this can affect your browsing experience on some websites). You can also use the settings options in your mobile devices to restrict what information websites and mobile apps can access and use about you. Online advertising networks, social media platforms and search engines (for example Google) also increasingly provide you with tools to manage the data they collect about you, how it is used and shared. We encourage you to proactively look for such functions and tools and use them to manage your privacy in a manner with which you are happy.
UPDATES TO THIS PRIVACY POLICY
We review our use of your information regularly. In doing so, we may change what we collect, how we keep it and what we will do with it.
As a result, we will need to change this policy from time to time to keep it accurate and up to date.
We may change our Privacy policy from time to time. The effective date at the end of this document indicates the last time this policy was revised or amended.
If, following any changes, you continue to use our websites and mobile apps, contact us by telephone or otherwise provide information to us (for example through our stores or social media) we will take it that you agree to those changes.
CCTV INFORMATION
We have CCTV in operation at some of our premises, including our offices at Enniskillen, Northern Ireland and Invergordon, Scotland.
All CCTV footage we capture is kept separate from all of the other information we collect about you (as set out above). It is not used or shared in the manner described above either.
All CCTV footage is captured purely for your security and for the prevention and detection of crime. For further details, please see our signage at each of our premises monitored by CCTV, or contact us using the details provided below.
WHERE TO GO IF YOU WANT MORE INFORMATION ABOUT YOUR PRIVACY RIGHTS
The UK Information Commissioner’s Office regulate data protection and privacy matters in the UK.
They make a lot of information available to consumers on their website. https://ico.org.uk/for-the-public/
They also make the registered details of all data controllers such as Balcas available publicly.
You can make a complaint to the ICO about our use of your information at any time. As mentioned above, please consider raising any issue or complaint you have with us first though. Your satisfaction is very important to us, and we strive to solve all problems and complaints wherever possible.
CONTACT US
If you want any further information about our use of your information, our websites or mobile apps or have any other privacy questions relating to us, we’d be happy to help you.
Contacts us at: privacy@balcas.com
Alternatively feel free to contact dpo@shvenergy.com
Thank you for taking the time to visit read about how we use your information.
Effective Date:
This policy was last modified on 28th May 2018