“Century Composites Ltd” is a company registered in England and Wales (referred to as “Century” “we” or “us” in this policy.) Maintaining the security of your data is a priority at Century and we are committed to respecting your privacy rights. Century is also dedicated to being transparent about what data we collect and how we use it.
This policy provides you with information on:
- What personal data we collect
- How we get personal information, why we have it, how we share it and how long we keep it for
- How we protect your personal data
- Your legal rights relating to your personal data
This policy will be regularly reviewed and was last updated in September 2023.
The type of personal information we collect
We currently collect and process the following information:
- Personal identifiers, contacts and characteristics (for example, name and contact details such as email, address, phone number)
- Financial transactional information
- Any information you voluntarily share with us such as feedback, opinions or information provided via any of our helplines
- Device information such as IP address, referring website, Century pages your device visited and the time visited.
How we get personal information and why we have it
Most of the personal information we process is provided directly by you to us for one of the following reasons:
- To provide a support service to items you may purchase from us.
- To respond to enquiries and comments you may raise with us.
- To set up and manage your user account.
- To perform or finalise any transaction or order you have placed on Century websites.
- To communicate with you regarding our products, services and events which may be of interest to you, if this is in accordance with your marketing preferences.
- To improve our website with the object of ensuring content is presented in the most effective manner for you and your device.
- To analyse your use of our website for trend monitoring and promotional purposes.
- To keep our website safe and secure and comply with our legal requirements and obligations.
- For any other new purpose for which we notify you before collecting any personal data.
How we share personal data
Century Composites Ltd shares and transfers your personal data as described here and only in accordance with all privacy practices and local privacy requirements. We may occasionally share non-personal, anonymized and statistical data with third parties for our own business purposes.
The following are the parties with whom we may share personal information and why:
- Occasionally to third party contractors and providers which perform certain functions on behalf of Century, such as picking up and delivering products, sending email, removing repetitive information from client lists, analysing data and processing credit card payments, direct marketing services, and cloud hosting services. These parties only have access to such information as necessary to perform their functions and may not use it for any purpose other than to provide services to us.
- For any reason if, in Century’s sole discretion, we believe it is reasonable to do so, including to satisfy any laws, regulations, or governmental or legal requests for such information; in the event of a merger, sale, restructure, acquisition, joint venture or assignment, to disclose information that is necessary to identify, contact or bring legal action against someone who may be violating our Business Principles values or other terms and conditions; or to otherwise protect Century Composites Ltd.
Lawful basis for processing personal information
Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for processing personal information are:
- Your consent. You may remove your consent at any time by writing to us.
- We have a contractual obligation.
- We have a legal obligation.
- We have a vital or legitimate interest.
- We need it to perform a public task.
How we store your personal information and how long we keep it
Century follows strict security procedures for the storage and disclosure of information which you have given us in order to prevent unauthorised access, loss or destruction of your personal data. These may include:
- Technology safeguards eg anti-virus and endpoint protection software, monitoring our systems and data centres to ensure they comply with our security policies.
- Physical safeguards eg locked doors and file cabinets, controlled access to our facilities and secure destruction of media containing your personal data.
- Organisational safeguards eg training and awareness programmes on security and privacy, making sure employees understand the importance and means by which they must protect your personal data.
Century does not seek to collect sensitive personal data (also known as special categories of data). If we do so, we will always collect the data in accordance with local data privacy requirements. If you choose to provide us with unsolicited sensitive personal data, you will be asked to consent to our processing of such data on a case-by-case basis by using a specific express consent form.
Century does not knowingly collect or solicit personal data from anyone under the age of 16. If you are aged under 16, please speak to your parent/guardian to get their permission before you provide any personal information to Century because without this consent, you are not allowed to provide us with your personal data. If we learn that we have collected data from a person aged under 16, we reserve the right to delete such data with no prior notification or consent.
Century will retain your personal data for the time that is necessary to fulfil the original purposes for which it was collected. Please keep in mind that in certain cases a longer retention period may be required or permitted by law or to allow Century to pursue its business interests, conduct audits, comply with our legal obligations, enforce our agreements or resolve any dispute. Your data will be securely and safely deleted, destroyed and disposed of when we no longer need it.
The criteria used to determine our retention periods include:
- How long is the data needed to provide you with our products or services or to operate our business?
- Do you have an account with us? In this case, we will keep your data while your account is active or for as long as needed to provide the services to you.
- Are we subject to a legal, contractual, or similar obligation to retain your data? Examples can include mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of contract or litigation.
Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us in writing at Century Composites Ltd, 58-60 Hutton Close, Crowther, Washington, Tyne & Wear, NE38 0AH, United Kingdom if you wish to make a request.
How to complain
If you have any concerns about our use of your personal information, you can write to us at:
Century Composites Ltd, 58-60 Hutton Close, Crowther, Washington, Tyne & Wear, NE38 0AH, United Kingdom.
You can also complain to the ICO if you are unhappy with how we have used your data at:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk