Privacy Policy

Data Protection Privacy Notice

This privacy notice tells you what to expect when we collect personal information from clients and potential clients.

Topics

  1. What information do we collect about you
  2. How will we use the information collected about you?
  3. Marketing
  4. Access to your information and corrections/changes
  5. Third parties
  6. Cookies
  7. Other websites
  8. Changes to our privacy policy
  9. Complaints
  10. How to contact us
  11. Changes to this Privacy Policy

 

1. What information do we collect about you?

We collect personal data about you including name and contact information if you:

  • Contact us with an enquiry
  • Ask us to provide a quotation for goods or services
  • Place an order with us for goods or services
  • Register for marketing communications
  • Make use of our website. Website usage information is collected by using Cookies (see below)

 

We will only collect the information which is necessary for us to process in order to meet your expectations.

Where you place an order with us for services we will require you to supply certain information in order that we can meet our contractual obligations to you and comply with our legal obligations to you (including health & safety and accounting obligations).

2. How will we use the information collected about you?

We will use the information you provide in order to provide the services you have requested to you.

Our lawful basis for processing personal data belonging to clients are:

1. To comply with our contractual obligations (i.e. provide the service, collect payment)

2. To comply with our legal obligations (including tax and revenue record keeping, health & safety compliance)

3. In the event of any legal claims arising out of the services we provide

4. Our legitimate interests in relation to marketing activities relating to commercial contacts and clients which includes additional care, safety, maintenance and warranty information

5. Where we have active consent to send marketing materials to consumer contacts and clients

Collecting Data from Vulnerable Persons:

Communicating privacy information to children and vulnerable individuals in a clear and plain
way under UK GDPR requires extra sensitivity and adaptation.

Content:

Simplify the language: Avoid legal jargon and technical terms. Use straightforward, age appropriate language that the individual can easily understand.

Focus on key points: Don’t overload the information. Break down complex concepts into smaller, digestible chunks. Focus on the most important aspects like what data is collected, why it’s needed, and how it’s used.

Use Visual Aids: Incorporate visual aids such as icons, graphics, and images to support the text. Visual elements can enhance understanding, especially for individuals who may struggle with written content.

Segment Information: Break down the information into smaller, easily digestible sections. This can make it less overwhelming for the reader and help them focus on one aspect at a time.

Consider different formats: Depending on the age and needs of the individual, offer the information in various formats like short videos, interactive web pages, or easy-read documents.

Highlight Important Points: Use formatting techniques such as bolding, bullet points, or different colours to highlight important points. This can draw attention to critical information.

Short Sentences and Paragraphs: Keep sentences and paragraphs short. This can improve readability and make the content more accessible, particularly for those with limited literacy skills.

Accessibility:

Ensure multiple communication channels: Some children or vulnerable individuals might prefer different communication methods, like printed materials, audio recordings, or email.

Consider accessibility needs: Provide the information in formats accessible to individuals with disabilities, such as text-to-speech or braille versions.

Pay attention to accessibility features, ensuring that the information is available in formats suitable for individuals with disabilities.

Engagement:

Tailor the communication to the audience: Consider the age, cognitive abilities, and interests of the individual while crafting the information.

Use relatable examples: Explain data collection and use through everyday scenarios that the
individual can understand.

Empowerment: Make sure the information explains how the individual or their parent/guardian can control their data, such as access, rectification, or deletion rights

Information Society Services’ (ISS) & Age Verification

Verifying age and obtaining parental/guardian consent for children accessing information society services (ISS) like social media in the UK presents a complex challenge.

UK GDPR: The GDPR applies to children’s data and emphasises parental consent for those under 16.

Age Verification Methods:

Self-declaration: This is the simplest method, but prone to inaccuracy as children can easily misrepresent their age. During the registration or account creation process, ask users to provide their date of birth. However, relying solely on self-declaration may not be sufficient, as users may provide inaccurate information.

Government-issued ID verification: While more reliable, it raises privacy concerns and may not be feasible for all users, especially younger children. Implement identity verification mechanisms, such as requiring a copy of an official ID or using third-party age verification services. This method can be more reliable but should be done in compliance with data protection laws.

Age estimation through voice or image analysis: Emerging technologies offer some promise, but accuracy remains questionable and raises ethical concerns regarding data collection and bias.

Parental controls and filtering tools: These enable parents to restrict content and monitor activity but rely on active parental involvement and may not be foolproof.

Parental Consent Methods:

Verifiable Parental Consent: Sending an authorisation code to a parent’s phone or email can be effective but requires parents to be digitally engaged and accessible. When the user is identified as a child, implement a system for obtaining verifiable parental or guardian consent. This may involve sending a consent request to a parent or guardian through a separate communication channel, such as email or physical mail.

Credit card verification: Requires parental financial involvement, not ideal for all families and raises data security concerns.

Two-Step Verification: Implement a two-step verification process, where the child initiates the registration, and the parent or guardian must complete a separate step to provide consent.

Dedicated parental consent platforms: Some platforms allow parents to register and manage their children’s online access across various services.

Challenges and Considerations:

Accuracy and security: Balancing robust verification with user privacy and avoiding data breaches is crucial.

User experience: Age verification processes should be user-friendly and not create undue barriers for genuine users.

Inclusivity: Consider accessibility for children with disabilities and families from diverse backgrounds.

Transparency and trust: Clearly communicate data usage and age verification processes to both children and parents.

Privacy Settings for Children: Implement default privacy settings that prioritise the safety and privacy of children. For example, limit the visibility of personal information and restrict contact from unknown users.

Regular Audits and Monitoring: Conduct regular audits and monitoring to ensure compliance with age verification and parental consent processes. Regularly review and update these processes to align with evolving legal requirements.

Data Minimisation: Only collect and process the minimum necessary personal data for age verification and parental consent purposes. Avoid unnecessary data collection to reduce privacy risks.

Continuous Communication: Maintain open and continuous communication with parents or guardians, providing updates on privacy practices, security measures, and any changes that may affect children’s use of the platform.

Transfer of Data outside of the UK & EU

We do not transfer personal data to countries outside the UK/EU.

If you make an enquiry or request a quotation, we will keep your information for as long as is necessary to answer the enquiry or supply the quotation and then for a period of 12 months in the event you decide to use our services.

If you place an order for our services, we will keep your information for the duration of the services and then for a period of 6 years in the event of any legal proceedings. We may be required by a contract or by law to retain certain information for longer (e.g. warranty information or health and safety information).

We may seek your consent to keep information relating to a project we have completed on your behalf for a longer period in order that we can use the information to demonstrate our competence and quality of our work to other interested parties.

We may use images of a project we have completed on your behalf for advertisement purposes but we will ensure that you or any other person cannot be identified from the images used.

3. Marketing

As a business we do not send marketing communications to contacts or clients.

We would always seek an individual’s consent to sending marketing materials.

4. Access to your information and corrections/changes

If you would like to know what information we hold about you please write to us using the contact details below. We will usually supply copies of the information held within 30 days of receiving your request.

Please notify us if any of the information we hold about you has changed or is incorrect, we will be happy to update this for you.

5. Third parties

We may need to provide certain third party organisations with your information in order to provide our services.

We will only provide them with the information they require and will only permit them to use the information for the required purpose only.

If any such third party has used your information for any other reason without your consent please notify us using the details below and we will investigate the matter.

The third parties we anticipate sharing your information with include:

  1. Third party contractors and suppliers (e.g. subcontractors, courier services)
  2. Authorisation bodies where we need to obtain consents and permissions to perform the services (e.g. local planning authorities, the Environment Agency)
  3. Our accountants for tax and revenue accounting
  4. HMRC for tax and revenue purposes
  5. The Health and Safety Executive for the purposes of health & safety reporting and compliance

 

6. Cookies

Our website uses cookies, which are text files which record information about website use. Further information can be found in the cookie policy which is on our website.

7. Changes to our privacy notice

We keep this privacy notice under regular review and will post details of any changes below. This privacy policy was last reviewed on shown on the table below.

8. Complaints

We strive to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously.

If you think that our collection or use of information is unfair, misleading or inappropriate please bring it to our attention. We would also welcome any suggestions for improving our procedures. You may report any concerns regarding the way in which we have handled your personal data to the Information Commissioner on 0303 123 1113 or by using this link https://www.ico.org.uk/concerns.

9. How to contact us

Company: The Wiggett Group Ltd 
Name: Mr. Reece Wiggett
Position: Director
Contact Address: Clapgate Farm, Warley Gap, Warley, Brentwood CM13 3DS 
Telephone: 01277 231 906

10. Changes to this Privacy Notice

We have made the following changes to this Privacy Notice

Date

Change

17th May 2018

New Policy – Mr Reece Wiggett (Director)

15th May 2019

Policy Review – Mr Reece Wiggett (Director)

16th May 2020

Policy Review – Mr Reece Wiggett (Director)

16th Feb 2021

Policy Review – Mr Reece Wiggett (Director)

14th Feb 2022

Policy Review – Mr Reece Wiggett (Director)

7th Oct 2022

Policy Review – Mr Reece Wiggett (Director)

1st June 2023

Policy Review – Mr Reece Wiggett (Director)

5th Jan 2024

Policy Update (Vulnerable Persons) – Mr Reece Wiggett (Director)

Name: Mr. Reece Wiggett
Position: Director
Date: 5th Jan 2024
Review Date: 4th Jan 2025