Privacy Policy
Sunshine Home Improvements Ltd Privacy Policy
We respect your privacy and are committed to protecting your personal data.
This privacy policy outlines your rights, how we handle your personal information, and the steps we take to protect it. Whether you are visiting our website, engaging with our team, making a product enquiry or purchase, or contacting us for pre- or post-installation services, this policy explains how your data is processed.
We’ve structured this privacy policy in a way that allows you to easily navigate to specific sections, covering areas.
Quick Navigation
Important Information and Who We Are
Purpose of this privacy policy
This privacy policy aims to provide clarity on how we collect, use, and safeguard the personal data you provide to us, whether through our website, in person, or over the phone.
It’s essential to read this policy along with any other privacy notices or data usage information we may provide on specific occasions, so you have a full understanding of how and why your data is being processed. This policy complements other notices and does not replace them.
Our website and services are designed for individuals aged 16 and over, and we do not intentionally collect data related to minors.
Who We Are (Controller)
Sunshine Home Improvements Ltd is the entity responsible for handling your personal data. This includes any data collected through our websites, apps, or as part of our sales and service processes. In this privacy policy, references to “we,” “us,” or “our” refer to Sunshine Home Improvements Ltd.
We have appointed a Data Protection Officer (DPO) to oversee compliance with this policy and to handle any questions or concerns you may have. You can find our contact details below if you need to get in touch.
Contact details
If you have any questions about this privacy policy or the way we manage your data, please contact our Data Protection Officer:
- Full name of legal entity: Sunshine Home Improvements Ltd
- Email address: enquiries@sunshine-home-improvements.co.uk
- Postal address: Sunshine Home Improvements, 28 Queen Street, Neath, Neath and Port Talbot, SA11 1DL
- Telephone number: 01792 812706
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the UK’s regulatory body for data protection (www.ico.org.uk). However, we encourage you to contact us first to resolve any concerns directly.
Changes to the privacy policy and your duty to inform us of changes
We regularly review and update our privacy policy to ensure it reflects our current data processing practices. This policy was last updated on [Insert Date].
It is important that the personal data we hold about you is accurate and up to date. Please let us know if any of your details change during your relationship with us.
Links to Third-Party Websites
Our website may contain links to external websites, plug-ins, and applications. By clicking on these links or enabling certain connections, third parties may collect data about you. We do not control these third-party websites and are not responsible for their privacy practices. We recommend reading the privacy policies of any websites you visit after leaving ours.
The Data We Collect About You
Personal data, or personal information, refers to any information relating to an individual that can be used to identify them. It does not include data where the individual’s identity has been removed (anonymous data).
We may collect, use, store, and transfer various types of personal data about you, which we have grouped as follows:
- Identity Data includes your first name, maiden name, surname, username or similar identifier, marital status, title, date of birth, and gender. If you visit one of our showrooms, depots, or offices, this may also include CCTV footage of you.
- Contact Data includes your billing address, delivery address (including any delivery requirements and restrictions), email address, and telephone numbers.
- Financial Data includes your bank account details and payment card information.
- Transaction Data includes details of payments made to and from you, as well as other details relating to products and services you have purchased from us.
- Technical Data includes your internet protocol (IP) address, device make and model, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology used on the devices you employ to access our website(s) or download and use our App.
- Profile Data includes your username and password if you have downloaded our App or created an account via our online shop, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
- Usage Data includes information about how you use our website(s) or App, and our products and services.
- Marketing and Communications Data includes your preferences for receiving marketing communications from us and your communication preferences.
We may also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data under the law, as it does not directly or indirectly reveal your identity. For instance, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature on our website. However, if we combine or connect Aggregated Data with your personal data such that it can directly or indirectly identify you, we will treat the combined data as personal data, in line with this privacy policy.
We may collect Special Categories of Personal Data about you if it is necessary for us to provide appropriate care and ensure your safety when visiting your home or delivering and installing our products there. For example, if you have a health condition, we may need to make reasonable adjustments to our sales or delivery process. However, we do not collect information regarding your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, or genetic and biometric data. Nor do we collect any details about criminal convictions or offences.
If You Fail to Provide Personal Data
Where we are required by law to collect personal data, or under the terms of a contract we have with you, and you fail to provide the data when requested, we may be unable to perform the contract we have, or are attempting to enter into, with you (for example, providing you with goods or services). In such instances, we may have to cancel a product or service you have with us, but we will inform you if this is necessary at the relevant time.
How We Collect Data
We use various methods to collect data from and about you, including:
Direct interactions. You may provide us with your Identity, Contact, and Financial Data by completing forms or corresponding with us via post, phone, email, or other means. This includes personal data you provide when you:
- enquire about or purchase our products or services;
- book an appointment;
- request marketing information to be sent to you;
- enter a competition, promotion, or survey; or
- give us feedback or contact us by any other means.
Automated technologies or interactions. As you interact with our website(s) or App, we automatically collect Technical Data about your equipment, browsing actions, and patterns. This personal data is collected through cookies and other similar technologies. Please refer to our cookie policy for further details.
- We may receive personal data about you from various third parties and public sources, as outlined below:
- Technical Data from the following sources:
- analytics providers such as Google, based outside the UK; and
- advertising networks.
- Contact, Financial, and Transaction Data from providers of technical, payment, and delivery services.
- Identity Data and other incidental personal data from housing associations, councils, and new-build suppliers in relation to the installation of our products at the property.
- Technical Data from the following sources:
- Identity and Contact Data from publicly available sources, such as your publication’s website if you are a journalist.
- Identity and Contact Data that you make available when you contact us or mention us via our social media pages, or when you write a review on Trustpilot or other relevant review website(s).
- Identity and Contact Data from the Post Office’s National Change of Address Database, the National Deceased Register, the Telephone Preference Service, the Mail Preference Service, or our chosen supplier of personal data accuracy services (see Marketing and Data Accuracy), as well as any similar external data lists that we may cross-reference.
How We Use Your Personal Data
We will only use your personal data when permitted by law.
The most common circumstances in which we will use your personal data are as follows:
- Where we need to perform the contract we are about to enter into, or have entered into, with you, or to take steps at your request before entering into such a contract.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation to which we are subject.
In general, we do not rely on consent as a legal basis for processing your personal data. However, we may occasionally ask for your consent to receive certain marketing communications from us. You have the right to withdraw any consent you have given at any time by contacting us.
Purposes for Which We Will Use Your Personal Data
We have outlined below, in a table format, a description of the ways we plan to use your personal data, along with the legal bases we rely on. Where applicable, we have also identified our legitimate interests.
Please note that we may process your personal data based on more than one lawful ground, depending on the specific purpose for which we are using your data.
If you need further details regarding the specific legal ground on which we are relying when more than one is listed in the table, please contact us.
Purposes for Which We Will Use Your Personal Data
| Purpose/Activity | Type of Data | Lawful Basis for Processing (including basis of legitimate interest) |
|---|---|---|
| To register you as a new customer or register your interest in our products and services. | (a) Identity (b) Contact |
Performance of a contract with you |
| To visit your property or arrange a remote consultation to provide you with a quote for our products or services | (a) Identity (b) Contact (c) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to follow up on your interest and provide the information needed for a purchasing decision) |
| To process and deliver your order, including: (a) Managing payments, fees and charges (b) Collecting and recovering money owed to us |
(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts owed to us) |
| To manage our relationship with you, which may include: (a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or take a survey |
(a) Identity (b) Contact (c) Profile (d) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep records updated and study how customers use our products/services) |
| To enable you to partake in a prize draw, competition, or complete a questionnaire or survey | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications |
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, and grow our business) |
| To administer and protect our business and our website(s) (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and data hosting) | (a) Identity (b) Contact (c) Technical |
(a) Necessary for our legitimate interests (for running our business, providing administration and IT services, network security, preventing fraud, and in the context of a business reorganisation or group restructuring) (b) Necessary to comply with a legal obligation |
| To deliver relevant website content and advertisements to you, and measure or understand the effectiveness of the advertising we serve | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical |
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business, and to inform our marketing strategy) |
| To use data analytics to improve our website, products/services, marketing, customer relationships, and experiences | (a) Technical (b) Usage |
Necessary for our legitimate interests (to define customer types for our products/services, keep our website updated and relevant, develop our business, and inform our marketing strategy) |
| To operate CCTV in our premises, including showrooms, operational depots, and offices | (a) Identity | Necessary for our legitimate interests (to ensure your safety and that of our people) |
| To make suggestions and recommendations to you about goods or services provided by us and other companies within our group that may be of interest to you | (a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications |
(a) Your consent, where applicable (b) Necessary for our legitimate interests (to develop our products/services and grow our business) |
| To introduce or refer you to other companies in our group providing products you have expressed interest in | (a) Identity (b) Contact (c) Profile |
Necessary for our legitimate interests |
| To broker credit agreements for purchasing our products with third-party lenders | (a) Identity (b) Contact (c) Financial (d) Marketing and Communications |
Necessary for our legitimate interests (to assess applications for credit facilities) |
| To conduct customer research | (a) Identity (b) Contact (c) Transaction (d) Profile (e) Usage |
Necessary for our legitimate interests (to improve our products and services through customer research) |
| To display case studies and/or testimonials through Sunshine Home Improvement Marketing channels | (a) Usage | Your consent |
Marketing
We aim to provide you with options regarding the use of your personal data, particularly in relation to marketing and advertising.
We regularly screen the personal data we hold about you against the Telephone Preference Service (TPS) and the Mail Preference Service (MPS), as well as our own internal ‘Do Not Contact List,’ to ensure that we are permitted to send you marketing communications. If you have given us your consent to receive specific marketing communications, your consent will override any information held by these screening services.
We do not share your personal data with third parties for marketing purposes. If this policy changes, we will seek your express opt-in consent before sharing your personal data with any such third parties.
Opting Out
We may use your Identity, Contact, Technical, Usage, and Profile Data to form a view of what we believe may be of interest to you or what you may need. This is how we determine which products, services, and offers may be relevant to you (referred to as marketing).
You will receive marketing communications from us if you have requested information or purchased goods or services from us, provided you have not opted out of receiving such marketing.
You can request that we, or any third parties, stop sending you marketing messages at any time by following the opt-out links provided in any marketing communication, or by contacting us during business hours.
Call Sunshine Home Improvements: 01792 812706
Email Sunshine Home Improvements: enquiries@sunshine-home-improvements.co.uk
Send a letter to Sunshine Home Improvements: Sunshine Home Improvements, 28 Queen Street, Neath, Neath and Port Talbot, SA11 1DL
Where you opt out of receiving marketing messages, this will not affect the use of personal data you have provided to us as part of a product or service purchase, warranty registration, product or service experience, or other transactions.
Cookies
You can configure your browser to refuse all or some cookies, or to alert you when websites set or access cookies. Please note that if you disable or refuse cookies, certain parts of our website(s) may become inaccessible or may not function properly. For more information about the cookies we use, please refer to:
Sunshine Home Improvement Cookie policy
Data Accuracy
We are committed to maintaining the accuracy of the personal data you have provided, such as your contact details, by cross-checking against external data lists like the Post Office’s National Change of Address Database, the National Deceased Register, and Call Credit through a data accuracy service provider. This helps us ensure that our records are up to date.
Change of Purpose
We will only use your personal data for the purposes for which it was originally collected, unless we reasonably determine that it needs to be used for another purpose that is compatible with the original one. If you would like an explanation of how the processing for a new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where required or permitted by law.
Disclosures of Your Personal Data
We may share your personal data with the parties listed below for the purposes set out in the table Purposes for which we will use your personal data on this privacy policy:
- Service providers who provide IT and system administration services and services platforms.
- Service providers based in the UK to whom we may subcontract the delivery and installation of your product.
- Other companies within our group that provide goods and services in which we understand you may be interested.
- Professional advisers, including lawyers, bankers, auditors, and insurers based in the UK, who provide consultancy, banking, legal, insurance, and accounting services.
- Our finance partners who provide you with credit via Sunshine Home Improvements Ltd, acting as the credit broker.
- HM Revenue & Customs, regulators, and other authorities based in the UK.
- Third parties with whom we may choose to sell, transfer, or merge parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If such a change occurs, the new owners may use your personal data in the same manner as outlined in this privacy policy.
- Third parties to perform measurement services on our behalf.
We require all third parties to respect the security of your personal data and to handle it in accordance with the law. We do not permit third-party service providers to use your personal data for their own purposes and only allow them to process your personal data for specified purposes in line with our instructions.
Data Security
We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorised manner, altered, or disclosed. Additionally, we restrict access to your personal data to those employees, agents, contractors, and other third parties who have a legitimate business need to know. They will only process your personal data following our instructions and are bound by a duty of confidentiality.
We have established procedures to handle any suspected personal data breaches and will notify you, along with any applicable regulators, of any breach where we are legally required to do so.
Data Retention
How long will you use my personal data for?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes for which it was collected, including meeting any legal, warranty, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe that litigation is likely in relation to our dealings with you.
To determine the appropriate retention period for personal data, we consider the quantity, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the data, whether those purposes can be achieved by other means, and the relevant legal, regulatory, tax, accounting, or other requirements.
In some circumstances, you may request that we delete your data (please refer to “Your Legal Rights” below for further information).
In some cases, we will anonymise your personal data (so that it can no longer be linked to you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This allows you to receive a copy of the personal data we hold about you and verify that we are lawfully processing it.
Request correction of the personal data we hold about you. This enables you to have any incomplete or inaccurate data corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This allows you to ask us to delete or remove personal data where there is no valid reason for us to continue processing it. You also have the right to request deletion or removal of your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your data unlawfully, or where we are required to erase it to comply with local law. However, we may not always be able to comply with your request for erasure for specific legal reasons, which will be communicated to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground, as you feel it impacts your fundamental rights and freedoms. You also have the right to object to us processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override your rights and freedoms.
Request restriction of processing of your personal data. This allows you to ask us to suspend the processing of your personal data in the following situations:
- If you want us to establish the accuracy of the data.
- Where our use of the data is unlawful, but you do not want us to erase it.
- Where you need us to retain the data, even if we no longer require it, as you need it to establish, exercise, or defend legal claims.
- If you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide you, or a third party you have chosen, with your personal data in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially consented for us to use, or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will inform you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact our Data Protection Officer.
No fee is usually required
You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to anyone who does not have the right to receive it. We may also contact you to request further information to speed up our response.
Time limit to respond
We aim to respond to all legitimate requests within one month. Occasionally, it may take longer than a month if your request is particularly complex or if you have made several requests. In this case, we will notify you and keep you updated.