Privacy and Fair Processing Notice
Clean Air Group is a trading style of:
Clean Air Technology Ltd – Registered in England and Wales No. 2709102
Clean Air Installations Ltd. – Registered in England and Wales 3915686
Clean Air Facilities Ltd. – Registered in England and Wales 03915661
Reg. Office: 5 Newton Close, Drayton Fields, Daventry NN11 8RR.
Tel: 01327 301383
We are committed to protecting and respecting your privacy. This Policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure. We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy. Any questions regarding this Policy and our privacy practices should be sent for the attention of the Data Administrator by email to: firstname.lastname@example.org
General Data Protection Regulation (GDPR)
Our website and internal processes are in line with the General Data Protection Regulation (GDPR) which aims primarily to give control back to citizens and residents over their personal data as well as address the export of personal data outside of the European Union (EU).
The Data Protection Act (DPA), Privacy and Electronic Communications Regulations (PECR) and The General Data Protection Regulation (GDPR) rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU. GDPR does not apply to information already in the public domain for example Companies House data.
How we collect information from you and information provided to us by other companies
We obtain information about you from emails, phone calls, via our website and using data provided for our use by the third-party list provider Market Location Ltd. (a ‘118 Group’ company) – their privacy & fair processing notice is here. We also use analytics, cookies, documents and forms – for example when you contact us about products and services, make an online purchase or if you register to receive one of our newsletters.
We will only collect the information needed so as to provide and market our HVAC services to you. If we use data provided by other companies we take careful steps to ensure that it is appropriate to use to contact you within our stated lawful legal basis for data processing being ‘legitimate interest’.
What type of information is collected from you?
The personal information we collect might include your name, address, your email address, your company name and role, IP address, and information regarding what pages are accessed and when. If you purchase a product from us, your card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions, as explained below.
The basis for and purposes of the processing: how and why may your information be used?
We are a data controller and/or data processor of your personal data. We or third party service providers working on our behalf, may process your personal information for our legitimate business interests. We use Legitimate Interest as defined by Article 6(1)(f) as our lawful basis to do this.
We may do this to fulfil a contract (for example an order and/or associated work), or because we believe you have a legitimate interest in our products or services and we want to market them to you.
Our legitimate interest in using the information collected from you is to send you direct marketing information which we believe may be of interest to you and your business – this by email or post. We may also contact you by telephone so long as your number is not registered with the CTPS.
Also to make telephone contact, provide estimates and quotations, to modify or improve our services, determine the effectiveness of promotional campaigns and advertising, data analytics & enhancement.
We may also use your information to:
to carry out our obligations arising from any contracts entered into by you and us;
dealing with entries into a competition;
seek your views or comments on the services we provide;
notify you of changes to our services;
send you communications which you have requested and that may be of interest to you. These may include information about our goods and services;
process a job application.
We have to balance your own interests with our own legitimate interest in finding new customers or making sure we deliver the best products and services to existing customers by, for example, direct marketing. In you making initial contact you consent to us maintaining a marketing dialogue with you until you either opt out (which you can do at any stage) or we decide to desist in promoting our services. We will only collect the information needed so that we can provide you with our HVAC services, we do not sell or broker your data, although coincidentally there may be times when your information could be contained in data that we have purchased from Market Location.
Our legitimate interests and the basis for processing
Recital 47 of the GDPR identifies direct marketing as a legitimate use of personal information. Our Legitimate Interest Assessment Summary below has examples about what we mean by legitimate interests, and when we process your data for our legitimate interests. You have the right to object to this processing if you wish and if you wish to do so please email email@example.com
Legitimate Interest Assessment Summary:
- We have an interest in informing senior decision makers and facilities managers about the latest energy efficient heating, ventilation and air conditioning systems for the premises in which they work. This may include: product information, maintenance information, and the latest HVAC and news. Also sharing ideas with individuals about best practice approaches and success stories.
- The individuals concerned are likely to be people within the organisation who would expect to be contacted with such business communications.
- To ensure that the data processed is limited to that which is adequate and relevant we limit direct marketing data to the names of senior decision makers, their job titles, company addresses, company landline telephone numbers and corporate email addresses.
- When we receive a request from a data subject that their data is removed from the database it is suppressed order that it cannot be accessed or added again at a later date.
- We have an interest in promoting and marketing the HVAC services and products we offer; and to fulfil our own contractual obligations.
- We have an interest in making sure our marketing is relevant to individuals, so we may process a data subjects information to send them marketing that is tailored to their interests and industry.
- Data processing enables us to enhance, modify, personalise or otherwise improve our services & communications for the benefit of our customers and wider target audience.
- Data processing helps us to determine the effectiveness of our campaigns and advertising.
- It is reasonable to consider legitimate interest as grounds for the processing of personal data for business to business (b2b) direct marketing purposes, given the very limited amount of data collected and personal information being processed; the fact that it is being used solely for the purposes of marketing to the business for which the individual works and not the individual him/herself. The individuals concerned are likely to be people within the organisation who would expect to be contacted for business communications. In the context of b2b direct marketing our communications relate to business services rather than the personal life of the individuals receiving the communications. This interest could not be achieved without requiring disproportionate effort and without having to use the personal data.
- By offering organisations advice on the latest HVAC legislation, marketing the latest energy saving products, and maintaining heating, cooling and ventilation plant in optimal condition for energy efficiency and refrigerant safety, Clean Air Group provide a valuable business-to-business service that contributes to the success of businesses and the wider economy, and can help reduce energy wastage and harm or potential harm to the environment.
The retention periods for the personal data
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us. We’ll keep data for a maximum of 10 years after our most recent contact or interaction, with the exception of accounting transactions that we are required to retain for a minimum of 7 years.
Who has access to your information?
We will not sell or rent your information to third parties.
Third Party Service Providers working on our behalf: We may pass your information to our third party service providers and agents (e.g. our marketing agency), agents subcontractors (e.g. the email marketing platform used for direct mailings) and other associated organisations for the purposes of completing tasks and providing services to you on our behalf – for example to send you direct mailings by email or post. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
Data held by us prior to 25th May 2018
Unless already unsubscribed, we have had regular contact with you up until this date. Given you have not previously unsubscribed we will assume you have a legitimate interest in our products and services and are happy to continue to receive marketing communication. We will always give you the opportunity to opt out of any emails and change your preferences using the contact info below. All of the points and rights in this policy apply to you immediately.
What is Legitimate Interests, and how it is our lawful basis for the processing
It is necessary to have a lawful basis in order to process personal data in line with the ‘lawfulness, fairness and transparency’ principle. The legal basis for processing the data is the Legitimate Interest pursued by us as the data controller and/or processor. It is one of the six lawful bases for processing personal data under the GDPR (General Data Protection Regulation). Legitimate interests might be your own interests, or the interests of the third party receiving the data, or a combination of the two.
Legitimate interests may be the most appropriate basis when:
“the processing is not required by law but is of a clear benefit to you or others; there’s a limited privacy impact on the individual; the individual should reasonably expect you to use their data in that way; and you cannot, or do not want to, give the individual full upfront control (i.e. consent) or bother them with disruptive consent requests when they are unlikely to object to the processing.” (from latest guidance from the Information Commissioner)
The lawful basis to do so is set out in Article 6 of the GDPR, which includes: Article 6(1)(f) “(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests”; and – in relation to the commercial communications related with Clean Air products or services which are similar to the Services – Recital 47 of the Official Journal of the European Union: ” The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”. The purpose for processing the data including our legitimate interests are set out above in ‘How is your information used?’. At anytime you are entitled to object and ask us not to send you any commercial communications.
Privacy and Electronic Communications Regulations (PECR) allows electronic direct marketing communications to be sent to corporate subscribers (business email addresses of individuals working for incorporated entities) without prior consent, unless the recipient specifically requests not to receive emails from the sender (“opt-out”). Each direct marketing email includes an “unsubscribe” option to allow the individual to notify the sender that he/she no longer wishes to receive emails from the sender.
You can find out more about Legitimate interests on the Information Commissioner’s Office (ICO) website and atOfficial Journal of the European Union.
You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us please contact us by email at firstname.lastname@example.org or, if you receive an email marketing communication from us, you can click to unsubscribe on the email.
How you can access and update your information
You are entitled to ask us at any time, not to send you any commercial communications. You can change your marketing preferences at any time by contacting us by email at email@example.com
The accuracy of your information is important to us. We’re working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change your email address, or any of the other information we hold is inaccurate or out of date, please email us at:
You have the right to ask for a copy of the information we hold about you.
Please email us at: firstname.lastname@example.org
In the event that you wish to make a complaint about how your personal data is being processed you have the right to complain to the Managing Director of Clean Air Group. If you do not get a response or if you prefer you can complain to the ICO.
Clean Air Group, attention of Managing Director, 5 Newton Close, Drayton Fields, Daventry NN11 8RR. Tel: 01327 301383, email@example.com
ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF. Tel: 0303 123 1113
Security precautions in place to protect the loss, misuse or alteration of your infrmation
When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with the following software 128 Bit encryption on SSL. When you are on a secure page, a lock icon will appear in the address bar of most web browsers or on the bottom of web browsers such as Microsoft Internet Explorer.
Non-sensitive details (your example@cleanair. etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use your personal information to detect and reduce fraud and credit risk.
Use of ‘cookies’
It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies on your computer, visit our full cookies policy. Turning cookies of may result in a loss of functionality when using our website.
Analytics and Customization Cookies
These cookies collect information that is used either in aggregate form to help us understand how our websites are being used or how effective our marketing campaigns are, or to help us customize our websites and application for you in order to enhance your experience.
Google Analytics gathers information allowing us to understand interactions with our websites and ultimately refine that experience to better serve you.
Cookie file names:
Used to distinguish users.
Used to distinguish users.
Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_.
Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.
Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out.
Used to throttle request rate.
Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.
Used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics.
Used to determine a user’s inclusion in an experiment.
Used to determine the expiry of experiments a user has been included in.
WordPress provides the content management of the website and will store cookies based on whether you are logged in or not.
Cookie file names:
Links to other websites
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
16 or Under
We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.
Transferring your information outside of Europe
As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
Review of this Policy
We keep this Policy under regular review. This Policy was last updated in 20 June 2019.