Privacy Notice & GDPR Policy

At Marshall Specialist Joinery we take your privacy seriously and have aligned our data management, processing and storage with the requirements of the new GDPR regulations that come into force on 25th May 2018. We will only use your personal or company information in relation to providing the service you have requested from us or we have requested from you and within the limitations of the legislation as detailed below.

Who are we

Marshall Specialist Joinery Ltd is a company registered in England (Company Number 1882536) (referred to either as

Marshall Specialist Joinery or we, our and us throughout this policy) with a registered office at: The Old Railway Station, Sampford Courtenay, Okehampton, Devon EX20 2SN. We provide a range of specialist joinery services for our clients including the manufacture of windows, external doors, internal doors and related joinery (the Services).

Marshall Specialist Joinery Limited is what is known as a ‘data controller’ as it is responsible for handling and processing client personal data when you use our Services. We are committed to protecting and respecting your privacy and complying with the applicable Data Protection Laws (meaning the Data Protection Act 1998 and, unless and until the GDPR is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679) (GDPR) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then any successor legislation to the GDPR or the Data Protection Act 1998).

Keeping up to date with this Privacy Policy

This statement sets out our privacy policy and explains what we do with the personal information that we collect from our users, including any data you may provide us when requesting a Service from us. Please read the following to understand our views and practices regarding personal information as well as your rights in relation to that information.

This statement was last updated on 24th May 2018. The Data Protection Laws applicable in the UK are going to change soon and so there may be further changes to this statement or some aspects of it which will only apply after May 2018. We reserve the right to modify or amend this privacy policy at any time and for any reason. Details of any changes will be posted at the top of the privacy policy web page.

It is also important that any data we hold about you is kept accurate and up to date so please keep us informed of any changes to your personal data whilst using our Services.

How to get in touch with us

We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy policy. If you have any questions or concerns about this privacy policy, including any requests to exercise your legal rights, you should contact our data privacy manager at:

Name of Contact: Rob Furness
Email Address: rob@marshallspecialistjoinery.co.uk
Postal Address: The Old Railway Station, Sampford Courtenay, Okehampton, Devon EX20 2SN

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

What information do we collect about you?

Personal data for the purposes of the UK’s data protection laws means information about an individual (rather than the name of a company or a partnership for example) from which that person can be identified.

The personal data we collect about you will fall into one of the following categories:

Identity information – information used to ensure we can identify the user of our Services which includes your full name, a username or other identifier;

Contact information – the details we need for getting in touch with you when providing our Services to you including your email address, telephone numbers and any billing or delivery address;

Financial and Payment details – whilst we do not collect or store any bank account or payment card details (as these are all processed by third party service providers), we do retain information about whether you have paid for our Services and details of the Services you’ve received so we can correctly manage your payments to us;

Profile and Usage data – the information about how you use our Services, your preferences in relation to the Services and technology used as well as any feedback we receive from you about our Services; and

Marketing and Communications details – information about how you prefer to communicate with us when we are performing our Services for you and also how you might wish to hear from us about our Services.

Our Services are not intended for children and we do not knowingly collect data relating to children.

We do not collect what is known as ‘Special Categories of Personal Data’ about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).

Nor do we collect any information about criminal convictions and offences.

What information do we collect that is not about you but is Client Data?

Our Services involve you providing us with site or item related data (we call this the Client Data) which often has been previously hosted on a third party cloud storage system and for which you are requesting one of our Services (this data will be used to inform data we create about your project including drawings for manufacture approval).

The majority of Client Data that you will provide to us will not be ‘personal data’ as such term is defined in Data Protection Laws.

Because there is a possibility that some of the Client Data may include small items of personal data you acknowledge and agree that in respect of such Client Data you act either as a data controller or as a data processor in regard to the data of your clients and that, as a result, we act as a data processor and/or as a sub-data processor in relation to any such Client Data which is also personal data.  All terms used in this provision have the meanings given to them in the Data Protection Laws.

How and when do we collect personal information?

If you are a customer of Marshall Specialist Joinery, we collect the personal information that you provide to us when you make an enquiry. If you use a form on our Websites, phone or email to contact us we will store included personal information.

When you interact with our Websites we will use certain technologies to automatically collect the Profile and usage data.  We collect some of this information by what you tell us, but some of it is collected using cookies or similar technology.  Our use of cookies is explained below.

You may also opt-in to receiving emails with the latest news and special offers from us in which case we will store provided personal information.  Any marketing you receive from us will not relate to communications from or services of any third party, but will only relate to other of our Services and offers or updates relating to them.  You can manage your preferences for what marketing emails you receive from us at any time by using the link in our marketing emails titled “Manage your email preferences”.

As explained above, for the purposes of providing our Services we may also receive Client Data which could include some personal data about third parties.  This client Data will either be provided to us by you or by the third party provider that you have identified as storing your project data.

We do not collect personal information in any other way.

How is the information about you used?

We will only use your personal information for purposes you would reasonably expect. Primarily to provide our Services to you, but also to facilitate our business processes such as accounting, marketing, record-keeping and to generally manage your relationship with us.  What this means is that your personal information will only ever be used by us in the following circumstances:

– to perform our contract for the Services that you have requested and purchased from us;

– to comply with a legal or regulatory compliance obligation; or

– because it is necessary for our legitimate interests and we have assessed that your interests and fundamental rights do not override our legitimate interests.

We do not rely on consent as a legal basis for our processing of your personal information.

Below we have explained the different purposes for which we will use the different types of personal data we may have about you and the specific lawful condition for our processing:

Type of information Purpose for which we use it Lawful condition for processing
Identity information; and

Contact information

To respond to your enquiry as a new or existing customer Perform our contract for the Service; and

Because it is necessary for our legitimate interests (where you are not an individual but a company, partnership or LLP with whom we have a contract)

Identity information;

Contact information;

Financial and payment details; and

Marketing and Communications details

To provide the Services requested; and

Manage your account and payments due

Perform our contract for the Service; and

Because it is necessary for our legitimate interests (to recover debts due to us)

Identity information;

Contact information;

Profile and Usage Data; and

Marketing and Communications details

To administer and protect our business, our Services and websites (which will include troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) Because it is necessary for our legitimate interests (to provide our services, improve and keep our Websites updated, prevent fraud and ensure network security); and

To comply with legal or regulatory compliance obligations

Identity information;

Contact information;

Financial and payment details;

Profile and Usage Data; and

Marketing and Communications details

To send you recommendations about our other Services and which we believe may be of interest to you Because it is necessary for our legitimate interests (to develop our Services and grow the business
Identity information;

Contact information;

Financial and payment details; and

Marketing and Communications details

Archived records following the retention periods described below will be marked inactive and hidden from our active client relationship management system with restricted access controls added Because it is necessary for our legitimate interests (to meet out auditing requirements and for compliance purposes, maintenance of integrity of databases and service logs); and

To comply with legal or regulatory compliance obligations (including retention of transactional details for tax purposes)

Will my personal information be provided to third parties?

We may share your personal information with third parties but only in the strictly limited circumstances set out below.

– In certain circumstances alongside client data we may share your personal information with affiliated companies and service providers who perform functions on our behalf. These third parties must at all times provide the same levels of security for your personal information as us and are bound by a legal agreement to keep your personal information private and secure. We do not allow these third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

– We may also supply your personal information to government bodies and law enforcement agencies but only: if we are required to do so by the requirements of any applicable law; if in our good faith judgment, such action is reasonably necessary to comply with legal process; to respond to any legal claims or actions; or to protect the rights of Marshall Specialist Joinery, our customers and the public.

– In specific circumstances we may need to share your personal information with professional advisers acting on our behalf or providing services to us including lawyers, bankers, auditors and insurers based in the United Kingdom and who provide consultancy, banking, legal, insurance and accounting services.

– We may also need to share your personal information with HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.

How long will my personal information be retained?

We will only process personal information relating to customers, individuals who have contacted us and people who choose to opt-in to us sending them emails with the latest news and special offers in the ways set out in this statement.

Following a period of 24 months from the date of the last customer request for Services or the last non-customer contact we will stop processing personal information and such individual’s information will be archived.  Although archived and hidden by our systems from active engagement with this information, we will retain the information which relates to our provision of the Services as an inactive record, rather than deleting for the purposes of our auditing and legal compliance requirements.

We will process the information of people who opt-in to emails with the latest news and special offers until such time as they unsubscribe.

Will I be sent information that I did not ask for? 

To keep you informed about the latest news and special offers but only relating to our own Services we may contact you by e-mail. If you do not wish to receive these emails you can unsubscribe using the link included with each marketing email.

Any marketing you receive from us will not relate to communications from or services of any third party, but will only relate to other of our Services or updates relating to them.  You can manage your preferences for what marketing emails you receive from us at any time by using the link in our marketing emails titled “Manage your email preferences”.

Use of Cookies

A cookie is a small text file that is sent to and stored on your computer. We only use cookies served by our website hosting service and Google and these are only used by us because they are essential to make our Websites work properly for you and allow us to analyse how our website is used.

What security will exist? 

We are committed to protecting the privacy of your personal data. We use appropriate standards of technology and operational security to protect personal information including a Secure Server (based in the EU) and network firewall connection. Operationally, access to personal information is restricted to authorised personnel who are under a duty to maintain the confidentiality and security of such information.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Transmission of data overseas

We shall not knowingly transfer your personal information outside the EEA.

What are my legal rights in relation to my personal information?

In specific circumstances (usually dependent on the lawful condition for processing that we have relied upon to deal with your personal information) you have legal rights under Data Protection Laws.

You have the right to:

– Request access to your personal data (this is usually known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.  You will not have to pay a fee to access your information in this way, but if your request is clearly unfounded, repetitive or excessive we may charge a reasonable fee or refuse to comply with your request. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response;

– Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us;

– Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which we will tell you about, if applicable, at the time of your request;

– Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;

– Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;

– If we were ever to rely on consent for processing your personal information then you can withdraw that consent at any time. However, we do not currently rely on consent for any of our processing of your data.  If ever applicable to you, this right will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of your legal rights at any time get in touch with us using the details provided above in the how to get in touch with us section.

Marshall Specialist Joinery Ltd

Registered Office: The Old Railway Station, Sampford Courtenay, Okehampton, Devon EX20 2SN

Registered in England No.1882536