Privacy Notice

Asiatic Carpets Construction Limited ("Asiatic Carpets", "we", "us") are committed to protecting the privacy and security of those whose personal data we process. We acknowledge the need to protect personal data that is collected by or disclosed to us and to manage it in accordance with the Data Protection Act 2018 and UK General Data Protection Regulation 2021 (GDPR).

The purpose of this notice is to inform you how we collect and use (process) your personal data during and after your relationship with us, in accordance with applicable Data Protection Laws.

About Us

Asiatic Carpets is a leading rug supplier across the UK. We are what is referred to in law as the data controller of your personal data. As the data controller we have a number of legal obligations to ensure that we only use your data in a fair, transparent and secure manner.

If you have any questions regarding this privacy notice, our use of your data or wish to exercise any of your legal rights under data protection law, you can contact us either by writing to The Data Protection Lead, Asiatic Carpets Limited, OCC, 105 Eade Rd, London, N4 1TJ or by email dpo@asiatic.co.uk.

In most cases the personal data that we process will be provided by you. This may be in relation to an enquiry you have made, where you have placed an order with us, including on our eBay store, and when signing up to our newsletter. Correspondence between us in writing, by telephone and when attending meetings.

We may also receive personal data from third parties such as credit reference agencies and your legal representatives. If you visit our offices, we operate a CCTV system. We require all visitors to sign our site register. We may also ask you to provide information regarding your satisfaction of the service we have provided to you.

Please help us to keep your information up to date by informing us of any changes to your contact details.

We will only ever ask for the minimum personal data required to fulfil the task in hand. In most cases we would only process some or all of the following personal data:

• Your name and where relevant job title
• Contact information, for example telephone numbers, email address, postal address. These could be either work or private contact details
• CCTV images
• Telephone call recordings
• Bank account and payment details (financial records)
• Credit reports
• Your use of our website which may include your IP address
• Customer satisfaction correspondence
• Marketing preferences

We would only ask you for special category (sensitive) personal data if there was a specific need for this. For example, if we need to complete an accident report in the event of an incident when visiting our premises.

We will only use your personal data where the law allows us. This is likely to be limited to the following examples:

• When responding to your enquiry, for example taking steps to entering in to a contract with you
• To carry out our obligations arising from any contracts entered by you, your company and us
• For our own internal record keeping where there is either a legal requirement for us to do so or where it is in our legitimate interest
• To control access to, and/or provide security at our offices and construction sites
• To seek your views or comments on the services we provide
• To contact you with information about company updates, services, offers and other things we think might be relevant to you

We will only ever disclose your personal data to a third party unless we have your consent or are required to do so by law. We may pass your information to our third party service providers, agents, subcontractors, shipping agents, auditors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf.

When using third party service providers we only disclose the personal data that is necessary to deliver the service. We have a contract in place that requires them to keep your information secure and prohibits them from using your data for their own purposes. All contractors are subject to a duty of confidentiality.

We undertake regular IT security and data protection auditing to ensure our systems meet the expectations of the law and those of our clients. Those of our employees and contractors who have access to personal data are required to undertake data protection training.

We may transfer your personal information to third party data processors who are based in countries outside the European Economic Area (EEA). We use some US-based companies that provide services such as IT, communications and data analytics service such as MailChimp and Google Analytics. We only use US-based organisations that are self-certified as adhering to the EU-US Privacy Shield.

We will not transfer your information to any processors based in other countries outside the EEA unless there is a European Commission adequacy decision for the specific country to which the data is transferred, or where we can be certain that there are adequate safeguards provided for your information and individual rights standards that meet the GDPR requirements.

We will retain your personal data as long as is necessary to provide the services to which you have requested, or where we have another legitimate and lawful reason to do so. We may need to retain some information to comply with our legal obligations such as financial and accounting records. Unless there is an ongoing business relationship, we will only retain your personal data for 7 years after our last contact with you.

You have a number of rights under data protection law. In summary these include:

• Subject Access — you have the right to request details of the personal data which we hold about you and a copy of that data.
• Right to Withdraw Consent — where our use of your personal data is based upon your consent, you have the right to withdraw that consent at any time. You should be aware that withdrawing consent may result in us no longer being able to provide you with the service you originally requested.
• Data Portability — you may, in certain circumstances, request us to provide a copy of your data for transfer to another organisation.
• Rectification — if you believe that any data we have about you is incorrect or incomplete, please let us know and we will rectify or update any incorrect or inaccurate personal data about you.
• Erasure ('right to be forgotten') — you have the right to have your personal data erased in certain specified situations.
• Restriction of Processing — you have the right in certain specified situations to require us to stop processing your personal data and to only store such personal data.
• Object to Processing — you have the right to object to specific types of processing of your personal data, for example where we are processing your personal data for the purposes of direct marketing.
• Prevent Automated Decision-Taking — in certain circumstances, you have the right not to be subject to decisions being taken solely on the basis of automated processing.

To exercise any of these rights or if you have any questions about our Privacy Notice please contact our Data Protection Lead using the contact details provided at the top of this notice.

While we hope to be able to resolve any concerns you have about the way that we are processing your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been processed in a way that does not comply with the GDPR. You can do so by calling the ICO helpline on 0303 123 1113 or via their website ico.org.uk.

We keep our privacy notices under regular review. This notice was last updated on 12th January 2024.