INTRODUCTION
We at NIKO BATHROOMS Limited respect your right to privacy and comply with our obligations under the General Data Protection Regulation EU 2016/679 (“GDPR”) and the Data Protection Act 2018 (“DPA”) (together “Data Protection Law”). The purpose of this Privacy Statement is to outline what personal data we collect and process in our dealings with you as our customer or a representative of a third party businesses we deal with, how and why we process that personal data and what your rights are in respect of your personal data.
WHO WE ARE
NIKO BATHROOMS Limited (“NIKO BATHROOMS”, “we” or “us”) is incorporated in Ireland with limited liability having its registered office at 1c, Broomhill Business Complex, Broomhill Road, Tallaght, Dublin 24, with registered company number 88767. NIKO BATHROOMS is a subsidiary of J.L. Smallman Limited.
NIKO BATHROOMS has been distributing and supplying plumbing and heating products to builders, tradesman and the retailers since 1983. NIKO BATHROOMS also distributes and supplies bathroom fixtures and fittings under the “Niko Bathrooms” brand.
DATA CONTROLLER
NIKO BATHROOMS processes your personal data in the capacity of a “data controller”, in that NIKO BATHROOMS determines and decides how and why to collect and use your personal data. NIKO BATHROOMS is responsible and is committed to processing your personal data in a fair and transparent manner and in accordance with Data Protection Law.
If you have any questions or queries about how NIKO BATHROOMS gathers, stores, shares or uses your personal data or if you wish to exercise any of your personal data rights, please contact the NIKO BATHROOMS Data Protection Officer.
Name: Symmetry Solutions Ltd.
Email: [email protected]
THE PERSONAL DATA WE PROCESS
During our relationship with you as the client, NIKO BATHROOMS needs to keep and process information about you, including:
IDENTITY DATA, including your
- first name, surname, salutation, signature,
- photographic identification, vehicle registration and physical characteristics collected by our CCTV cameras;
CONTACT DATA, including your business or personal email address, business or home address, business or home telephone number;
FINANCIAL, including credit card number, and spending details;
LOCATION, where you are on our premises by way of CCTV;
HOW WE COLLECT YOUR PERSONAL DATA
We collect your personal data both directly from you and indirectly from third parties.
Directly from you. Examples include when you:
- Completed a purchase from us;
- Place an order from us;
- Are on our premises and within view of our CCTV system;
- Interact with NIKO BATHROOMS staff by contact form on our website;
- Interact directly with NIKO BATHROOMS staff on a day-to-day basis in person, by email and/or by telephone;
From third parties. Examples include collection from:
- Third party businesses we deal with. when you are representative from that third party
PURPOSES AND LEGAL BASIS FOR PROCESSING
We will only process your personal data where necessary and where there is a lawful basis to do so. In general, we process your personal data in accordance with the following legal bases:
(i) To enter into or perform a purchase agreement or a sales contract with you;
(ii) To comply with our legal obligations under taxation law, consumer protection
law and any other applicable law;
(iii) To pursue our legitimate business interests subject to those interests not being
overridden by your interests and rights;
Occasionally, we may rely on your explicit consent to process your personal data for a specific purpose which will be clearly communicated to you when such consent is sought. Where consent has been provided, it can withdrawn at any time by contacting us at the details provided in section 3 above.
The following table provides additional information on examples of why we process your personal data, the types of personal data involved and the legal basis for doing so.
| Purpose | Type of Personal Data | Legal basis – processing is necessary for: |
| Sales contract – To enter into an sales contract with you | Identity;
Contact; Financial; |
Enter into sales contract with you |
| Placing an order – To take steps to enter into an sales contract with you. | Identity;
Contact; |
Taking steps at your request prior to entering into a sales contract |
| Contact form – to answer your inquiry sent using contact form on our website | Identity;
Contact; Financial; |
Legitimate interests to run and manage our business |
| CCTV – to manage, monitor and protect our physical properties and assets; | Identity;
Location; |
Legitimate interests to protect our business assets |
| Legal Obligations – Compliance with our legal, statutory and regulatory obligations (e.g. Audits of our financial statements and reporting to the Companies Registration Office in compliance with company law; Complying with legally binding requests or orders from regulatory bodies, law enforcement agencies, the courts or otherwise.) | Identity;
Contact; Financial; |
Compliance with legal obligations |
| Legal claims – Establish, exercise or defend legal claims;
|
Identity;
Contact; Financial; |
Legitimate interests to protect our legal rights and interests; |
HOW LONG WE KEEP YOUR PERSONAL DATA FOR
As a principle, we do not hold your personal data for longer than is necessary. In general, contracts are retained for 6 years in accordance with The Statute of Limitations Act 1957.
There are also requirements under taxation law to hold certain records for a specific minimum amount of time. In general, these minimum periods are the same as the minimum periods for contracts and therefore they are typically kept for the 6 year period.
HOW WE KEEP YOUR PERSONAL DATA SAFE
NIKO BATHROOMS has a range of technical and organisational measures in place to protect information and keep your personal data secure across our IT systems and networks and physical storage locations.
In the event of certain types of personal data breaches, we are legally obliged to notify the Data Protection Commission and affected individuals to whom the personal data belong. We have implemented internal procedures to manage personal data security breaches in accordance with our legal obligations.
SHARING YOUR PERSONAL DATA WITH THIRD PARTIES
We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows:
(i) To third parties who are providing services to enable us to perform the terms and
conditions in our sales contract with you and others who are providing services to enable us to run our business and manage our relationship with you as per our own legitimate business interests. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data.;
(ii) To third parties in order to comply with legal, statutory or regulatory obligations;
(iii) To statutory, regulatory, government or law enforcement bodies as required by law;
TRANSFERS OUTSIDE OF THE EEA
We currently do not transfer your personal data outside the European Economic Area, including to a jurisdiction which is not recognised by the European Commission as providing for an equivalent level of protection for personal data as is provided for in the European Union. However, if this position changes, we will ensure that appropriate measures are in place to comply with our obligations under applicable law governing such transfers, which may include: (a) transferring to a country which has been subject to an “adequacy” decision from the European Union ), (b) entering into a contract governing the transfer which contains the “standard contractual clauses” approved for this purpose by the European Commission; or (c) the application of another lawful safeguard such as obtaining your explicit consent for the transfer.
YOUR RIGHTS
You have a number of rights in respect to your personal data. These are:
(i) The right to access your personal data, which includes receiving confirmation on whether the personal data are being processed and if so, receiving the personal data and related information about why they are being processed, the categories of personal data involved, to whom the personal data have been or will be shared and how long the data will be kept for.
(ii) The right to request that we rectify inaccurate data or update incomplete data.
(iii) The right to request that we erase your data under certain circumstances, including where you want to withdraw the consent you previously gave to us, where you object to NIKO BATHROOMS processing the data for its own legitimate interests or where NIKO BATHROOMS’s processing of the data is unlawful.
(iv) The right to object to the processing of your personal data, where such processing is being conducted for the purpose of:
- Establishing, exercising or defending ourselves or others from legal claims; or
- Our legitimate interests, unless we can demonstrate that our interests override your interests and rights. You may request that we restrict the processing of the personal data until this analysis of legitimate interests has been concluded.
(v) The right to receive your data in a portable format or, subject to it being technically feasible, have us transfer it directly to a third party. This applies where you have provided us with consent for the processing or where the processing is necessary for entering an employment contract with us.
(vi) The right, at any time, to withdraw consent you have provided to us to process your personal data.
(vii) The right to lodge a complaint to the Data Protection Commission or another supervisory authority.
If you wish to raise a complaint in relation to how we processed your personal data, please contact us. We take your privacy and data protection very seriously in NIKO BATHROOMS and we endeavour to address your complaint as expediently and as thoroughly as we can in order to find a satisfactory resolution for you.
You also have the right to escalate the matter to the Data Protection Commission or other supervisory authority. The Office of the Data Protection Commission can be contacted at:
| Email: | [email protected] |
| Telephone: | +353 (0)761 104 800 or Lo Call Number 1890 252 231 |
| Fax: | +353 57 868 4757 |
| Postal Address: | Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23, Co. Laois |
CHANGES TO THIS PRIVACY STATEMENT
We will update this Privacy Statement from time to time. Where appropriate, you will be notified of the changes by written notice or e-mail.