Privacy Policy

We keep all the data that you give us when you open an account or purchase goods or services with us. This information is shown in your account and much of it can be changed by you at any time. These are things like your name, address, email, telephone number etc.

We do not store any credit card details once they have been processed. Not even the last 4 digits. We do NOT keep or even see your CVV security number. We will contact you for your details each time a payment is required to be processed for the purchase of goods and services.

When you place an order, we store the IP Address of your device and the type of device used to carry out the transaction. We do not store any other geo-location data.

We don't see and therefore do not store or use your credit/debit card details or security number (CVV) with orders placed online. When payment is made over the phone, the card details are processed straight into the card terminal.

All payments are directly handled by payment gateways. Gateways such as PayPal and World Pay are encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only if is necessary to complete your purchase trans-action. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

We do not keep the content of any websites browsed, and we do not keep records of the websites you visit or the times and dates you visited them.

We regularly delete stored voicemails, faxes and text messages.

The security of your personal data is a major concern for us. We have legal obligations to keep it safe and handle it with care and the penalties for not doing so are very high.

We store your personal data securely and it's backed up in two geographically separated locations so that it cannot be lost in the event of a catastrophic failure in our data centres or systems.

The GDPR says that we can use and share your personal data only where we have a proper reason for doing so.

The permitted Legal Bases for processing are set out in article 6 of the GDPR. At least one of these must apply whenever we process your personal data:

1. Consent: you have given clear consent for us to process your personal data for a specific purpose (for example, marketing).
2. Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
3. Legal Obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
4. Vital Interests: the processing is necessary to protect someone's life.
5. Public Task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
6. Legitimate Interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.

Prad Glass Ltd works with several trusted suppliers to provide the high-quality services you expect from us. In all cases our suppliers have been carefully vetted and only the minimum personal data is shared to fulfil your orders or provide the services you have requested.

1. Glass Suppliers: so that we can provide you with access to our products and services.
2. Hardware Suppliers and Delivery Companies: if you order glass or fittings for delivery, we may need to pass on personal data to couriers to arrange shipping to your requested address.
3. Payment Processors: to enable you to make online payments for our products and services.
4. Website Analytics: We use Google Analytics to supply statistics on the usage of our website.

We also have a legal obligation to share data in response to properly made requests from:

1. Law Enforcement Agencies: for the prevention and detection of a crime, for safeguarding national security or when the law requires us to, such as in response to a court order or other lawful demand or powers contained in legislation.
2. Regulatory Bodies: such as the Information Commissioner's Office and Ofcom.

We keep your data while you have an account with us, and sometimes for a longer period, depending on whether there are legal or regulatory reasons for doing so.

1. Contact details, account details and payment history must be retained for seven years.
2. We do not keep the content of phone calls.
3. The contents of fax and text messages are deleted after 30 days. Voicemail messages are automatically deleted after 12 months.

At Prad Glass your data is stored in our secure data centres which are in the United Kingdom and United States. Your information may be transferred to our data centres in the United States. It is not transferred to any other third country (defined under the GDPR as a country outside of the European Economic Area).

We want to keep you updated about our new products, services and any exclusive offers that may become available. We promise to never share your personal information with any third-party marketing company.

You can opt-in or opt-out of receiving these messages at any time, either from the marketing preferences page in your Control Panel or by using the 'unsubscribe' link contained in our marketing emails.

You have the following rights under the GDPR:

1. The Right to be Informed: Individuals have the right to be informed about the collection and use of their personal data. This privacy notice fulfils that requirement.
2. The Right of Access: All the information we have about you can be downloaded from your Control Panel. Your personal information is available when you log into your account.
3. The Right to Rectification: Most of your data can be modified and corrected via your Control Panel. If you find an error in your data that you cannot rectify yourself, please contact us via email or phone 020 3332 2003.
4. The Right to Erasure: In certain circumstances, you have the right to request that we delete personal data held on you. This does not apply if we have a legal reason for retaining it.
5. The Right to Restrict Processing: In certain circumstances, you have the right to ask us to 'restrict processing of data'. This means we would need to secure your data but not otherwise use it. In practice this would involve suspending your account and therefore your access to our services.
6. The Right to Data Portability: You have a right to obtain some of the personal data we hold on you in a 'structured machine-readable' format. This information is available via the customer’s Control Panel.
7. The Right to Object: You have the right to opt-out of any marketing communications that we may wish to send you. You can change your marketing preferences at any time from your Control Panel, or by using the 'unsubscribe' link contained in our marketing emails.
8. Rights Related to Automated Decision-making including ProfilingPrad Glass Ltd does not apply any automated decision-making or profiling to any of your personal data.

If you have any questions about how Prad Glass Ltd uses your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact our Customer Service team on 020 3332 2003.

You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at https://ico.org.uk

If you would like to access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information, contact our Privacy Compliance Officer at info@pradglass.com.

The GDPR makes a distinction between organisations that process personal data for their own purposes, known as 'Data Controllers', and organisations that process personal data on behalf of other organisations, known as 'Data Processors'.

Like everyone else we use cookies to make our services work. Wikipedia describes cookies as:

"a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing. Cookies were designed to be a reliable mechanism for websites to remember information (such as items added in the shopping cart in an online store) or to record the user's browsing activity (including clicking certain buttons, logging in, or recording which pages were visited in the past). They can also be used to remember arbitrary pieces of information that the user previously entered into form fields such as names, addresses, passwords, and credit card numbers."

We recognise that transparency is an ongoing commitment, so we will keep this privacy notice under regular review.

This privacy notice was last updated on 24th May 2018.