INTRODUCTION AND DEFINITIONS
Room Zero Solution Limited (“Room Zero”, “we”, “our” or “us”) are committed to protecting and respecting your privacy. This notice (along with any contract you have with us) tells you how we process your personal data.
If you have questions about correcting or deleting your personal data please refer to sections 6 and 11 below.
References in this notice to “data protection law” mean (as applicable) the General Data Protection Regulation (Regulation (EU) 2016/679) and all related data protection legislation having effect in the United Kingdom from time to time.
- Our details
- This section gives you the legal name of the company who holds your personal information – known as the ‘legal entity’ – and tells you how you can get in touch with us.
- Room Zero Solutions Limited is a company incorporated in England and Wales under registered number 11584116, whose registered office is at Ground Floor, Marlborough House, 298 Regents Park Road, London, England, N3 2SZ.
- The data protection officer for the group is Richard Warrington, Director, Room Zero Solutions Limited, Ground Floor, Marlborough House, 298 Regents Park Road, London, England, N3 2SZ.
- Which information do we process and for what purpose?
- We collect information from customers, prospective customers, consultants and suppliers. If you are one of these, or you work for one of these, then we may collect some personal information about you.
- We usually collect your contact details from you (name, email address, work address and telephone number) when we first make contact with you to discuss entering into an agreement to provide you (or your employer) with our goods and services, or to purchase goods or services from you. We may collect this information by telephone, email or post. If you are prospective customer, we may occasionally collect information about you from social media or other publicly available source of information.
- We will also store emails or other correspondence you send us or that we send you, and notes of telephone conversations that we have with you. We also receive bank details from customers, which may include personal information about you if you are a sole trader.
- We will also collect information concerning your marketing preferences.
- If you are a client of one of our customers, then your personal details may be provided to us in a database created using our software, for support or troubleshooting purposes. We do not access that data and when we receive databases from our customers for troubleshooting or support, we promptly scrub them to clear them of any personally identifying information about individuals listed in the database.
- If you visit our premises, we may collect information about you from CCTV footage recorded at and around our premises.
- We process information you give to us for the following purposes:
- to carry out our obligations arising from any contracts entered into between you (or the business you work for) and us, including providing service and support;
- to invoice you and to manage your (or your employer’s) account with us;
- to manage and administer any other arrangements between you and us;
- to notify you about changes to our services and to otherwise communicate with you; for example, we will use your contact details in order to respond to any queries that you submit to us;
- to address any claims made against us; for example, we may share details of our accident logs and CCTV footage with our claims handlers and insurers in connection with any claim made or likely to be made against us.
- if you are a supplier, to place orders with you (or the business you work for) and to manage our relationship with you as a supplier of goods or services; and
- to keep financial records relating to our business and to comply with our legal obligations.
- What are the grounds for processing your information?
- Under data protection law we are only allowed to process your personal data if we have a legal ground to do so, and we must tell you what those legal grounds are. We are processing your data on the following grounds:
- You have consented to the processing for the purposes stated in section 2 above. This might apply, for example, where you have asked to be added to our mailing list.
- The processing is necessary for the performance of the contract between you and us. This includes where you have instructed us to take some pre-contractual steps (such as sending you information about our products) prior to us formalising the contract.
- We have a legitimate interest in performing the processing and, in accordance with our obligations under data protection law, we have carefully weighed up your interests and fundamental rights and freedoms against our interest to process your information and we are satisfied that we are justified in processing your information for this purpose. We rely on this ground where, for example:
- we have a contract with the business you work for and we have an interest in communicating with you to arrange and/or administer the performance of that contract, keep records of transactions under it, and to enforce our rights or defend claims under it; and
- we contact prospective business customers about our products or promoting our business; and
- we process personal data to keep our premises safe and secure.
- The processing is necessary for us to comply with our legal obligations, including in relation to keeping tax and accounting records.
- Duration and further processing
- We only keep your information for so long as it is reasonably necessary. When setting our data retention periods, we consider the amount, nature, and sensitivity of the information we hold, the potential risk of harm from unauthorised use or disclosure of the information and the purposes for which we process the information (including whether we can achieve those purposes by other means). We also take into account our other legal obligations to keep or securely dispose of personal information.
- Generally speaking, we retain your information for the following periods of time:
- If you are a supplier or client (or you work for one of our suppliers or clients) for the duration of our contract with you (or the person you work for) and for a period of seven years after the end of the contract.
- If you are on our marketing database, until you indicate that you no longer wish to hear from us, although if you have not engaged with us for a long time, we may delete you contact details sooner;
- If we need to keep your information for a longer period, then we will notify you of the reason and grounds for doing so.
- Who is your information shared with?
- In order to achieve the purposes set out in section 2 above, we may share your data with the following people or group of people:
- We may share personal data with other members of the group of companies of which we form part.
- We may share personal data with consultants that we work with to help us provide our services.
- Our outsourced IT providers may have access to your personal data on our IT systems if such access is required to enable them to resolve problems with our systems. We control what our IT providers can access and they are subject to strict obligations of confidentiality.
- We may provide personal data to our legal advisers or other professional advisers, if necessary to defend claims, protect our rights, or receive advice on compliance with the law. Such transfers will be protected by confidentiality obligations owed by our advisers.
- If the situation should ever arise that we sell our business, we may share personal data with potential purchasers of our business, subject to those persons entering into strict confidentiality obligations with us and only to the extent permissible under data protection law.
- Other than as set out in the next paragraph, to the best of our knowledge, understanding and belief, your information will not be transferred outside of the United Kingdom, the European Economic Area or to any country which is not approved by the European Commission. If this changes then we will let you know.
- Your rights
- Under data protection law you have the following rights:
- if we are processing your data on the basis of your consent then you have the right to withdraw that consent at any time. Consent can be withdrawn by notifying us using the details set out in section 11 The lawfulness of our historic processing based on your consent will not be retrospectively affected by your withdrawal of consent;
- the right to access a copy of your information which we hold. This is called a ‘subject access request’. Additional details on how to exercise this right are set out in section 7, below;
- the right to prevent us processing your information for direct marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us using the details set out in section 11, below;
- the right to object to decisions being made about you by automated means. We will inform you if your information is subject to automated processing; We do not make automated decisions about you based on your information.
- the right to object to us processing your personal information in certain other situations;
- the right, in certain circumstances, to have your information rectified, blocked, erased or destroyed if it is inaccurate; and
- the right, in certain circumstances, to claim compensation for damages caused by us breaching data protection law.
- in certain circumstances, the right to request the information we hold on you in a machine-readable format so that you can transfer it to other services.
- You also have the general right to complain to us (in the first instance) and to the Information Commissioner’s Office (if you are not satisfied by our response) if you have any concerns about how we hold and process your information. Our contact details are set out in section 11, below. The Information Commissioner’s Office website is ico.org.uk.
- For further information on your rights under data protection law and how to exercise them, you can contact Citizens Advice Bureau (citizensadvice.org.uk) or the Information Commissioner’s Office (www.ico.org.uk).
- ACCESS TO INFORMATION
- Under data protection law you can exercise your right of access by making a written request to receive copies of some of the information we hold on you. You must send us proof of your identity, or proof of authority if making the request on behalf of someone else, before we can supply the information to you. Requests should be sent to us using the contact details in section 11 below.
- You will not have to pay a fee unless you are requesting copies of documents you already possess; in which case we may charge our reasonable administrative costs. We will also be allowed to charge you for our reasonable administrative costs in collating and providing you with details of the requested information which we hold about you if your request is clearly unfounded or excessive. In very limited circumstances, we are also entitled to refuse to comply with your request if it is particularly onerous.
- COOKIES AND SITE ACCESS STATISTICS
- Data security
We will always store your digital information on secure servers. Unfortunately, however, the transmission of information via the internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your information transmitted to our site or otherwise to our servers (such as by email). Any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
- Changes to our privacy notice
This notice was last updated in February 2021. Any material changes we may make to our privacy notice in the future will be uploaded to our website and if the change is significant, we will send you the updated notice by email. Please check back frequently to see any updates or changes to our privacy notice.
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed by email to Richard Warrington at: firstname.lastname@example.org