VELFAC personal data policy


DOVISTA UK LIMITED Privacy Notice

 

This DOVISTA UK Privacy Notice (‘Privacy Notice’) is meant to help you understand why we collect personal data about you, the types of personal data we collect, how we collect it and for how long we keep it, with whom we share it, as well as your rights. We also explain how we keep your data secure. DOVISTA is the owner of distinctive window and door brands across Europe, including Rationel and Velfac. All companies in the DOVISTA Group respect and protect your privacy.

 

This Privacy Notice complies with the UK-General Data Protection Regulation (‘UK-GDPR’) and the Data Protection Act 2018.
The data controller who is responsible for your personal data is DOVISTA UK LIMITED, The Forum, Ground Floor Lancaster Way, Ermine Business Park, Huntingdon, Cambridgeshire, England, company reg. no. 02332292. Hereinafter ‘DOVISTA UK’.

 

Our parent company is DOVISTA A/S, registered in Denmark under registration no. 21147583 with its registered office at Bygholm Søpark 21D, 8700 Horsens, Denmark.

 

Why do we process personal data and the lawful bases for collection 
The main reason we collect, use, and store your data is to allow us to provide our services to you. “Service”, “our service” and similar descriptions mean conducting business with you/your organisation and assisting you with inquiries, sales processes, and claims.

 

We also process information about your use of the services for business development purposes, to inform you of our business operations, products, and services through marketing, and to improve our services through any feedback you give us. We may also process your personal data for contractual and recruitment purposes and to comply with legal obligations.

 

We process personal data based on different legal bases as listed below.

 

Performance of a contract, including a purchase – UK-GDPR article 6(1)(b):

  • When we process personal data in relation to a contract, our legal basis is ‘performance of a contract’, including a purchase.

 

Consent – UK-GDPR article 6(1)(a):

  • When we send out a newsletter about our products, we do this based on your consent. When the lawful basis for processing is consent, you have the right to withdraw your consent at any time.

 

Legal obligation – UK-GDPR Article 6(1)(c):

  • If we share your personal data with law enforcement agencies or other governmental bodies, we share this because we have a legal obligation to do so.

 

Legitimate interest - UK-GDPR Article 6(1)(f):

  • We have a legitimate business interest in processing your data, for example, when we assist you with enquires.

 

Special categories – UK-GDPR Article 9(2)(a) and UK-GDPR Article 9(2)(f):

  • When we process special categories of data, we do so to comply with regulatory requirements related to compliance matters.

 

The types of personal data we process related to our activities,  
The following are the main types of personal data collected by DOVISTA UK, along with the main purpose and legal basis for collecting the personal data:

 

Activity

Types of personal data we collect

(for illustration purposes)

Purpose(s)

Legal basis

 

 

General business operations

Name, contact details and other information necessary for conducting business with you or your organisation.

As part of general DOVISTA business operations, we collect personal data about individuals, customers, suppliers (including third-party service providers) and other stakeholders. We may also use your data for testing systems.

 

UK-GDPR – Article 6(1)(b)

 

UK-GDPR – Article 6(1)(f)

 

Assisting with enquiries

 

Name, email address, phone numbers, conversations, other contact details, photos, drawings of your project and/or other information about your project. 

 

 

You may choose to provide us with personal data, such as contact details when you contact us by phone, email, post, chatbot or by using our available digital platforms.

 

This personal data enables us to respond to requests for information on products, or to facilitate a survey and/or quotation for our products and services.

 

The information may be disclosed to DOVISTA A/S or other DOVISTA companies within the Group, relevant independent installers or distributors in order for us to assist customers with their enquiry or arrange for services or a quote. 

 

UK-GDPR – Article 6(1)a

 

UK-GDPR – Article 6(1)(b)

 

UK-GDPR – Article 6(1)(f)

 

 

Sales and order fulfilment

 

 

 

Name, contact details, payment and credit card details, credit information, and credit check etc.

We may collect personal data of customers and prospective customers in order to conduct business with you or your organisation.

 

We may disclose the information to distributors or independent installers and logistic partners to process a customer’s order, including arranging delivery of our products to the customer or assisting with enquiries such as arranging consultation between you and our product advisors.  We also share your information with third parties for credit check purposes.

 

UK-GDPR – Article 6(1)(b)

 

UK-GDPR – Article 6(1)(a)

 

UK-GDPR – Article 6(1)(f)

 

 

Product claims

Name, contact details, etc.

Facilitate service of our products under the guarantee or by chargeable service, i.e., we solve claims by call, email, and visits to building sites. In this connection, we may share your personal data with our partners to assist you with a service.

We may ask you to provide your feedback after the interaction.

 

UK-GDPR – Article 6(1)(c)

 

UK-GDPR – Article 6(1)(f)

Business development and DOVISTA apps

 

 

Personal data, which is collected at our digital platforms and in apps.

The personal data you provide to us, and personal data collected at our digital platforms will be used to enhance our consumer insights and drive relevant communication and offers across all touch points you may have with DOVISTA. Personal data will also be used for product and service development.

 

UK-GDPR - Article 6(1)(a)

 

Marketing

 

 

Contact information, browsing history, sales and subscription service information, such as name, address, email, phone number, purchase history, unique identifiers such as cookie IDs or device IDs, tracked browsing history based on these IDs, etc.

 

Please be aware that this list is not exhaustive as we may process any personal information collected in connection with your interactions with our parent company, DOVISTA A/S, our websites, mobile applications, products, and services.

Based on your consent or legitimate interest, when applicable, we process your personal data for the purpose of informing you of our business operations, products, and services.

For the above purposes, we create marketing, tailored to your preferences and profile, e.g.:

 

- To optimise and tailor the content and delivery of our marketing communications when you want to receive them, and

- To give you tailored marketing based on your preferences and profile, both when engaging with us on our own channels as well as via third party channels (e.g., social media, search sites, marketplaces).


If you do not wish to receive any further information, you can easily unsubscribe from our marketing communication anytime. You will find ways to unsubscribe in connection with subscribing to or receiving marketing communication from us. You can also contact us by email at privacy@dovista.com or send post to our company address at listed in the first section of this Privacy Notice.

 

UK-GDPR - Article 6(1)(a)

 

UK-GDPR – Article 6(1)(f)

 

 

 

 

Website visitors, customer surveys and market research

 

 

Personal data from digital platforms or customers as part of surveys.

To improve the products and services we offer, we may collect personal data from digital platform visitors or customers as part of surveys.

 

We will contact you with a survey and process personal data as part of surveys through either consent or legitimate interests.

 

Surveys processing personal data for marketing purposes will be used only with your consent.

 

UK-GDPR – Article 6(1)(a)

 

UK-GDPR – Article 6(1)(f)

Compliance including anti-corruption, Whistle Blower hotline and sanctions check

All types of personal information.

We may collect personal data to comply with the law, a court or authority’s decision and/or to disclose information to relevant public authorities as required or permitted by law.

 

 

UK-GDPR – Article 6(1)(c)

 

UK-GDPR – Article 6(1)(f)

 

UK-GDPR – Article 9(2)(a)

 

UK-GDPR – Article 9(2)(f)

 

 

How do we collect your personal data  

Directly from you

In most cases, personal data is collected directly from you or generated as part of the use of our services, products, and channels. We collect personal data you provide to us, when you request products, services, or information from us, register with us, use a chatbot or other activities on our digital platforms and apps, respond to customer surveys, or otherwise interact with us. We collect information through various technologies, e.g., cookies. For cookies, we refer to our Cookie Notice.

 

From our business partners

In some cases, we can collect your personal data from our business partners, when they need our assistance to provide you with the best possible service.

From your public website

In some cases, we collect your personal data on your company websites, when we want to offer you our services.

 

Links to other websites

This website contains links to other websites (such as Facebook, LinkedIn, YouTube, and Pinterest) to which this Privacy Notice does not apply. Please note that we do not endorse other websites and their content. We encourage you to read the privacy policies of each website you visit.

How long do we keep your personal data

We will only keep your personal information for as long as it is necessary for the purposes described in this Privacy Notice. This means that the retention periods will vary according to the type of the information and the reason that we have the information.

Examples of retention time:

  • Until you opt out of a marketing campaign, which you can do at any point in time.
  • For compliance with, e.g., anti-corruption regulations, we will keep the data according to laws which we are obliged to comply with.

 

Who do we share your personal data with

Our company is a part of the DOVISTA Group, which operates globally. We share your personal information within the DOVISTA Group, but only if it is necessary to fulfil the purpose for which we are processing your personal data. All entities in the DOVISTA Group have entered into an Intercompany Data Processing Agreement and/or joined agreement where everyone follows the same procedures when processing personal data, ensuring that the same level of security is maintained throughout the Group; dividing the roles and responsibilities between the DOVISTA companies. If two or more companies act as joint controllers, each of the joint controllers is obliged to independently:

  • Be the first contact for you.
  • Fulfil the information obligations referred to in Articles 13 and 14 of the UK-GDPR.
  • Exercise your rights provided in Articles 15-22 of the UK-GDPR.
  • Deal with privacy breach Notices and privacy complaints.

 

We may also share your personal data with selected third parties, including but not limited to:

  • Business partners, suppliers, and sub-contractors that we cooperate with to deliver you the best services during the support and sales process, including, for example, logistic providers and outsourced customer services.
  • Technology providers, for example, analytics, tracking technologies, targeting and re-targeting technologies, and search engine providers that assist us in the improvement and optimisation of our platforms, as well as companies who provide us with website support and hosting.
  • Advertisers and advertising networks that use data to select and serve relevant adverts to you and others if you have given your consent.
  • Social networking sites such as Facebook, Instagram, and Google, if required, when processing for marketing purposes and based on your consent.
  • With other parties to ensure the safety and security of our customers, to protect our rights and property, to comply with legal processes, or in other cases if we believe in good faith that disclosure is required by law.
  • DOVISTA Group companies or third parties who operate digital platforms and tools on behalf of our company to provide services connected with our activities (e.g., points collection programs, cashback campaigns, sweepstakes, and training).

When we cooperate with external service providers, we enter into a data processing agreement, if relevant. These service providers are prohibited from using your personal data for purposes other than those requested by us or required by law.

Restricted transfers

In some cases, we may also transfer personal data to companies in so-called ‘third countries’, which are countries outside of the UK. When doing so, we make sure to safeguard data, and only transfer if one of the following conditions apply:

  • there is an adequate level of protection in the country in question, as determined by a Secretary of State.

 

  • using standard data protection clauses (International Data Transfer Agreement (IDTA) and an International Data Transfer Addendum (Addendum)) approved by the UK parliament.

Data security
The security, integrity, and confidentiality of your personal data is important to us. We have implemented technical, administrative, and physical security measures that are designed to protect your personal data from unauthorised access, disclosure, use, and modification. From time to time, we review our security procedures to consider appropriate recent technologies and methods. Please be aware that despite our best efforts, no security measures are perfect or impenetrable.

 

Your privacy rights

The UK-GDPR provides you, as the data subject, with the following rights in respect of the personal data we store about you:

 

Your rights

Legal basis

Elaboration

Access to your data

UK-GDPR article 15

You have the right to request information about whether we process personal data relating to you, and if so, you have the right to request a copy of the personal data we have processed.

Request rectification

 

UK-GDPR article 16

At any time, you have the right to request correction of any incorrect or incomplete personal data we may process on you.

 

Request erasure

UK-GDPR article 17

You have the right to request deletion of your personal data depending on the processing activity, and under certain circumstances, before we would normally be obligated to cease processing.

Request restriction of processing

 

UK-GDPR article 18

You have the right to request the restriction of processing which means that you can request that we restricts the use of your personal data in certain circumstances.

Data portability

 

UK-GDPR article 20

Under certain conditions, you have the right to receive the personal data you provided to us in a machine-readable format.

 

Right to object

UK-GDPR – article 21

If you are not satisfied with how we process personal data, you can send your objections to privacy@dovista.com. If a complaint is made, the name and contact details of the complainant must be provided to us.

 

If you have any questions regarding the specific personal data we process or retain about you, or if you want to exercise your rights, please contact privacy@dovista.com.

 

We will respond to your request to exercise any of your rights within one month, but we have the right to extend this period by two months. If we extend the response period, we will inform you within one month of your request. If you consider that we have failed to resolve the complaint satisfactorily, you may file a complaint to the Information Commissioner’s Office online by clicking here.

 

Changes to this Privacy Notice

From time to time, we may change this Privacy Notice to accommodate the latest technologies, industry practices, regulatory requirements, or for other purposes. At all times, we will post the most recent version on our digital platforms. We advise you to read the Privacy Notice regularly.


This Privacy Notice was last updated in February 2024.

Tested and certified

Learn about our testing program
image
image
image
image
image
image
image
image

Follow us

More from VELFAC
Newsletters for professionals
Newsletters for homeowners

How to buy VELFAC

Homeowner buying process
Commercial buying process
Conditions of sales

About VELFAC

A model company
Sustainability
Job and career
Corporate
Privacy policy
Modern slavery statement
Whistleblower

Customer service

Contact customer service
See FAQ
Order spareparts
Report a warranty claim​
Find guides
See warranty

Technical information

Product database
BIM objects
DoP Documents
System drawings
Structural Drawings

Relevant for

Homeowners
Architects and Designers
Builders and Developers
VELFAC Distributors

Follow us

facebook
Twitter
LinkedIn
Pinterest
Instagram
More from VELFAC
Newsletters for professionals
Newsletters for homeowners
VELFAC is a trademark of DOVISTA UK Ltd. Reg. no. 2332292 The Forum, Ground Floor Lancaster Way, Ermine Business Park Huntingdon, Cambridgeshire PE29 6XU Tel. +44 01480 759 510 Contact VELFAC