DesignBoard Composite Decking Privacy Policy

  1. Introduction

    Welcome to our Privacy Policy. We want to be transparent in how we use your data so here is more information about how it is used, who it will be shared with and how you can easily request the information we hold about you.

    Our commitment to data security and privacy means that we’ve been preparing for the introduction of the new EU law on data protection that comes into effect on 25 May 2018.

    The General Data Protection Regulation (GDPR) is being billed as the most comprehensive data privacy law yet, and it requires businesses across the EU and globally to review and rethink how they handle and protect personal data.

    By requesting a quotation, placing an order with DesignBoard, registering your details on our website or registering as a trade customer on the DesignBoard database you accept the terms contained in this Privacy Policy, which govern the processing of your personal data.

    We, DesignBoard Paving Limited, The Berkshire Garden Centre, Sutton Lane, Langley, SL3 8AH,UK ("DesignBoard") recommend that you keep a copy of this Privacy Policy.

  2. Data Protection

    Data protection is of a particularly high priority for the management of DesignBoard. The use of the website pages of DesignBoard is possible without any indication of personal data; however, if a data subject wants to use request services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

    The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to DesignBoard. By means of this data protection declaration, we would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

    As the data controller, DesignBoard has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by email or by telephone.

  3. Definitions

    The data protection declaration of DesignBoard is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.

    In this data protection declaration, we use, inter alia, the following terms:

    1. Personal data

      Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    2. Data subject

      Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

    3. Processing

      Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

    4. Restriction of processing

      Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

    5. Profiling

      Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

    6. Pseudonymisation

      Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

    7. Controller or controller responsible for the processing

      Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

    8. Processor

      Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

    9. Recipient

      Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

    10. Third party

      Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

    11. Consent

      Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

  4. Name and Address of the controller

    The Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

    The Berkshire Garden Centre
    Sutton Lane
    SL3 8AH

    Any data subject may, at any time, contact us directly with all questions and suggestions concerning data protection.

    Note that this privacy policy also applies for DesignBoard Stockists.

    Interaction with a DesignBoard Stockist may mean data is passed to DesignBoard and processed as per this Privacy policy


    DesignBoard stockists may also have their own privacy policies in place, we would recommend that you read and keep a copy of their privacy policy.

  5. Data controller

    1. The information for which DesignBoard is the data controller

      DesignBoard shall be data controller of the master data you enter in connection with your creation of a trade account or registration for marketing information, i.e. your name, your password and your email address, as well as registration of your IP address.

    2. The information for which you are the data controller

      You shall be data controller of the content you choose to disclose on the Website and for the data disclosed on your profile on Social Networks, which is the consequence of the connection of your profile on the Website with your profile on the Social Network.

  6. Data processor and transfer of personal data outside of the EU

    DesignBoard uses external companies for data storage, maintaining the technical operation of the Website and general ICT systems. These companies are the data processor with regards to the personal data for which DesignBoard is the data controller. By accepting this personal data policy, you accept that DesignBoard also allows the data for which you are the data controller be processed by the same data processor.

    The data processor shall solely act according to instructions from DesignBoard. By accepting these terms and conditions, you authorise DesignBoard to give such instructions to the data processor which are necessary for the processing of data in accordance with this personal data policy and for the purpose of use of the Website.

    The data processor has made necessary technical and organisational safety measures against the information being accidentally or illegally destroyed, lost or deteriorated, and against the information coming to the knowledge of unauthorised persons, is misused or in other ways is processed in violation with the act on processing of personal data. On your request - and against remuneration of the data processor's current hourly rates at any time for such work - the data processor shall supply you with sufficient information to demonstrate that the above-mentioned technical and organisational safety measures have been made.

    Some of these data processors and third party services are located outside of the European Union, such as in the US. You consent to us using data processors in unsecure third countries provided that there is a legal framework governing the transfer of your personal data, for example if the company is part of the EU-US Privacy Shield framework.

  7. When do we collect your personal data

    1. When you visit of our website, and use your account to buy products and services.
    2. When you make an online purchase and check out as a guest (in which case we just collect transaction-based data).
    3. When you create an account with us.
    4. When you purchase a product or service in store or by phone but don’t have (or don’t use) an account.
    5. When you engage with us on social media.
    6. When you download or install one of our apps. 
    7. When you apply to the Landscape Specialist Scheme.
    8. When you contact us by any means with queries, complaints etc.
    9. When you ask one of our staff to email you information about a product or service.
    10. When you enter prize draws or competitions.
    11. When you book any kind of appointment with us or book to attend an event, for example a tour of our factory.
    12. When you choose to complete any surveys we send you. 
    13. When you comment on or review our products and services.
    14. Any individual may access personal data related to them, including opinions. So if your comment or review includes information about the Staff who provided that service, it may be passed on to them if requested.
    15. When you fill in any forms. For example, if an accident happens in store, a staff member may collect your personal data.
    16. When you’ve given a third party permission to share with us the information they hold about you.
    17. When our Finance suppliers and partners – such as HSBC – share information with us about the product you have purchased.
    18. We collect data from publicly-available sources (such as Land Registry) when you have given your consent to share information or where the information is made public as a matter of law.
    19. When you use our showrooms and other premises which usually have CCTV systems operated for the security of both customers and staff. These systems may record your image during your visit.
    20. When you call us or when you receive a call from us the content of the phone call is recorded. Recordings are paused whilst card details are given.
  8. What sort of personal data do we collect

    1. If you have a web account with us: your name, billing/delivery address, orders and receipts, email and telephone number. For your security, we’ll also keep an encrypted record of your login password.
    2. Details of your interactions with us through contact centres, in store or online.

      · For example, we collect notes from our conversations with you, details of any complaints or comments you make, details of purchases you made, items viewed or added to your basket, gift list and wish list choices, products you show interest in, web pages you visit and how and when you contact us.

    3. Details of your visits to our website, and which site you came from to ours.
    4. Information gathered by the use of cookies in your web browser (see section 10).
    5. We’ll only ask for and use your personal data collected for recommending items of interest and to tailor your shopping experience with us. Of course, it’s always your choice whether you share such details with us.
    6. Your comments and product reviews. 
    7. Your image may be recorded on CCTV when you visit a showroom or other premises of DesignBoard.
    8. Your voice will be recorded when you call us or when you receive a call from us. Recordings are paused whilst card details are given.
    9. To deliver the best possible web experience, we collect technical information about your internet connection and browser as well as the country and telephone code where your computer is located, the web pages viewed during your visit, the advertisements you clicked on, and any search terms you entered.
    10. Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
  9. How and why we use your personal data

    1. To process any orders that you make by using our websites, on the phone or in store. If we don’t collect your personal data during checkout, we won’t be able to process your order and comply with our legal obligations.
      1. For example, your details may need to be passed to a third party to supply or deliver the product or service that you ordered, and we may keep your details for a reasonable period afterwards in order to fulfil any contractual obligations such as refunds, guarantees and so on.
    2. To respond to your queries, refund requests and complaints. Handling the information you sent enables us to respond. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience. 
    3. To protect our business and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account. We’ll also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our website. We’ll do all of this as part of our legitimate interest. 
      1. For example, by checking your password when you login and using automated monitoring of IP addresses to identify possible fraudulent log-ins from unexpected locations.
    4. To protect our customers, premises, assets and staff from crime, we operate CCTV systems in our showrooms and other premises which record images for security. We do this on the basis of our legitimate business interests.
    5. To train our staff, provide quality assurance and for dispute resolution we record phone calls to and from us. Recordings are paused whilst card details are given.
    6. To process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate business interests. This also helps to protect our customers from fraud.
    7. If we discover any criminal activity or alleged criminal activity through our use of CCTV, fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts. We aim is to protect the individuals we interact with from criminal activities.
    8. With your consent, we may use your personal data, preferences and details of your transactions to keep you informed by email, web, text, and telephone about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on.
      1. Of course, you are free to opt out of hearing from us by any of these channels at any time (See section 13).
    9. To send you relevant, personalised communications by email in relation to updates, offers, services and products. We’ll do this on the basis of our legitimate business interest.
      1. You are free to opt out of hearing from us by email at any time (See section 13).
    10. To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Notice, product recall notices, and legally required information relating to your orders. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.
    11. To display the most interesting content to you on our website, we’ll use data we hold about your favourite products and so on. We do so on the basis of your consent for our website to place cookies or similar technology on your device.
      1. For example, we might display a list of items you’ve recently looked at, or offer you recommendations based on your purchase history and any other data you’ve shared with us.
    12. To administer any of our prize draws or competitions which you enter, based on your consent given at the time of entering.
    13. To develop, test and improve the systems, services and products we provide to you. We’ll do this on the basis of our legitimate business interests.
      1. For example, we’ll record your browser’s Session ID to help us unde