Privacy Policy

(Revised 9th November 2022)

Dyfed Steels Limited understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our customers, suppliers and employees and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.

Information About Us

Dyfed Steels Limited a limited company registered in England & Wales under company number 1287461

Registered address: Tube Works, Maescanner Road, Dafen, Llanelli, Carmarthenshire, SA14 8NS

VAT number: 124 88 61 56

Data Protection Officer: Daniel Thomas

Email address: danielt@dyfedsteel.co.uk

Telephone number: 01554 757241

Postal Address: Dyfed Steels Limited, Tube Works, Maescanner Road, Dafen, Llanelli, Carmarthenshire, SA14 8NS

We are regulated by Steel Construction Certification Scheme Ltd under ISO 9001:2015

What Does This Notice Cover?

This Privacy Information explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.

What is Personal Data?

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

The personal data that we use is set out in Part 5, below.

What Are My Rights?

Under the GDPR, you have the following rights, which we will always work to uphold:

  • The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in Part 11.
  • The right to access the personal data we hold about you. Part 10 will tell you how to do this.
  • The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 11 to find out more.
  • The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please contact us using the details in Part 11 to find out more.
  • The right to restrict (i.e. prevent) the processing of your personal data.
  • The right to object to us using your personal data for a particular purpose or purposes.
  • The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us me for a copy of that personal data to re-use with another service or business in many cases.
  • Rights relating to automated decision-making and profiling. We do not use your personal data in this way.

For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 11.

Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

What Personal Data Do You Collect?

We may collect some or all of the following personal data in electronic or physical form (this may vary according to your relationship with us):

  • Name, gender, age and date of birth;
  • Contact information, such as address, email, and mobile phone number;
  • Country of residence and geographical location;
  • Lifestyle and social circumstances (for example, your hobbies);
  • Family circumstances (for example, your marital status and dependents);
  • Employment and education details (for example, the organisation you work for, your job title and your education details);
  • Business name;
  • Profession;
  • Job title;
  • Postings or messages on any blogs, forums, platforms, wikis or social media applications and services that we provide (including with third parties);
  • Information in any complaints you make;
  • Details of how you use our products and services;
  • CCTV footage and other information we collect when you access our premises;
  • Details of how you like to interact with us and other similar information;
  • Payment information;
  • Transaction data and purchase activity;
  • General information that is already publicly available, electoral role, online customer databases, credit reference agencies, media publication, social media, websites and other accessible sources.

The personal data we collect may also include so called ‘sensitive’ or ‘special categories’ of personal data, such as details about your:

  • Dietary requirements (for example, when Dyfed Steels Limited would like to provide you with lunch during a meeting);
  • Health (for example, so that we can make it easy for you to access our buildings, products and services); and
  • Sexual orientation (for example, if you provide us with details of your spouse or partner).

How Do You Use My Personal Data?

Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data may be used for one of the following purposes:

  • Providing and managing your account.
  • Supplying our products or services to you. Your personal details are required in order for us to enter into a contract with you.
  • Personalising and tailoring our products and services for you.
  • Communicating with you. This may include responding to emails or calls from you.
  • Contacting you for feedback on services.
  • Sending you event invitations.
  • Administering, running and improving our website and business, including personalising our website experience for you. This is necessary for our legitimate interest of better understanding our other customers’ and potential customers’ preferences and tailoring our website, products and services to their needs and preferences.
  • Communicating directly with you in relation to updates to the website, your purchase(s) of our products or services, and in response to enquiries we receive from you. This will be necessary either to update you from time to time about changes to our website, to perform a contract which we have entered into with you (or to take steps, at your request, to enter into a contract with you) or for our legitimate interest of satisfying and confirming your requirements in order to provide you with our products or services and to answer questions we receive from you.
  • Protecting our business and our business interests, including for the purposes of credit and background checks, fraud prevention and debt recovery. This is necessary for our legitimate interests of preventing criminal activity such as fraud or money laundering, for ensuring that our website and services are not misused and protecting our business. We will only carry out such checks to the extent that we are permitted or authorised by law to do so.
  • Communicating with our business advisors and legal representatives. This is necessary for our legitimate interests of obtaining legal or professional business advice, and we will only share your personal information where it is necessary to do so, to the minimum extent necessary and on an anonymised basis wherever possible.
  • Sharing your personal information with third parties which are either related to or associated with us (including to third parties within our corporate group from time to time) such as our business partners, affiliates, associates, suppliers, independent contractors, email provider and IT service providers. This will be necessary either to perform a contract which we have entered into with you (or to take steps, at your request, to enter into a contract with you), for our legitimate interest of running and managing our business effectively, for compliance with a legal obligation to which we are subject, or for our own direct marketing purposes. Where we share your personal information, we will do so strictly on a need-to-know basis, subject to appropriate confidentiality restrictions, on an anonymised basis as far as possible and only to the extent strictly necessary for any of these purposes.
  • Enforcing our legal rights. This is necessary for our legitimate interest of protecting our business and enforcing our contractual and other legal rights.
  • Ensuring physical, network and information security and integrity. This is necessary for our legitimate interest of ensuring that our IT systems and networks are secure and uncompromised, including, for example, preventing malware, viruses, bugs or other harmful code, preventing unauthorised access to our systems, and any form of attack on, or damage to, our IT systems and networks.
  • In connection with disclosure requests and in the case of a business or share sale or sale or purchase of a business and/or assets, whether actual or potential. This is necessary for our legitimate interests of selling and/or ensuring and promoting the success of our business.
  • Indicating possible criminal acts or threats to public security to a competent authority. This is necessary for our legitimate interest of promoting the success of our business, preventing crime, for compliance with a legal obligation to which we are subject, in the general public interest or for the legitimate interests of governmental bodies and competent authorities that prevent crime.
  • In connection with any legal or potential legal dispute or proceedings. This is necessary for our legitimate interest of promoting and ensuring the success of our business, resolving disputes and making such disclosures as are required by law or which we consider, acting reasonably, are required by law.
  • Supplying you with information by email and post that you have opted-in to (you may unsubscribe or opt-out at any time emailing optout@dyfedsteel.co.uk) or telephoning the data officer listed in 11 below on 01554 757 241.
  • With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email and telephone and post with information, news, and offers on our products/services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.

How Long Will You Keep My Personal Data?

We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):

  • The purpose(s) for which we are processing your personal information, such as whether it is necessary to continue to store that information in order to continue to perform our obligations under a contract with you or for our legitimate interests;
  • Whether we have any legal obligation to continue to process your information, such as any record-keeping obligations imposed by applicable law; and
  • Whether we have any legal basis to continue to process your personal information, such as your consent.

How and Where Do You Store or Transfer My Personal Data?

We will only store or transfer your personal data in the UK. This means that it will be fully protected under the GDPR.

We take appropriate technical and organisational measures to secure your personal information and to protect it against unauthorised or unlawful use or processing as well as against the accidental loss or destruction of, or damage to, your personal information, including:

  • Only sharing and providing access to your personal information to the minimum extent necessary, subject to confidentiality restrictions where appropriate, and on an anonymised basis wherever possible;
  • Using secure servers to store your personal information;
  • Requiring proof of identity from any individual who requests access to personal information; and
  • We take no payments over our website.

Transmission of information (including personal information) over the internet is not entirely secure, and if you submit any information to us over the internet (whether by email, via our website or any other means), you do so entirely at your own risk. We cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your transmission of information to us by such means.

Do You Share My Personal Data?

We may sometimes contract with the following third parties to supply products/services to us and you on our behalf. These may include payment processing, software development, postal delivery, and marketing. In some cases, those third parties may require access to some or all of your personal data that we hold.

Metalogic Ltd – run and manage our internal IT systems
Synertec Ltd – postal and email delivery service of invoices and statements
Auditors and other professional advisors
Law enforcement and other government regulatory agencies.

If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described above in Part 8.

In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

How Can I Access My Personal Data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.

All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 11. To make this as easy as possible for you, a Subject Access Request Form is available for you to use. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.

There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our my administrative costs in responding.

We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

How Do I Contact You?

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details (for the attention of Daniel Thomas):

Email address: danielt@dyfedsteel.co.uk

Telephone number: 01554 757241

Postal Address: Dyfed Steels Limited, Tube Works, Maescanner Road, Dafen, Llanelli, Carmarthenshire, SA14 8NS

Changes to this Privacy Notice

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our my business in a way that affects personal data protection.

Any changes will be made available on our website and the revision date will shown at the top of this page. The modified privacy statement will be applicable from that date, we encourage you to periodically review this information.