CGA Automation Ltd

Privacy Policy

CGA Automation Ltd (the Company) is the ‘data controller’. This means that we are responsible for deciding how we collect, hold and use your personal data. 
 
This privacy notice is aimed at our customers and visitors to our website and makes you aware of how and why your personal data will be processed when you use our website and throughout your journey as a customer of ours. It also gives details of how long we will usually retain your personal data and other matters we are prescribed by law to inform you about.  
This website and our services are not intended for children and we do not knowingly collect personal data relating to children.
You should read this privacy notice together with any other privacy notices we may provide to you on specific occasions so that you are fully aware of how and why we are using your personal data. This privacy policy supplements other notices and privacy policies and is not intended to override them.
 
1 - Data Protection Principles
1.1  We will comply with data protection law and principles, which means that your data will be:
 
1.1.1 Used lawfully, fairly and in a transparent way;
1.1.2 Collected only for valid purpose that we have clearly explained to you and not used in any way that is incompatible with these purposes;
1.1.3 Relevant to the purposes we have told you about and limited only to those purposes;
1.1.4 Accurate and kept up to date;
1.1.5 Kept only as long as necessary for the purposes we have told you about; and
1.1.6 Kept securely.
 
2 - The information we hold about you
2.1  Personal data means any information about you from which you can be identified. It does not include anonymous data. 
2.2      When you visit our website or we provide our services to you as a customer we may collect the following information from you directly:
 
• Personal contact details (name, address, contact details)
• Marketing preferences (for example, if you sign up to updates from us about our products and services)
• How you heard of us, your status as a buyer or potential buyer of our properties along with plots and developments of interest;
• Your signature
• Photographs
• Insurance and bank details
• Our history of communicating and transacting business with you
• Any additional personal information you provide us with during our relationship.
We collect your personal data when you provide it to us by contacting us via our website, in our Pre-Qualifier Questionnaire; our New Supplier and / or Customer Set Up documentation; during email correspondence, telephone or in person consultations, interviews and meetings.
2.2  We will not collect, store or use "special categories" of more sensitive personal information, such as about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
2.3      We may collect some information about you indirectly
• If we refer to you an IFA they may send us back your personal data in return, for example, by confirming whether or not a transaction should go ahead. We also collect personal data automatically when you visit our website as follows: IP address, information about how you use our website, browser type and version, time zone settings, browser plug-in types and versions, operating system and other technology on the devices you use to access this website. We collect this personal data by using cookies, server logs and other similar technologies. Please see our Cookie Policy for further details.
• Cookies You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies you should note that some parts of our website may not work property. 
 
3 - Why we process your personal data
3.1  We will only process your personal data where the law allows us to. Most commonly this will be where i) we need to process data to take steps, at your request, prior to entering into a contract with you; to enter into and perform our contract with you or where we consider that we have a legitimate interest in doing so provided these are not overridden by your interests, 
3.2 Consent. Generally, we do not rely on consent as a legal basis for processing your personal data, although we will get your consent before contacting sending marketing communications to you by email. You can withdraw your consent for marketing communications by clicking on the unsubscribe link or by contacting us using the contact details set out in section 11.1 below. We may occasionally ask you for consent to process your personal data during our relationship with you. If we do this, we will provide you with full details. You can withdraw consent at any time by contacting us. If you do this it will not affect the lawfulness of any processing carried out before you withdraw your consent.
3.3  In some cases, we also need to process data to ensure that we are complying with legal obligations. 
3.4  We may also need to process data to respond to and defend against legal claims.
3.5 Where we rely on legitimate interests as a legal basis for processing data, we have considered whether or not those interests are overridden by your rights and freedoms and have concluded that they are not.
 
4. How we use your personal data
We process the personal data we collect about you (as set out above) for the following purposes:
 
• To register you as a buyer or potential buyer of one of our products or services
• To manage our contract or relationship with you
• To take payments and collect and recover money you owe to us
• To deliver relevant website content and advertisements to you and measure or understand whether the advertising we served you with was effective
• To refer you to an Independent Financial Advisor (at your request)
• To make suggestions and recommendations to you about goods or services that may be of interest you
• To contact you with marketing information about our products or services
• To promote our products and services on social media
 
5 – If you fail to provide personal information when asked to do so
If you fail to provide or keep up to date, information when requested which is necessary for us to fulfil our obligations to you, you may be in breach of contract and we may not be able to fulfil our contractual obligations to you. For example: I, i) if you have requested specific extras for your home but you do not provide your payment details then we will not be able to provide them, and ii) if you do not keep us up to date with your contact information, we will not be able to keep you updated on progress.
 
6 – Who is your personal data shared with?
6.1 We will share your personal data with other entities in our Group for the purposes of setting up and executing contracts and as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring and generally to administer our relationship with you and to run our business. The Group comprises: CGA Automation Ltd, CGA Global Holdings Ltd and Xollo Prime Ltd.
6.2 Your information will be shared with external third parties who process your personal data on our behalf, such as banks for making and receiving payments and also IT services providers. 
6.3 We will share your personal data with Independent Financial Advisors at your request. If we do this you should note that their use of your personal information is not subject to this privacy notice and you should read their privacy notice to understand how they process and look after your personal data.
6.4 We may share your personal data with third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
6.5 We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We only allow third party service providers to process your personal data on our instructions and have taken appropriate steps to maintain the security and confidentiality of personal data share in this way.
6.6 We may also need to share your personal information with a regulator or to otherwise comply with the law.
6.7 We will not transfer your data outside the United Kingdom and European Economic Area.
 
7 - Data Security
7.1 We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees who have a business need-to-know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.  Details of these measures may be obtained from Managing Director.
7.2 We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
 
8 – Data Retention (how long do we use your data for)
8.1 The Company will only retain your personal data for as long as necessary to fulfil the purposes it was collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements.  
8.2 To determine the appropriate retention period for personal data, the Company considers the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which it processes your personal data and whether it can achieve those purposes through other means, and the applicable legal requirements.
8.3 As a rule of thumb and in the absence of any legal requirement to keep personal data for a longer period, if you are a customer, we keep your data for a period of six years following conclusion of our contract with you.
 
9 – Your rights
9.1 Under certain circumstances, by law you have the right to:
9.1.1 Request access to your personal information (commonly known as a ‘data subject access request’ or DSAR). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
9.1.2 Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
9.1.3 Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
9.1.4 Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
9.1.5 Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
9.1.6 Request the transfer of your personal information to another party. 
If you want to exercise any of these rights, please contact Managing Director in writing using the contact details set out in this notice
 
10 – Can this policy be amended
10.1 Yes, the Company may update this privacy notice at any time. If we do so we will post an updated version of this privacy notice on our website. You should check our website regularly for updates.
11 – Queries or Complaints about how we process your personal data
11.1 If you have any questions about this privacy notice or how we handle your personal data, please contact the Managing Director in writing to the address below:
 
Managing Director
CGA Automation Ltd
8 Highmeres Road
Leicester
LE4 9LZ
 
11.2 You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulatory authority for data protection issues, however we would appreciate it if you would contact us in the first instance to try to resolve any issues so that we have the opportunity to resolve any issues first. You can contact the ICO here: https://ico.org.uk/global/contact-us/