Both the service provider and data controller of your personal information is Ralloy Engineering Ltd
How do we collect your personal information?
Information that you provide us
Contacting us via our contact form or via email
When you contact us via our contact form, you provide us with the following information:
Your name, email address and any other personal information included in the subject or message body
This information is then emailed to us and stored on our mail server allowing us to respond to your query via email or telephone (should you have provided us with a contact telephone number).
Once we have received your email, we will aim to reply to you as soon as possible in order to best deal with your enquiry. We generally tend to keep emails we deem to be important and allow us to work efficiently to deal with any conversations between the both of us in the future. We regularly review the contents of our mailboxes to remove any emails we no longer deem to be important for the effective running of our business, however, you may request that we delete your personal information and any email correspondence between us from our servers sooner if we agree we have no valid reason to keep them any longer.
We will also never pass your details onto third party providers or send you any marketing material without first asking you for permission for us to do this.
Placing an order or requesting a postage quotation
If you decide to make a purchase from us, or request a postage quotation, we will then collect the following information via our website:
Your first name, last name, email address, primary telephone number, secondary telephone number (optional), delivery contact name and address, cardholder name and address, IP address as well as any personal information you provide within the notes field of your order
All of the above details are kept on our server for a minimum of 6 years for legal, contractual and accountancy purposes. It is also important that we retain this data should there ever be any safety concerns or recalls regarding the products that you purchased from us.
If you have requested a postage quotation, decided not to complete your order and would like to request that your quotation be deleted, then please contact us and we can delete your quotation from our system. If you would like any personal information deleting from a specific order then, again, please contact us and we will delete any information so long as it is no longer required for any legal, contractual or accountancy purposes.
Signing up for a user account
Our website allows you to sign up for an online account to easily view and manage your orders, request postage quotations, write reviews and ask any product-related questions. You can either sign up for an account via our registration form, or during the ordering process.
When signing up for an account, as well as your order information if applicable, we will also collect the following information:
First name, last name, email address, telephone number, mobile number (optional), profile image (optional), password, security question and a security answer
Your account will be assigned a unique identifier, which will then be used to link your account to certain aspects of the site, such as reviews, orders and questions. In order to protect your personal information, your password is stored securely using a one-way encryption algorithm.
The majority of the information we hold about you can be found by logging into the “my account” section of our website. Here you can update your personal information in real-time and should you no longer wish to share your personal information with us, simply select the “delete my account” link and everything relating to your account will be deleted from our database, including any stock reminders, reviews or questions you may have posted. The only data that will remain on the server that was associated with your account are any orders that you have placed via the website. Personal information relating to your orders will remain on our server (for the reasons outlined earlier), but the orders’ link to your account will be removed.
The website allows you to setup a stock reminder that will automatically send you a reminder email when a certain item comes back into stock. In order to provide this service, we must ask you for your email address. Once a stock reminder has been sent successfully we will flag your reminder for deletion. All completed stock reminders will be deleted within 30 days of you being sent your reminder email. Should you not have an account with us and wish to delete all reminders relating to your email address then please contact us.
When commenting on an article, we keep track of your email address to confirm that we have received and processed your comment. Article comments are not linked to your account, so should you wish to remove any comments relating to your email address then please contact us and we would be more than happy to do this on your behalf.
We also have the option to record supplier information on our website. The information we hold about our suppliers includes the supplier’s:
Name, address, email, telephone, mobile, fax and company url.
If you are a supplier and wish to know whether we have your contact details on record or wish for this data to be deleted from our online system, then please contact us.
Information that we collect automatically
When using our services and website, there is information about you that your web browser collects automatically that we use to best tailor your web browsing experience and to help us track who is visiting our website, this includes:
Device IDs or other unique identifiers, device and software characteristics (such as type and configuration), connection information, page view statistics, referral URLS, your IP address (which can provide us with the general location in which you are based) and browser and standard web server log information.
In order to prevent abuse of our system, we also log your IP address when performing searches to prevent too many searches being carried out within a set period of time. When we log the IP address, we also log the search term associated with the IP address in order to help identify deliberate attempts that are being made to try and identify vulnerabilities in our website. This allows us to block ‘bad’ IP addresses that we believe are making an attempt to compromise our security.
Information from other sources
In some cases, we might supplement the information you provide us with information we obtain from other services or data providers. Such supplemental information might include, but is not limited to, looking up your address via Google Maps to find out where you are located should we need to arrange a visit or obtaining additional information such as your company name, registration number, VAT number or address via Companies House.
How do we process your data?
We shall only use or process your data based on one of the following criteria:
You have given us clear consent that you wish us to process your data for a specific purpose, such as asking us to provide you with a quotation or replying to an enquiry that you might have sent us
You have entered a contract with us or you have asked us to take specific steps before entering a contract. This also includes the renewal of services or changes to pricing information
c) Legal obligation
It is necessary to process the data to comply with the law (not including contractual obligations). This includes such events as the police asking us to provide information or to make you aware of new legal obligations that may impact your services with us
You must be 18 years of age or older to enter a contract with us. In certain jurisdictions, the age of majority may be older than 18, in which case, you must satisfy that age in order to use our services. While individuals under the age of 18 may enquire with regards to our services or sign up for an online account, they may do so only with the involvement, supervision, and approval of a parent or legal guardian.
To whom we disclose your data
We aim to disclose your data to as few third parties as possible. However, when you sign up for our products or services it may be necessary to provide your personal information to other service providers. An example would be passing your data to a third-party SSL certificate provider. It is necessary to pass your personal information to an SSL provider in order to validate your identity. We will always ask you for permission to pass your data to any third party and inform you as to what personal data we need to provide the service provider in order to access their relevant services.
Similarly, we also need to pass your personal data to domain registrars when registering domain names. Where available, you will also have the option to purchase domain privacy when renewing or purchasing your domain in order to help protect your personal information.
We do not authorise other service providers to use or disclose your personal information except in connection with providing their services.
Your information and rights
At any time, it is your right to be able to contact us, either in writing or verbally to request the following:
For standard information requests, we will provide a copy of the information free of charge. However, the we will charge a fee when a request is:
The fee charged by us is currently £50 per hour, rounded up to the nearest full hour when dealing with non-standard information requests. We will respond to requests within 1 calendar month or sooner whenever possible. However, we can extend this timeframe by a further two months for complex or numerous requests (in which case we will inform you and give an explanation for the extension).
We will verify the identity of the person making the request, using “reasonable means”. This is usually by checking your caller ID if making a request via telephone or receiving the request from a known email address belonging to yourself that we have on record. We will make you aware of any right of access requests being performed via your nominated email address to ensure any requests are genuine and non-fraudulent.
Please note, that there are instances when we are not legally obliged to erase your personal information, which are listed below:
For full details regarding your rights with regards to the Global Data Protection Regulations (GDPR), please visit https://www.eugdpr.org/ and https://ico.org.uk/ for more information.
The security of your data is extremely important to us and we use reasonable administrative, logical, physical and managerial measures to safeguard your personal information against loss, theft and unauthorized access, use and modification. Such safeguards include securing our networks/systems with up-to-date security mechanisms such as software and/or hardware firewalls, intrusion detection and system monitoring, encryption, anti-virus software and automatically updating our software and operating systems to help protect our devices from any software vulnerabilities.
Unfortunately, no measures can be guaranteed to provide 100% security. Accordingly, we cannot guarantee the security of your information, but rest assured that we take the security of your data very seriously and have made additional investments to help protect your data the best we can.
The Global Data Protection Legislation introduces a duty on all organisations to report certain types of personal data breaches to the Information Commissioner’s Office (ICO) and, in some cases, to the individuals affected.
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
We have to notify the ICO of a breach unless it is unlikely to result in a risk to the rights and freedoms of individuals. Where a breach is likely to result in a high risk to your rights and freedoms, we must notify you directly and without undue delay.