Website Privacy Policy
About this privacy policy
AF Affinity Limited trading as Affinity Fuels is committed to protecting and respecting your privacy.
This website has been built specifically for Affinity Fuels customers. The majority of the information that is available and collected on this website is covered in our privacy policy, available here - https://www.affinityfuels.co.uk/PrivacyPolicy
This Policy sets out the basis on which Affinity Fuels (“We” or “Us”) collects personal information from you when you visit and use this website – affinityfuels.co.uk - and the way in which it will be processed by us. Please read this Policy carefully to understand our views and practices regarding your personal information and how we will treat it.
For the purposes of the relevant data protection legislation, the “controller” (or “data controller”) is AF Affinity Limited trading as Affinity Fuels, of Honingham Thorpe, Colton, Norwich, Norfolk, NR9 5BZ. Questions, comments and requests regarding this Policy are welcomed and should be addressed to [email protected].
This Policy was last updated on 29/09/2023 and will be kept under regular review.
General notices
Call recordings
We record all calls made to and from the Affinity office landline numbers, with the exception of calls where a card payment is taken, when the recording is manually terminated. Calls are recorded for our own legitimate interests for the purposes of;
- Assisting in resolving complaints and disputes
- Ensuring employee safety and wellbeing
- Assisting in employee training and development
- Supporting fair and thorough employee relations investigations
- Ensuring we are providing a high-quality service to our customers
Access to a recorded call will only be given when the request has been approved by a senior manager and when there is a valid reason for needing to access the call recording.
We retain call recordings for a maximum of two years.
Children's information
This website is not intended for children and we do not knowingly collect data relating to children.
Third party websites
Our website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy.
The Types Of Personal Information That We Collect
To give you full access to this website, the minimum amount of information that we require is your name, email address and postcode.
We may also collect the following types of information;
- Contact information, such as billing and delivery addresses, email addresses and phone numbers.
- Transaction information, such as orders and invoices.
- Profile information, such as feedback and survey responses.
- Technical information, such as the pages you have visited, your IP address, browser type, location and operating system. Most of this type of information is collected using cookies. Please read our Cookie Policy for further information.
When We Collect Your Personal Information
We will collect information about you when you visit and interact with this website.
How We Get This Personal Information
We receive personal information from the following sources;
- Directly from the individual
- The account holder, provides the information to us, such as the account holder providing your phone number so you can be contacted to arrange a delivery.
- The information is provided by a third party through the use of cookies. Please read our Cookie Policy for further information.
Why We Have Your Personal Information
We use this information for the following purposes;
Contractual obligations
- To manage and administer your user account.
- To manage and administer your member account.
- To provide a quotation for goods or services.
- To provide you with goods or services, which includes managing the collection and delivery of goods and managing any contracting services provided by us or on our behalf.
- To manage your account and to keep accurate records of goods and services provided.
- To contact you regarding your account, for example, to liaise with you to arrange collection or delivery of goods, or to provide services as requested.
- To invoice you for the goods or services provided.
- To resolve any issues or complaints with the goods or services provided or their related transactions.
- To take payment for goods or services.
- To carry out any other obligations arising from any contracts entered into between you and us.
- To enforce our terms and conditions, or any other agreement we enter into with you.
Legal obligations
We reserve the right to use or share your personal information in order to comply with any legal requirements, enforce our terms and conditions, or any other agreement we enter into with you, or to protect the rights, property, or safety of our business, our employees, other customers and our suppliers. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to perform due diligence before allowing goods or services to be provided to you.
Legitimate interest
We may also use your information for our legitimate interests, unless those legitimate interests are overridden by any of your interests or fundamental rights and freedoms. We will process information for our legitimate interest to;
- Report on and proactively manage debt and financial risk.
- Maintain the security of our business and this website.
- Prevent fraud.
- Help us improve our offering to our customers through the use of surveys or analytical insights.
- Make suggestions and recommendations to you about goods or services that may be of interest to you.
Consent
If we need to process your personal information for a reason which is not outlined above, we shall contact you in order to obtain your prior consent for such use.
When We Will Share Your Personal Information
Approved suppliers
We will share your relevant information with our approved suppliers when place an order for good or services. We will only share relevant information that is necessary to action the order.
When we share your personal information with an approved supplier, you should be aware of the following;
- The supplier will become the data controller for any information that we pass to them and will process your information in accordance with their own policies and procedures.
- Our suppliers are required to sign our Service Level Agreement (SLA) which ensures they will keep your information safe and only process it in compliance with data protection laws.
- If you are not happy with how a supplier is using your personal information then you have the same rights and freedoms with them as you do with us.
Sub-Processors
Your information may also be shared with our sub-processors. You can find the current list of sub-processors here - https://www.affinityfuels.co.uk/PrivacyPolicy
Within our group of companies
Your personal information will be shared with Affinity’s parent company, The AF Group Limited, for account administration and management purposes.
Data Retention
We will hold your personal user information for at least as long as your website user account is active. For more information on our data retention periods, please see our full privacy policy here - https://www.affinityfuels.co.uk/PrivacyPolicy
How We Keep Your Personal Information Safe
The personal information that we hold is stored on premise and we also utilise a number of cloud-based systems, listed under the Sub-processer heading further down this Policy. We use our best endeavours to ensure that your information, whether held on premise or in the cloud, is held securely and in accordance with this privacy policy.
For all of the personal information that we hold, we will utilise measures, or we will check that our sub-processers utilise measures, appropriate to the harm that might result from unauthorised or unlawful processing or accidental loss, destruction or damage to the information and the nature of the information that we are protecting, in an attempt to keep your information safe.
These measures may include, but are not limited to;
- Implementing appropriate technical and organisational measures that ensure and demonstrate compliance. This includes data protection policies, staff training, internal audits of processing activities and reviews of internal HR policies.
- Maintaining relevant documentation on processing activities.
- Implementing measures that meet the principles of data protection by design and default. Examples include;
- Data minimisation
- Encryption
- Pseudonymisation
- Transparency
- Allowing individuals to monitor processing
- Creating and improving security features on an ongoing basis.
- Using data protection impact assessments where appropriate.
- Ensuring confidentially, integrity, availability and resilience of systems and services. Examples include;
- Running firewall and virus-checking software.
- Downloading the latest patches or security updates as soon as possible.
- Taking regular backups and keeping them in a separate, secure location.
- Securely removing all personal information before disposing of hardware such as computers and mobile phones.
- Use of strong passwords and two factor authentication.
- Limiting administrator privileges to necessary and appropriate employees.
- Role based access levels.
- Ensuring that personnel who have access to and / or process personal information are obliged to keep personal information confidential and are trained on how to do so.
- Regularly assessing and evaluating the effectiveness of the technical and organisation measures that have been adopted.
Please be aware that unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data when you are transmitting it to us. Any transmission to us is at your own risk. Once we have received your information, we will use strict safeguarding procedures and security features to try to prevent any unauthorised access to your personal information.
Your Data Protection Rights
Please see the relevant sections below for further details on your rights as a data subject. You can exercise any of your rights by emailing us at [email protected] or by calling us on 01603 881881.
We will endeavour to comply with any request made within one month from the date of your request. However, we may extend this date to two months if the request is excessive or of a repetitive nature. If we need more than one month to meet your request, we will let you know in advance.
Please note that where we receive requests under this section which are manifestly unfounded or excessive, in particular because of their repetitive character, we may:
- Charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or
- Refuse to act on the request.
Right to access / access request
You have the right to request access to the information that we hold on you. In order to protect your information, we may take reasonable steps to verify your identity before we can hand over your information.
Right to rectification
You have the right to ask us to update any personal information that is incomplete or inaccurate. We will endeavour to ensure that if we update your information.
Right to erasure / right to be forgotten
You have the right to ask us to delete your personal information if;
- The personal information is no longer necessary for the purpose which we originally collected or processed it for.
- You object to the processing of your information and there is no overriding legitimate interest for us to continue this processing.
- We have processed the information unlawfully.
- We have to in order to comply with a legal obligation.
Right to restrict processing
You have the right to ask us to restrict or supress the processing of your personal information if;
- You have previously informed us that the information is inaccurate.
- We no longer require the information for its original purpose, but we need to hold it, or you ask us to retain the information to comply with legal obligations.
- We have processed the information unlawfully.
- We are in the process of deleting your information.
We will endeavour to ensure that where you have asked us to restrict the processing of your information, we will inform our selected third parties, including suppliers and contractors accordingly.
Right to data portability
You have the right to receive a copy of your information in a commonly used machine-readable format for transfer to another controller, provided you were the one to provide the information. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
This will allow you to move, copy or transfer personal information easily from one IT environment to another. Alternatively, we can transmit such information directly to another organisation. Please note that we may not be able to fully comply with a data portability request if this will affect the rights and freedoms of others.
Right to object
You have the right to restrict processing based on our legitimate interests. If you exercise your right to object, we will stop processing your personal information unless; We are able to demonstrate compelling legitimate grounds for the processing. The processing is for the establishment, exercise or defence of a legal claim.
What To Do If You Are Not Happy With How We Process Your Information
If you consider that we are in breach of our data protection obligations, we would encourage you to contact us in the first instance to see if we can resolve the issue. You can contact us by emailing us at [email protected] or by calling us on 01603 881881.
You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. The ICO website provides further information about their complaints process, which you can access here - https://ico.org.uk/make-a-complaint/data-protection-complaints/. Further contact information for the ICO can be found here - https://ico.org.uk/global/contact-us/.