Privacy Policy

Privacy Notice

The purpose of this notice

In this privacy notice we explain how we will process your personal information obtained through your use of our website https://www.calwin.co.uk, through the process of entering into a contract with us and through other interactions with you, for example, when you visit our social media pages, or when you interact with us professionally.

It is important that you read this privacy notice, together with any other privacy notice we may provide on specific occasions, so that you are fully aware of how and why we are using your data, and what data protection rights you have.

About CalWin Ltd

CalWin Ltd is a supplier of IT solutions to window and door manufacturers across Europe. The company was established in 1985 to develop an IT solution for window and door manufacturers and today is the leading supplier of IT systems to this industry in Norway and Sweden.

What does this notice cover:

1. Who we are and how to contact us

2. Data Protection Legislation

3. Personal data we collect

4. How we collect personal data

5. How and why we use personal data

6. Marketing

7. Who we share personal data with

8. International data transfers outside the United Kingdom

9. How long we keep personal data

10. Your rights

11. Information security

12. Complaints

13. Changes to this privacy notice

1. Who we are and how to contact us

When we say we, us or our in this privacy notice, we mean CalWin Ltd, a company incorporated and registered in England and Wales with company number 08290012 and whose registered office is at The Core Bath Lane, Science Central, Newcastle Upon Tyne, NE4 5TF.

For the purposes of the Data Protection Legislation, we are the controller of your personal data. This means that we are responsible for deciding how we hold and use personal information about you.

If you have any questions in regard to any part of this notice, please contact us by mail@calwin.no.

2. Data Protection Legislation

We are committed to protecting your privacy and safeguarding your personal data. Our use of your personal data is subject to the UK General Data Protection Regulation, the UK Data Protection Act 2018 and other UK privacy laws (together Data Protection Legislation).

3. Personal data we collect

Personal data means information which relates to an identified or an identifiable individual.

Types of personal data we may collect - Examples

Identity data

  • first name; last name;

Contact data

  • email;

Usage data

  • how you use and navigate our website;

Advertising profile data

  • interests; preferences; feedback and survey responses; assumptions about your predicted buying behaviour and interests based on the usage data collected by us, personal data held about you by our advertisers such e.g. LinkedIn;

Professional data

  • job title; name of business or organisation; professional credentials; professional contact details;

Communication data

  • details of enquiries submitted by you through our website or emailed to us;

Technical data

  • your IP address; your general geographic location based on your IP address; your time zone setting; the type of device you use and its operating system and version; your browser type; the platform you use and other technology on the devices you use to access our website; the pages you view on our website and how you interact with that content; advertising identifiers (such as those on mobile devices, tablets and streaming media devices that include such identifiers).

Anonymised data

We may also collect, use and share anonymised, aggregated data such as statistical or demographic data for any purpose. Anonymised data may be derived from your personal data but is not considered personal information in law as this information does not directly or indirectly reveal your identity. For example, we may aggregate information on how you use our website to calculate the percentage of users accessing a specific website feature.

4. How we collect personal data

We collect most of this information from you direct. However, we may also collect information from other sources.

Type of source - Examples

Your use of our website and services

  • when you use our website; when you buy our products or services by phone or email; when you submit an enquiry or feedback to us or complete our survey; when you sign up to our mailing list;

Your use of our social media pages

  • when you follow, post on, or interact with our post on our LinkedIn page;

Direct interactions with you

  • when you contact us (e.g. by phone or email); when you participate in our user research activities (e.g. provide us with feedback or respond to our questionnaires); when you network with us (e.g. provide us with your business card or contact us via our social media);

From publicly accessible sources

  • your website; your profiles on social media platforms (e.g. LinkedIn,); professional networking groups and databases;

Third parties

  • from another organisation or professional who told us that you would like to hear from us; or if you visit our website by clicking on our advertisement on social media or another website;

Automated technologies or interactions

  • as you interact with our website and advertisements, we may automatically collect technical data (as described in section The personal data we collect above). We collect this personal data by using cookies, server logs and other similar technologies. For further details, go to https://www.calwin.co.uk/cookies.

5. How and why we use personal data

Under the Data Protection Legislation, we can only use your personal data if we have a proper reason for doing so, for example: consent, contact, legitimate interests, or legal obligation.

Consent. Generally, we do not rely on consent as a legal basis for processing your personal data other than to:

  • place cookies and similar tracking technologies on your device (for further details please go to https://www.calwin.co.uk/cookies; and
  • send you our blogs, newsletters or other electronic marketing communication if you are not our existing customer or if you request or expressly agree to receive such communication.

Where your permission is required, we will clearly ask you for such consent separately from the body of this privacy notice.

You have the right to withdraw consent by;

  • emailing us at mail@calwin.no;
  • in case of marketing emails, by using the ‘unsubscribe’ link in our marketing emails; or
  • in case of cookies, by using the cookie preferences settings on our website.

Even if we are not required to obtain your consent for marketing purposes, you can still opt-out of receiving marketing communications at any time, so you are still in control.

From time to time, we may ask you to confirm or update your marketing preferences.

Contract. We will use your personal data if we need to do it to perform our obligations under a contract with you, or if it is necessary for a contract which we are about to enter with you. For example, if we need to:

  • register you as a new customer (e.g. manage your orders, administer invoicing and payments);
  • provide our products/services to you;
  • manage our relationship with you (e.g. to respond to your enquiries or to notify you about changes to our products/services); and
  • provide after sale care services (e.g. technical support);

Legitimate interests. We may process your personal data when we (or a third party) have a legitimate reason to use it, so long as this is not overridden by your own rights and interests. For example:

  • to manage our relationship with you;
  • to manage payments, fees, charges, and to collect debts which you may owe to us;
  • to interact with you professionally (e.g. if you represent our current or prospective customer, supplier or business partner) to manage our relationship with the organisation you represent;
  • to deal with your enquiry unrelated to a contract which we may have with you;
  • to ask you to leave a review or complete a survey;
  • to send you our email updates or other electronic marketing communications if you are our existing client;
  • to increase our business or promote our brand through delivering relevant website content, advertisements, and marketing communications to you;
  • to measure or understand the effectiveness of the advertising we provide to you;
  • to improve our website, products, services, marketing, and customer relationships; and
  • for the establishment, exercise or defence of our rights under our contract with you and/or legal claims.

Legal obligation. We may process your personal data to comply with our legal obligation. For example, to:

  • notify you about changes to our terms or privacy notice;
  • address your complaint; and
  • comply with a request from a competent authority.

6. Marketing

Our marketing emails

We may send you emails about our products if you are our existing or prospective business customer (on the basis of our legitimate interests and the rules applying to ‘corporate subscribers’ under the Privacy and Electronic Communications Regulations), or if you have expressly agreed to receiving marketing emails (for example, by signing up to our newsletter).

Cookies and similar technologies

We may also use cookies and similar tracking technologies (for example tracking pixels in our marketing emails and website advertisements) and analytics services (such as Google Analytics) to collect information about your use of our website, services and your interactions with our marketing emails and advertisements.

We will ask for your consent to the use of non-essential cookies, including third party cookies. You can find further information about the cookies used on our website and the purposes they are used for by going to https://www.calwin.co.uk/cookies.

Data from other providers

If you click on our advertisement on social media (for example, LinkedIn) or a website, that provider will share with us information about you (the fact that you came to our website from their service.

Right to withdraw consent or to object to processing

You can always ask us to stop using your personal information for marketing purposes by:

  • emailing us at mail@calwin.no;
  • in case of marketing emails, by using the ‘unsubscribe’ link in our marketing emails; or
  • in case of cookies, by using the cookie preferences settings on our website.

From time to time, we may ask you to confirm or update your marketing preferences.

7. Who we share personal data with

We may share your information with third parties for the purposes set out in this notice.

Service provision

We use Adobe DocuSign to execute our contracts with you. Please see their privacy notice.

Social media

We may share your personal data with LinkedIn when you use the social media buttons embedded in our website. Please also see the ‘Marketing’ section of this notice for further details of sharing information with social media platforms.

IT and technology

We share data with providers of IT, digital, and technology products and services, which we use to operate our business:

  • Amazon Web Services, who host our customer data in the Republic of Ireland (privacy notice);
  • Google, who provide Google Analytics web analytics services to us (hosted in the US) (privacy notice)
  • Snov, who provide customer relationship management services to us please see their privacy notice;
  • Rocket Science, providers of the MailChimp software, which we use for our email marketing communications and who host our data in the US (privacy notice)
  • SmartSheet, who we use to log support cases and for CRM (based in Germany, Ireland and the US) (privacy notice)
  • Microsoft OneDrive, who we use for cloud storage (privacy notice)
  • Zendesk, who we use for our IT ticketing systems (privacy notice)
  • Freshdesk, who we use for our IT ticketing systems (privacy notice)
  • Free Agent, who we use to manage our accounts (privacy notice)

We impose contractual obligations on the above providers to ensure that your personal data is protected.

Other sharing

We may also:

  • share your personal data with members of our staff;
  • other companies within the group of companies we are part of, for example, CalWin AS – Norway;
  • disclose your personal data to professional advisers (e.g. lawyers, accountants, auditors or insurers) who provide professional services to us;
  • disclose your personal data to certain third parties if specifically requested or agreed with you (e.g. if you ask us to introduce you to a third party);
  • disclose and exchange certain information with law enforcement agencies and regulatory bodies to comply with our legal obligations; and
  • share some personal data with other parties, such as potential buyers of some or all of our business, potential investors, or group companies if our business undergoes a corporate re-structure.

Such data recipients will be bound by confidentiality obligations.

8. International data transfers outside the United Kingdom

Transfers of personal data outside the United Kingdom are subject to special rules under the UK Data Protection Legislation.

As you can see in the ‘who we share personal data with’ section of this privacy notice, we may transfer your personal data to providers based outside of the UK.

We may transfer your personal data to providers and other companies in our group based in Norway in the European Economic Area (EEA) and we also use third party IT providers that may transfer your data to other countries in the EEA (please see the ‘who we share personal data with’ section of this privacy notice for more information). The UK Government has recognised the EEA as providing an appropriate level of protection to the data protection rights of individuals.

We may also transfer your personal data to the following other territories: the USA (for example, by using Mailchimp and Google Analytics, which are hosted in the USA). From 12 October 2023, we may transfer your personal data to organisations certified to the “UK Extension to the EU-US Data Privacy Framework” (the UK-US Data Bridge) under Article 45 of the UK GDPR without the need for further safeguards.The Rocket Science Group LLC d/b/a Mailchimp and Google are covered by the UK-US Data Bridge.

We also use third party IT providers that may transfer your data to other countries e.g. Snov may transfer personal data to Ukraine, China and Brazil. However, these third parties will only transfer your personal data with appropriate safeguards as determined by the UK GDPR. For more information see their privacy notices in the ‘who we share personal data with’ section of this notice).

Please email mail@calwin.no, if you would like further information in relation to the safeguards used when transferring your personal data outside of the UK.

9. How long we keep personal data

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

For example:

  • we are required to keep accounting records for seven years for tax audit purposes;
  • if you have a contract with us, we will keep your data for up to six years after the end of that contract;
  • if you subscribe to our newsletter, we will hold your data for that purpose until you unsubscribe or otherwise tell us that you no longer wish to receive such communications;
  • if you enquire or purchase our business-to-business services, we will keep your personal data for marketing purposes for two years from when we last heard from you, unless you earlier opt-out from receiving marketing communications.

We may also anonymise your personal data (so that it can no longer be associated with you) for analytics, research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

10. Your rights

You have a number of rights in relation to your personal data, which allow you to access and control your information in certain circumstances. You can exercise these rights free of charge, unless your request is manifestly unfounded or excessive (in which case we may charge a reasonable administrative fee or refuse to respond to such request).

Your right - Explanation

Access

  • This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Rectification

  • The right to require us to correct any inaccuracies in your personal data.

Erasure (to be forgotten)

  • The right to require us to delete your personal data in certain situations.

Restriction of processing

  • The right to require us to restrict processing of your personal data in certain circumstances (e.g. if you contest the accuracy of the data we hold).

Data portability

  • The right to receive, in certain situations, the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party.

To withdraw consent

  • The right to withdraw your consent, if we rely on your consent to use your information.

To object

  • The right to object at any time to your personal data being processed for direct marketing (including profiling) or, in certain other situations, to our continued processing of your personal data (e.g. processing carried out for the purpose of our legitimate interests).

Not to be subject to automated individual decision-making

  • The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you, or similarly significantly affects you.

If you would like to exercise any of those rights, please contact us at:

Please let us know what right you want to exercise and the information to which your request relates.

11. Information security

We have appropriate security measures to prevent personal data from being accidentally lost or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

12. Complaints

We hope that we can resolve any query or concern you may raise about our use of your information. You may contact us by using the contact methods set out in the How to contact us section of this privacy notice.

The Data Protection Legislation also gives you a right to lodge a complaint with the Information Commissioner, who may be contacted at https://ico.org.uk/make-a-complaint/, telephone on 0303 123 1113, or by post to: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.

13. Changes to this privacy notice

This privacy notice was last updated on October 18th, 2024.

We may change this privacy notice from time to time; when we do, we will publish the new version of the privacy notice on our website. If you are our customer, we may also inform you via email or post.

Inquiries