This Privacy Policy explains how West Brompton collects, uses, stores and shares personal data relating to customers and prospective customers in the West Brompton service area. It also explains the rights you have under applicable data protection laws, including the UK General Data Protection Regulation and the Data Protection Act.
This Privacy Policy applies to all West Brompton customers, and to individuals who contact or interact with West Brompton, within the West Brompton area. By using our services or otherwise providing personal data to us, you acknowledge that your information will be processed in accordance with this Privacy Policy.
West Brompton is the organisation responsible for determining how and why your personal data is processed. For the purposes of data protection law, West Brompton acts as the data controller for the personal data described in this Privacy Policy.
This Privacy Policy covers personal data processed in connection with the provision of our services, our customer support and communications, our websites and online platforms, and our general business operations in the West Brompton area.
We collect and process different categories of personal data about you, depending on how you interact with us. This may include:
Identification and contact details, such as name, postal address, billing address, service address, and any other contact details you choose to provide.
Account and service information, such as customer reference numbers, records of products or services ordered, service preferences, usage information related to the services we provide, and information about your interactions with our customer service team.
Communication data, such as the content of your enquiries, complaints, feedback or other communications you send to us, and records of our correspondence with you.
Payment and transaction details, such as payment method, limited payment reference information and transaction history. We do not store full payment card details; where electronic payments are used, these are handled by secure payment processors.
Technical and usage data, where relevant to our services, such as log information, device identifiers and configuration data that are necessary to operate, secure and improve our services and websites.
Marketing preferences, such as your choices about receiving marketing communications from us and your communication channel preferences.
We obtain personal data directly from you when you contact us, request or use our services, complete forms, provide feedback, or otherwise communicate with us. We may also collect data automatically when you access our websites or online platforms, for example through cookies or similar technologies, where this is permitted by law and in line with your choices.
In some cases, we may receive personal data about you from third parties, such as service partners, payment providers, or publicly available sources, where this is necessary to provide our services, verify information, manage accounts, or comply with legal obligations.
We only process your personal data where we have a lawful basis to do so. Depending on the specific processing activity, we rely on one or more of the following lawful bases:
Contract: We process personal data where it is necessary to enter into or perform a contract with you, including setting up your account, providing services, handling billing and payments, and managing customer support.
Legal obligation: We process personal data where we must comply with legal or regulatory requirements, such as record keeping, tax and accounting obligations, and responding to lawful requests from authorities.
Legitimate interests: We process personal data where it is necessary for our legitimate business interests or those of a third party, provided your interests and fundamental rights do not override those interests. This may include managing our relationship with you, improving our services, ensuring network and information security, and preventing or detecting fraud and misuse.
Consent: In limited circumstances, we may rely on your consent to process personal data, for example for certain types of optional marketing communications or for specific cookies or similar technologies. Where we rely on consent, you can withdraw it at any time.
We use your personal data for the following purposes:
To provide, manage and improve our services in the West Brompton area, including setting up your account, delivering services, handling enquiries and providing ongoing customer support.
To administer billing, payments and account management, including issuing invoices, processing payments, managing changes to services and resolving billing queries.
To communicate with you about your account and services, including important notices about changes to services, terms or this Privacy Policy.
To maintain the security and integrity of our systems, services and data, including monitoring for fraud, misuse and unauthorised access.
To conduct analytics and service improvement, such as reviewing how our services are used, identifying trends, and making decisions about how to develop or improve our offerings.
To comply with legal and regulatory obligations, including responding to lawful requests and enforcing our contractual rights.
Where permitted, to send you marketing or promotional information that is relevant to you, taking into account your preferences and your right to opt out.
We may share your personal data with trusted third parties who process data on our behalf as data processors. These processors provide services such as payment processing, customer relationship management, information technology support, data hosting, analytics and communications services.
We require all processors to act only on our documented instructions, to implement appropriate security measures, and to protect your personal data in accordance with data protection laws and contractual obligations. They are not allowed to use your personal data for their own purposes.
In certain situations, we may also share personal data with other recipients acting as independent controllers, where this is necessary and lawful. This may include professional advisers such as accountants or legal advisers, insurers, regulators, law enforcement agencies, or other authorities, where required by law or where necessary to establish, exercise or defend legal claims.
Where personal data is transferred outside the United Kingdom or the European Economic Area, we will ensure that appropriate safeguards are in place, such as standard contractual clauses or an adequacy decision, to protect your data.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet any legal, accounting or reporting obligations, and to resolve disputes or enforce our agreements.
In determining appropriate retention periods, we consider the type of personal data, the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it, and whether we can achieve those purposes by other means.
In general, we retain core customer account and transaction records for as long as you remain a customer and for a defined period afterwards, in line with legal and regulatory requirements. Communication records and operational logs are kept for shorter periods where possible. When data is no longer needed, we securely delete it or anonymise it so that it can no longer be linked to you.
You have a number of rights in relation to your personal data under data protection law. Subject to certain conditions and exemptions, these include:
Right of access: You have the right to request confirmation as to whether we process personal data about you, and to request a copy of that data.
Right to rectification: You have the right to request that inaccurate or incomplete personal data about you is corrected or updated.
Right to erasure: You may have the right to request that we delete your personal data in certain circumstances, for example where the data is no longer necessary for the purposes for which it was collected or where you withdraw consent and there is no other lawful basis for processing.
Right to restriction of processing: You may have the right to request that we restrict the processing of your personal data in certain situations, such as while we verify its accuracy or consider an objection you have raised.
Right to data portability: In certain circumstances, you have the right to receive personal data that you have provided to us in a structured, commonly used and machine readable format, and to request that we transmit that data to another controller where technically feasible.
Right to object: You have the right to object to certain types of processing, including processing based on legitimate interests and processing for direct marketing. Where you object to direct marketing, we will stop processing your personal data for that purpose.
Right to withdraw consent: Where we rely on your consent for processing, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before consent was withdrawn.
You also have the right to lodge a complaint with a supervisory authority if you believe that your data protection rights have been infringed. You can contact the authority responsible for data protection in your jurisdiction for further information on how to do this.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or other factors. When we make changes, we will revise the date of the most recent update and, where appropriate, take steps to inform you of significant changes. We encourage you to review this Privacy Policy periodically to stay informed about how we handle your personal data.
