Privacy policy

Privacy Policy

Background

We understand that your privacy is important and that you care about how your personal data is used and shared. We respect the privacy of everyone who visits our website, uses our online services and purchases our products.

We are committed to respecting, securing, and protecting your privacy and private data. We are also committed to being transparent about what we collect from you and how we use it.

This privacy notice provides you with information about what personal data we collect, how we use your data, how we ensure your privacy is maintained, and your legal rights relating to your personal data.

1. Who We Are

We are Crown Paints Ireland Limited (“Crown Paints”). Our registered office address is  2/3 Exchange Place, I.F.S.C. Dublin 1

Our brands include: Crown Paints, Crown Trade, Sadolin, Sandtex, Macpherson and Crown Contract

You can contact us by:

• Telephone – 01 8164400
• Email – privacy@crownpaints.co.uk
• Post – Customer Relations Team, Crown Paints Ireland Limited, Units 28 & 29, Grattan Business Park, Clonshaugh, Dublin, D17 X478

2. Your Rights

Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data; which this policy and our use of your data has been designed to uphold:

• Right of access – you have the right to request a copy of the information that we hold about you. You can do this by contacting us using the above details.
• Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
• Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
• Right to be informed – you have the right to be informed about our collection and use of your personal data.
• Right to restriction of processing – where certain conditions apply, you have a right to restrict our processing.
• Right of portability – you have the right to have the data we hold about you transferred to another organisation.
• Right to object – you have the right to object to certain types of processing (such as direct marketing).

If you have cause for complaint about our use of your data, or you would like to exercise any of your rights, then please contact us using the details provided in Section 1 and we will do our best to solve the problem for you.

If we are unable to help, or you aren’t satisfied with our response, you also have the right to lodge a complaint with the Irish supervisory authority – The Data Protection Commission (DPC). The DPC can be contacted:

• By post – The Data Protection Commission, 21 Fitzwilliam Square, Dublin , D02 RD28.
• Via its website – www.dataprotection.ie

3. What Data Do We Collect from You?

If you use our websites, we will collect some data automatically from you when you use our website. That information is:

• Your IP address, login information, browser type and version, time zone setting, browser plug-in types, geolocation information about where you might be, operating system and version.
• Your URL clickstreams (the path you take through our site), products/services viewed, page response times, download errors, how long you stay on our pages, what you do on those pages, how often, and other actions.

If you are a customer we will collect additional information which you provide to us:

• Contact Details – Your name, company name, address, phone numbers, email address.
• Purchase & Quote Details – Information about products and services you have purchased or enquired about.
• Financial Information – Your bank or payment details and relevant tax information when you purchase from us.
• If you are a subscriber to our marketing content, or use our contact forms on our websites:
• Contact Details – Your name, email address and telephone number.

4. How We Use Your Data

Data protection law means that we can only use your data for certain reasons and where we have a legal basis to do so. Here are the reasons for which we process your data:

• Orders & Purchases: We’ll use the details you provide to process any orders that you make with us using our websites, apps, or in-store. If we don’t collect this information we won’t be able to process your order and comply with our legal obligations. Our legal basis for this is contractual obligation.
• Keeping Our Website Running: providing and managing your access to our website and services, personalising and tailoring your experience on our website and services. Our legal basis for this is legitimate interest (see below).
• Improving Our Website: Testing features, interacting with feedback platforms and questionnaires, managing landing pages, heat mapping our site, traffic optimization and data analysis and research, including profiling and the use of machine learning and other techniques over your data and in some cases using third parties to do this. Our legal basis for this is legitimate interest (see below).
• Marketing Purposes: We may send you emails and messages about new features, products and services, and content. You will always be able to unsubscribe from these. Our legal basis for doing that is consent (if provided), otherwise our legitimate interests (see below).
• Answering Your Queries & Customer Support: We will use your email and contact details to answer your contact requests and queries. Our legal basis for doing so is contractual obligation.

5. Legal Basis

We have identified a legal basis for each of our purposes in paragraph 4. This is what they mean:

Legitimate Interest:

Processing your data is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests. These legitimate interests are:

• gaining insights from your behaviour on our website
• delivering, developing and improving our service
• enabling us to enhance, customise or modify our services and comms
• enhancing data and physical security
• promoting our products, services and business.
• responding to customer enquiries, contact requests and promoting our services.
• In each case, these legitimate interests are only valid if they are not outweighed by your rights and interests.

You can always object to our processing of your data based on legitimate interest. If you do so and we have no other legal basis for processing your data we will stop. If we do have another legal basis we will continue to do so, subject to your legal rights.

Consent:

You have given clear consent for us to process your personal data for a specific purpose.

You can always withdraw your consent. You can do this by clicking on unsubscribe in any marketing email we send, or by getting in touch via the contact details in paragraph 1.

If you withdraw your consent and we have no other legal basis for processing your data we will stop. If we do have another legal basis we will continue to do so, subject to your legal rights.

Contractual Obligation:

Processing your data is necessary for a contract you have with us, or because we have asked you to take specific steps before entering into that contract.

6. Storing and Sharing Your Data

Data security is very important to us and we take appropriate security measures (both technical and organisational) to safeguard and secure your data. We regularly audit and test the effectiveness of our security measures.

As a multinational business your data may be processed outside the country where you live. We endeavour to keep all of your personal information in the European Economic Area (EEA) or UK. The EEA includes all EU Member States plus Norway, Iceland and Liechtenstein.

In limited and necessary circumstances your information may be transferred outside of the EEA. Where this does happen, we will put special protections in place. We will only move data to countries or organisations:

Where the EU Commission has deemed their data protection measures to be adequate;

Or under a contract which enforces the EU Commission approved “standard data protection clauses” which can be viewed at https://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm.

We will never sell your personal data to a third party.

We will never transfer or disclose your personal data to any third party except:

• Crown Paints is owned by Hempel Group. We may transfer your data to other parts of Hempel Group for internal administrative purposes – for example fulfilment of your orders, provision of internal support services, or where marketing is provided by other parts of Hempel Group. We will ensure your data is processed securely and in accordance with this privacy notice.
• We may sometimes contract with trusted service providers to provide goods and services on our behalf. These may include, for example, payment processing, delivery of goods, search engine facilities, advertising, marketing and IT systems. This will sometimes necessitate the transfer of your personal data to those trusted service providers.
• Where we transfer your data to our trusted service providers we will have confirmed that they will apply data protection and security measures to the same standard we would. We will always impose contractual terms on all of our providers to ensure your data remains secure.

In certain limited circumstances we may be legally required to share your personal data – for example where we are involved in legal proceedings, or where we are complying with a court order, regulatory requirement, or government department with appropriate legal authority to compel us to do so.

7. How Long We Keep Your Data

We do not keep your personal data for any longer than it is necessary in light of the reason(s) for which it was first collected and for our obligation under other laws.

We may need to keep your information to establish, bring or defend legal claims. We’ll therefore always keep your personal data for 7 years after the date it is no longer necessary for us to hold it.

At the end of that period your data will be either deleted completely or anonymised.

Exceptions to the above will be:

• Where you have exercised your right to have the information where it applies.
• Where the law requires us to keep your data for longer or delete it sooner.
• Where a legal claim is in progress – we’ll keep your data until that claim is concluded.

8. Cookies

Like many other websites, ours uses cookies. Cookies are small pieces of information sent by an organisation to your computer or device and stored on your computer or device to allow a website to recognise you when you visit. They help us collect statistical data about your browsing actions and patterns but should not contain personal data (other than the cookie itself, which is defined as personal data under GDPR).

All cookies used by and on our website are used in accordance with the current cookie law.

Before cookies are placed on your computer or device you will be shown a pop-up requesting your consent to set such cookies as detailed below. By giving us your consent, you are allowing us to provide the best possible experience of our website. You may refuse consent to cookies; however, certain parts of our website may then not function correctly. You can alter your browser settings to refuse all cookies.

There are four types of cookies:

• Strictly Necessary Cookies – These are essential to make a website work and provide features you’ve asked for. Generally, these are used to provide shopping baskets and similar. Without these cookies the website may not work as intended.
• Performance Cookies – These collect anonymous information about users for the purposes of tracking the performance of a website. Common uses include well-known analytics tools such as Google Analytics.
• Targeting/Advertising Cookies – These are similar to performance cookies. However, they are used to track users’ behaviour and that information is then used on a “per user” basis to advertise products/services on the basis of the behavioural information collected.
• Functionality Cookies – These are used to remember automatically the choices that users have made in order to improve their experience on the website; for example, selecting desired layout or language.

The cookies we use on our website are:

Cookie Type: Google Analytics

• Name: __utma, __utmb, __utmc, __utmt, __utmz, _gat, _gid
• Purpose: These cookies are used to collect information about how visitors use our website and WordPress blog. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited
• https://support.google.com/analytics/answer/6004245
• Type: 3rd Party
• Duration: _utma: 2 years, _utmb: Session, _utmc: Session + 30 min, _utmz: 6 months

Cookie Type: Website Session ID

• Name: PHPSESSID
• Purpose: To maintain information about each visit to the website and enable core site functionality. This cookie does not contain any personal information and only lasts for the duration of your visit.
• Type: 1st Party
• Duration: Expires at end of session
• Cookie Type: Cookie Policy Acknowledgement
• Name: viewed_cookie_policy
• Purpose: This allows us to hide the cookie policy pop up once you have acknowledge it.
• Type: 1st Party
• Duration: 1 Year

Cookie Type: Facebook

• Name: fr
• Purpose: This Cookie is placed by Facebook. It enables us to measure, optimize and build audiences for advertising campaigns served on Facebook. In particular it enables us to see how our users move between devices when accessing our website and Facebook, to ensure that our Facebook advertising is seen by our users most likely to be interested in such advertising by analysing which content a user has viewed and interacted with on our website.
• https://apps.ghostery.com/en/apps/facebook_custom_audience
• Type: 3rd Party
• Duration: 1 Year
• Cookie Type: Advertising
• Name: TDCPM, TDID
• Purpose: Registers a unique ID that identifies a returning user’s device. The ID is used for targeted ads from adsrvr.org
• Type: 3rd Party
• Duration: 1 Year

Cookie Type: Marketo_Advertising

• Name: _mkto_trk
• Purpose: This cookie is associated with an email marketing service provided by Marketo. This tracking cookie allows a website to link visitor behaviour to the recipient of an email marketing campaign, to measure campaign effectiveness.
• Type: 3rd Party
• Duration: 2 Years

Our websites may use 3rd party vendor re-marketing tracking cookies, including the Google AdWords & Facebook Pixel tracking cookie. This means we will continue to show ads to you across the internet, specifically on the Google Content Network (GCN) and Facebook. As always we respect your privacy and are not collecting any identifiable information through the use of Google’s or any other 3rd party remarketing system.

The third party vendors, including Google & Facebook, whose services we use – will place cookies on web browsers in order to serve ads based on past visits to our website. Third party vendors, including Google, use cookies to serve ads based on a user’s prior visits to your website. This allows us to make special offers and continue to market our services to those who have shown interest in our service.

9. Changes to Our Privacy Notice

We may change this privacy notice from time to time (for example, if the law changes). Any changes will be immediately posted on our site. We recommend you check the privacy notice regularly to remain up to date.

This privacy notice was last updated in August 2018