top of page

PRIVACY POLICY

In this privacy policy the following words have these meanings:

(a) 'our', 'us' and 'we' means GYEON UK Ltd;

(b) 'you' and 'your' means the person using our services;

(c) 'our services' means this website (www.gyeonppf.uk);

(d) 'personal information' means information that could identify you;

(e) 'processing' means collect, use, transfer and store. 

1. INTRODUCTION

We are committed to protecting your privacy and the confidentiality of your personal information. This privacy policy describes what information we collect from you, how we use this information and how we protect it. It also covers information that you provide to us, and includes information that could identify you personally and information that could not. This privacy policy also tells you about your privacy rights and how the law protects you.

Our privacy policy complies with current UK law, including the General Data Protection Regulation (GDPR) 2016 and the UK Data Protection Act 2018. The law requires us to tell you about your rights and our obligations to you with regards to the processing and control of your personal information. We do this below, in Section 10 of this privacy policy, and by requesting that you read the information provided on the Information Commissioner's Office (ICO) website, via the following link:

https://ico.org.uk/for-the-public/

2. WHO IS THE DATA CONTROLLER?

For the purposes of the General Data Protection Regulation (GDPR) 2016 and the UK Data Protection Act 2018, the data controller for any personal information we hold about you is GYEON UK Ltd, a private limited company registered in Scotland (company number SC632975). Our registered office address is GYEON UK Ltd, Commercial Quay, 84 Commercial Street, Edinburgh, EH6 6LX, United Kingdom.

Under the law, the data controller is responsible for ensuring that your legal rights regarding your personal information are respected, that you are provided with accurate information about how your personal information is used, and that your personal information is held securely. If you have any questions or concerns about our use of your personal information, please contact us using the form provided on the Contact Us page of this website or write to us at our registered office address.

3. WHAT INFORMATION DO WE COLLECT?

We collect only the information we require in order to enable us to provide our services to you. Some of this information is personal information and some of it isn't, as described in the following scenarios:

(a) when you browse our website we collect your internet protocol (IP) address (which is personal information) and anonymised data about your browser type and version, your operating system type and version, your screen size and display settings, your time zone and location settings, and the pages you visit and how you interact with them (none of which is personal information);  

(b) if you contact us using the form on the Contact Us page of this website we collect your name, email address and telephone number (all of which is personal information), along with the details of your query (which may or may not contain additional personal information provided by you).

4. HOW DO WE USE THE INFORMATION WE COLLECT?

We process the information we collect in the following ways:

(a) we use the personal information we collect when you browse our website to provide you with the ability to navigate the site, view information about GYEON PPF Installers in relation to your location and use the form on the Contact Us page of the site, and we use the anonymised data we collect when you browse our website to analyse how the site is being used, in order to make improvements to it;

(b) we use the personal information we collect when you contact us using the form on the Contact Us page of this website to reply to you and resolve your query.

5. UNDER WHAT LEGAL BASES DO WE PROCESS THE INFORMATION WE COLLECT?

Under the law, we must have a valid reason for using your personal information (and personal information belonging to somebody else that you provide us with) and we must not collect, use or store data about you that is not compatible with that reason. The law defines six valid reasons (bases) for processing personal information; contract, consent, legitimate interest, legal obligation, vital interest and public task. Of these six reasons, we process the personal information we collect because we have a legitimate interest in doing so. The legal basis for the ways in which we use your personal information is as follows:

(a) our use of your personal information is necessary on the basis that we have a legitimate interest in making sure our website works properly and that you are able to navigate it, use the service provider directory and contact us using the form provided. Our collection and use of anonymised browsing data is subject to your consent, which you may provide or withdraw at any time using the cookie control tool that is accessible at the bottom of our website on all devices. More information about our use of cookies is provided in Section 11 below (Our use of cookies).

(b) our use of your personal information is necessary on the basis that we have a legitimate interest in replying to an unsolicited contact form submission from you to resolve your query.

6. WHO PROCESSES THE INFORMATION WE COLLECT?

Your personal information will be processed initially by internal staff members of GYEON UK Ltd, who have been specifically trained and authorised for this task. In carrying out the processing, your personal information will also be transmitted to third parties that we use to provide our services. These third parties have been rigorously assessed and offer a guarantee of compliance with the legislation on the processing of personal information. These parties are designated as data processors and carry out their activities under the control of, and according to instructions issued by, GYEON UK Ltd.

The third parties in question belong to the following categories (the examples provided for each category are not exhaustive, rather they are provided to offer a greater degree of recognition of the types of companies involved): website service providers (Wix) and directory service providers (Storepoint). We also use third parties specialising in analytics to process the anonymised browsing data (Google) we collect (if you provide us with your consent to do so).

Under some circumstances we may be required to disclose or share your personal information without your consent. For example, your data may be transmitted to the police, judicial and administrative authorities, in accordance with the law, for the investigation and prosecution of crimes, the prevention of and protection from threats to public security, to allow us to ascertain, exercise or defend our rights in court. We may also transfer your personal data to a buyer in the event that our assets are acquired by another organisation. If this situation ever arises, the purchaser will be required by law to process your personal information only as described in our privacy policy.

7. TRANSFER OF INFORMATION OUTSIDE THE UK OR EUROPEAN UNION

Some of the third parties listed in Section 6 of this privacy policy (Who processes the information we collect?) are located in countries outside of the UK or European Union. Nevertheless, these countries offer an adequate level of data protection, as determined by the European Commission (Adequacy of the protection of personal data in non-EU countries). Furthermore, in each case, the third party's own privacy policy has been rigorously assessed and offers a guarantee of compliance with UK and European Union legislation on the processing of personal information, via participation in an official legal framework (e.g. the EU-U.S. Privacy Shield).

8. HOW LONG DO WE KEEP THE INFORMATION WE COLLECT?

We keep your personal information for a limited period of time in line with our internal data retention policy. The specific retention period will vary according to the reason for processing your personal data. After this period, your data will be permanently erased or otherwise irreversibly anonymised. Currently, the specific retention periods we adhere to are as follows:

(a) we keep the personal information we collect when you browse our website until you close your browser or an hour passes by with no keyboard activity. We keep the anonymised data we collect when you browse our website (if you provide us with your consent to do so) forever;

(b) we keep the personal information we collect when you contact us using the form on the Contact Us page of this website for twelve months.

9. HOW DO WE KEEP THE INFORMATION WE COLLECT SAFE?

As we stated at the outset of this privacy policy, we are committed to protecting your privacy and the confidentiality of your personal information. To this end, we employ a wide variety of technical and organisational security measures, all of which are aimed at preventing your data from being accessed and used by anybody other than the parties specified in this privacy policy. We do not wish to divulge the specifics of these measures for obvious reasons, but a summary is provided below for the approach we take when collecting, using and storing your personal information:

(i) collecting  

We serve our website via HTTPS, using a TLS/SSL certificate issued by a trusted vendor. This ensures that the connection your browser establishes with our website is encrypted, and that any personal information you submit is transferred to us securely. You can verify our identity and the security of the connection when you browse our website by clicking the padlock visible in the address bar. Our email service provider also secures access to our email servers using a TLS/SSL connection, and we authenticate all outgoing emails using SPF and DKIM records, meaning their provenance can be checked and confirmed.

(ii) using

With the exception of when we transfer your personal information to the third party data processors specified in Section 6 of this privacy policy (Who processes the information we collect?), access to your personal information is restricted to internal staff members of GYEON UK Ltd, who have been specifically trained and authorised for this task. Moreover, by using various IT controls, access is further limited to only those staff members who need to use your personal information to fulfil each of the specific uses listed in Section 4 of this privacy policy (How do we use the information we collect?). The only exception to this concerns one of our company directors, who has unrestricted access to all of your personal information at any given time, for the purposes of managing organisational access to it. In all cases access is protected by secure passwords, and whenever possible by two-factor authentication. When we transfer your personal information to the third party data processors specified in Section 6 of this privacy policy (Who processes the information we collect?) we always do so via secure TLS/SSL connections. 

(iii) storing

The personal information we collect and use is stored on servers either belonging to us or the third party data processors specified in Section 6 of this privacy policy (Who processes the information we collect?). In all cases, all of the personal information we store is protected by modern security measures that are designed to ensure that the confidentiality, integrity and availability of your data is maintained at all times. These security measures are regularly evaluated, upgraded and tested to ensure continuous improvement in the quality of protection they afford. Moreover, all of the data storage systems we use have a high degree of redundancy, and back up mechanisms for restoring data in the event of a catastrophic failure or security breach.

10. YOUR PRIVACY RIGHTS

Every citizen of the UK and European Union has specific privacy rights with respect to the processing of their personal information. Each of these rights is listed below, along with an explanation of how we meet our legal obligations with regard to respecting them:

(i) the right to be informed

We are required to tell you when we use your personal information, and explain why and how we use it, who we share it with, how long we keep it and how we keep it safe. We are also required to tell you about your rights with regards to the processing and control of your personal information. The information we provide to you must be easy to understand and easy to access, written in plain English and available free of charge. This privacy policy meets these requirements.

(ii) the right to access

As well as having the right to be informed, you have a right to see exactly what personal information is being held by us. You have the right to request a copy of the data that we hold about you, and we will provide this to you free of charge once we have confirmed your identity. If you wish to see a copy of the data we hold about you, please contact us using the details provided in Section 2 of this privacy policy (Who is the data controller?). If we hold data about you we will: give you a description of it; tell you why we are holding it; tell you who it could be shared with; tell you how long we will keep it; tell you whether it has been used for automated decision making; tell you if it is stored outside of the UK or European Union, and; tell you what safeguards are in place to protect it. We will do this in writing in a clear and concise way, within one month of receiving your request. 

(iii) the right to rectification

You have the right to ask us to correct any inaccuracies in the personal information we hold about you, and to stop us using your data until it has been corrected. We want to ensure that the personal information we hold about you is accurate and up to date, and we will be happy to correct or remove any information that isn't accurate. To report any inaccuracies or omissions, please contact us using the details provided in Section 2 of this privacy policy (Who is the data controller?); upon receiving your request we will rectify your data promptly;

(iv) the right to be forgotten

You have the right to request the deletion of all or some of the personal information we hold about you. You are required to provide a reason for the request, such as you believe that the legal basis for processing your personal information is no longer valid, or it was unlawfully collected or used, or it needs to be erased to comply with a legal obligation. To request the erasure of all or some of the personal information we hold about you, please contact us using the details provided in Section 2 of this privacy policy (Who is the data controller?). Upon receiving your request we will review it, and if we agree with it we will delete the specified data promptly. If we disagree with it, e.g. because we are under a legal obligation to keep the data, we will write to you promptly explaining why.

(v) the right to restrict processing

You have the right to ask us to stop processing your personal information at any time. You will need to explain the reasons behind your request and allow us time to consider your request and respond. During this interval we will restrict the processing of your personal information. In each case we will discuss your request with you and agree on a satisfactory solution before we begin processing your personal information again.

(vi) the right to data portability

You have the right to ask us to share any personal information we hold about you, that we currently process on the basis of there being a contract between us or you having provided your consent for us to do so, with other organisations. If we receive such a request from you, we will prepare the data in a standard format such as a comma separated values (CSV) file, store it securely on a server and then make it available on demand to the organisations you specify. We will do this within one month of receiving your request. 

(vii) the right to object

You have the right to object to the processing of your personal information in cases where you have valid grounds to object (relating to your particular situation), or our legal basis for processing your personal information is our legitimate interests. If you wish to raise an objection under any of these grounds, please contact us using the details provided in Section 2 of this privacy policy (Who is the data controller?). Upon receiving your request we will restrict the processing of your personal information while we discuss your request with you and agree on a satisfactory solution.

(viii) rights relating to profiling and automated decision-making

Profiling can form part of an automated decision-making process, where a decision affecting you and based on your data is made without any human involvement. If the effect of the decision adversely affects your legal rights, or the effect of the decision could be significantly detrimental, then a decision cannot be made only by automated means; it must be made or reviewed by a human. We do not perform profiling or employ automated decision-making at GYEON UK Ltd.

To exercise any of the above rights, please contact us using the details provided in Section 2 of this privacy policy (Who is the data controller?). To ensure that your data is not subject to illegitimate use by third parties, we will ask you to confirm your identity before carrying out any request.

11. OUR USE OF COOKIES

As we stated in Section 3 of this privacy policy (What information do we collect?), when you browse our website we collect your internet protocol (IP) address (which is personal information) and anonymised data about your browser type and version, your operating system type and version, your screen size and display settings, your time zone and location settings, and the pages you visit and how you interact with them (none of which is personal information). We collect this information using an array of small plain text files and transparent image files known as cookies. The personal information collected by the cookies we use enables us to provide you with the ability to navigate the site, to display information about GYEON PPF Installers in relation to your location, to use the form on the Contact Us page of the site and to use the form on the 'Become an Installer' page of the site, while the anonymised data collected by the cookies we use enables us to analyse how the site is being used, in order to make improvements to it.

In line with the above, it is possible to differentiate between two different groups of cookies we use; those that collect personal information that is necessary in order for us to ensure that our website works properly, and those that collect anonymised data that is indicative of the performance of our website and allows us to make informed decisions about how best to improve it. The law doesn't require us to obtain your consent before placing any necessary cookies on your browsing device (e.g. computer, tablet or smartphone), but it does require us to gain your consent before placing any other types of cookies on your browsing device. Furthermore, the law demands that we obtain your consent in a particular way.

Firstly, we are required to tell you that we use cookies and explain what they do and why we use them in a clear and comprehensive way. Secondly, we are required to obtain your consent prior to collecting any information using cookies that aren't strictly necessary. Thirdly, your consent must be given unambiguously, in the form of a positive and affirmative action (e.g. clicking a button). Fourthly, your consent must be recorded and stored, to serve as evidence that consent has been given. Fifthly, we are required to provide you with a means of withdrawing your consent quickly and easily at any time. Finally, your consent must be regularly renewed, so we are required to allow it to expire in order to ensure that you are prompted to renew it.

We meet the above requirements in the following ways. Firstly, this privacy policy informs you that we use cookies, and explains what they do and why we use them in what we believe to be a clear and comprehensive way. Secondly, our website features a cookie control tool that appears at the bottom of the page when you first land on our site. This tool prevents any cookies that aren't strictly necessary from being placed on your browsing device immediately. Thirdly, this tool then offers you the choice of accepting all of the types of cookies we use to be placed on your browsing device, or managing your cookie preferences on a pop-up panel that provides more information and enables you to choose not to accept cookies that aren't necessary. Fourthly, if you choose to accept cookies that aren't necessary, your choice will be stored in an additional cookie that will be placed on your browsing device (this serves as a record of your consent, and will remember your choice when you visit our website in future). Fifthly, after making your choice the cookie control tool will collapse down into a clickable icon at the bottom of our website, thus enabling you to quickly and easily open the cookie preferences panel again at any time if you wish to withdraw your consent. Finally, if you chose to accept cookies that aren't necessary, the additional cookie that recorded your choice will automatically expire after 365 days, thus prompting you to repeat the process and renew your consent.

The last important point we need to inform you about concerns the difference between first party cookies and third party cookies. First party cookies are those that our website places on your browsing device, and which originate from our domain (www.gyeonppf.uk). As their name suggests, third party cookies are those that are placed on your browsing device by other domains whose services we use and whose content is embedded on our website. For example, when you browse our website our directory service provider (Storepoint) places a cookie on your browsing device from their domain that collects anonymised data about how you interact with the directory embedded on our website. Because third party cookies originate from other domains, our cookie control tool cannot always prevent them from being placed on your browsing device when they don't fall into the category of being strictly necessary. However, it will alert you to their presence and provide you with a link to the privacy policies of the issuing domains, which will enable you to make an informed decision about whether or not to accept them. If you decide you don't want to accept them you will be able to disallow and delete them via your browser's privacy settings.

12. COMPLAINTS

If you are not happy with our privacy policy or you wish to make a complaint about our processing of your personal information, please contact us using the details provided in Section 2 of this privacy policy (Who is the data controller?). If a dispute arises that we are unable to settle, then we hope you will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration. However, if you believe that we are processing your personal information in contravention of the law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), via the following link:

https://ico.org.uk/make-a-complaint/

13. CHANGES TO THIS PRIVACY POLICY

We regularly review and update this privacy policy in order to reflect changes to our services and amendments to the law. The terms that apply to you are those in effect (i.e. published on this page) on the day you use our services.

bottom of page