When you use our services, you’re trusting us with your information. We understand this is a big responsibility and work hard to protect your information and put you in control.
What is GDPR?
The General Data Protection Regulation, or GDPR, is the new data protection legislation replacing the Data Protection Act 1998.
It’s a European Union regulation which aims to give people more control over how their personal data is collected, used, stored and shared. It’s designed to strengthen and unify the data security measures of businesses in the European Union.
Web Oil already makes sure that data protection is central to our business. Under GDPR, we’re more transparent about how we collect, use, share and store our customers’ (and employees’) data.
GDPR gives our customers more freedom to control the data we hold about them. They have a right to:
• Be informed
• Be forgotten
• Object to data being held or processed
• Correct the information held about them
• Portability of their data
But, what does this really mean?
Be informed: It’s all about transparency. We’ll tell you who in the organisation is the data controller and give you their contact details. This is the person responsible for ensuring data is used and stored correctly. Our customers have a right to be told about what data we hold on them, how their data is used, why it’s used and who it’s shared with.
Be forgotten: Our customers have the right to ask for their data to be deleted. But, we may not always be able to do this when we’re required by law to keep information for a certain period of time.
Object: Our customers can object to their data being used for certain purposes or processed in a certain way. This could be, for example, objecting to direct marketing. It’s not always possible for us to follow an individual’s request though – especially where we have a legal obligation.
Correct: If we hold inaccurate information about a customer, they have a right to request it is updated.
Portability: Our customers have the right to ask for their data in a portable format so that it could be transferred to another organisation.
You have the right to request access to the data we hold on you. If you wish to do so please contact us:
Data Protection Team Email: GDPRdatateam@weboil.co.uk
Web Oil Limited Phone: 08000 22 33 23
We will respond to all requests within 30 days. In most cases you will not be charged for this. However, where the request is manifestly unfounded or excessive you may charge a “reasonable fee” for the administrative costs of complying with the request.
• What information Web Oil collects from you and why;
• How Web Oil uses and protects any information that you give; and
• How you can access and manage your information.
Web Oil is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, you can be assured that it will only be used in accordance with this privacy statement.
Web Oil may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 25 May 2018.
This policy replaces all previous versions and is correct as of 25 May 2018. We reserve the right to change the policy at any time.
What we collect
We may collect the following information:
• Job title
• Contact information including email address
• Other relevant personal information (e.g. date of birth)
• Electronic identifiers (e.g. IP addresses)
• Demographic information such as postcode, preferences and interests
• Other information relevant to customer offers and/or surveys
• In the case of job applicants, CVs and references relevant to the role that you are applying for
Ordinarily we will be the party collecting your information directly from you. However, there may be situations where this information is obtained by us from third parties. Examples of this would include:
• From a third party data profiling company, where you have given your consent for that company to pass such information on to us
• In the case of job applicants, from a third party recruitment agency
• Credit checks
• From publically available sources (e.g. the electoral roll)
What we do with the information we gather
We require this information to understand your needs and provide you with a better service. In particular, we require it for the following reasons:
• Internal record keeping and account management purposes (e.g. verifying your identity and fulfilling orders you place)
• Providing you with the product or service you have requested from us
• Monitoring, recording and storing telephone or email communications for the purpose of internal training, audit and compliance checking, to improve the quality of our customer service and in order to meet any legal and regulatory requirements
• Improving our products and services
• Contacting you by email, SMS, phone or mail for the purpose of account administration and/or processing and fulfilling orders and/or taking payment for such orders
• Customising our website according to your interests
• Reviewing your job application for roles with us and potentially offering you employment as a result of that review
• Contacting you on the grounds of us having a legitimate interest to do so, if you are a current customer, to periodically send promotional mails or contact you by telephone about new products, special offers or other information which we think you may find interesting using the contact details which you have provided
• Where you give us your consent to do so, we may periodically send promotional emails or SMS messages about new products, special offers or other information which we think you may find interesting using the contact details which you have provided
•Use your information to contact you for market research purposes
•Enrol you on our Cold Weather Priority (CWP) scheme and record this on our system
Calls may be recorded for training and quality purposes. To find more information on how call recording is handled please click here.
In order to utilise your personal information, as set out above, we may allow third parties to process your personal information on our behalf. This is likely to be the case where, for example we:
• Contract with a third party engineer or haulage company to provide our services to you
• Request a third party data profiling company to establish trends and other buying/profile information
• In the case of our Cold Weather Priority (CWP) customers, if you consent we may share your personal information with your local fire service for the purpose of them arranging and carrying out risk assessments
Where we share personal information for these purposes, we put in place controls to ensure that your personal information is only used for the purpose for which we’re sharing it (e.g. to install a new oil storage tank for you). Where we want to allow third parties to process or control your personal information for reasons other than those set out above, we will inform you of this and, if necessary, seek your consent to share such information with them.
You are entitled to request that we erase your personal information at any time. Where we have asked for your consent to use your personal information for a particular purpose, this consent may be withdrawn by you at any time. Similarly, where we are using your personal information to fulfil a legitimate interest of ours, you may have a right to object to your personal information being used for a particular purpose (e.g. for direct marketing). Please see the section entitled ‘Controlling your personal information’ below. Whilst we will generally seek to comply with your request, there will be circumstances where we are entitled to retain such personal information (e.g. in respect of legal claims or to ensure that any activity on your account (e.g. monies owing) may be resolved).
If you contact us or we contact you, we may ask for certain information from you to confirm your identity, check our records and deal with your account efficiently and correctly.
We aim to protect all of our customers from fraud. As part of this, we may use your personal information to verify your identity to help prevent or detect fraud. These checks may involve your information being disclosed to credit reference agencies, who may keep a record of that information. This is not a credit check and your credit rating will be unaffected.
We use programs such as Google Analytics and Mouseflow.com to help us find out:
• How many people visit our websites
• Which pages and parts of pages are most popular
• How long people spend in each area of the website
• What information people are looking for
These insights help us understand what customers want from our website and, consequently, how we can improve the website in the future.
• Browser types
• Operating systems
• Third party sites that direct you to us
• The time and date of a visit
Mouseflow.com generates screenshots and videos which enable us to view how individuals have used our website. This will also generally involve non-personally identifiable information.
What lawful basis we process your information on
Our lawful bases for processing your personal information are as follows:
Processing Lawful Basis
Internal record keeping Contract
Internal training/audit/compliance Contract
Improving products and services Legitimate Interests
Account Administration Contract
Customising our website Legitimate Interests
Reviewing job applications Contract
Direct marketing – current customers*, mail and telephone Legitimate Interests
Direct marketing – current customers*, electronic marketing Consent
Direct marketing – non-current customers Consent
Cold Weather Priority Scheme Consent
Market research Consent
In certain circumstances, we may be required to process your personal information in order to comply with a lawful obligation on us. This may be the case, for example, where a statutory or regulatory body requests such information in accordance with their legal powers. We also have a legitimate interest and, on occasion, a legal obligation to disclose personal information to regulatory bodies in certain circumstances, including where we have information about potential criminal acts or security threats, and may disclose information to authorities on this basis.
*If you proactively contact us to enquire about becoming a customer of ours, we will treat you as a current customer for the purpose of potentially directly marketing to you on the grounds set out above.
The security of your information is very important to us. As part of our commitment to keeping your data safe, our technical experts maintain physical, electronic and managerial procedures to keep safe the information we collect online.
Where a third party is processing your data on our behalf, we will take steps to ensure that such third party gives us commitments that it will process your data in line with EU law. If a third party processing your data on our behalf is located in a non-EU country that does not have data protection laws equivalent to those in the EU, we will always take appropriate additional steps to ensure that your personal information is kept safe and secure by those processing your data on our behalf. This will generally involve ensuring that such third party agrees to sign up to a formal legal agreement committing such party to comply with standards equivalent to those that would apply where that party to be located within the EU.
Sometimes, you might wish to disclose sensitive information to us, for example if you need a priority delivery because you are receiving medical treatment. We will only use sensitive data for the specific reason you disclosed it to us and we will take extra care to keep it secure. From time to time, we will check with you that we may continue to use that sensitive data for the specified purpose. Similarly should you sign up to our Cold Weather Priority scheme, you will be asked to provide a specific consent to us holding sensitive information for the purpose of this scheme.
How long we hold your information for
The time period for which we keep information varies according to what we use the information for. Unless there is a specific legal requirement for us to keep information, we will keep your information for as long as it is relevant and useful for the purpose for which it was collected.
Where we are using your personal information to send you marketing info we will generally retain that data for marketing purposes for a longer period of time as due to the nature of our business we frequently see repeat purchases from customers over a more prolonged irregular time frame. We will retain your account information for six years in line with relevant tax and contract requirements. In the case of commercial customers, we may retain personal information relating to such individuals within such customers for a longer period of time depending on the order and contracting cycles of such customers (e.g. if a customer commonly enters into five year deals, we would retain such information for a short period beyond the time when we would expect such agreement to be renewed).
In the case of unsuccessful job applicants, we will generally hold your CV and supporting documentation for period of up to 3 years from the date of application.
For the purpose of our Cold Weather Priority Scheme, we will retain your information for an initial period of five years from when you gave your consent to be included within the scheme at which point we will seek to reconfirm such consent.
Controlling your personal information
You may choose to restrict or control the collection or use of your personal information in the following ways:
• Whenever you are asked to fill in a form on the website or elsewhere, ensure that you tick any box requesting permission to use your personal information for specific purposes (e.g. marketing) if you wish to opt in
• If you believe that we are holding personal information which is incorrect, out of date or incomplete and wish for that to be corrected
• If you wish for your personal information to be erased from our systems
• If you wish for us to transfer your personal information to a third party (e.g. another service provider), we may provide you with your personal information which held by us for you to pass to that third party (or, in certain circumstances, we may be able to transfer that personal data to such third party directly if you wish for us to do so)
Where you have opted in to marketing, we may direct market to you by post or telephone on the basis that we consider we have a legitimate interest in marketing to you in this way and that it does not substantially impact on your privacy. You have a right to object to this at any time, and may request that we cease to contact you for direct marketing in this manner at any point. We will comply with any such request.
We will not sell, distribute or lease your personal information to third parties for their control unless we have your permission, need to do so in order to fulfil a contractual obligation to you or are required by law to do so. Where we do seek your permission, we will name the relevant third party at the time we seek such permission from you and any such permission shall be limited to that third party. Please note that we may provide information for processing to certain third parties as outlined in the section entitled ‘What we do with the information we gather’.
If you believe that any information we are holding on you is incorrect, out of date or incomplete, please write, email or call us as soon as possible, using the details set out above. We will promptly correct any information found to be incorrect. To protect your privacy and security, we will take reasonable steps to verify your identity before granting access or making corrections.
Third Party Links and Cookies
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website (s). Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Cookies are small text files stored on your computer by your browser. They’re used for many things, such as remembering whether you’ve visited the site before, so that you remain logged in - or to help us work out how many new website visitors we get each month. They contain information about the use of your computer but don’t include personal information about you (they don’t store your name, for instance).
How to Contact Us:
If you have any questions about this policy or more generally about our use of your personal information, you may contact us.
Data Protection Team Email: GDPRdatateam@weboil.co.uk
Web Oil Limited Phone: 08000 22 33 23