Introduction
This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe. We hope the following sections will answer any questions you have but if not, please do get in touch with us.
It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish. The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
Consent In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive email newsletters. When collecting your personal data, we’ll always make clear to you what categories of products you are opting in to receive information about and how you want to be contacted. Contractual obligations In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you order an item from us, we’ll collect your address details to deliver your purchase, and pass them to our courier. If you have a credit account with us and an established price list, we may also need to use your contact details to alert you of any changes to your agreed contractual pricing. Legal compliance If the law requires us to, we may need to collect and process your data.
For example, we can pass on details of people involved in fraud or other criminal activity to the law enforcement services.
Legitimate interest
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we will use your purchase history to send you or make available personalised offers. We also combine the shopping history of many customers to identify trends and ensure we can keep up with demand, or develop new products/services.
We will also use your address details to send you direct marketing information by post or email, telling you about products and services that we think might interest you.
When might we collect your personal data?
• When you register for an account with us.
• When you purchase a product or service in-store or by phone but don’t have (or don’t use) an
account.
• When you ask us to deliver our products to you.
• When you engage with us on social media.
• When you download or install one of our apps.
• When you contact us by any means with queries, complaints etc.
• When you enter prize draws or competitions.
• When you book any kind of appointment with us.
• When we see you at an exhibition or show and you have shown an interest in our products.
• When you choose to complete any survey we send you.
• When you comment on or review our products and services.
• When you’ve given a third-party permission to share with us the information they hold about you.
• We may collect data from publicly available sources (such as the Land Registry) when you have
given your consent to share information or where the information is made public as a matter of law.
What sort of personal data do we collect?
• If you have a web account with us: your name, invoicing and delivery address, orders and receipts,
email and telephone number. For your security, we do not keep any record of your password but in
the event, you lose it, you can request for it to be reset.
• Your email address from any of our app sign-ups with your opt in/out preference.
• Details of your shopping history.
• Details of your visits to our websites and which site you came from to ours.
• Information gathered by the use of cookies in your web browser. Learn more about how we use cookies and similar technologies.
• To deliver the best possible web experience, we collect technical information about your internet connection and browser as well as the country and telephone code where your computer is located, the web pages viewed during your visit, the advertisements you clicked on, and any search terms you entered.
• Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
• Your payment information e.g. debit or credit card details and your bank details where you have made a direct payment to us from your bank account.
• Installation history e.g. details of products installed, the location of products and details of the installation carried out.
• Information about the devices you use to access our smartphone app.
• Recordings of discussions you have with our sales and customer services teams.
• Any video and audio footage captured by our products.
• Information about how you use the products.
• Location information (both of the products and any device that accesses the smartphone app).
• Details of what triggers our products and the action that follows from those triggers.
Sources where we might collect your personal data from
• Directly from you when you interact with us in any way.
• Our website, smartphone app or our products.
• Other companies we work with e.g. installers, repairers, debt recovery agencies, third party suppliers etc.
• Other companies from within our group of companies.
• Alarm and monitoring companies who we engage to provide support for the products.
• Government departments and regulatory bodies.
• Social media.
• Other companies who you have agreed to share your data with.
How and why do we use your personal data?
It is important to Coral that we give you the best possible customer experience and only contact you about relevant products or services we feel you may be interested in. We use data collected to offer you promotions, products and services that are
most likely to interest you. The data protection law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service.
You can choose to change your preferences in how we contact you and what information we hold – see more in ‘What are my rights?’ section below. Remember, it is important to consider whether you truly want to opt out completely as doing so may mean we cannot provide all of the services or information you have asked for. Changing preferences is often a better way to manage contact, rather than opting out altogether. For example, if you’ve asked us to let you know when an item comes back into stock, we can’t do that if you’ve withdrawn your general consent to hear from us. Here’s how we’ll use your personal data and why:
• To process any orders that you make by using our websites. If we don’t collect your personal data during checkout, we won’t be able to process your order and comply with our legal obligations. For example, your details may need to be passed to a third party to supply or deliver the product or
service that you ordered, and we may keep your details for a reasonable period afterwards in order to fulfil any contractual obligations such as refunds, guarantees and so on.
• To respond to your queries, refund requests and complaints. Handling your information enables us to respond. We may also keep a record of these to inform any future communication with us and to
demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
• To process video footage and audio footage captured by our products and to allow our third-party suppliers (e.g. alarm and monitoring companies) to use such personal data to provide support to the products and the services we offer you. Processing of this nature could include accessing, using, storing, searching, manipulating, index and time stamping, transferring and deleting the footage.
• To contact you in such cases when an event is triggered by the product (e.g. an alarm is raised or there a camera or sound trigger). This will generally be by way of notification via the smartphone app unless you have agreed to subscribe to one of our monitoring subscriptions.
• You may ask us to deal with a representative on your behalf. If you provide us with personal data relating to that person, you represent to us that you have informed them that we will use their personal data and that it is in your and our legitimate interest for us to process their personal data to the extent permitted by and in compliance with the terms of this privacy notice.
• When you or any other user activates, deactivates or uses home mode on your alarm, we retain a record of when this happened, the method used and the username. These records will be available to you on our mobile application (subscription service required).
• Video records: footage recorded by the products are stored in the cloud by Amazon Web Services and accessible via the smartphone app. The period the footage will be retained and stored by us depends upon whether you have a subscription with us (details set out below).
• To advise you of any camera motion events. This will be via notification to your smartphone.
• To track the location of your device to establish if you are in the vicinity of one of our products when an alarm or camera is triggered.
• To contact you if there is a query with your delivery. To enable us to do this we collect a telephone number at registration and checkout. We will need to communicate this number to our couriers, so they can contact you regarding your delivery if necessary.
• To protect our business and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account. We’ll also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. We’ll do all of this as part of our legitimate interest.
• For example, by checking your password when you login and using automated monitoring of IP addresses to identify possible fraudulent log-ins from unexpected locations.
• To process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate business interests. This also helps to protect our customers from fraud.
• To keep you informed by email, web, text, post or telephone about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on. Of course, you are free to opt out of hearing from us by any of these channels at any time.
• To send you relevant, personalised communications by post in relation to updates, offers, services and products. We’ll do this on the basis of our legitimate business interest. You are free to opt out of hearing from us by post at any time.
• To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Notice, product recall notices, and legally required information relating to your orders. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.
• To administer any of our prize draws or competitions which you enter, based on your consent given at the time of entering.
• To develop, test and improve the systems, services and products we provide to you. We’ll do this on the basis of our legitimate business interests. For example, we’ll record your browser’s Session ID to help us understand more when you leave us online feedback about any problems you’re having
• To comply with our contractual or legal obligations to share data with law enforcement.
• To send you survey and feedback requests to help improve our services. These messages will not include any promotional content and do not require prior consent when sent by email or text message. We have a legitimate interest to do so as this helps make our products or services more relevant to you. Of course, you are free to opt out of receiving these requests from us at
• Any time by updating your preferences, which are accessible at the bottom of every marketing email or by contacting us on: info@coralwindows.co.uk and requesting to be removed.
• To collect feedback from customers who have had a buying or service experience with Coral. We use Trustpilot to assist with collecting specific information from our customers about the service received from Coral and to collect product review information. Trustpilot functions as our data processor and we are the data controller. Sometimes following a purchase, you will receive an email direct from Trustpilot to obtain such feedback. If you do not wish to write a review, please ignore such correspondence. If you do write a review this will appear direct on the Trustpilot website on the Coral company page.
How we protect your personal data
We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it. We secure access to all transactional areas of our websites and apps. Access to your personal data is password-protected, and sensitive data (such as payment card information) is secured by encryption.
We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security. Suppliers who receive your data from us for processing purposes, such as delivery companies, are also GDPR reviewed periodically to ensure their data is maintained appropriately under the same, strict access and storage conditions. How long will we keep your personal data? Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning. These are our data retention periods:
• Orders: When you place an order, we’ll keep the personal data you give us for six years so we can comply with our legal and contractual obligations.
• Warranties: If your order included a warranty, the associated personal data will be kept until the end of the warranty period.
• Marketing: For marketing purposes, your information will be maintained for 3 years following inactivity, or for as long as you are an active customer or have opted in via preferences to continue receiving information.
Video and audio footage
• No subscription account: No footage is stored.
• Subscription account: This depends upon your subscription account: ▪ 7 day account – we will store the data for 7 days the date any footage was recorded. After this, it will be deleted unless you have marked this footage as a “favourite” in which case it will be stored for the duration of your subscription period.
• 30 day account – we will store the data for 30 days the date any footage was recorded. After this, it will be deleted unless you have marked this footage as a “favourite” in which case it will be stored for the duration of your subscription period.
• In the event of an alarm and you being signed up to the ‘Plus premium’ subscription we will send your details including – name, address, telephone number, trust number and security PIN (verification of who you are when you are called by our monitoring provider), alarm event at the premises that occurred, recordings from the time the alarm event occurred and live view access to the cameras to verify the alarm for a period of 30 mins.
Who do we share your personal data with?
We sometimes share your personal data with trusted third parties. For example, delivery couriers, engineers visiting your home, to collect product/ service reviews, for fraud management, or to handle complaints.
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
– We provide only the information they need to perform their specific services.
– They may only use your data for the exact purposes we specify in our contract with them.
– We work closely with them to ensure that your privacy is respected and protected at all times.
– If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
– We have reviewed all GDPR policies to ensure their practices in storage and access of data are acceptable.
– Organisations we work with to support the product or our services and what they do (this list may change from time to time, so you should check regularly)
– Professional monitoring: we work with a third-party supplier to provide professional monitoring of footage from our products.
Alexa Developer Skills: https://www.alexa.com/help/privacy
ERA: We use ERA to manage our SmartHome product range, including developing hardware & software and also handling customer complaints & queries.
Google Inc.: We use Android and Google Analytics to develop, maintain and help us understand the way people use Coral products and services, so we can make it better and communicate relevant information to users. To provide this we develop applications and when using Google analytics, Google collects anonymised statistical data about the use of our website and applications – https://www.android.com/intl/en_uk/enterprise/data-protection
MailChimp: We use MailChimp for sending marketing emails. To do this Mailchimp stores usernames, email addresses, and Coral products and services. We use that data to ensure we only send emails relevant to the individual. To ensure compliance with the GDPR, our agreement with Mail Chimp is listed
here. https://mailchimp.com/legal/privacy/
Amazon Web Services: We use Amazon Services for our infrastructure, processing storage, sending service emails. To do this Amazon store encrypted customer data, video and audio footage, and events of Coral products and services. We use that data to ensure we can provide the services we are contracted to provide.
To ensure compliance with the law on GDPR, you can see Amazon’s compliance here at https://aws.amazon.com/compliance/gdpr-center/
The AWS server we use is located in Eire and is therefore compliant with both the GDPR and the Data Protection Act 2018.
WOWZA: We use WOWZA for streaming Liveview and recorded videos. The way in which WOWZA is GDPR compliant can be found here at https://www.wowza.com/legal/privacy
Stripe.: We process debit and credit card payments using Stripe Payments Europe Limited. a worldwide payments provider. The main capture is through their European subsidiary based in Ireland, but some of the data is passed to Stripe Inc. the parent company in the USA. For this transfer to be
lawful they employ the European Commission’s Standard Contractual Clauses (“Model Clauses”) to allow for the lawful transfer of such data under the EU Data Directive.
Apple: We use Apple infrastructure to develop, maintain and deliver Coral products and services. To comply with GDPR here is Apple’s Privacy Policy – https://www.apple.com/legal/privacy/en-ww/governance/
Twilio: We use Twilio to provide Voice generated AI services to our customers. To confirm Twilio’s compliance with GDPR please read https://www.twilio.com/gdpr
Where your personal data may be processed.
When transacting through our websites, by email or by telephone, your data is transacted and both within the EU and outside of the EU.
Whenever we transfer your personal data out of the EU we will take reasonable steps to ensure a similar degree of protection is afforded to it by ensuring that where we use certain service providers, we will use the standard contract clauses approved by the European Commission which give
personal data the same protection it has in Europe. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EU.
What are your rights over your personal data?
• An overview of your different rights
• You have the right to request:
• Access to the personal data we hold about you, free of charge in most cases.
• The correction of your personal data when incorrect, out of date or incomplete.
• For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end (such as the end of a warranty).
• That we stop using your personal data for direct marketing (either through specific channels, or all channels).
• That we stop any consent-based processing of your personal data after you withdraw that consent.
• Review by of any decision made based solely on automatic processing of your data (i.e. where no human has yet reviewed the outcome and criteria for the decision).
• You have the right to request a copy of any information about you we hold at any time, and also to have that information corrected if it is inaccurate. To ask for your information, please contact Data Protection Officer, Coral Windows, Coral Mill, Halifax Road, Bradford, BD6 2DN.
• To ask for your personal information to be amended such as your name, or telephone number, please contact our Customer Services team or email info@coralwindows.co.uk.
• To change your contact preferences for marketing emails, please click on the preferences link at the bottom of a previous email we have sent you and change the settings to your requirement, or email us on info@coralwindows.co.uk
• If we choose not to action your request we will explain to you the reasons for our refusal.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
Your right to complain
If you are unhappy about the manner in which your personal data is being processed by us, you have the right to complain to the Information Commissioner Office (ICO) www.ico.org.uk. However, we would like to hear about your concerns and to be given the opportunity to put things right. To that end please contact us in the first instance to see if your concerns can be resolved without the intervention of the ICO.
Direct marketing
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request. This may limit access to other products/services which also use this channel.
Notifications
The smartphone app can be configured to set up alerts to your smartphone e.g. if one of our products detects movement or sound. These notifications can be sent to you by way of an in-app message, a text message of email. Equally, you can turn all notifications off from within the smartphone app or by changing the setting on your smartphone or device.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
How can you stop the use of your personal data for direct marketing?
There are several ways you can stop direct marketing communications from us:
– Click the ‘change preferences or unsubscribe’ link in any email communication that we send you. We will then stop any further emails from that particular division.
– In our apps, you can manage your preferences and opt out from one or all of the different push notifications by selecting or deselecting the relevant options when you register. Should you wish to opt out from contact, please unsubscribe in any emails you receive from us.
– Write to our Marketing Department at Coral Windows, Coral Mill, Halifax Road, Bradford, BD6 2DN or contact info@coralwindows.co.uk.
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
Questions
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.
If you have any questions that haven’t been covered, please contact our Data Protection Officer who will be pleased to help you:
This notice was last updated on 20th December 2023.
Coral Smart Home / Coral SmartFrame are brand names of Coral Windows (Bfd) Ltd.