GRILLO respects your right to privacy. This policy is to tell you what data we may collect and how we may use it.
We assure you that we NEVER sell on customers data to any other company for marketing purposes and we only collect personal data that we need and use it as you would wish us to.
If you have any queries or consider we may be misusing your data please contact us immediately at firstname.lastname@example.org
For the purposes of this policy, “we” or “us” means Grillo Living AU Pty Ltd of 176 Paramount Boulevard, Derrimut, Victoria 3026, Australia and “you” means the user of the website. We are the data controller for the purpose of the UK Data Protection Act 1998.
This policy follows and respects the Australian Privacy Principles (APPs) set out in the Australian Privacy Act and other privacy laws including the UK GDPR Regulations. This policy has been updated to take account of changes in the law and will be updated further as new regulations are brought into place.
1. What information do we collect?
- If you make an enquiry or place an order by telephone or e-mail or on our website, or set up a user-account on our website, we will collect and process the information that you provide that is necessary to answer your enquiry or process the order and/or future enquiries, messages and orders that you may wish to send us.
- This may include information you provide at the time of registering to use our site, subscribing to our service, posting material, requesting additional services, or in the event that you report a problem with our site;
- If you contact us at any time, we may keep a record of that correspondence, and may keep your contact details so that we can contact you to answer your queries.
- We will retain details of any transactions you carry out through our site or by telephone or e-mail, including records relating to the fulfilment of any orders you place with us.
- If you ask us to, whether by clicking a link on our website, or requesting it in person or by phone or email, we may forward your details to a credit company at your request for them to provide you with an offer or quotation for credit or a loan towards your proposed purchase.
- If you contact us in connection with prospective employment or services we may collect personal information such as your name, contact details, qualifications and work history. Generally, we will collect this information directly from you. We may also collect personal information from third parties in ways which you would expect (for example, from recruitment agencies or referees you have nominated). Before offering you a position, we may collect additional details necessary to conduct background checks to determine your suitability for certain positions and to check superannuation information etc. needed.
If you do not provide this data, we may be unable in some circumstances to comply with your requirements and/or our obligations. We can tell you about the implications of that decision.
Updating your information – If the information you have provided us changes please let us know promptly and we will correct and update it. We also make a practise of checking and updating data when we are able to.
We do not ask for information that we do not need.
2. How your information will be used
The information we hold and process may be used as follows:
- to pursue the legitimate interests of the company in the running of our business supplying beautiful outdoor kitchens and associated products and services (including manufacture, design, marketing, sales, procurement, construction, warehousing, despatch, accounting, payment processing, referring potential customers for credit at their request, credit control and all normal business functions).
- for our management and administrative use. We will keep and use it to enable us to run the business and manage our relationship with our customers effectively, lawfully and appropriately.
- to enable us to comply with any sales contract or other contractual requirement,
- to comply with any legal requirements,
- to protect our legal position in the event of any legal proceedings.
- Answering questions or enquiries you have made regarding for example feasibility of a project, or options for layout and design, details of products, pricing, stock availability, lead-times or generally following up orders you have placed and enquiries you have made to see how we can help you further.
- Shipping orders to you and arranging delivery and/or installation of products.
- Sending invoices and similar paperwork that you require and that we are legally required to send or that will be helpful to you.
- If you contacted us regarding prospective employment your information will only be used for that purpose.
- Sending new catalogues when they are published or on an occasional basis details of new lines and offers for similar products to those that we supply to you when you have requested this or when we have carefully considered and feel it will be genuinely of interest to you and in line with what you would expect to receive from us.
- Note: Any e-shot GRILLO send out will always have an unsubscribe facility included.
- From time to time we may also invite you to provide feedback on products or our customer service or for other research purposes. (Please note that you do not have to respond to our surveys if you do not wish to do so).
We will never pass on customers’ details to other companies for their marketing purposes (except where customers have specifically asked us to for example to give details to a credit company for the company to contact them to discuss loan agreements).
3. Additional optional processing by consent
Where customers request to be sent marketing material or to be included in e-mail marketing, whether in person, through the website or by e-mail or telephone, we comply with the request where possible. You can unsubscribe at any time using the unsubscribe link always included on any e-shots we send or by phone or e-mail.
4. What is the lawful basis for processing this data?
The lawful basis for (2) is to meet our contractual obligations and legal requirements and pursue our legitimate interest of running a business. The lawful basis for (3) is by your consent but also to pursue our legitimate interest of running a business. See section (2) for more details.
5. What information do we hold? And what is it for?
We do not collect any information that we do not need.
Information collected is needed to meet our contractual and legal obligations and pursue legitimate interest of running a company and is retained as follows:
- For professional or business customers and enquiries we hold the Company name, address, phone numbers, domain name & e-mail address and contact names of appropriate personnel with job title (so we know who to contact)
- For private customers enquiries we hold name and contact details provided and all information needed to prepare any design, quotation and/or orders.
- We keep Feedback supplied to help us continually improve our products and service.
- Details of correspondence with you regarding supply of products and services, technical enquiries, design plans etc., including products of interest and prices quoted to enable us to quickly process orders and meet your requirements etc.
- Copies of credit account applications and references if a credit facility is requested or maintained where appropriate
Note: Where the company is a sole trader or partnership some detail may be regarded as personal information and it is important that you make this clear if for example you apply for credit facilities so that appropriate procedures can be followed.
- Details of bank accounts – if you have a credit account or where we need to keep details of any payments and refunds made for contractual legal or legitimate interest purposes. These will be kept securely and for as long as they are needed.
- Please note that we do NOT retain card details and other security data required for card payments. These are normally entered by you directly into the Barclaycard payment pages or those of any other Payment Provider we are using. If we do need to enter your card details for you, such as over the phone to take a payment, these would be directly entered and not retained.
- Information collected in regards to (a) employment and prospective employment will be retained as needed or agreed.
6. What data do we pass on to other parties?
We do not pass on your data to any other companies or persons other than for purposes necessary for our contract with you, for our legitimate interest as set out in this policy or for legal purposes.• Data entered on the website is collected by a hosting company as data processor on our behalf.
- Payment card data is normally entered by you to directly to the Payment Provider we are using (currently Barclaycard). If we take a card payment by another means we will need to enter the relevant data into the Payment Provider’s system (but as stated above do not retain these details)
- As with almost all card payment processing the Payment Provider will need to pass on some of your details to their own processing agents and your card company and bank to process the payment and may contact you and carry out verification and other checks for your security, fraud prevention and similar purposes. They may sometimes address these communications in our name.
- If you have requested that we pass your details to a credit providing company we will pass on your contact details or provide a link to their website, as requested, for you to provide them with further information. You will understand that we cannot accept liability for any other companies’ websites, actions or activities.
- Details of your delivery addresses and contact information may, if needed, be transferred to delivery and installation companies to enable them to ship the goods to you and install them. In case of export they may also need to make declarations to Customs authorities on behalf of us and you.
- When we send out mail shots or e-shots this may be via secure software at an approved third-party mailing company. Any unsubscribe requests are retained to ensure these are carefully respected.
- We also may transfer information about you to our associate companies for internal administrative purposes such as accounting, credit control, despatch and management. These include our parent company Grillo Group Ltd and its sister company Comar Group Ltd who handle administrative functions for Grillo in the UK. This information is only transferred and processed for the primary purpose that it was collected and the law in the UK protects your data in a way that is at least substantially similar to the way the APPs protect the information. These UK companies are under the same ownership as Grillo Living AU Pty Ltd and will take care of any data under the requirements of the very strict UK GDPR regulations.
- In the unlikely event of our company being acquired by a third party, customer data may be transferred to the new company.
- In limited and necessary circumstances, your information may be transferred outside of the EEA or to an international organisation to comply with our legal or contractual requirements.
- Some data is kept in secure storage “in the cloud”.
- We may need to disclose data to Australian or UK government bodies for accounting or taxation purposes, or to other parties to meet other regulatory and statutory requirements, or if required to by the courts or for fraud protection or credit-risk management.
- If you ask us to give a credit reference on your behalf we would need to disclose information in order to do so.
- Information collected in regard of prospective employment may be discussed with our employment advisers in strict confidence and with company management including at our head office in the UK.
7. What security is in place?
We have in place safeguards to ensure the security of your data. Our buildings, staff, servers and procedures comply with the strict security requirements of the PCI DSS (payment card industry data security standards).
8. We do NOT use automated decision making or profiling.
We do not use any automated decision making or profiling
9. How long will your data will be stored?
Where customers have placed orders with us we will need to keep certain details for contractual, warranty and legal reasons for ten years. Many of our customers are companies or professionals with long-term needs requiring regular and repeat supplies and we retain details in view of being able to meet our customers future needs. We do not retain any card details or unnecessary personal information. You may quickly and easily withdraw consent for any marketing using the unsubscribe link or by phone letter or e-mail.
10. Other processing in the future
If in the future we intend to process your data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information.
11. Your rights
- Under the UK General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data.
- You also have rights under the UK Privacy and Electronic Communications Regulations and Australian Privacy Act.
- The rights under GDPR relate to personal data and depend on the legal basis the information is processed under. These may include in different circumstances the right to request from us copies of any personal data held, rectification and erasure, the right to restrict processing, or object to processing as well as in certain circumstances the right to data-portability.
- If you have provided consent for the processing of your data as in clause (3) you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn. The easiest way is by using an unsubscribe link but you can also e-mail, write to or phone us.
- You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the law with regards to your personal data.
- Australian customers have rights under the Australian Privacy Act. These are in general very similar to the UK laws.
12. If you have any concerns as to how your data is processed please contact us as soon as possible to your normal contact or to email@example.com or for the UK firstname.lastname@example.org
13. Identity and contact details of data controller:
AU: Grillo Living AU Pty Ltd 176 Paramount Boulevard, Derrimut, Victoria 3026, Australia
UK; Grillo Group Ltd, The Ridge, Iceni Way, Haverhill, Suffolk, CB9 7FD, UK (Registered in England and Wales Co. No. 11159167) are the controllers (and processors) of data for the purposes of the UK DPA 18 and GDPR.
© Copyright Grillo Living AU Pty Ltd and Grillo Group Ltd UK updated December 2022