Last updated at: 9th January 2023
The goal of the data protection policy is to depict the legal data protection aspects in one summarising document. It can also be used as the basis for statutory data protection inspections, e.g. by the customer within the scope of commissioned processing. This is not only to ensure compliance with the European General Data Protection Regulation (GDPR) and Data protection Act (DPA) 2018 but also to provide proof of compliance.
Furbnow offers home retrofit services to homeowners and manages a network of suppliers to deliver home retrofits from assessments to installations and monitoring. As such, Furbnow collects, processes and holds data on its current and potential customers, and suppliers. Protection of this data is an important responsibility of Furbnow as a legal and regulatory requirement. We have legal and regulatory requirements to retain certain data, usually for a specified amount of time. We also retain data for business purposes, such as to operate our business and to have information available when we need it. However, we may not need to retain all data indefinitely, and retaining data can expose us to risk as well as be a cost to our business.
Furbow is a Data Controller. Furbnow collects and processes data subject data for the purposes of customer management, supplier management, marketing, recruitment, and research. Further types of data subjects and categories of data collected are detailed further below in this document. Furbnow shares data it controls with trusted suppliers to carry out our business functions, and third party data processes for the above purposes.
Furbnow’s Data Protection Officer is:
Laurence Watson, Chief Product & Technology Officerhello@furbnow.com
Formal or official records which are listed in the Record Retention Schedule. This may be because we have a legal requirement to retain it, or because we may need it as evidence of our transactions, or because it is important to the running of our business. Please see paragraph 6.1 below for more information on retention periods for this type of data.
Disposable information consists of data that may be discarded or deleted at the discretion of the user once it has served its temporary useful purpose and/or data that may be safely destroyed because it is not a formal or official record as defined by this policy and the Record Retention Schedule. Examples may include:
Personal data includes any information that could identify living individuals. Data protection laws require us to retain personal data only for as long as is necessary for the purposes for which it is processed (principle of storage limitation). See paragraph 6.3 below for more information on this.
Any confidential information that an employee may have obtained from a source outside of Furbnow, such as a previous employer, must not, so long as such information remains confidential, be disclosed to or used by us except as permitted in our confidentiality policy. Unsolicited confidential information submitted to us should be refused, returned to the sender where possible, and deleted if received via the internet. Please see our confidentiality policy.
Any data that is part of any of the categories listed in the Record Retention Schedule contained in the Annex to this policy, must be retained for the amount of time indicated in the Record Retention Schedule. A record must not be retained beyond the period indicated in the Record Retention Schedule, unless a valid business reason (or notice to preserve documents for contemplated litigation or other special situation) calls for its continued retention. If you are unsure whether to retain a certain record, contact Furbnow Management.
The Record Retention Schedule will not set out retention periods for disposable information. This type of data should only be retained as long as it is needed for business purposes and once it no longer has any business purpose or value it should be securely disposed of.
If data is not listed in the Record Retention Schedule, it is likely that it should be classed as disposable information. However, if you consider that there may be an omission in the Record Retention Schedule, or if you are unsure, please contact the Furbnow CTO.
Our data must be stored in a safe, secure, and accessible manner. Documents and financial files that are essential to our business operations during an emergency must be continuously backed up on redundant storage.
Our CTO and Furbnow Management is responsible for the continuing process of identifying the data that has met its required retention period and supervising its destruction. The destruction of confidential, financial, and employee-related hard copy data must be conducted by shredding if possible. Non-confidential data may be destroyed by recycling or erased if appropriate. The destruction of electronic data must be co-ordinated with Furbnow Management.
Destruction of data must stop immediately upon notification from Furbnow Management that preservation of documents for contemplated litigation is required. This is because we may be involved in a legal claim or an official investigation (see next paragraph). Destruction may begin again once Furbnow Management lifts the requirement for preservation.
This policy requires employees to comply with our Record Retention Schedule and procedures as provided in this policy. All employees should note the following general exception to any stated destruction schedule: If you believe, or Furbnow Management informs you, that certain records are relevant to current litigation or contemplated litigation (that is, a dispute that could result in litigation), government investigation, audit, or other event, you must preserve and not delete, dispose of, destroy, or change those records including emails and other electronic documents until Furbnow Management determines those records are no longer needed. Preserving documents includes suspending any requirements in the Record Retention Schedule and preserving the integrity of the electronic files or other format in which the records are kept.
If you believe this exception may apply, or have any questions regarding whether it may apply, please contact Furbnow management.
You may be asked to suspend any routine data disposal procedures in connection with certain other types of events, such as our merger with another organisation or the replacement of our information technology systems.
Questions about retention periods relevant to your function should be raised with your function lead or manager, or the Furbnow CTO. Any questions about this policy should be referred to the data retention lead Laurence Watson, email@example.com, who is in charge of administering, enforcing and updating this policy.
We are committed to enforcing this policy as it applies to all forms of data. The effectiveness of our efforts, however, depend largely on employees' willingness to report incidents. If you feel that you or someone else may have breached this policy, you should report the incident immediately to your supervisor. If you are not comfortable bringing the matter up with your immediate supervisor, or do not believe the supervisor has dealt with the matter properly, you should raise the matter with the Furbnow CTO. If employees do not report inappropriate conduct, we may not become aware of a possible breach of this policy and may not be able to take appropriate corrective action.
We will not subject any person to any form of discipline, reprisal, intimidation, or retaliation for reporting incidents of inappropriate conduct of any kind, pursuing any record destruction claim, or co-operating in related investigations.
Our CTO and Data Controller will periodically review this policy and its procedures (including where appropriate by taking outside legal or auditor advice) to ensure compliance with relevant new or amended laws, regulations or guidance. Additionally, we will regularly monitor compliance with this policy, including by carrying out audits.
Data: all data that we hold or have control over and therefore to which this policy applies. This includes physical data such as hard copy documents, contracts, notebooks, letters and invoices. It also includes electronic data such as emails, electronic documents, audio and video recordings. It applies to both personal data and non-personal data. In this policy we refer to this information and these records collectively as "data".
>Data Protection Officer: our Data Protection Officer who is responsible for advising on and monitoring compliance with data protection laws.
>Data Retention Policy: this policy, which explains our requirements to retain data and to dispose of data and provides guidance on appropriate data handling and disposal.
>Disposable information: disposable information consists of data that may be discarded or deleted at the discretion of the user once it has served its temporary useful purpose and/or data that may be safely destroyed because it is not a formal or official record as defined by this policy and the Record Retention Schedule.
Formal or official record: certain data is more important to us and is therefore listed in the Record Retention Schedule. This may be because we have a legal requirement to retain it, or because we may need it as evidence of our transactions, or because it is important to the running of our business. We refer to this as formal or official records or data.
Non-personal data: data which does not identify living individuals, either because it is not about living individuals (for example financial records) or because it has been fully anonymised.
Personal data: any information identifying a living individual or information relating to a living individual that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. This includes special categories of personal data such as health data and pseudonymised personal data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person's actions or behaviour.
Record Retention Schedule: the schedule attached to this policy which sets out retention periods for our formal or official records.
Storage limitation principle: data protection laws require us to retain personal data for no longer than is necessary for the purposes for which it is processed. This is referred to in the GDPR as the principle of storage limitation.
Furbnow establishes retention or destruction schedules or procedures for specific categories of data. This is done to ensure legal compliance (for example with our data protection obligations) and accomplish other objectives, such as protecting intellectual property and controlling costs. We will retain data with the purpose of continuing to interact with customers over a longer time period if they wish to do so, and to continue to work with suppliers to carry out retrofit projects into the future while considering capacity and demand.
Employees should comply with the retention periods listed in the record retention schedule below, in accordance with the Furbnow Data Retention Policy.
If you hold data not listed below, please refer to the Data Retention Policy - Disposable Records. If you still consider your data should be listed, if you become aware of any changes that may affect the periods listed below or if you have any other questions about this record retention schedule, please contact Laurence Watson, firstname.lastname@example.org
See table at the bottom of this page.
As per guidelines from the Information Commissioner’s Office, the UK GDPR provides the following rights for individuals, which are:
Furbnow must issue certain information about the processing activities that affect you. This information is usually provided in a Privacy Notice or Privacy Statement that is made available at the point the data is collected.
Furbnow, as the data controller, must provide you with:
For further information on how to make a Subject Access Request application see guidance from the Information Commissioner’s Office.
You can ask Furbnow to correct any personal information it holds about you to ensure your data is accurate. You may also ask Furbnow to complete incomplete data held about yourself.
You have the right to (under certain circumstances) ask for your personal data to be erased where:
Furbnow can refuse to erase your personal data where it is processed:
You have the right to restrict the processing of personal data held by Furbnow where:
The right to data portability only applies:
You have the right to object to processing of your personal data in certain circumstances and have an absolute right to stop your data being used for direct marketing.
You can also object if the processing is for:
However, in these circumstances the right to object is not absolute and you must give specific reasons why you are objecting to the processing of your data.
Please be aware that Furbnow would be able to continue processing your personal data if:
Furbnow could use automated decision-making in the following circumstances:
At present, there are no fully automated decision making or profiling systems in use within Furbnow. This means that this right does not currently apply to any processing activities.
You may submit your request to Furbnow verbally or in writing.
If you are dissatisfied with the way we have handled your application and want to make a complaint, please write to:
We will acknowledge your complaint within 10 working days and send you a full response within 20 working days. If we can’t respond fully in this time, we will write and let you know why and tell you when you should get a full response.
If you are dissatisfied with the way we have handled your complaint or request and want to make a complaint, you may write to the Information Commissioner, who is an independent regulator. Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.
The Information Commissioner can be contacted at:
Information Commissioner Wycliffe House Water Lane Wilmslow Cheshire, SK9 5AF Tel: 08456 30 60 60 or 01625 54 57 45 Fax: 01625 524510
Your Furbnow Privacy Settings