Customers are entitled to a full refund to if they’ve told us within 14 days of receiving their goods that they want to cancel. This will exclude installation service fees. Customers have another 14 days to book the removal and return the goods. Once removed a refund will be issued to the customer within 14 days of receiving the goods back.We process data only for our core business purpose, we only process data for the original purpose that it was collected for. We do not keep lists of names for mail shots or cold calling, we will never pass on information to other parties for that purpose.
Here are the principles we operate to in respect of the personal data that we process;
Services to our end user customers
We process personal data about the individuals that we deliver services to. We only take the information that we need to be able to communicate with our customers about arrangements to plan the service, to deliver the service and then carry out any follow up work straight after the service which may include a satisfaction survey. For this we hold their name, address, phone number and email address. We do not request, record or process any other data, including Special data, about our customers.
If there is a credit card payment made in relation to the service, we pass card details directly to our payment service and do not record details of the card ourselves.
After the service is completed and invoiced we retain all the information about the service event to enable analysis of our services, for historical trending and planning for the future of our business.
If we use a supplier to deliver a service for us, customer details will be passed to them to enable the service. After the supplier completes their tasks they will not retain that information.
We never pass our customer data on to other parties after a service event is closed and we will not contact end user customers after all service events are closed.
All our customer data is held on our own servers, processed and hosted in the UK.

Services to our corporate partners and customers
We process personal data about the individuals that we deliver services to. We only take the information that we need to be able to communicate with our customers about arrangements to plan the service, to deliver the service and then carry out any follow up work straight after the service which may include a satisfaction survey. For this we hold their name, address, phone number and email address. We do not request, record or process any other data, including Special data, about our customers.
After the service is completed and invoiced we retain all the information about the service event to enable analysis of our services, for historical trending and planning for the future of our business.
If we use a supplier to deliver a service for us, customer details will be passed to them to enable the service. After the supplier completes their tasks they will not retain that information.
We never pass our customer data on to other parties after a service event is closed and we will not contact end user customers after all service events are closed.
All our customer data is held on our own servers, processed and hosted in the UK.

Our suppliers and service partners
We use suppliers and partners to deliver services for us. Our relationship with them is a contractual one, where they choose to work with us. We hold information about them to enable us to contact them in relation to delivery of services. If we stop trading with a supplier we continue to hold the information about them so that we can analyse our services, for historical trending and planning for the future of our business.
We pass personal information about our customers to our suppliers in relation to a service event to enable our suppliers to deliver service to our end users. In this case the supplier does not retain this information after the service event is completed and invoiced with us.
Our supplier information is held our own servers, processed and hosted in the UK.

Our relationship with our corporate customers
We provide services to many customers and have many customers within our sales pipeline, where we have engaged with them and wish to do business with them. For this purpose personal contact details are exchanged between peers (like project managers, sales teams and supplier managers) within our organisation and theirs. The personal information is names, phone numbers and email addresses; the phone and email address will normally be for a business location but some individuals choose to circulate personal contact details. The information is offered and exchanged in relation to maintaining a business relationship.
The information is never passed to any other parties.
The information is recorded on Apple iCloud drive.

Our recruitment and vetting of supplier’s staff
We process CVs for individuals where they apply for roles that we have advertised. This can be a direct applicant or, through one of our suppliers. CVs contain personal information and we treat this information with care.
As CV’s are always offered to us, we are assuming that the individuals are opting in to allowing us to process their data; they have offered their CV information to us by applying for our role or by advertising their CV on a job board web site.
We hold CVs within our email system where access is restricted to only the staff needing to access it.
As a vacancy is fulfilled, we ask unsuccessful applicants whether we can continue to hold their details, we do this for the purpose of finding them employment in the future.

Special category data
Within the GDPR regulations the term Special Category Data is defined (also called sensitive data) as this data needs more protection. The term is used in this policy and refers to more sensitive data like ethnic origin, biometric information or health matters. We only process data of this type within our HR system described above.

Disclosing Your Information
We will not disclose your personal information to any other party other than in accordance with this Privacy Policy and in the circumstances detailed below:
In the event that we sell any or all of our business to the buyer.
Where we are legally required by law to disclose your personal information.
To further fraud protection and reduce the risk of fraud.

Your rights under GDPR;
Access to Information
In accordance with the GDPR, you have the right to access any information that we hold relating to you by making a subject access request.
All individuals who are the subject of personal data held by Nest Pro London are entitled to:
Ask what information the company holds about them and why.
Ask how to gain access to it.
Be informed how to keep it up to date.
Be informed how the company is meeting its data protection obligations.
Request for the data to be destroyed.
If an individual contacts the company requesting this information, this is called a subject access request. Subject access requests from individuals should be made by email, addressed to the data controller at [email protected]
The data controller can supply a standard request form, although individuals do not have to use this. Individuals may be charged £10 per subject access request.
The data controller will aim to provide the relevant data within 14 days.
The data controller will always verify the identity of anyone making a subject access request before handing over any information.

Your rights under GDPR
In particular, but without limitation, you may have the following rights under applicable European data protection law:

Right of access:
You have the right to obtain confirmation from us as to whether or not we process personal data from you and you also have the right to at any time obtain access to your personal data stored by us. To exercise this right, you may at any time contact us.
Right to rectification of your personal data: If we process your personal data, we shall endeavour to ensure by implementing suitable measures that your personal data is accurate and up-to-date for the purposes for which we collected your personal data. If your personal data is inaccurate or incomplete, you have the right to obtain the rectification of such data. To exercise this right, you may at any time contact us.
Right to erasure of your personal data or right to restriction of processing: You may have the right to obtain the erasure of your personal data or the restriction of processing of your personal data. To exercise this right, you may at any time contact us.
Right to withdraw your consent: If you have given your consent to the processing of your personal data, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on the consent before the withdrawal. To exercise this right, you may at any time contact us.
Right to data portability: You may have the right to receive the personal data concerning you and which you have provided to us, in a structured, commonly used and machine-readable format or to transmit those data to another controller. To exercise this right, you may at any time contact us.
Right to object: You may have the right to object to the processing of your personal data as further specified in this Privacy Policy. Right to lodge a complaint with supervisory authority: You have the right to lodge a complaint with a data protection supervisory authority located in the European Union.