Privacy and Cookie Policy

Privacy and Cookie Policy

Privacy Policy

This privacy policy describes how we, the data controller Elnur UK LTD, Unit 1 16 Brown Street North, Leigh, England, WN7 1BU (“Elnur”, “we” or “us”) collect, store and process information about individual visitors to our website www.elnur.co.uk, www.ecoprocal.co.uk and www.elnurextra.co.uk.

This privacy policy only applies to website of Elnur Limited on which this privacy policy is stored or from which reference is made to this privacy policy by means of a link (hereinafter: “website”). This privacy policy does not apply to linked websites that are not owned or controlled by Elnur.

Commitment to data protection

Personal data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of users of a website.

In principle, we will only use your personal data in accordance with the applicable data protection laws, in particular the UK`s Data Protection Act 2018 (DPA), the European General Data Protection Regulation (“GDPR”), and only as described in this privacy policy.

However, we reserve the right to put this data to additional uses to the extent permitted or required by law or necessary to support legal or criminal investigations. In this case, we will inform you again about this further data processing to the extent required by law and obtain your consent.

In the next sections we explain when and how we process personal data about you when you visit our website.

Our principles

Elnur respects your right to privacy and is committed to the following key principles:

We protect your privacy and aim to provide you with a service that is tailored to your needs. Personal data is collected for specific purposes based on your consent or a legitimate interest when you contact us.

You have the right to information and access to your personal data at any time and may request its correction or deletion.

We do not sell your personal data to third parties. However, if necessary and if explicitly mentioned afterwards or if you have consented, we may share your data with partners and other service providers. In this case, their own privacy policies may also apply.

We take all reasonable measures to ensure the security and protection of your data from misuse.

Data Breaches/Notification

Databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) (a) GDPR serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

Supplementary information on your right of objection

We would like to point out in addition that if your personal data is processed on the basis of legitimate interest within the framework of the balance of interests pursuant to Art. 6 (1) (f) GDPR and/or your personal data is processed for direct marketing purposes, you have the right to object to the processing of your personal data at any time.

General technical organisational measures

Elnur has taken a variety of security measures to protect personal information to an appropriate extent and adequately. All information held by Elnur is protected by physical, technical, and procedural measures that limit access to the information to specifically authorised persons in accordance with this Privacy Policy.

The Elnur website is behind a software firewall to prevent access from other networks connected to the Internet. In addition, only employees who need the information to perform a specific job are granted access to personally identifiable information. These employees are trained in security and privacy practices and treat your information confidentially.

Purposes of use of personal data and legal basis a) Log Files

We only collect and process access data that your internet browser automatically transmits to us for technical reasons in order to provide the website. Depending on the access protocol used, the protocol data record contains general information with the following contents: Your session data (usage behaviour, length of stay, which links were clicked on, etc.), your abbreviated and unabbreviated IP address, your browser version, your operating system, your website-specific settings, your cookie IDs, your pixel IDs. This data does not allow any direct inference to your person and is processed to improve our website offer and to defend against attempted attacks on our web server. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in presenting you with a website optimised for your browser and in enabling communication between our server and your terminal device.

b) Cookies and similar technologies

For the processing of personal data using cookies and similar technologies on our website, please refer to our Cookie Policy, which is part of this privacy policy.

c) Contact requests

We process and store the personal data provided in the contact enquiry solely for the purpose of processing and responding to your enquiry and contacting you. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. b) GDPR.

The processing of data provided is carried out in accordance with Art. 6 para. 1 p. 1 lit. b) GDPR, which authorises the processing of data for the performance of a contract or pre-contractual measures. Furthermore, Art. 6 para. 1 p. 1 lit. f) GDPR authorises us to process data in order to safeguard our legitimate interests.

d) Marketing Notifications

On our website, users are given the opportunity to subscribe to our newsletter and our marketing notifications (collectively “Notifications”). In principle, our notifications can only be received by you if you register and confirm the notification mailing. For legal reasons, a confirmation of these notifications is obtained during the onboarding process completing the form online or via phone and is sent to the email address given. This confirmation serves to verify whether the owner of the e-mail address has authorised the receipt of the notifications. You may also change your notification preferences in your profile.

When registering for the notifications, we also store the IP address of the device used by the data subject at the time of the confirmation as well as the date and time of the confirmation, which is assigned by the Internet service provider (ISP). The collection of this data is necessary in order to be able to trace the (possible) misuse of the e-mail address of a data subject at a later date and therefore serves our legal protection.

The personal data collected in the context of a registration for the notifications is used exclusively for sending our notifications. Furthermore, subscribers to the notifications could be informed by e-mail if this is necessary for the operation of the notifications service or a related matter, as could be the case in the event of changes to the notifications offer or changes to the technical circumstances.

The data you provide us for marketing will be stored by us until you unsubscribe from the notifications and will be deleted from our servers as well as from the servers of Mailchimp and Twilio after you unsubscribe from the notifications. Data stored by us for other purposes (e.g., email address for warranty registration) remain unaffected by this.

The processing of your e-mail address is thus based exclusively on your consent (Art. 6 para. 1 p. 1 lit. a) GDPR). You can revoke this consent at any time. An informal communication by e-mail to us is sufficient for this purpose. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

Updating your information

If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so within your account or contact us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.

Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore.

Transfer of personal data

Elnur will not disclose or otherwise distribute your personal data to third parties unless this is necessary for the performance of our services (legal basis for processing: Art. 6 para. 1 lit. b) GDPR), you have consented to the disclosure (legal basis for processing: Art. 6 para. 1 lit. a) GDPR) or the disclosure of data is permitted by relevant legal provisions.

Elnur is entitled to outsource the processing of your personal data in whole or in part to external service providers acting as processors for Elnur pursuant to Art. 4 No. 8 GDPR within the framework of the GDPR. Elnur currently engages the following third parties

• Merinal Ltd (Company Number 06521381), To carry out warranty repairs, service calls and general repair work.

• Daida Limited (Company Number 13866438) for propensity modelling, statistics and industry help.

• Healthy Homes Solutions Limited (Company Number 12216394)

• Householder Club Limited (Company number 10149918)

The service providers commissioned by Elnur process your data exclusively in accordance with our instructions. Elnur remains responsible for the protection of your data, which is ensured by strict contractual regulations, technical and organisational measures and additional controls by us. For further information please refer to our Processing addendum

It goes without saying that Elnur ensures that the respective service provider guarantees data security before passing on personal data. Elnur will therefore only commission companies that can guarantee secure and proper data processing based on their qualifications and their technical and organisational capabilities.

Personal data may also be disclosed to third parties if we are legally obliged to do so e.g., by court order (legal basis for processing: Art. 6 (1) (c) GDPR) or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil Elnur’ legitimate interests (legal basis for processing: Art. 6 (1) (f) GDPR).

Storage and retention

Your personal data will be stored by us only for as long as is necessary to achieve the purposes for which the data was collected or – if statutory retention periods exist that go beyond this point and for the duration of the legally prescribed retention period (typically 12 years). We then delete your personal data. Only in a few exceptional cases is your data be stored beyond this period, e.g., if storage is necessary in connection with the enforcement of and defence against legal claims against us.

Elnur is entitled to process your personal data insofar as this is necessary to fulfil legal obligations. For this purpose, Elnur may transfer this data in particular to authorities, law enforcement agencies and courts. In this case, the transfer of your data is required by Art. 6 (1) (c) GDPR for compliance with a legal obligation to which we are subject. Elnur is further entitled to process personal data if and to the extent necessary to detect or prevent misuse of this website or to enforce claims of Elnur, its employees or users, whereby the data processing in these cases is necessary to protect these aforementioned legitimate interests of Elnur pursuant to Art. 6 (1) (f) GDPR.

International transfers

Our main operations are based in the UK and your personal information is generally processed, stored and used within in the UK and other countries in the European Economic Area (EEA). In some instances, your personal information may be processed outside the European Economic Area. If and when this is the case, we take steps to ensure there is an appropriate level of security, so your personal information is protected in the same way as if it was being used within the UK and the EEA. Where we need to transfer your data outside the UK or the EEA, we will use one of the following safeguards:

• The use of approved standard contractual clauses in contracts for the transfer of personal data to third countries.

• Transfers to a non-EEA country with privacy laws that give the same protection as the UK and the EEA.

Direct marketing in the context of a customer relationship

We use the data you provide to fulfil and process our contract and to respond to your enquiries in accordance with Art. 6 (1) (b) GDPR or on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. Insofar as you have also given us separate consent to process your data for consulting, quotation and advertising purposes, Elnur is entitled to contact you for these purposes via the communication channels you have ticked in this consent.

Your Rights

You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. There is more information on the Information Commissioners website (www.ico.org.uk).

• information about the processing of your personal data.

• obtain access to the personal data held about you.

• ask for incorrect, inaccurate or incomplete personal data to be corrected.

• request that personal data be erased when it’s no longer needed or if processing it is unlawful.

• object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation.

• request the restriction of the processing of your personal data in specific cases.

• receive your personal data in a machine-readable format and send it to another controller (‘data portability’).

• request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers.

• You also have the right in this case to express your point of view and to contest the decision

• Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time through our contact form.

The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it.

We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.

We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the ICO, their contact details can be found on their website (www.ico.org.uk). Elnur UK Ltd is registered with the Information Commissioners Office; its registration number is ZB495295.

Security and confidentiality

To ensure the security and confidentiality of the personal data we collect on the Website, we use data networks that are protected by, among other things, industry-standard firewalls and password systems. When handling your personal information, we take appropriate technical and organisational measures to protect your information from loss, misuse, unauthorised access, disclosure, alteration or destruction and to ensure its availability.

Personal data and children

Most of the services available on this website are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal information from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact. The parent or guardian will be provided with (i) information about the specific type of personal information being collected from the minor, (ii) the purpose for which it will be used, and (iii) the opportunity to object to any further collection, use or storage of such information. We comply with youth protection laws.

When you send a data subject access request

The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of the data subject access request is both our legitimate interest and our legal obligation.

The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability. Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process. You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.

Links to other websites

The website may contain links to another website. We have no control over the privacy practices or the content of those other websites. Therefore, we recommend that you carefully read the respective privacy policies of the other website that you visit.

Changes

This Policy and our commitment to protecting the privacy of your personal data can result in changes to this Policy. Please regularly review this Policy to keep up to date with any changes.

Queries and Complaints

Any comments or queries on this policy should be directed to us using the following contact details.

Elnur Ltd

Unit 1 16 Brown Street North, Leigh, England, WN7 1BU www.elnur.co.uk

info@elnur.co.uk

If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us. You can also make a referral to, or lodge a complaint with, the Information Commissioner’s Office.