Cromar Privacy Policy

This policy applies to information we collect when you choose to use this website, and also to personal information which we process further to supplying services/goods to our customers (and their customers) and when we receive goods/services from our suppliers.

We take your privacy very seriously and we ask that you read this privacy policy carefully as it contains important information on the personal information we collect about you; what we do with your information and who your information might be shared with.

Who we are
This website is owned by Cromar Building Products Limited and our registered office is at, 3, 4 & 5 Northside Industrial Estate, Whitley Bridge, Goole, East Yorkshire, DN14 0GH, United Kingdom. Cromar Building Products Limited (‘we’ or ‘us’) are a ‘data controller’ for the purposes of the General Data Protection Regulation (‘GDPR’) where we control the purposes for which we process your personal information. We will take all appropriate steps to ensure compliance with the GDPR and all other applicable legislation relating to data protection (‘Legislation’).

Any questions about our data protection policy or how we handle your personal data should be addressed to (See ‘How to contact us’ below.)

What information do we collect?
We collect personal information about you (such as your name, address, email address and contact number), when you make an enquiry or purchase products or services from us or contact us via the online form.
Personal information about other individuals.

We may receive information about you from third parties (for example where you are a contractor for one of our customers they may provide us with your contact information in order to provide you with training). We will add the information to our database in order to supply you with our training services as requested and to help us improve and personalise our services.

If you give us information on behalf of someone else, you confirm that either;
(1) the other person has a contractual relationship with you and knows that you will be transferring their personal data to us for specific purpose(s); and/or
(2) s/he has appointed you to act on his/her behalf and has agreed that you can: give consent on his/her behalf to the processing of his/her personal data; and receive on his/her behalf any data protection notices.

Use of cookies
A cookie is a small text file which is placed onto your computer (or other electronic device) when you use our website. We only use session cookies on our website. Session cookies are stored temporarily and are deleted once the browser is closed.

We do collect personal data through cookies but we only use this as explained in the Marketing section below and for the purposes of improving your experience of our site.

This website uses a cookie control system allowing you on each visit to the website to allow or disallow the use of cookies on your computer/device.

You can set your browser not to accept cookies and the websites below tell you how to remove cookies from your browser. However, some of our website features may not function as a result.
For further information on cookies generally visit or

Third Party Cookies: Cookies of this type are activated if you use the sharing buttons on this website which allow you to share content onto social networks. Links are currently provided to LinkedIn, Twitter and Facebook. You should check the respective privacy policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information BEFORE you access them. We are not responsible for third party policies or third party use of your personal data.

Who do we share your personal information with?
We will not share your personal data with any third party company for marketing purposes nor will we ever sell your data. We may send information about you to other parties such as our IT and web host service providers (to help us provide you with our goods and services or where we have a legitimate business interest to do so) and, where legally required, to law enforcement agencies in connection with any investigation to help prevent unlawful activity.

We do not send your data outside the EEA. Should we ever need to do so we will ensure that the appropriate legal safeguards are in place or that we have your consent, as stipulated under the GDPR.

How will we use the information about you?
We process information about you so that we can:
provide the goods and/or services requested;
identify you and manage any accounts you hold with us;
let you know about other products or services that may be of interest to you (see ‘Marketing’ section below);
detect and prevent fraud;
customise our website and its content to your particular preferences;
notify you of any changes to our website or to our services that may affect you; and
improve our services.

Social Media
Any social media posts or comments are subject to the terms of the relevant social media platform. We are not responsible for this kind of sharing and encourage you to view the privacy policy and terms of use for each platform.

Any comments you make on social media platforms in general must be not offensive, insulting or defamatory. You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.

Marketing and email newsletter
We may use any information submitted to us by you to provide you with further information by email and/or post about the products and services we offer which you have requested and/or which may be of interest to you. You can choose to unsubscribe at any point by clicking on the link at the bottom of the email or by writing to us at

Email marketing campaigns published by us may contain tracking facilities within the actual email. Subscribed activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include: the opening of emails, forwarding of emails, the clicking of links within the email consent, times, dates and frequency of activity (this is by no means a comprehensive list).

Lawful basis for processing personal data
We will only process your personal data where we have a legal basis for doing so.
Most of the processing we carry out in relation to your personal data is done in order to fulfil our contractual obligations with you but we may have legal obligations to keep and use certain personal data or a legitimate business interest.

If we are relying on the legitimate business interest basis for lawful processing be assured that we only do this where we have considered carefully the risks to your rights and freedoms (as we are required to do by the GDPR) and we will not process personal data on this basis if we have any doubt that your rights might be adversely affected. We also revisit this assessment regularly and update our procedures according to our findings.

Keeping your data secure
We will take all reasonable steps to comply with the GDPR and use the appropriate technical and organisational measures necessary to safeguard your personal data. If we do share your personal data we will only do so with third parties who also are required to comply with the GDPR.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that is transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How can you contact us?’ below).
(If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit Get Safe Online is supported by HM Government and leading businesses.)

Retention Periods
We store your personal data on secure servers for a period of:
2 years from the date on which you cease to be a customer of ours;
Indefinitely for contractors’ names, contact details and certificate numbers; or
until you ask us to destroy it
in each case unless the law requires us to store the data for a longer period.

What rights do you have?
The GDPR provides the following rights for individuals whose personal data is processed:
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object to processing
8. Rights in relation to automated decision making and profiling (We do not carry out automated decision making and profiling)

Right to request a copy of your information or amend our records etc
You can request a copy of your information which we hold or ask us to update the information we have on you or exercise any of your other rights (as listed above) by:
emailing or writing to us (see ‘How can you contact us?’ below);
letting us have proof of your identity (a copy of your driving licence or passport); and
let us know what information you want or what you want us to do.
Right to remove your details from our records or restrict how we use your information
You can ask us to stop contacting you for particular purposes or remove your information completely from our records. There may be a legal reason why we need to keep your personal data and in that circumstance we will destroy your personal information as soon as we are legally entitled to do so.

Right to complain
If you have any concerns or complaints about how we use your personal data we hope you will alert us to these directly (see the Contact information below). You are entitled to complain to the Information Commissioners Office (ICO) which is the supervisory authority in the UK. Their contact details and the procedure can be found at

How to contact us
Please email or write to us at Unit 3, 4 & 5 Northside Industrial Estate, Whitley Bridge, Goole, East Yorkshire, DN14 0GH if you have any questions about this privacy policy or the information we hold about you.

Changes to the privacy policy
We may change this privacy policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version that will apply each time you access this website or buy our products or use our services.

Cromar Building Products Limited
June 2018

A PDF copy of this is downloadable here.