Privacy Policy

DVI FM Limited, incorporated under the Companies Act (Company Number SC) and having our registered office and principal place of business at Suite 11, Buchanan Business Park, Cumbernauld Road, Stepps, Glasgow G33 6HZ, is committed to protecting the security and privacy of all personal data collected from you.

This privacy statement provides you with details of how we collect and process your personal data, including any information you may provide through this website – www.dvitfm.co.uk – and when you purchase a product or service from us, or contact us via our web form, by email and by telephone.

By providing us with your data, you warrant to us that you are over 13 years of age.

DVI FM Limited is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy statement). Any queries you have in relation to the same should be directed to info@dvifm.co.uk.

It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at info@dvifm.co.uk.

Personal data means any information capable of identifying an individual. It does not include anonymised data.

We may process certain types of personal data about you as follows:

• Identity Data may include your first name, maiden name, last name, username, marital status, title, date of birth and gender.

• Contact Data may include your billing address, delivery address, email address and telephone numbers.

• Financial Data may include your bank account and payment card details.

• Transaction Data may include details about payments between us and other details of purchases made by you.

• Technical Data may include your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.

• Profile Data may include your username and password, purchases or orders, your interests, preferences, feedback and survey responses.

• Usage Data may include information about how you use our website, products and services.

• Marketing and Communications Data may include your preferences in receiving marketing communications from us (and our third parties) and your communication preferences.

We may also process Aggregated Data from your personal data but this data does not reveal your identity and as such in itself is not personal data. An example of this is where we review your Usage Data to work out the percentage of website users using a specific feature of our site. If we link the Aggregated Data with your personal data so that you can be identified from it, then it is treated as personal data.

Sensitive Data

We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.

Where we are required to collect personal data by law, or under the terms of the contract between us, and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.

We will only use your personal data when legally permitted. The most common uses of your personal data are:

• Where we need to perform the contract between us.

• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

• Where we need to comply with a legal or regulatory obligation.

Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by emailing us at info@dvifm.co.uk.

Purposes for processing your personal data  

Set out below is a description of the ways we intend to use your personal data and the legal grounds on which we will process such data. We have also explained what our legitimate interests are where relevant.

We may process your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data. Please email us at info@dvitechnologies.co.uk if you need details about the specific legal ground, we are relying on to process your personal data where more than one ground has been set out in the table below.

Marketing communications 

You will receive marketing communications from us if you have:

1. requested information from us or purchased goods or services from us; or
2. if you provided us with your details when you entered a competition or registered for a promotion or free resources; and
3. in each case, you have not opted out of receiving that marketing. 

We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

You can ask us or third parties to stop sending you marketing messages at any time by emailing us at info@dvifm.co.uk at any time.

Where you opt out of receiving our marketing communications, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.

Change of purpose  

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to find out more about how the processing for the new purpose is compatible with the original purpose, please email us at info@dvifm.co.uk.

If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground of processing.

We may process your personal data without your knowledge or consent where this is required or permitted by law.

We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 4 above:

• Other companies in our group who provide IT and system administration services and undertake leadership reporting.
• Service providers who provide IT and system administration services.
• Professional advisers including lawyers, bankers, auditors, marketeers and insurers who provide consultancy, banking, legal, insurance, marketing and accounting services.
• HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
• Third parties to whom we sell, transfer, or merge parts of our business or our assets.

We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.

We may collect information about your computer, including where available your I.P. address, operating system and browser type, for system administration. This is statistical data about our users' browsing actions and patterns and does not identify any individual. Where we use third-party providers, such as Matamo or Google Analytics, although these third-party services record data such as your geographical location, device, browser and operation system none of this information identifies you to us. We do not make and do not allow these third-party services to make any attempt to find out the identities of anyone who visits our website.

You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies.

Besides the analytics cookies described above, this website uses essential cookies only.

We use tracking technology to understand how you interact with content in our emails. This tracking technology allows us to know if the email has been opened and if so, how many times, which links have been clicked on and whether or not you have shared our content to social media.

Our lawful ground for processing your personal data to send you marketing communications is either your consent or our legitimate interest.

Under the Privacy and Electronic Communications Regulation (PECR), we may send you marketing communications (i.e. information on services and products that we may provide) if:-

• You purchased our services or asked for information from us about our services; or
• You specifically requested marketing information from us; or
• Previously acquired similar services from us; or
• Consented by way of ticking a box or opting in to receiving marketing from us and have not opted out of receiving such communications since.

If you have opted out of marketing, we will not send you any future marketing without your consent.

Under PECR, if you are a limited company, we may send you marketing emails without your consent, but you can still opt-out of receiving such emails from us at any time.

Each time we market to you, we will always give you the right to opt-out of any future marketing but would point out that you have the right at any time to ask us not to market to you by emailing us at catrina@affinitascommunications.co.uk rather than waiting on a specific opt-out.

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure or loss of or damage to your personal information, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect from you. These include robust procedures for dealing with breaches including incident reporting and notifying the Information Commissioner, and where appropriate you, of any breaches, the consequences of the same and the remedial action taken.

Where possible the information you provide us with will be held within the European Economic Area (“EEA”) or within the UK.

Countries outside of the EEA do not always have similar levels of protection for personal data as those inside the EEA. The law provides that transfers of personal data outside of the EEA is only permitted where that country has adequate safeguards in place for the protection of personal data.  Some types of processing may use cloud solutions which can mean information may sometimes be held on servers which are located outside of the EEA or may use processors who are based overseas.

Where we use cloud-based services or third-party providers of such services, and in either or both circumstances the data is processed outside of the EEA, that will be regarded as an overseas transfer. Before instigating an overseas transfer, we will ensure that the recipient country and/or processor has security standards at least equivalent to our own and in particular, one of the following permitted safeguards applies:

• The country in question is deemed to have adequate safeguards in place as determined by the European Commission; or
• There is a contract or code of conduct in place which has been approved by the European Commission which gives your personal information the same protection it would have had if it was retained within the EEA; or
• If the overseas transfer is to the United States, then the transferee is a signatory to the EU-US Privacy Shield as all Privacy Shield signatories are obliged to give your personal information the same degree of protection it would have had if it was retained within the EEA.

If none of these safeguards exists, then we may seek your explicit consent for an overseas transfer. In line with your rights as an individual, you are free to withdraw this consent at any time.

Your individual rights can be exercised in relation to the information we hold about you. These rights are:-

• the right to restrict processing of your personal data;
• the right to rectification or correction of your personal data;
• the right to object to the processing of your personal data;
• the right of erasure of personal data, also referred to as the right to be forgotten;
• the right not to be subject to a decision based solely on automated processing or profiling;
• the right to transfer your personal data, also referred to as the right of portability;
• the right to withdraw your consent to process your personal data; and
• the right of access to your personal data.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us if you wish to make a request.

As outlined above, you have the right to request access to your personal data that we hold. Such requests are known as Subject Access Requests (SARs).

Any request requires to be in writing and if we do hold any personal information about you, we will:

• Give you a description of it;
• Tell you why we are holding it;
• Tell you who it has or will be disclosed to;
• The source of the information (if not you);
• Where possible, the period for which it will be stored; and
• Let you have a copy of the information in an intelligible form.

We will respond to SARs within one month. To do so, we may need additional information from you to determine your identity or help us find the information more quickly. Where the information you have requested is complex, we may take longer than 30 days but shall keep you advised as to progress should this be the case.

If you believe that any information we hold about you is incorrect or incomplete, email us and the information will be corrected without delay.

We would prefer to resolve any issues or concerns you may have directly with you. If you feel you are unable to resolve matters by contacting us directly, or you are unhappy or dissatisfied with how we collect or process your personal information you have the right to complain about it to the Information Commissioner who is the statutory body that oversees data protection law in the U.K. They can be contacted through www.ico.org.uk.