Our contact details are
Unit 7, Apsley Industrial Estate
Tel: 01442 212 554
We respect your privacy and remain committed to protecting your personal data.
You should read this policy, and any other privacy policies we provide when we collect your data, so that you fully understand the ways in which we process your data. All Lock 67’s privacy policies are intended to supplement one another, not override each other.
For all data related matters, including subject access requests, please contact:
Unit 7, Apsley Industrial Estate
We will never collect or process special category data, or data relating to criminal convictions or offences, from you. This website is not intended for children and we do not knowingly collect data relating to children.
The personal data we would like to collect from you is as follows:
When you use our Contact Us form, sign up to our Mailing list you will provide the following information via website form, email or telephone
If you choose to unsubscribe from our mailing list you will provide the following information via website form, email or telephone
If you choose not to provide your data then we may not be able to offer key products and services to you.
We collect and process your data on the following lawful bases
This means we process your data where it is necessary for the performance of a contract with you, or to take steps, at your request, before entering into such a contract.
This means we process your data in the legitimate the interest of our business in order that we may provide to you to the best service/product and the most secure experience. We always consider and balance any potential impact on you and your rights before we process your personal data for our legitimate interests.
We will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
In any instance where we’re processing your data based on legitimate interests, you still have the right to object to your data being processed in that manner. To do this please contact our Data Protection Officer.
This means processing your personal data where it is necessary for compliance with a legal or regulatory obligation.
This means we’ve asked for your explicit consent to process your data in a certain way, and you’ve provided it.
The table below describes all the ways we plan to use your personal data and identifying which of the legal bases we process according to.
|Purpose of processing||Data processed||Lawful basis for processing|
SupportTo respond to your enquiry
Email MarketingTo email you news and information on offers, discounts and new products.
UnsubscribeWhen we add your details to our do not contact list
We will not actively seek consent from customers to continue to send marketing emails to them beyond 25th May 2018, when the General Data Protection Regulation comes into effect.
We adopt this approach using the lawful basis of legitimate interests; assuming that you’d benefit from receiving information about offers and promotions. This type of processing is secure and presents a low risk to you. This practice is in line with the Privacy and Electronic Communications Regulation 2003.
If you would like to opt out of these marketing emails, you can do so by unsubscribing on our website, directly from any emails you’ve received from us or by contacting our Data Protection Officer (contact details above)
We will only use your personal data for the purposes we originally collected it. This is unless we need it for another reason that we believe is compatible with why we originally collected your data.
External parties who are engaged so that our business can function properly. These parties include couriers whose we use to deliver our product to you, professional advisors, including lawyers, banks, auditors, insurers, IT service providers, contractors and companies who assist with out marketing;
HM Revenue & Customs, regulators and other UK authorities as requires by law;
Third parties whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice;
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We fully support your rights. If you ever feel this is not the case please contact our Data Protection Officer or the Information Commissioner’s Office to discuss the matter further.
At any point you can exercise your:
Right of access – contact us for a copy of the data we hold about you.
Right of rectification – let us know if the data we hold is out of date or inaccurate and we’ll update it.
Right to be forgotten – if you no longer want to use our services, please contact us and we’ll delete all related data where we’re able to.
Right to restrict processing – we only ever collect the data we need and actively ensure we’re never collecting anything over and above that need.
Right of portability – we will support reasonable requests to transfer your data to another organisation should you require it.
Right to object to automated decision making and profiling- we do not currently use any automated profiling of any description. In the event you’re ever unhappy with the way we’re processing your data please contact our Data Protection Officer.
In the event we ever need to refuse your rights we will provide you with a reason why. You will then have the right to complain to the supervisory authority as outlined below.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.
We engage a small, trusted group of GDPR compliant data processors. They will only process your personal data on our instructions, they are party to a data processing agreement with us which includes a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When determining the appropriate retention period for personal data we consider:
Details of retention periods relating to your personal data can be requested from our Data Protection Officer.
In some circumstances you can ask us to delete your data. In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes. In these instances we are able use this information indefinitely without further notice to you.
We do not make any decisions about you based on the automated processing of your personal data.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights).
However, we may charge a reasonable admin fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
To exercise all relevant rights, queries or complaints in relation to this policy or any other data protection matter between you and us, please in the first instance contact our dedicated Data Protection Officer (details above)