This Privacy Policy explains what we do with your personal data, whether we are in the process of dealing with an enquiry, processing an order, continuing our ongoing customer relationship with you, receiving a service from you, requesting your feedback, or you are visiting our website.

It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you under the new General Data Protection Regulations (GDPR). Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.

This Privacy Policy applies to the personal data of our Customers, Potential Customers, Suppliers, Sub Contractors and Employees. This also applies to Arlen Contract Flooring Ltd (ACF) employees and labour only sub-contractors (LOSC).

What type of personal data do we collect?

Customer Data:

For us to be able to provide the best possible services to our customer’s we need to process certain information. ACF only ask for details that will genuinely help us to deliver these services, i.e.; name,position and contact details; including but not limited to; telephone numbers, email address, full name, job title.

Supplier Data:

We collect a minimum amount of data from our suppliers to ensure that we can easily process transactions. We collect contact details for the main contact and any associate contacts within the business that assist us in processing any number of transactions. We also need other information such as bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us).

Sub-contractor Data:

We collect, and store information required so that we can process contractual obligations between us. These details include personal and business email addresses, telephone numbers, address details, bank account details, qualifications and insurances.

End-user Data:

Where we are obligated to carry out work for a third-party contractor, we reserve the right to obtain and process data including site addresses, email addresses and telephone numbers, this enables us to fulfil our contractual obligation to you and our customer.

How do we collect your personal data?

Customer Data:

We collect customer data in the following ways:

• Directly from you
• From third party software detailing ongoing project data
• From websites
• From social media platforms
• From your work colleagues
• From exhibitions or events attended by ACF employees

When viewing or interacting with data and information on our website or on an email from us, we may also collect certain data automatically or through you providing it to us.

Supplier Data we collect in the following ways:

• Directly from you
• From your work colleagues
• Your website
• Sub-contractor Data
• End-user data

We collect end-user data in the following ways:

• Via third party contractors or suppliers who are using the services of us to fulfil a project
• Website Users
• We collect your data automatically via cookies when you visit our website, in line with
cookie settings in your browser. We will also collect data from you when you contact us via
the website, for example by using the contact forms.

How do we use your personal data?

Customer Data:

There are two main reasons for using your personal details. Firstly, to help us process ongoing request that you have made of us, raising a quote or processing an order, through to delivery of that order and potentially requesting feedback. We will also store and process data for the purposes of direct marketing, via email, telephone and post. Review the section below; How can I unsubscribe from all or individual types of direct marketing, should you wish to opt out of any form of direct marketing from use.

Supplier Data:

The main reasons for storing and processing your personal data is to ensure that we can complete the contractual arrangements between us and comply with any legal and binding requirements.

Sub-contractor Data:

The main reasons for storing and processing your personal data is to ensure that we can complete the contractual arrangements between us and comply with any legal and binding requirements.

End-user Data:

The main reason that we process end user data is to ensure that we can contractually deliver on products and services which have been requested via a third party

Website Users:

We use data collected via our website to help us to improve your experience when using our
website. If you are a customer, we may use data from your use of our websites to enhance other aspects of our communications with you, for example email communications.

Who do we share your personal data with?

Customer Data:

We may share your personal data with suppliers or sub contracts but only where it is necessary for them to deliver a contractual obligation such as delivery or installation of our services. Customers details that are being used for the purposes of e-marketing will be uploaded to a secure external system which is provided by a third-party organisation. If prior agreement is provided by you, we will pass your details on to alternative companies who we believe will be able to fulfil your requirement when we can’t.

Sub-contractor Data:

Where a contractual agreement has been agreed for you to carry out work on behalf of us at a
client’s site, we will provide your personal data to the customer, for them to complete their internal processes. Where requested by the customer/end-user we will also provide photographic identification.

End-user Data:

When entering in to a contractual agreement with us we will pass on the minimum amount of your personal data as deemed appropriate for a supplier or subcontractor of ours to carry out their contractual obligation to us.

Website User:

No details obtained from our website will be processed outside of ACF. Any data used to process and target specific information to you will be done so using our managed system

How do we safeguard your personal data?

We care about protecting your information which is why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your personal data.
Those processes include but are not limited to; encrypted server access, Laptop devises are
encrypted, all antivirus and gateway security settings are up to date and monitored.

How long do we keep your personal data for?

If we have not had meaningful contact with you for a period of seven years, we will remove your personal data from our systems unless we believe another processing requirement, such as legal or contractual regulation requires us to retain it.

How can you access, amend or take back the personal data that you have given to us?

If we are holding or using your personal information, you may change your mind at any time by writing or emailing us. We will process the restriction of use in our marketing communications or removal of your personal information within 10 days, sometimes sooner. Please note that we may keep a record of your communications to help us resolve any issues which you raise.

Right to Object:

If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days.

Right to Erasure:

In certain situations, you have the right to request us to “erase” your personal data. We will respond to your request within a maximum of 30 days. We will assume that you would prefer us to keep a note of your name on our system as a person who would prefer not to be contacted by us as this will ensure that we can minimise the future risk of your data being resubmitted and used in the future.If you would prefer that this is not the case, you need to advise us.

Right to Lodge a Complaint:

You have the right to lodge a complaint with details of which can be found here:

How can I unsubscribe from all or individual types of direct marketing?

Email Marketing:

All e-marketing communications sent by us using our third-party e-marketing software will contain an unsubscribe button, on clicking to unsubscribe you will be requested to submit your email address to authenticate your permission to supress the email address. Any emails sent to you using one of our outlook email addresses can be directly replied to or you can forward the email to in order to request you are removed from future direct marketing email communications.

Telephone Marketing:

A request can be made with the person whom you are directly on the phone with at the time, and they will process this request in our centralised system. If you are unsure as to whether you are registered on our systems for telephone marketing and wish to remove your details, you can contact us either on email; or by telephone on 01162 640 777. Your details will be updated within 5 working days or sooner.

Postal Marketing:

If you would like to remove your personal details to prevent receiving postal marketing or telephone 01162 640 777.Your details will be updated within 5 working days or sooner.

What are cookies, how do we use them and how to opt out?

A “cookie” is a bite-sized piece of data that is stored on your computer’s hard drive. They are used by nearly all websites and do not harm your system.

We use cookies to track your activity and help us to improve your experience when visiting our website. We can also use the information from cookies to tailor other forms of direct marketing, to ensure that you see information relevant to you and any current requirements. We can also use cookies to analyse traffic and for advertising purposes.

If you want to check or change what types of cookies you accept or opt out from cookies being used in the ways mentioned above, this can usually be altered within your browser settings.

Most web browsers will automatically accept cookies but if you would rather we didn’t collect data you can choose to reject some or all cookies in your browser’s privacy settings. Please be advised that rejecting all cookies means that you may not be able to use all functions of our website.


Legitimate Interests:

Abridged Article 6(1)(f) of the GDPR states that we can process your data where it “is necessary for the purposes of the legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data.”

Customer Data:

We think it reasonable that if you have communicated with us in the past or we have had meaningful contact with you within the past seven years that there is legitimate interest that you will continue to use our range of services.

We want to provide potential customers with the opportunity to hear about our services and request additional information. We therefore deem it that if you operate in a sector that regularly benefits from our services and your information has been made available in the public domain that we can contact you to advise you of our services. We will have an upfront and honest approach to this and provide you with the opportunity to opt out of any further communications from us.

Where we subscribe to third party services who collate and enter data relating to ongoing projects in our industry, we will deem it that you are in a position where you wish to be contacted regarding suitable services. We will therefore process your data for the purposes of direct marketing to establish if you have a requirement.

Where you have contacted us, we will process your request in line with our business processes and to provide you with the requested services. This will include processes such as arranging and attending your site and processing information that will enable us to design and install your solutions. Information obtained will be stored on our systems now and in the future to further enable us to process your requests and to keep you updated on services and company updates via forms of direct marketing.

Personal details may be used to for administrative purposes including invoicing and project

Supplier data:

We store and process the personal data of individuals within your organisation to facilitate the receipt of services from you as one of our suppliers. We also hold your financial details, so that we can pay you for your services. We deem all such activities to be necessary within legitimate interests.


Article 6(1)(b) gives us lawful basis for processing personal data where; “processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract”

In this context, a contract does not have to be a formal signed document, or even written down, if there is an agreement which meets the requirements of contract law. Broadly speaking, this means that the terms have been offered and accepted, you both intend them to be legally binding, and there is an element of exchange (usually an exchange of goods or services for money, but this can be anything of value)

Customer Data:

Where we and you have entered in a contractual agreement to deliver services we will process the appropriate and required information to do so. i.e. address details of the company and installation site. To provide a smooth and seamless service we will also deem it reasonable to process such information as appropriate to send updates on the progress of your contract with us. Some of these updates and notifications will be automated and sent from a third-party e-marketing system.

End User:

Where we have been requested to act as a sub-contractor to supply services to you as an end-user,we deem it appropriate to process any personal details provided to us to fulfil our contractual obligation to your supplier. We will also collect; directly from you, additional personal data to fulfil our processes and ensure a seamless service. We may also store and process personal data to provide additional services such as collections, deliveries and maintenance. Finally, data may be used on job completion to request feedback in the form of a survey or references, which enables us to confirm satisfaction or dissatisfaction with the work we have carried out, and action accordingly.


Customer(s) – includes companies that have previously been supplied with products or services from ACF. Companies are also referred to as customers if they have previously contacted us to enquire about projects and services. Customers in the context of this privacy policy also refer to the companies that we deem appropriate to direct market with information about our services but may not have had previous communication.

Suppliers – refers to partnerships and companies (including sole traders), independent contractors and freelance workers, who provide services to us.

End-user data – refers to the personal data of individuals within a business where we have been requested to carry out contractual services, as requested by the end-user via a third-party supplier.

Sub-contractors – refers to independent limited companies, sole traders or LOSC who are contracted by us to carry out services on behalf of end-users.

General Data Protection Regulation (GDPR) – a European Union statutory instrument which aims to harmonise European data protection laws. It has an effective date of 25th May 2018, and any references to it should be construed accordingly to include any national legislation implementing it.

Website Users – any individual who accesses the ACF website.

To be read in conjunction with ‘Document Management Policy & Procedures’.