1. Important information and who we are
Any reference to "we", "us" or "Penguin Group" and "Penguin Hot Tubs and Spas" means Penguin Hot Tubs Limited (registered company number SC442528). Our registered office address is at Thornhome House, Yieldshields, Carluke, South Lanarkshire, ML8 4QD.
If you have any questions regarding how we use your information or you wish to exercise any of your rights in relation to your information (as set out in paragraph 9 below), please contact our Data Governance Team at firstname.lastname@example.org or at Penguin Hot Tubs Limited, Thornhome House, Yieldshields, Carluke, South Lanarkshire, ML8 4QD.
Our Site may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
2. The data we collect about you
You may give us information about you when you do any of the following:
contact us by phone or by using our ‘Request a call back’ facility by providing your telephone number or by sending us a text message;
use our ‘live chat’ facility to speak to one of our customer service advisors;
create an account (and become a ‘Penguin Hot Tubs and Spas Account Customer’), a registered user or individual customer account;
sign up to receive our various newsletters by email;
obtain a quote for hire/sales of our products or services, e.g. obtain a quote for hot tub hire by providing us with your email address and information about the type of hot tub your require and the proposed location of the hot tub;
purchase our products or services;
book a place on an Penguin Hot Tubs and Spas Training course and/or share information about our training programs with people you think may be interested in our courses;
apply for a job with us, including submitting an online job application (and/or your CV); and
consent to be notified of products and/or services that may be of interest to you (based on your purchase history or browsing of our Site).
If you want to use any of these services, you may need to provide us with some additional personal information so that we can liaise with you in order to deal with your request, query, purchase, quotation request, booking, application and/or customer account registration. If you do choose to provide us with your personal information, we will collect that information for our own use and for the purposes described in this Policy.
What type of personal information do we collect?
When you provide personal details to us, we may collect the following personal information from you:
your full name and date of birth;
your business and home contact details e.g. address, telephone numbers (including your mobile telephone number) and e-mail address;
details of the reason(s) for your contact, as set out above;
if you create a customer account - your username, password and details of the product(s) and/or service(s) that you add to your “basket” (so that you can be notified should the checkout process not complete);
if you make a request for a quotation or an order for hire/purchase/supply of services;
financial account information, such as credit/debit card number and other payment information; and
delivery information which may include your home or work address and telephone number;
if you submit a job application to us:
your employment history, qualifications, references and other relevant employment details you choose to submit to us as part of any job application; and
any personal data such as your date of birth and national insurance number (and which may also include sensitive personal data) which is contained within your CV and/or other supporting documentation provided with (or instead of) your job application form;
if you book a place on one of our training courses:
financial account information, such as credit/debit card number and other payment information and ID information, including, on occasion, national insurance number; and
to the extent that you feel it may be difficult for you to take part in the training and/or complete any assessments as a result, relevant information about your language and/or literacy ability and your health and/or fitness;
information necessary for legal compliance;
your social media content (where this is in the public domain), including when you “like” us or make posts on our pages on social networking websites, such as Facebook, LinkedIn, Twitter, YouTube and Instagram, and any messages you send us via social media. This information can include posts, comments, pictures and video footage;
CCTV footage taken at any of our sites for security purposes;
voice recordings for training and monitoring;
IP (Internet Protocol) address: your IP address indicates your location, unless you are using a VPN service;
MAC (Media Access Control) address: is a unique identifier, or address, assigned by the manufacturer of your device;
Device: what type of device you are using (TV, smartphone, laptop, desktop);
OS (Operation system): what operating system your device has (IOS, Android, Windows, Linux, MAC OS X);
Browser & browser version: which web browser you are using (Internet Explorer/Edge, Opera, Chrome, Safari, Firefox);
Domain: depending on your device and browser settings, we sometimes identify the web address of the domain you came from before landing on our website;
Clickstream data: this is a list of all the web pages that you visited, and the order you viewed them in, on each visit to www.penguinspas.com or our Sites. We also record how much time you spend on each web page, and record any actions you make on each page; and/or
This information will be collected primarily from you as information voluntarily provided to us, but we may also collect it where lawful to do so from (and combine it with information from) public sources, third party service providers, individuals who you have indicated have agreed for you to provide their personal information, government, tax or law enforcement agencies and other third parties. We may also collect personal information about you from your use of other Company or Group websites or services.
3. How is your personal data collected?
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your data by filling in forms or by corresponding with us by post, phone, email or in person. This includes personal data you provide when you:
create an account on our website;
subscribe to our service or publications;
request marketing to be sent to you;
enter a competition, promotion or survey; or
give us some feedback.
apply for our products or services;
Obtaining technical data from the following parties:
analytics providers in the EU;
advertising networks in the EU; and
search information providers in the EU.
Obtaining Identity and Contact Data from publicly available sources such as Companies House, the Electoral Register, database bureaux and Credit Reference Agencies based inside the EU.
4. How we use your personal data
We use the information we collect for the following purposes:
to respond and/or deal with your request or enquiry and obtain any feedback from you;
to process and administer your booking request(s), hire request(s) or order(s) of our products and/or services;
to perform ID and credit checks to ensure your location and ability to pay;
to offer and improve our products and services and to ensure that content from the Site is presented in the most effective manner for you and for your computer (or other electronic internet-enabled device);
to administer the Site;
to contact you (directly, or through a relevant partner or agent) by e-mail or phone for any of the above reasons;
subject to your consent where required under applicable laws, to carry out direct marketing and/or e-mail marketing;
to evaluate any job application(s) you choose to submit to us and for the administration of the recruitment process following receipt of your application (where your application is successful);
where you inform us that you feel it may be difficult for you to take part in the training and/or complete any assessments as a result of your language and/or literacy ability and your health and/or fitness, to make any reasonable adjustments which may be necessary to assist your completion of such courses;
where necessary as part of any restructuring of the Company or sale of the Company’s business or assets;
to perform any contract the Company has with you;
to respond to any social media posts or other public comments you make which relate to us; and
for compliance with legal, regulatory and other good governance obligations.
5. Disclosure of your personal data
We only share your information where we can do so in accordance with our legal data protection and privacy obligations.
We share the information we collect with:
Our group companies and business divisions in order to offer you a wider range of related services.
Suppliers and sub-contractors for the performance of contracts.
People and businesses who help us provide our Site and related services to you, for example, information technology companies who host and/or maintain our Site and payment services companies who enable you to use payment cards with us.
Our insurers and insurance brokers where required in order for us to be able to obtain insurance against risks we face in running our business. They may retain this information for the purpose of ongoing risk assessment and insurance broking and underwriting services.
Our auditors, professional advisers, compliance managers, government, law enforcement or regulatory authorities in order to fulfill our legal, statutory and regulatory obligations or as required for tax purposes.
External third parties in response to a legal process, including as part of a restructuring, financing or sale of Penguin Hot Tubs Limited or any of its businesses or assets.
Credit reference agencies who provide us with anti-fraud and credit score information.
6. International transfers
We do not transfer your personal data outside the European Economic Area.
7. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. Data retention
How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, taxation or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
You can request details of retention periods for specific aspects of your personal data by contacting us at email@example.com
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
9. Your rights and managing your information
Your rights are summarised below and we will adhere to these. However, we reserve the right not to comply with any requests we receive where we may lawfully do so, for example if we reasonably believe a request to be malicious, technically very onerous, will involve disproportionate effort or could be to the detriment of the rights of others, or if we cannot satisfy ourselves as to your identity. In order to protect the person who is the subject of the access request, we will ask you to prove your identity before providing any information.
Asking us about your information You have the right to ask us whether we hold information about you and, if so, for us to give you certain details about that information and/or the information itself. This right is commonly known as a ‘subject access request’. If you would like to make a subject access request, you can do so here.
Correcting inaccurate information If you consider that any of the information we collect on you may be inaccurate or incomplete, and you cannot correct such inaccuracy or omission yourself through your account with us, please contact us with your queries and/or with the updated information.
Erasing information You have the right to ask us to erase your information in the following circumstances:
the information is no longer necessary for the purposes for which we collected it;
we need your consent to use the information and you withdraw such consent;
you object to us using your information (a) for the performance of a task carried out in the public interest; or (b) for the purposes of our legitimate interests (e.g. direct marketing) and there are no overriding legitimate grounds for the processing;
you unsubscribe from our marketing communications;
we have used your information unlawfully; or
deletion of the information is required to comply with a legal obligation applicable to us.
Restricting processing You have the right to require us to restrict our use of your information where one of the following applies:
while we verify the accuracy of the information that we hold about you where you contest the accuracy of the same;
we have used your information unlawfully, but you request us to restrict its use instead of deleting it;
we no longer need the information for the purpose for which we collected it, but you need it to deal with a legal claim; or
while we verify that our legitimate grounds override your right to object where you have objected to us using your information.
Right to object If we are using your information on the basis of public interest or our legitimate interests, you may object to this at any time by contacting us as set out below.
Withdrawal of consent If you have consented to us using your information (e.g. for marketing purposes), you have the right to alter your preferences or withdraw this consent by contacting us as set out below or by clicking the unsubscribe link in any email communication. This will not affect the lawfulness of any use of your information that we make before you amend your preferences or withdraw your consent.
You can contact us with any queries about how we use your information by contacting our Data Governance Team at firstname.lastname@example.org or at Data Governance Team, Penguin Hot Tubs Limited, Thornhome House, Yieldshields, Carluke, South Lanarkshire, ML8 4QD.
It is key that the information we hold about you remains accurate and up to date to avoid errors and misunderstanding. Your assistance with this would be appreciated. If you have an online account with us which you manage directly, please ensure that the information you provide to us through that account remains accurate and up to date by regularly visiting our Preference Centre and updating as necessary.