Security & Privacy Policy - Nidagravel UK SECURITY POLICY

Payments on the nidagraveluk.co.uk website are secured by Sage Pay
Not only are our payments secured by Sage Pay but our entire website is protected with a Secure Socket Layer (SSL). This means that all data on the website is encrypted to ensure our customers can shop online securely. You can see our website is secure by looking in the address bar on your browser window. You will see there is a green padlock symbol, which is followed by the words 'Gravel Stabilisers UK LTD (GB)' in green text (depending on which browser you are using) and our website domain address starts https//: which is also highlighted in green text. This shows our website has SSL protection.

Sage Pay Security Details
SagePay is a payment service provider (PSP), providing transaction security to thousands of businesses. It is their top priority to ensure that customers transaction data is kept secure at all times.

Sage Pay Transaction Security
All transaction information passed between the www.thelandscapeyard.co.uk website and Sage Pay’s systems is encrypted using 128-bit SSL certificates. No cardholder information is ever passed unencrypted and any messages sent to servers from Sage Pay are signed using MD5 hashing to prevent tampering. You can be completely assured that nothing passed to Sage Pay’s servers can be examined, used or modified by any third parties attempting to gain access to sensitive information.

Sage Pay Encryption and Data Storage
All sensitive data is secured using the same internationally recognised 256-bit encryption standards used by, among others, the US Government. The encryption keys are held on state-of-the-art, tamper proof systems in the same family as those used to secure VeriSign's Global Root certificate, making them all but impossible to extract. The data they hold is extremely secure and they are regularly audited by the banks and banking
authorities to ensure it remains so.

Sage Pay System Security
Sage Pay’s systems are scanned quarterly by Trustwave which are an independent Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV) for the payment card brands. Sage pay is also audited annually under the Payment Card Industry Data Security Standards (PCI DSS) and is a fully approved Level 1 payment services provider, which is the highest level of compliance. They are also active members of the PCI Security Standards Council (SSC) that defines card industry global regulation.

Sage Pay and 3D Secure
The 3D Secure authentication is an additional fraud prevention scheme that is available to all companies using the Sage Pay system to process transactions. It allows shoppers to create and assign a password to their card that is verified whenever a transaction is processed through a site that supports the use of the scheme. The addition of password protection allows extra security on transactions that are processed online.

3D Secure stands for 3 Domain Server, there are 3 parties that are involved in the 3D Secure process:
The company the purchase is being made from.
The Acquiring Bank (the bank of the company)
VISA and MasterCard (the card issuers themselves)

The scheme is a collective of Verified by VISA (VBV) and MasterCard Secure Code (MSC). It is the most recent fraud prevention initiative that is available at the moment. 3D Secure is also the only fraud prevention scheme that is available that offers companies liability cover for transactions that are verified by the checks. This provides additional protection to companies and customers using the scheme as opposed to those that do not. As 3D Secure is controlled by VISA and MasterCard the following cards can be used: VISA, VISA DELTA, MASTERCARD, MASTERCARD DEBIT, INTERNATIONAL MAESTRO, UK MAESTRO, LASER, and VISA ELECTRON.



PRIVACY POLICY

Introduction
This Data Privacy Policy explains how Gravel Stabilisers UK Ltd uses your personal information and outlines what information is gathered, how it is processed, with who it might be shared as well as how it is managed and kept secure. It also provides important information under the General Data Protection Regulation 2018 on your rights. If you use our website, you will be regarded as having read and accepted this Privacy Policy. If you have any queries relating to our use of your information or any other related data protection questions, please contact us.

Who are we?
Gravel Stabilisers UK Ltd trading as Nidagravel UK is a specialist supplier of gravel stabilisation grids to the building, civil engineering, landscaping and driveway industries via our own website and stockists across the UK. We are a registered UK company (UK Reg No: 9520424). Our registered address is Gravel Stabilisers UK Ltd, 4 Thorpe Court, Thorpe Waterville, Northamptonshire NN14 3ED.

Information we collect or receive and how we use it
Gravel Stabilisers UK Ltd collects, stores and uses personal information obtained via our team and website in order to act on an enquiry
to do business, provide goods, products or services both now and in the future.
The information you provide to us when making an enquiry through our website or by phone:
• name
• address and postcode
• mobile/phone number
• email address

What we do with the information
Personal data we receive will be used for the purpose it was provided, including:
• to meet the terms of your enquiry
• to process orders that you have submitted
• to carry out our obligations arising from any contracts entered into by you, and us
• to seek your views or comments on the services we provide
• notify you of changes to our products or services
• enable your use of the services available on our website or any other service such as platforms etc
• supply to you services purchased from any of our businesses or via our website
• send invoices, statements or payment reminders to you and collect payments from you
• send you our marketing material on our goods, products and services where you have opted in
• provide information and quotes on goods, products or services that may be of interest

Who we may share your information with
We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes. Whilst it is not our policy to disclose information to third parties unless clearly stated at the point of provision and with documented consent, the below outlines where your data may be shared:
• we may disclose your personal information to any of our staff, agents, sub-contractors or suppliers where it would be reasonable to do so to provide the products or services you require (if consent is necessary to share your data we will ensure it is obtained prior to processing)
Below are examples (although not limited to) of circumstances where data may be provided:
• third-party software to create invoices and statements
• we may be legally obliged to disclose your personal information
• to the extent that we are required to do so by law
• in connection with any ongoing or prospective legal proceedings
• in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
• to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information
• disclosure with a purchaser(s) or prospective purchaser(s) of any business or asset that we may either be in the process of or planning to dispose.

Your rights and how to act on them
You have the right to:
• instruct us to provide you with any personal information we hold about you
• upon receipt of such a request, we will - after confirming your identity - provide all relevant data we may hold to you in the most practical format unless otherwise stipulated and reasonably possible
• we will provide this data within 10 business days
• we may withhold personal information that you request to the extent permitted by law
• have any data inaccuracies corrected as quickly as possible
• have your personal data erased, unless we are permitted to hold it by law
• have a restriction placed upon our processing of your data
• instruct us to cease all processing for marketing purposes or alter how you wish to be communicated with
• to request your data be provided to you, or be removed from our data records
If you wish to exercise any of these rights, please do so as follows:
• email: sales@nidagraveluk.co.uk (subject line: DATA PROTECTION)
• post: DATA PROTECTION, Gravel Stabilisers UK Ltd, 4 Thorpe Court, Thorpe Waterville, Northamptonshire NN14 3ED

How we keep your data secure
We will take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We will store all personal data you provide in a secure password protected system.

Cookies
We collect information automatically about your website visit including demographic data and browsing patterns, via the use of cookies and session file information. This information allows us to give you a better user experience without the need of entering a password every time you visit as well as enable us to conduct market research on user activity. We use ‘cookies’ to identify you when you visit the nidagraveluk.co.uk website. A cookie is a small piece of information sent by a web server to a web browser which enables the server to collect information back from the browser. Our use of cookies also allows members to be presented with a personalised version of the site. We will only read cookies from your cookie file placed there through your web browsers interaction with the nidagraveluk.co.uk website. We use session files, along with cookies, to log your browsing patterns and so identify the areas of the site which have been of interest to you, allowing us to personalise the nidagraveluk.co.uk website for you. We also use information in aggregate form (ie no individual user is identified) to:
• build up marketing profiles
• to allow us to develop the business in ways that help you
• to manage our relationship with advertisers and to audit usage of the site
We may also capture your IP address if you consent when visiting our website through search engines such as Google, Bing, etc in order to serve you adverts on websites you visit in the future.

Making changes to this policy
This policy has been updated in accordance with GDPR regulations, May 2018. Please note that we may update our Data Privacy Policy from time to time. The most up to date privacy policy is available for you to view via our website.