Privacy

Data protection registration

Referenceline Ltd is a limited company No. 3341732 registered in England at 3 Huron Drive, Liphook, GU30 7TY. We are committed to protecting the privacy of individuals, including consumers, customers and employees. We are registered with the Data Protection Registrar: Z7698138. We do not sell, trade or rent personal information such as individuals' name, address, telephone number and e-mail address. We don't publish customers' names and addresses. If you have any concerns, please email our Data Protection Officer


About Us

We provide a directory and independent review service of businesses for consumers. This includes relationships with various bodies including trade associations, trading standards, regulators and others through a number of websites including:


Consumers

Please be careful and responsible, especially when online. When contacting a firm for the first time, don't provide any more information than is necessary until you are confident about the person you are dealing with. We don't monitor or control the privacy policies of third parties, including registered firms. Ask questions before giving any personal information to anyone. Remember that any information given on message boards, through email, or in chat areas can be collected and used by others.


This Policy

Individuals

This privacy policy applies to customers of businesses that use our services and to visitors to our website(s) and it explains how we use your personal data and your related rights.

Businesses

The publication of contact details including trading names, postal addresses, email addresses and phone numbers is essential to the function of our directory services. Where appropriate, businesses should use contact details that are separate from the personal data of individuals. This includes phone numbers, email addresses (ie sales@example.com rather than john.smith@example.com). In some limited cases for confidentiality reasons (such as security or counselling services) this may include the use of PO boxes rather than the full postal address. Where, as a business or Data Controller, you provide us with data for publication which may be linked to an individual you acknowledge that you have waived your right to choose other more anonymous contact details and that it is your intention for these details to be promoted as the contact details for that business.

Where a business provides us with the contact details of individuals that are not for publication (including for billing or account administration), their personal data will be governed by this privacy policy.

Please contact support@referenceline.com to request any change to business contact details.

We may change this policy from time to time and if we make significant changes, we will make that clear on our websites, so that you are able to review the changes before you continue to use our services.


When we act as Data Processor

When a business or body gives us your personal details as a customer and asks us to contact you by email, by post or by phone (for example, inviting you to leave a review about that business), then we are acting as data processor for them. We will not publish your name or personal details or use them for any other purpose unless you otherwise agree.

When a business or body gives us data that may be linked to an individual as part of the information required to operate our websites or services (eg john.smith@example.com rather than sales@example.com) then we are acting as data processor for them. If you are adversely affected by this, you should contact the data controller and we recommend that you should provide generic, rather than personal, contact details wherever possible. You may also contact support@referenceline.com to advise us of your concerns.

In either case, the business or body is the data controller and you should contact them with any questions relating to privacy.


When we act as Data Controller

When you use our website(s), then we act as data controller in relation to your personal data and any other information you provide, including the details of any review you may leave. We automatically collect personal data using cookies and your IP address. Please direct any questions to us at support@referenceline.com


The personal data we collect

We collect your name and address, email address and phone number. Where a review is submitted on behalf of someone else (for example by a carer) then we also collect their details.

We collect your IP address, the web site from which you visit us, the web pages you visit and the date and length of your visit.

We collect your review and any related correspondence, including text descriptions, text reviews, ratings, images, videos, copies of contracts etc.

We do not collect special category data such as racial or ethnic origin, political opinions, health conditions. Read the ICO guide to special category data


Why we collect your personal data

To invite you to leave a review, to contact you about your review and to publish your review, on our website(s) and via third parties.

To generate anonymous trends and analysis – for example by age, by gender or by location. These statistics are not personal data as they are anonymised and you will not be identifiable from them.

To assist in the verification of genuine transactions, the resolution of disputes, the prevention of fraud and to bring or defend legal claims.

To help us manage and secure our websites, including an understanding of how visitors use our websites.

We won’t publish your name unless you have asked us to do so.


Legal basis for the processing

When we act as data controller, the information is necessary for our legitimate interests which include:

  • Collecting and publishing reviews
  • Validating genuine customers
  • Researching and analysing consumer and industry trends
  • Encouraging conciliation, enabling dispute resolution and supporting legal claims
  • Securing, managing and improving our websites

When we act as data processor, we treat personal information with the same care, but the responsibility for the legal basis lies with the data controller.

When we process your personal data on the basis of your consent, you may withdraw your consent by following the unsubscribe link in our emails or by contacting support@referenceline.com


How long we keep your personal data

Unless you agree otherwise:

We keep your name, email address and phone number indefinitely. This allows us to contact you in relation to your review since some issues, especially related to home improvements and statutory, regulatory or other legal issues, can take years to emerge.

We keep the details of the property or vehicle to which the service relates indefinitely. This allows us to compile a history of the property or vehicle, rather than of the individuals.

We keep the anonymized demographic data indefinitely. This allows us to compile anonymous statistics including customer ages, gender and experience as well as customer loyalty by industry or area.

Where personal data is included within the information provided to us under contract with another data controller, we do not keep that personal data when the contract expires unless the business registers directly with us and authorises us to act as a data controller.

Where more than one retention period applies to the same personal data, the longest period will apply.


Where we obtain your personal data

We obtain your personal data from businesses, as their data processor and from you, as data controller, when you submit information to our websites, communicate with us, or otherwise provide personal data to us; from your accounts on other websites, including Facebook or Twitter, when you give us permission to do so and automatically when you use our website, using cookies or similar technologies.


How we share your personal data

We share your data, including correspondence or calls, with the business for which you submitted a review, so that they can identify you as a genuine customer.

We may also share your data with relevant professional bodies, trading standards, regulators, ADR providers, fraud protection agencies, insurers, legal advisors or other third parties to help monitor standards, prevent fraud and other risks and assist when disputes arise.

We share your data with our employees by providing secure access only as necessary for them to carry out their duties.

When we share your personal data with our service providers (including transfers outside the European Economic Area) including website hosting, text entry or other businesses within our group, we require them to sign contracts which include the obligation to handle your personal data consistently with this privacy policy.

We share your personal data with regulators, government authorities or the police, as required by law or in response to their reasonable requests.

We may share your personal data in connection with any re-organisation, merger or acquisition of part or all of our business.

We share your data where you have agreed or asked us to do so.

We don't disclose information about individuals in the normal course of business, but there may be circumstances when we, at our discretion, believe it is appropriate to do so. For example: when we believe that the law requires it or to identify, contact or bring legal action against someone who may be breaking our rules or injuring Referenceline's rights or property.


Cookies and similar technologies

Like most websites, by using our site(s) you agree that we may use cookies and other similar technologies to provide our services to you. You can find helpful information on the Information Commissioners website

We may use the following types of cookie:

  • Functionality: to allow you to navigate the site and use our features
  • Analytics: to understand how you use our site(s), and to improve our services.
  • Customer preference: to remember your preferences and help make your experience as simple and personal as possible
  • Targeting: to deliver ads or other information which may be relevant to you
  • Third parties: to allow you to interact with third party services such as LinkedIn, Facebook, Twitter and Instagram

If you want to delete any cookies, the help section in your browser should provide instructions on how to do so on your computer, but some functions on our site(s) may be affected or not work at all.


The law gives you the right to require us to

  • Send you a copy the personal data we hold about you. We will provide the first copy free of charge, but we may make a charge for additional requests.
  • Correct any inaccurate or incomplete personal data that we hold about you and to require us to restrict our processing of your personal data while we verify its accuracy.
  • Erase your personal data on certain limited grounds (including where they are no longer necessary for the purpose for which they were collected or where we rely on consent, which you withdraw, and there is no other legal ground for the processing)
  • Restrict our processing of your personal data which we no longer need, rather than requiring us to erase that data, where you require us to retain that personal data in relation to legal claims
  • Consider your objection to our processing of your personal data on the grounds of our legitimate interests and to require us to restrict our processing of your personal data while we do so. We might not have to cease processing if we are able to show a reason which overrides your interests. This includes where that legitimate interest relates to legal claims, regulatory issues or the verification of genuine feedback.

To exercise any of these rights, please contact support@referenceline.com.


Erasing Data: "Putting information beyond use"

The Information Commissioner explains the right to erasure of personal data. The original guidance on deleting Personal Data remains valid. As the ICO guidance says "The ICO will adopt a realistic approach in terms of recognising that deleting information from a system is not always a straightforward matter. The ICO will be satisfied that information has been ‘put beyond use’, if not actually deleted, provided that the data controller holding it:

  • is not able, or will not attempt, to use the personal data to inform any decision in respect of any individual or in a manner that affects the individual in any way
  • does not give any other organisation access to the personal data
  • surrounds the personal data with appropriate technical and organisational security, and
  • commits to permanent deletion of the information if, or when, this becomes possible"

Referenceline's policy in relation to erasing/deleting all data (personal or otherwise) is accordingly as follows:

  • Data contained within paper Freepost survey forms is erased by the secure destruction of the forms via approved third parties.
  • Data contained within databases is erased by electronic flagging as "beyond use". This information may nevertheless be retrieved in a secure manner if required in relation to legal claims, regulatory issues, the verification of genuine feedback or otherwise if in the public interest.

Complaints

If you are not happy with the way we respond to any complaint about the way we use your personal data, please contact the Information Commissioner’s Office https://ico.org.uk/make-a-complaint/