top of page

Signature Pools & Spas Ltd. Data Protection Policy

Signature Pools & Spas Ltd. Data Protection Policy1. IntroductionAt Signature Pools & Spas Ltd., we are committed to protecting the privacy and security ofthe personal data we collect, process, and store in connection with our business activities.This Data Protection Policy outlines how we handle personal data in compliance with theData Protection (Jersey) Law 2018, the Data Protection (Bailiwick of Guernsey) Law 2017,the UK General Data Protection Regulation (UK GDPR), and other applicable dataprotection laws.2. ScopeThis policy applies to all personal data processed by Signature Pools & Spas Ltd., includingdata related to customers, employees, and third parties. It covers how we collect, use, store,and protect personal data, as well as the rights of individuals regarding their data.3. Data Collection and Processing3.1 Types of Personal Data CollectedWe collect and process the following types of personal data:ï‚· Contact Information: Name, address, email address, and phone number.ï‚· Financial Information: Payment details and transaction history.ï‚· Project Information: Details of projects completed, including installation dates,locations, and specifications.ï‚· Marketing Data: Information collected through our website, Meta Business, andGoogle Ads for the purposes of attracting and engaging with potential customers.3.2 Purposes of Data CollectionWe collect and process personal data for the following purposes:ï‚· To provide our products and services, including the installation of pools and spas.ï‚· To manage customer relationships and maintain records of completed projects.ï‚· To process payments and fulfil contractual obligations.ï‚· To comply with legal obligations, such as tax and accounting requirements.ï‚· To communicate with customers about their projects, including any updates orchanges.ï‚· To conduct marketing activities, including advertising through Meta Business andGoogle Ads, and to improve our services and website.3.3 Legal Basis for ProcessingOur processing of personal data is based on one or more of the following legal grounds:ï‚· Contractual necessity: To fulfil our contracts with customers and provide theservices requested.ï‚· Legal obligation: To comply with legal requirements, such as record retention for taxpurposes.ï‚· Legitimate interests: To improve our services, manage customer relationships, andconduct marketing activities.ï‚· Consent: For certain marketing activities, where required, we will obtain explicitconsent from individuals.3.4 Data Minimization and AccuracyWe adhere to the principle of data minimization, ensuring that we only collect personal datathat is necessary for the specific purposes outlined in this policy. We also take reasonablesteps to ensure that the personal data we hold is accurate and kept up to date.4. Data Storage and Security4.1 Data StorageWe use Xero, a secure cloud-based accounting and financial management platform, to storeand manage customer data. This includes personal data such as names, addresses,payment transactions, contact details, and project information.4.2 Data Security MeasuresWe are committed to ensuring the security of personal data. Xero implements robust securitymeasures, including encryption, secure data centers, and access controls, to protect thedata stored on their platform. We restrict access to personal data to authorized personnelonly, and we regularly review our security practices to ensure continued compliance withdata protection laws.4.3 Data TransfersPersonal data stored in Xero may be transferred to data centers located within the EuropeanEconomic Area (EEA) or other jurisdictions that provide adequate data protection. Weensure that all data transfers comply with international data protection standards, such asthe use of standard contractual clauses or other legally recognized safeguards.4.4 Data Anonymization and PseudonymizationWhere possible and appropriate, Signature Pools & Spas Ltd. will use anonymization orpseudonymization techniques to protect personal data. These techniques are employed toensure that personal data is processed in a manner that reduces the risk to the datasubjects.5. Data Retention and DeletionWe retain personal data for the minimum period required by Jersey, Guernsey, and UK laws,or as long as necessary to fulfil the purposes for which it was collected. Once the retentionperiod has passed, or upon the request of the individual (provided there are no overridinglegal obligations), we will securely delete or anonymize the data.6. Data Sharing and Third-Party Processors6.1 Sharing Data with Third PartiesWe may share your personal data with third-party service providers, such as paymentprocessors (Xero), advertising platforms (e.g., Meta Business and Google Ads), andcontractors involved in your project. These third parties are required to protect your data incompliance with relevant data protection laws.6.2 Sub-processorsBefore engaging any third-party processor, Signature Pools & Spas Ltd. conducts thoroughdue diligence to ensure that the processor complies with applicable data protection laws andstandards. We require all third-party processors to enter into a written agreement thatreflects the protections and obligations under this policy. We remain fully liable for all acts oromissions of any third-party processor appointed by us.7. Data Subject RightsIndividuals have the following rights regarding their personal data:ï‚· Access: The right to request access to their personal data held by us.ï‚· Rectification: The right to request correction of any inaccurate or incomplete data.ï‚· Erasure: The right to request the deletion of their personal data, subject to legalrequirements.ï‚· Restriction: The right to request the restriction of processing in certaincircumstances.ï‚· Data Portability: The right to receive their personal data in a structured, commonlyused, and machine-readable format.ï‚· Objection: The right to object to the processing of their personal data, particularly formarketing purposes.ï‚· Withdraw Consent: The right to withdraw consent at any time, where processing isbased on consent.When we receive a request from a data subject to exercise their rights, we will respondwithout undue delay and in any event within one month of receipt of the request. We mayrequest additional information to verify the identity of the data subject before fulfilling therequest. If the request is complex or if we receive multiple requests, we may extend theresponse period by a further two months, and we will inform the data subject of any suchextension within the initial one-month period.8. Data Breach NotificationIn the event of a data breach involving personal data, we will promptly notify the affectedindividuals and the Jersey Office of the Information Commissioner (JOIC), the Office of theData Protection Authority (ODPA) in Guernsey, or the UK Information Commissioner’s Office(ICO) as required by law. We will also take immediate steps to mitigate any potential harmand to prevent further breaches.9. Use of Cookies and Tracking TechnologiesOur website uses cookies and similar tracking technologies to enhance the user experienceand to collect data for marketing and analytics purposes. This includes data collectedthrough Meta Business and Google Ads. Users can manage their cookie preferencesthrough their browser settings, and we provide clear information about the types of cookiesused and their purposes in our Cookie Policy.10. ConfidentialityWe will keep all personal data strictly confidential and will only disclose such data asnecessary for the purposes outlined in this policy or as required by law. This includesensuring that all personnel who have access to and/or process personal data are obliged tokeep the personal data confidential.11. Employee Training and AwarenessWe are committed to providing regular training and awareness programs for all ouremployees to ensure they understand their responsibilities regarding data protection andcomply with this policy.12. Record of Processing Activities (ROPA)We maintain a Record of Processing Activities (ROPA) that documents all the personal datawe collect, process, and store. This record is reviewed regularly to ensure it is up-to-dateand reflects our processing activities accurately.13. Data Protection Impact Assessments (DPIAs)Before undertaking any new processing activity that may present a high risk to the rights andfreedoms of individuals, Signature Pools & Spas Ltd. will carry out a Data Protection ImpactAssessment (DPIA) to identify and mitigate any potential risks.14. Contact InformationFor any questions, concerns, or requests regarding this Data Protection Policy or yourpersonal data, please contact us at:Data Protection OfficerSignature Pools & Spas Ltd.Email: sales@mysignaturepools.comPhone: 01534 856347Address: 22 Seafield Avenue, La Route de St Aubin,St Helier, Jersey, JE2 3LZ15. Regular Policy ReviewThis Data Protection Policy is reviewed at least annually or whenever there are significantchanges in applicable laws, technology, or our business practices. Any updates will becommunicated to all relevant stakeholders.

bottom of page