Provincial Seals Limited (Company Number 05583744), whose registered office is at Unit 2, Ninth Avenue, Team Valley Trading Estate, Gateshead, NE11 0EH ("the Company"), is committed to protecting and respecting your privacy.

This policy (together with our Terms and Conditions) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us in accordance with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.

Effective Date: 24 March 2026
Data Controller: Jason Turner
Contact: info@provincialseals.co.uk | 01661 842221 (7:00am – 5:00pm, Monday to Friday)

1. Data Collection

We may collect and process the following categories of personal data:

• (a) Information you provide directly to us, including your name, address, telephone number, email address and correspondence;
• (b) Information relating to enquiries, orders, accounts and transactions;
• (c) Technical data including IP address, browser type, device information and website usage data;
• (d) Information collected via cookies and similar technologies;
• (e) Information obtained from publicly available sources, professional networking platforms, company websites and public records where relevant;
• (f) Information obtained from third-party service providers that support our business operations, compliance activities and fraud prevention processes;
• (g) Information obtained from credit reference agencies where required for consumer credit, identity or affordability checks.

2. How We Use Personal Data

We process personal data for the purposes of:

• (a) Providing products and services and responding to enquiries;
• (b) Processing orders and managing customer accounts;
• (c) Delivering training, consultancy and retrofit-related services;
• (d) Administering, maintaining and improving our website;
• (e) Verifying identity and preventing fraud;
• (f) Conducting affordability or creditworthiness assessments where required;
• (g) Complying with legal, regulatory, accounting and taxation obligations;
• (h) Sending marketing communications where consent has been obtained or where permitted by law.

3. Lawful Basis for Processing

Processing is carried out under one or more of the following lawful bases:

• (a) Consent;
• (b) Performance of a contract;
• (c) Compliance with legal obligations;
• (d) Legitimate interests pursued by the Company.

Our legitimate interests include operating and administering our business, fulfilling contractual obligations, ensuring system and data security, preventing fraud, supporting audit and compliance activities, protecting consumer and credit reference data, improving our products and services, and protecting the rights, property and safety of our business, customers and stakeholders.

Where we rely on legitimate interests, we ensure these interests are balanced against the rights and freedoms of individuals and that appropriate safeguards are in place.

4. Credit Reference and Affordability Checks

To help us assess applications, prevent fraud, and meet our legal and regulatory obligations, we may obtain information about you from credit reference agencies ("CRAs").

We obtain this information via Creditsafe, which uses its data partner TransUnion to supply consumer credit and identity data.

• Creditsafe Business Solutions Limited is authorised and regulated by the Financial Conduct Authority (FCA Firm Reference Number: 742313)
• TransUnion International UK Limited is authorised and regulated by the Financial Conduct Authority (FCA Firm Reference Number: 737740)

The information we receive may include data relating to your identity, credit commitments, payment history and public record information. This data is used solely for legitimate business purposes, including creditworthiness assessment, identity verification and fraud prevention, in accordance with applicable data protection laws.

Further information about how Creditsafe and TransUnion process your personal data can be found within their privacy notices:

• Creditsafe Transparency Notice: https://www.creditsafe.com/gb/en/legal/transparency-notice.html
• TransUnion CRAIN (Credit Reference Agency Information Notice): https://www.transunion.co.uk/legal/privacy-centre/pc-credit-reference
• TransUnion Bureau Privacy Notice: https://www.transunion.co.uk/legal/privacy-centre/pc-bureau

5. Data Sharing

We may disclose personal data to third parties where necessary for legitimate business purposes, including:

• (a) IT service providers and website hosting providers;
• (b) Professional advisers including legal, financial and insurance advisers;
• (c) Regulatory bodies, law enforcement agencies and government authorities where required;
• (d) Credit reference agencies, fraud prevention agencies and compliance service providers;
• (e) Third-party contractors and suppliers who assist us in delivering our products and services.

All such third parties are required to respect the security of personal data and process it in accordance with applicable data protection laws.

6. International Transfers

We may transfer personal data to recipients or service providers located outside the United Kingdom and/or European Economic Area ("EEA").

Where such transfers occur, we ensure appropriate safeguards are in place to protect personal data in accordance with applicable data protection laws. These safeguards may include the use of International Data Transfer Agreements (IDTAs), Standard Contractual Clauses (SCCs), or transfers to countries recognised as providing an adequate level of protection.

7. Data Retention and Security

Personal data shall be retained only for as long as necessary to fulfil the purposes for which it was collected and to satisfy legal, regulatory, accounting and reporting requirements.

Data used for credit reference, identity verification or affordability checks will be retained only for as long as necessary and then securely deleted or anonymised.

We implement appropriate technical and organisational measures to safeguard personal data against accidental loss, unauthorised access, disclosure, alteration or destruction.

8. Your Rights

Under UK GDPR, you have the right to:

• (a) Request access to your personal data;
• (b) Request correction of inaccurate or incomplete data;
• (c) Request erasure of your personal data;
• (d) Request restriction of processing;
• (e) Request transfer of your personal data;
• (f) Object to processing;
• (g) Withdraw consent where processing is based on consent.

Requests should be made using the contact details provided above.

9. Right to Lodge a Complaint

If you are dissatisfied with how we process your personal data, you have the right to lodge a complaint with the Information Commissioner's Office ("ICO").

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113

Website: www.ico.org.uk

10. Provision of Personal Data

The provision of certain personal data is primarily contractual and, in some circumstances, required to meet legal and regulatory obligations.

Personal data may be required in order to:

• Enter into and perform contracts with customers, suppliers and business partners;
• Process orders, manage accounts and deliver products and services;
• Verify identity and prevent fraud;
• Comply with legal, regulatory, accounting and taxation obligations.

If you choose not to provide the personal data requested:

• We may be unable to enter into a contract with you;
• We may be unable to fulfil orders or provide products and services;
• We may be unable to conduct necessary verification, compliance or fraud prevention checks;
• Services may be delayed, restricted or declined.

Where personal data is requested for optional purposes, such as marketing communications, providing that data is voluntary and consent may be withdrawn at any time.

11. Automated Decision-Making and Profiling

We may use automated systems and tools to support certain business processes, including risk assessment, fraud prevention, affordability checks, identity verification and record management.

These tools may analyse personal data using predefined criteria to generate indicators, scores or recommendations.

However, we do not make decisions that have a legal or similarly significant effect on individuals based solely on automated processing. Any such decisions are subject to meaningful human review.

Individuals will not be subject to automatic rejection or adverse decisions without human involvement.

12. Cookies

Our website uses cookies to distinguish you from other users and improve functionality and user experience.

Cookies may collect information about how visitors use our website, including pages visited, time spent on site and interactions with website content.

You may control cookies through your browser settings. Non-essential cookies are used only with your consent and can be withdrawn at any time through our cookie management tools.

For more information regarding our use of cookies, please contact us using the details above.