The Glass and Glazing Federation (GGF) and its subsidiary companies FENSA, BFRC, Installsure, RISA and BoroughIT, are committed to a policy of protecting the rights and privacy of individuals. Protecting your personal information is of high priority for both the staff and management of the GGF and subsidiary companies.
Purpose of Policy
The GGF and its subsidiaries have created this policy to ensure that:
- It complies with GDPR (General Data Protection Regulation), PCI-DSS, UK PII etc., and follows good practice. Both the PCI DSS and the GDPR aim to ensure organisations keep personal data in a secure way. The PCI DSS focuses on payment card and cardholder data, while the GDPR covers regulation for EU residents’ personal data. The important difference is that GDPR is more general than PCI DSS
- It is open about how it processes and stores your personal information
- It demonstrates our accountability and responsibility for data protection
- It has implemented a GDPR compliant Subject Access Request (SAR) procedure for responding to all types of data privacy related requests
Who are we?
The GGF is the main representative organisation for companies involved in all aspects of the manufacture of flat glass and related products and for installation services for all types of glazing, in the commercial and domestic construction sectors. The GGF is registered at Companies House as ‘Glass and Glazing Federation’ (hereafter referred to as GGF) as a company limited by guarantee (registration number 04063012) and registered address of Newspaper House, 40 Rushworth Street, London, SE1 0RB.
The GGF group of companies comprises the following key legal entities:
Glass and Glazing Federation Limited (known as GGF)
G.G.F. Fund Limited
GGF Property Limited
British Fenestration Rating Council Limited (known as BFRC)
Rushworth Inspection Services and Auditing Limited (known as RISA)
The GGF subsidiary companies:
FENSA was established as a Competent Person Scheme (CPS) in April 2002 as a response to the Building Regulations for double glazing companies in England and Wales. As the market leader, FENSA is the largest and longest established Competent Person Scheme within the replacement window and door industry.
Our role for FENSA members is to enable companies to self-certify compliance under the Building Regulations without the need for a separate assessment from Building Control.
BFRC (British Fenestration Rating Council) is the premier UK authority for independently verified ratings of energy efficient windows and doors.
Installsure was established in 2019 by the Glass and Glazing Federation (GGF) in response to a need within the fenestration industry for a broker with a focus on providing high quality warranty insurance products at competitive prices.
Formed in 2015, RISA offers independent and impartial Inspection and Auditing services to the Fenestration and Construction Industries in line with relevant legislation and standards; they are the sole provider of inspection services for FENSA Ltd.
BoroughIT is an IT company initially set up by the GGF to deliver, develop and maintain the IT systems and databases for the GGF and its subsidiaries. The company has grown its portfolio over the last ten years, providing award-winning IT systems to the construction, regulatory, finance and government industries.
What’s not included?
You’re advised to review their privacy policies before providing your personal data.
How do we collect information about you?
There are different ways in which we collect information about you. This includes when you use any of our websites and when you contact us via email, phone or post or fill in any of our online contact forms. In some instances, they will have a legal basis for us doing so.
What type of information is collected from you?
The GGF and subsidiary companies collect certain personal information about you. These would include your name, business contacts, address, email address, IP address, possibly images, business information, and in certain circumstances, employee details. We might also hold your credit/debit card or bank information to process payments if you purchase a product or service from us and give us your explicit consent to hold such data about you.
How is your information used?
The GGF and its subsidiaries may use your personal data:
- To notify you about changes to our services
- To fulfil our legal obligation under government licence and regulation
- To process financial payments
- To process applications to join the GGF or its subsidiaries
- To register window and door installations via FENSA
- To reserve places for you at any events you have booked via our reservation channels
- To carry out obligations arising from any contracts entered into
- For market research, user trend studies, website user improvements and customer services
- To provide you with obligatory information
- To third parties who undertake services on our behalf in relation to our business operations, or where you have otherwise provided consent for us to do so (e.g. for promotional material)
- To provide you with information, products or services which you have requested or which we believe may be of interest to you
- To seek your views or comments on the services we provide
- To process job applications
How long is your information retained for?
Your personal information will not be retained beyond what is required and will be held on our system for as long as it is necessary in relation to the purpose for which it was collected or for which it was further processed. The length of time for which we retain your personal information will take into account the legal and contractual requirements that influence the retention period.
Your personal information will be deleted or destroyed within a set time (currently 3 months) after it has been confirmed that it is no longer required to be retained.
Who has access to your information?
The GGF and its group of subsidiary companies work with third party service providers, who are a natural or legal person, public authority, agency or body other than the data subject (you), the controller (GGF group of companies), a processing internal or external person or entity who, under the direct authority of the GGF and its subsidiaries or a processor, are authorised to process your data, such as Local Authorities, External Printing and Insurance companies.
All processing of personal data requires a lawful basis, e.g. Contractual or Legal Obligation, where Consent provides one such lawful basis.
Your consent is considered to be freely given, specific, informed and an unambiguous indication by you, through a statement or by a clear affirmative action, which signifies agreement to the processing of your personal data. For example, depending on the circumstances, valid consent could be provided verbally, in writing, by ticking a box on one of our web pages, by choosing technical settings in an app, or by any other statement or conduct which clearly indicates in this context your acceptance of the proposed processing of your personal data.
Your consent can be withdrawn at any time; however, your right to withdraw consent is not retrospective (i.e. you cannot withdraw consent to processing that has already taken place).
How can you access your information that we hold?
You have the right to obtain confirmation that your data is being processed and to access your personal data that we hold about you, which is known as a Subject Access Request (SAR). We will typically provide this information free of charge; however, we may charge a ‘reasonable fee’, when a request is unfounded or excessive, to cover administrative cost.
We take all reasonable steps to ensure that the information we hold about you is up to date and accurate. If, however, you change any of the information we hold about you, such as your address, then please contact us on email: firstname.lastname@example.org or write to us at: Glass and Glazing Federation, Newspaper House, 40 Rushworth Street, London, SE1 0RB.
How secure is your information?
All data held is protected by multiple layers of data and system security, i.e. (but not limited to) Data encryption, firewalling, intrusion detection, malware prevention, conforming to least privilege model (data held on our networks has access restrictions according to individuals, teams and business entity needs, which is reviewed on a regularly basis).
All data transfer to external entities, will be encrypted, transferred over a secure network and conform to 2FA (Two-factor authentication).
You may, at any time, prevent the setting of cookies through our websites by means of a setting on your Internet browser, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time using your Internet browser or other software programs. This is available in all popular Internet browsers.