Protecting Your Private Data
This explains our policy on the types of personal data that we may collect from those who interact with us, how this data is stored, handled and kept safe.
Our Company Details
The company is:
The law identifies a number of different reasons for which a company may collect and process personal data including:
- When specific consent has been given (eg opting-in to newsletters)
- Compliance with our contractual obligations (eg contact/delivery & payment details)
- Compliance with the law (eg HMRC requires records to be kept of our sales/purchases for 6 years)
We only use your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests (eg shopping history is used to identify trends).
When Do We Collect Personal Data?
The vast majority of the data we collect comes from:
- You placing of an order or enquiry on one of our websites.
- You contacting us (via phone or email) with an enquiry.
In some cases your data may be passed to us by a third-party (eg someone who is purchasing from us on your behalf).
What Sort Of Personal Data Do We Collect?
The two types of data collected are:
- Names, addresses, emails, phone numbers so that we can contact you, deliver goods and recognise your purchase history.
- Payment details including bank account and card numbers.
Do We Have A Dedicated Data Protection Officer (DPO)?
Under the GDPR, a company must appoint a DPO if:
- It is a public authority (except for courts acting in their judicial capacity);
- Its core activities require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking); or
- Its core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences.
Thus there is no requirement for the company to appoint a DPO but it has allocated Data Officer responsibilities to one of its staff. The Data Officer is our knowledgeable person on the GDPR, has oversight of our various data repositories and knows what is kept where.
How Do We Use Your Data?
The data will only be used as you have stipulated. So if you have placed an order or enquiry then the data will be used to make sure that we give you the best possible customer experience by acting as you have asked.
Only if you have specifically and positively consented will we contact you about anything else.
You always have the choice as to what data that you share but refusing certain contact permissions may prevent us being able to provide what you have asked.
How Do We Safeguard Your Data
Data security is important to all of us and the safeguarding of your data is treated with the utmost care.
Our website uses ‘https’ technology and does not store any payment details (eg payment card numbers).
Our internal computer network is maintained professionally, has a robust security barrier between itself and the internet and the data is overseen at Director level.
How Long Will We Keep Your Personal Data?
HMRC requires us to keep sales records (eg invoices) for 6 years from the end of the last company financial year that they relate to. This requirement will form the basis upon which we annually cleanse our data.
With Whom Do We Share Your Personal Data?
Data is shared with our suppliers when necessary to fulfil your requirements. For example your contact details will be passed to our courier companies so that they can deliver goods to you.
In these circumstances we only provide the information they need to perform their specific services and make it clear that the data may only be used for the exact purposes we specify in our contract with them.
Reminder Of Your Rights
You have the right to request:
- Access to the personal data we hold about you, free of charge in most cases.
- The correction of your personal data when incorrect, out of date or incomplete.
- That we stop any consent-based processing of your personal data after you withdraw that consent.
- You have the right to request a copy of any information about you that the company holds at any time, and also to have that information corrected if it is inaccurate. To ask for your information, please contact our Data Officer.
- If we choose not to action your request we will explain to you the reasons for our refusal.
- Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
- In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
- You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
- To protect the confidentiality of your information, we may ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we may ask them to prove they have your permission to act.