1. When do we collect your personal data?
• When you visit any of our websites, and use your account to buy products online.
• When you make an online purchase and check out as a guest (in which case we just collect transaction-based data).
• When you create an account with us.
• When you purchase by phone or email.
• When you contact us by any means with queries or enquiries.
• When you review our products.
• Any individual may access personal data related to them.
2. What sort of personal data do we collect?
• If you have a web account with us: your name, billing/delivery address, orders and receipts, email and telephone number. For your security, we’ll also keep an encrypted record of your login password.
• Payment card information, is either processed via Nochex or PayPal’s secure payment gateways (who also comply with GDPR) and is never seen by us or if you pay over the phone we will detroy you card information once the transaction is placed via PayPal Virtual Terminal
• Your product reviews.
• To deliver the best possible web experience, we collect technical information about your internet connection and browser as well as the country and telephone code where your computer is located, the web pages viewed during your visit, via Google Analytics. Google Analytics data is kept for 14 months, and is used to show traffic to our website and navigation when on it. This data is only used via Google Analytics and is not downloaded and kept by ourselves.
3. How and why do we use your personal data?
We want to give you the best possible customer experience. Amended failing areas of our website.
The data privacy law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service.
If you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some things you’ve asked for.
For example, you will not be able to navigate the website if you disallow cookies.
Here’s how we’ll use your personal data and why:
• To process any orders that you make by using our websites. If we don’t collect your personal data during checkout, we won’t be able to process your order and comply with our legal obligations.
4. How we protect your personal data
We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
We secure access to all transactional areas of our websites and apps using ‘https’ technology.
Access to your personal data is password-protected, and sensitive data such as payment card information) is secured and tokenised to ensure it is protected.
5. How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Some examples of customer data retention periods:
When you place an order, we’ll keep the personal data you give us for seven years so we can comply with our legal and contractual obligations.
6. Who do we share your personal data with?
If you pay via Nochex or Paypal, they have their own GDPR policies, and will not share card details with us, only whether the transaction was approved or unapproved.
7. What are your rights over your personal data?
An overview of your different rights
You have the right to request:
• Access to the personal data we hold about you.
• The correction of your personal data when incorrect, out of date or incomplete.
• For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end .
You have the right to request a copy of any information about you that we hold at any time, and also to have that information corrected if it is inaccurate. To ask for your information, please contact firstname.lastname@example.org. To ask for your information to be amended or deleted* (if it is not required for our orders etc)
If we choose not to action your request we will explain to you the reasons for our refusal.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
If anything is unclear, please let us now.