(1) What information do we collect?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
When you create an account with us to register interest in our products, or whether you check out as a guest, the following types of information may be collected:
- Identity Data includes first name and last name.
- Contact Data means the data we use to contact you including your billing address, delivery address, email address and telephone number.
- Financial Data means the data we use to process your payments for your orders including your payment card details. We do not store or process your card details ourselves, they are processed and stored via one of our contracted third party service providers. We encrypt your payment card details in your browser and securely transfer this data to our relevant third party payment provider to process a payment.
- Transaction Data means details about transactions you have made on our website including the payments to and from you along with other details of products and services you have purchased from us.
- Technical Data means details about the device(s) you use to access our website, technical usage data and geolocation information.
- Profile Data includesyour username (email address) and password, your login data, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website, products and services. This includes your browsing patterns and information such as how long you might spend on one of our webpages and what you look at and for on our website, the click stream to and from our website, page response times and page interaction information such as scrolling, clicks and mouseovers.
- Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
No personal identifiable data, unless requested and opted into is shared with any third parties - excluding payment gateways.
Should you contact us via email, telephone, letter, or social media, we may collect data to be able to provide you with a service or product. The data collected in these circumstances are subject to the same policies as set out here.
A cookie is a small text file which is downloaded and stored on your computer or mobile device by websites that you visit. Your browser accesses the cookie file only when you visit the website that generated it. This helps to ease your navigation by automatically logging you in and remembering things like your preferences and what’s in your shopping basket.
Duration of cookies:
Session (or Transient) Cookies
Session cookies are stored in your computer's memory for the length of your browsing session. They become inaccessible after the session has been inactive for a time and are automatically deleted from your computer when the browser is closed. They allow you to move from page to page without having to log-in repeatedly.
Persistent (or Permanent) Cookies
Persistent cookies are stored in your computer memory and are not deleted when the browser is closed. They are used to keep your preferences for the website, so they will be remembered for next time you visit the website. They are also used to collect information about the numbers of visitors, the average time spent on a particular page and analyse shopping behaviour on the website. This information is used to find out how well the website works and where it can be improved.
Third party cookies
(3) Using your personal information
We may use your personal information to:
(a) administer the website;
(b) improve your browsing experience by personalising the website;
(c) enable your use of the services available on the website;
(d) send to you goods purchased via the website, and supply to you services purchased via the website;
(e) send statements and invoices to you, and collect payments from you;
(f) send you general (non-marketing) commercial communications;
(g) send you email notifications which you have specifically requested;
(h) deal with enquiries and complaints made by or about you relating to the website;
(i) where we need to comply with a legal or regulatory obligation.
We will not provide your personal information to any third parties for the purpose of direct marketing.
(4) Security of your personal information
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
We will store all the personal information you provide on our secure (password- and firewall- protected) servers. All electronic transactions you make to or receive from us will be encrypted.
Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. To this end we recommend that you check the lower bar of your browser when you fill in your payment details for an unbroken key or closed lock, highlighting that encryption is active and your information is secure.
You are responsible for keeping your password and user details confidential. We will not ask you for your password (except when you log in to the website).
(5) Policy amendments
(6) Your rights
Under certain circumstances, you have rights under UK data protection laws in relation to your personal data.
You have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
If you wish to exercise any of these rights, please contact firstname.lastname@example.org
(7) How long will you store my data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. For example, details of your orders will be kept for as long as we need to retain that data to comply with our legal and regulatory requirements. This is generally 7 years unless the law prescribes a longer period.
In some circumstances you can ask us to delete your data: see your rights section above for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
(8) Third party websites
(9) Updating information
Please let us know if the personal information which we hold about you needs to be corrected or updated.