For the purpose of the Data Protection Act 2018, we are the data controller and we are committed to complying with the UK’s data protection law and the EU General Data Protection Regulation (GDPR) for the protection of personal data, as well as the principles of data security in the configuration of our services.
We care about the security of your information and use reasonable safeguards to preserve the integrity and security of all information collected through the website. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose information may have been compromised and take further steps, in accordance with any applicable laws and regulations.
INFORMATION WE MAY COLLECT ABOUT YOU
When engaging with us and from every visit you make to the website, we may automatically collect the following:
- Your first and last name, company name, email and/or postal address, telephone number or other information you provide when you click to call or instant message, save or share a design or fill out a contact form.
- Your IP address and Internet Service provider (“ISP”).
- Any referring or exit pages taking you to or from the website.
- Your login information.
- Your web browser type and version.
- Your time zone & location along with date/time stamp.
- Any browser plug-ins and versions used on your browser.
- Your operating system and your platform / device details.
- Information when you interact with our content on the website or on third party websites or platforms, such as social networking websites. This may include information such as “Likes”, profile information or the fact that you viewed or interacted with our content.
- Analytics data, or use third party analytics tools and services, to help us measure traffic and usage trends for the service.
- Log file information, which is automatically reported by your browser or mobile device each time you access the website.
- Device identifiers, through a mobile device (including but not limited to smart-phones or tablets), such as a universally unique identifier (“UUID”).
- location data, which may include GPS coordinates (e.g. latitude and/or longitude) or similar information regarding the location of your mobile device.
HOW YOUR INFORMATION IS USED
The purpose for processing your personal information is to allow us to administer your enquiries and orders with us and to provide the products and services you have requested from us. In order to enter into an agreement with us, we will collect, store and use elements of your personal data. The lawful basis for processing this data is known as Contractual Obligation.
We will also process your details through our internal systems to enable us to send you relevant service communications. These are generally website related service emails such as order confirmation, delivery date reminders and proposals, order instructions, feedback requests, account verification and reminders, changes or updates to features of the website and technical and security notices. The lawful basis for processing this data is known as Legitimate Interest.
We may use your information to:
- Ensure that content from the website is presented in the most optimised and effective manner for you and for your computer.
- Diagnose or fix technology problems.
- Control unauthorised use or abuse of the website and our products and services.
- Detect, investigate or prevent activities that may violate our policies or be illegal.
- Provide you with information, newsletters, products, promotions or services that you request from us or that we feel may interest you, where you have consented to be contacted for such purposes.
- Carry out our service obligations arising from any contracts entered into between you and us via the website, phone or email.
- Notify you about changes to our service.
- Deliver customer service and respond to inquiries.
- Administer the website including data analysis, testing, traffic monitoring, research and for statistical and survey purposes.
- Present a commercial partnership.
- Maintain internal record keeping.
- Improve our products and services.
- Process customer personal details in our CRM.
- Process personal data from those who take part in email, website contact forms, verbal or instant messaging communications.
- Contact you by email or phone for market research purposes.
- Ensure that you will not have to re-enter information during the next time you visit the website.
- Provide custom, personalised content and information.
- Provide and monitor the effectiveness of our service.
- Monitor aggregate metrics such as total number of visitors, traffic and demographic patterns.
- Identify which website pages are being used.
THIRD PARTY WEBSITES
We may disclose your personal information to any of our group companies (which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 736 of the UK Companies Act 1985) and also to third parties in the following circumstances: –
- To any prospective seller or buyer of all (or part of) our business or assets.
- If we are required to do so by law, any applicable regulation or to protect the rights, property, or safety of ourselves or others. This may include disclosing to other companies and organisations in connection with fraud protection and credit risk reduction.
All personal information provided by you to us through the website will not be disclosed to any other third party without your permission. We may provide general statistical information to third parties, but such information will not allow anyone to be personally identified.
All information you provide to us is stored on our UK based secure servers and encrypted using Transport Layer Security (“TSL”) encryption. We take your privacy very seriously and will take all reasonable steps to protect your personal data, but please be aware that any data which you send to the website is sent at your own risk.
No method of transmission over the Internet, method of electronic storage or other security methods are one hundred percent secure. Therefore, while we strive to use commercially acceptable means such as firewalls, password-protected databases with limited physical or electronic access, and encryption to protect your personally identifiable information against unauthorised use, disclosure or modification, we cannot guarantee its absolute security.
We use third party information system providers who may store or have access to your personal information. Copies of some information may remain viewable in some circumstances where, for example, you have shared information with social media or other services.
ACCESS TO INFORMATION
In certain circumstances you have the right to:
- Request access to your personal data: You have the right to receive confirmation of whether we are holding or using your personal data and if we are, to obtain a copy of your personal data.
- Request the correction of your personal data: You have the right to have any incomplete or inaccurate personal data we hold about you corrected. We may need to verify the accuracy of any new data you provide.
- Request the erasure of your personal data (the right to be forgotten): You have the right to ask us to delete or remove personal data in line with our statutory and legal responsibilities, where we have no good reason to continue using it, where the personal data is no longer necessary for the purposes for which it is collected or otherwise processed, where you withdraw consent, when you object to the processing and there is no overriding legitimate interest for continuing the processing, where the personal data was unlawfully processed (i.e. otherwise in breach of the GDPR) and where the personal data has to be erased in order to comply with a legal obligation. In case a deletion is not possible due to legal, statutory or contractual retention periods, or if it requires disproportionate efforts or prejudices your legitimate interests, the data may be blocked instead of deleted.
- Request a restriction on the processing of your personal data: You have the right to ask us to suspend the processing of your personal data if you want us to establish the data’s accuracy.
- Object to the processing of your personal data: You have the right to object, where we are relying on our legitimate interest (or that of a third party) and you wish to object to processing on these grounds, as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data and that those grounds override your rights and freedoms.
- Object to the use of your personal data for direct marketing purposes: You have the right to object where we are processing your personal data for direct marketing purposes. This should not occur without your prior consent.
- Request that we transfer your personal data: You have the right to request that we transfer the personal information you gave us to another organisation, or to you.
You may choose to restrict the collection or use of your personal information in the following ways:
- Whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes.
- If you have previously agreed to us using your personal information for direct marketing purposes, you may change this permission at any time by emailing us.
HOW TO CONTACT US OR COMPLAIN
You are not required to pay any charge for exercising your rights and if you make a request, we have one month to respond to you.
If you have any concerns about our use of your personal information, you can make a complaint to us at firstname.lastname@example.org
You can also complain to the ICO if you are unhappy with how we have used your data and how we have responded to your subsequent complaint.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk