The purpose of this policy is to explain how we collect and may use the personal information we collect from you directly, and from third parties. This policy also explains how we comply with the law on data protection, what your rights are and how you can contact us.
2. Lawful Basis for Processing Data
Under the General Data Protection Regulations (GDPR) businesses need a lawful basis for processing your data. We process a number of types of data for various reasons:
Contractual Obligations: We collect your personal data, such as your name, address, telephone number and email address, to fulfil our contractual obligations to you for example, to provide you with a quote, to enable your order to be processed or to provide our after sales service.
Consent: In some cases, we collect and process your personal data for marketing purposes with your positive and pro-active consent. For example, so that we may send you personalised event marketing and promotional offers based on your purchase history.
You have the right to withdraw this consent at any time by contacting us. You can refuse to consent to providing your personal data for marketing purposes or opt out of being contacted by us without any detriment to any order for products you may wish to make.
Legal Obligation: We collect and process your data in accordance with any legal obligations we may have. For example, we may need to process personal data to comply with any relevant laws relating to criminal and fraudulent activity.
Legitimate Interest: We process personal data for the legitimate interests of our business; including to understand how people interact with our website and to develop our product range.
3. What Personal Data is Collected and Why?
We will usually collect personal information about you such as your name, email address, postal address and telephone number. This is usually when you:
– Order products from us
– Contact us regarding our products
– Contact us regarding our products
When you order products from us we also collect information relating to your financial transaction including time, location, transaction amount, and payment method – please note, bank account information or credit/debit card details are NOT held by us.
Use of Website Cookies: We may also collect anonymous, non-personal identification information whenever you interact with our website. Non-personal identification information is collected by use of website ‘cookies’ – these are small text files that are automatically placed onto your device by some websites that you visit, unless you chose not to accept them. ‘Cookies’ are widely used to allow a website to function as well as to provide website operators with information on how the site is being used.
Non-personal identification information collected via cookies may include the browser name, the type of computer and technical information about the means of connection to our website, such as the operating system, the Internet Service Providers utilised and other similar information. This is for analytical purposes only and used to identify future improvements to our website.
We DO NOT collect any sensitive personal information about you.
4. How We Use Your Personal Data
We use your personal information solely for our core legal business purpose: to process your order and deliver your order to you. We may also use this information to contact you should we have any questions regarding your order, to send you product work-in-progress images or occasionally to notify you of future events or promotions.
We DO NOT forward your personal information on to any third parties.
You can request a full copy of the information we hold about you at any time and also request for it to be deleted or changed – see section Contact Details and Further Information.
5. How Long We Keep Your Personal Data
We will keep your information for as long as is necessary to fulfil the purposes for which it was collected. We will also retain your personal information and purchase history, alondsige an image of your product, to support and manage any product warranty claims for the lifetime of the product and to supply you with identical or similar products for future orders. However, we understand that you may not want your personal information stored and will delete this at your request – see section Contact Details and Further Information.
6. How We Protect Your Personal Data
We are committed to ensuring that your personal information is secure.
In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online, via email or telephone.
Payment Processing: SumUp or iZettle securely processes all payments to us: both companies are fully Payment Card Industry Data Security Standard (PCI-DSS) compliant and your payment information is collected, and processed by them, securely. Please contact SumUp or iZettle for access to their Privacy Policies. Please note – we will NEVER see your payment details.
7. Disclosure of Personal Information to Third Parties
As previously stated, we don’t sell or pass on your information to marketing companies or third parties. However, there may be occasions where we need to share your information in order to comply with any legal obligations for example to government bodies and law enforcement agencies.
8. Your Rights in Respect of Your Personal Data
As an individual you have a number of rights under the relevant data protection laws, including:
- The right to be informed about how your personal information is being used;
- The right to access the personal information we hold about you;
- The right to request the correction of inaccurate personal information we hold about you;
- The right to request the erasure of your personal information in certain limited circumstances;
- The right to restrict processing of your personal information where certain requirements are met;
- The right to object to the processing of your personal information;
- The right to request that we transfer elements of your data either to you or another service provider; and
- The right to object to certain automated decision-making processes using your personal information.
Please contact us should you wish to exercise your rights in respect of your personal data.
9. Contact Details and Further Information
Contact: Mark Griffin
Postal Address: Rustic Ash Chairs, 55 Churchill Road, Didcot, Oxfordshire OX11 7BU