Introduction – Our Commitment to You
Privacy and protection of your personal data is important to us and we are committed to ensure you are fully informed about your rights and how we use your data. Our Privacy Notice will tell you how we collect and use your data to improve your experience with us. We’ll make sure we collect and store your data securely and only retain it for as long as we need to. You will always be in control of the way we use your data and communicate with you, and should you wish to make a change you will easily be able to do so in store, via your online account or by emailing us at firstname.lastname@example.org
There are a number of different permitted basis which allows a company to collect and process your personal data, including:
- Consent – In specific situations, we can collect and process your data with your consent. For example, if you opt to receive marketing information from us via email/SMS
- Contractual obligations – In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you order an item from us for home delivery, we’ll collect your address details to deliver your purchase, and pass them to our third party courier.
- Legal compliance – We may need to collect and process your data if we have a legal obligation. For example, we can pass on details of people involved in fraud or other criminal activity affecting Sally to law enforcement authorities or to external advisers.
- Legitimate interest – In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
We collect information from and about you at various times and in different ways to help us provide you with the best possible service based on our overall understanding of you, as well as to meet our obligations under the law. We use your data to:
- manage your account with us and provide you with products and services you want
- communicate with you and manage our relationship with you
- improve our services, fulfil our administrative purposes, comply with our legal obligations
Depending on how you choose to shop with us, we may collect and process your information as detailed below.
You are able to change how we use your data, you’ll find details in the ‘Your Rights?’ section below.
We use a number of partners to help us provide the best possible service, understand what’s important to our customers, and improve what we sell. We sometimes need to share your data in order to achieve this, but we choose our partners carefully, and seek the maximum protection possible to keep your data as safe as possible. We also insist that their data is not shared with anyone else. If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Examples of the partners we may share your data with are:
- Operational companies who help us fulfil our obligations to you.
For example, delivery companies, fraud prevention agencies.
We will only keep your personal information for so long as it is necessary for the purpose for which is was collected and for us to fulfil our contractual and legal obligations. We maintain retention records of how long information containing personal data will be retained for.
At the end of the respective retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Some examples of customer data retention periods:
- Orders – When you place an order, we may keep the personal data you give us for at least six years so we can comply with our legal and contractual obligations.
You have certain rights to control your information and the manner in which we process it. This includes:
- A right to request us to correct inaccurate information, or update incomplete information;
Please refer to Updating Your Details section below as to how to do this.
- A right to withdraw your consent where you have given us your consent to process your data;
- A right to object to our use of your information (where we rely on our legitimate interests to use your personal information) provided we do not have any continuing lawful reason to continue to use and process your information. When we do rely on our legitimate interests to use your personal information for direct marketing, we will always comply with your right to object;
- A right to object to us processing your information for direct marketing purposes, including profiling you for the purposes of direct marketing;
- You can withdraw any consent that you have previously given to us or to change your preferences on any automatic benefits that we action – e.g. everyone is automatically eligible to receive our trade flyer in the post which is sent monthly and contains the forthcoming month’s promotions – however if you no longer wish to receive this information please see the ‘Updating Your Details’ section below on how to opt out. Please note that if you chose to withdraw your consent for personalisation, due to our system constrains, this will stop all marketing communications we send to you.
- A right to ask that your information is erased (or restricted), provided we do not have any continuing lawful reason to continue to use and process your information;
- A right to get access to your personal information
- The Right to request that your information is transferred to another controller in a structured data file (in a commonly used and machine readable format)
To make such a request please email email@example.com. If we choose not to action your request we will explain to you the reasons for our refusal. To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice, and, where applicable, further information to help us search for your personal information, where a specific request is received. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to make the request.
We will respond to your request within 1 month of us verifying your identity.
You can exercise the above rights and/or manage your information as detailed in the Updating Your Details section.
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
You can learn more about your rights by reading this Privacy Notice or for more general advice, you can refer to here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.