Legal Basis for Processing Personal Data Under the UK General Data Protection Regulation (GDPR)
We may process your Personal Data because:
• We need to perform a contract with you
• You have given us permission to do so
• The processing is in our legitimate interests and it’s not overridden by your rights
• For payment processing purposes
• To comply with the law
Purposes for which we will use your personal data
Your personal details will only be used to handle the order and all information gathered will never be passed on to or sold to third parties. However, please note that from time to time we may contact you via email or newsletter regarding our products and services.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
How is your personal data collected?
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
Apply for our products or services;
Create an account on our website;
Subscribe to our service or publications;
Request marketing to be sent to you;
Enter a competition, promotion or survey; or
Give us feedback or contact us.
Automated technologies or interactions.
As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
Promotional offers from us
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving that marketing.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data: see your legal rights for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Disclosures of your personal data
We may share your personal data with the parties set out below for the purposes set out in the table above.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We will notify you and any applicable regulator of a breach where we are legally required to do so.
Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
If you wish to exercise any of your rights, please contact us via email at firstname.lastname@example.org
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.