1.1. We are committed to ensuring that we manage your personal data professionally and in compliance with all applicable data protection laws. Part of this commitment is to ensure that there is transparency about how we process personal data. This policy includes an explanation of:
1.1.1. what data we are processing;
1.1.2. why we are processing it and what we do with it;
1.1.3. whether we will share it with anyone else;
1.1.4. whether we will transfer it outside of the European Economic Area;
1.1.5. how we keep your data safe; and
1.1.6. your rights.
2.2. References in this Policy to ‘you’ are to you the data subject who is or has been in contact with us.
2.3. If you have any queries about this Policy or concerning your data, please email us at firstname.lastname@example.org
3.1. The personal data that we hold and how we manage it varies depending on why we are holding it. The reasons that we hold personal data are broadly when you have expressed an interest in our products. Under each section heading in 3.2, we have detailed how we manage and process the personal data.
3.2. What data do we hold about you?
3.2.1. Contact Details: Name, Address, Phone numbers, Email address.
3.2.2.Optional information : Any additional information you may choose to provide to us e.g. your date of birth or food allergies or intolerances affecting you .
3.2.4. Product Information: Relating to products in which you have expressed an interest or which you have purchased from us, including copies of any complaints and claims you may have sent us.
3.3. How do we obtain this data?
3.3.1. If you contact us directly via our website, social media channels, online chat, telephone, post or at external events.
3.3.2. If you buy a product of service from us directly.
3.3.3. If you reply to our direct marketing campaigns.
3.3.5. Please help us to keep your information up to date by informing us of any changes to your contact details or preferences. You may change or review your contact details or preferences at any time by notifying us by email or post; our contact details are in sections 2.1 and 2.3.
3.4. What do we do with this data?
3.4.1. Customer Support and Marketing – to respond to enquiries and to bring you news and offers. We use your personal data for customer care and for personalised communication of product information. In order to ensure that you receive relevant and personalised communications, we will use your data to create an individual customer profile
3.4.2. Compliance with legal requests for your information – to comply with our legal obligations to law enforcement, regulators and the court service. We may be legally required to provide your information to law enforcement agencies, regulators and courts and third party litigants in connection with proceedings or investigations anywhere in the world. Where we are permitted to do so, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
3.5. What’s our lawful basis for the processing of this data?
3.5.1. The use of your information set out above is permitted under EU data protection law on the basis of these principal legal grounds:
3.5.2. where you have consented to the use (you will have been presented with a consent form in relation to any such use and may withdraw your consent at any time by contacting us )
3.5.3. where necessary to enter into or perform our contract with you
3.5.4. where we need to use it to comply with our legal obligations
3.5.5. where we use it to achieve a legitimate interest including promoting the products we sell and to provide you with news and offers tailored to your profile3.5.6. where there is a vital interest we may use your information to notify you about safety and product recall notices
3.6. Will we share your data with any third parties?
3.6.1. We will not transfer , sell, give away , distribute or lease your personal information to third parties except in the very limited circumstances detailed in sections 3.6.2 and 3.6.3 below.
3.6.2. There may be instances where the law requires we disclose your personal information to respond to subpoenas, court orders, or other legal process.
3.7. How long do we keep this data?
3.7.1. We retain your information only as long as is necessary for the purpose for which we obtained them and any other permitted linked purposes. If information is used for two purposes we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period once that period expires. We restrict access to your information to only those persons who need to use it for the relevant purpose. Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymised or destroyed securely.
3.7.2. Use for marketing: We retain your personal information for as long as is necessary, but only for the relevant purpose that we collected it for. You retain the right to remove this consent at any point.
3.7.3. Use to perform a contract: In relation to your information used to perform any contractual obligation with you we may retain that data whilst the contract remains in force plus six years to deal with any queries or claims thereafter.
3.7.4. Where claims are contemplated: In relation to any information where we reasonably believe it will be necessary to defend or prosecute or make a claim against you, us or a third party, we may retain that data for as long as that claim could be pursued.
3.8. No transferring your data outside of the European Economic Area
3.8.1. We do not make any such transfers without your consent.
4.1. A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site.
4.2.We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
4.3 Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
6.1. We have adopted the technical and organisational measures necessary to ensure the security of the personal data we collect, use and maintain, and prevent their alteration, loss, unauthorised processing or access, having regard to the state of the art, the nature of the data stored and the risks to which they are exposed by human action or physical or natural environment. However, as effective as our security measures are, no security system is impenetrable. We cannot guarantee the security of our database.
6.2. We use Secure Sockets Layer (SSL) software to protect your online transactions. SSL encrypts the personal information you provide to us before travelling over the internet; however we are unable to guarantee the security of the data transmitted to our website as unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, any transmission is at your own risk. Once we have received your information, we will use procedures and security features to try to prevent unauthorised access.
6.3. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
7.1. Your right to access data: We always aim to be as open as we can and allow people access to their personal information. Where we hold your personal data, you can make a ‘subject access request’ to us and we will provide you with:
7.1.1. a description of it;
7.1.2. an explanation of why we are holding it;
7.1.3. information about who it could be disclosed to; and
7.1.4. a copy of the information in an intelligible form – unless an exception to the disclosure requirements is applicable.
7.1.5. If you would like to make a ‘subject access request’ please make it in writing to our contact email address noted in section 2 and mark it clearly as ‘Subject Access Request’.
7.1.6. If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
7.1.7. Unless you agree a different time, we will complete your subject access request within one month.
7.2. Right to be forgotten: If we hold personal data about you, but it is no longer necessary for the purposes that it was collected and cannot otherwise be justified – you have the right to request that we delete the data.
7.3. Right to restrict data: If we hold personal data about you and you believe it is inaccurate you have the right to request us to restrict the data until it is verified. You also have the right to request that the data is restricted where you have a right to it being deleted but would prefer that it is restricted.
7.4. Right to complain: You always have the right to complain to the personal data regulator, the ICO. You may also be entitled to seek compensation if there has been a breach of data protection laws.
7.5. Right to stop marketing messages: You always have the right to stop marketing messages and telephone calls. We will usually include an unsubscribe option in any marketing emails and in texts. If you do wish to unsubscribe, please just click the unsubscribe button in the email or send a STOP text to the number indicated and we will promptly action that request. Alternatively, you can update your marketing preferences by contacting us at any time. Our contact details are shown in section 2.
Policy last updated on 1st June 2018.