Our policy is to respect the privacy of individuals and to maintain compliance with the General Data Protection Regulations (GDPR).
We are dedicated to ensuring that all information about individuals who visit our website and social media platforms is kept as secure as possible.
This policy outlines the information we collect and how we use it. This policy applies to information collected through our website and other sources, including social media, email and over the phone.
We only collect personal information on a voluntary basis. We do not require this information to obtain access to our website or our social media sites.
The General Data Protection Regulations (GDPR) (2018) requires the us to be open about the information that it holds on you and uses.
You have the right to withdraw your consent to processing of data. Please contact the Data Protection Officer in writing.
This policy complies with the General Data Protection Regulations May 2018.
The GDPR regulates the processing of personal data, and protects the rights and privacy of all living individuals, for example by giving all individuals who are the subject of personal data a general right of access to the personal data which relates to them. Individuals can exercise the right to gain access to their information by means of a ‘subject access request’. Personal data is information relating to an individual and may be in hard or soft copy (paper/manual files; electronic records; photographs; CCTV images), and may include facts or opinions about a person.
We have obligations imposed on it by the General Data Protection Regulation (GDPR) to ensure that all information about individuals is collected and used fairly, stored safely and securely, and not disclosed to any third party unlawfully. We must ensure that our policies are written in a clear, plain way that everyone will understand.
Individuals have various rights under the legislation including a right to:
This policy outlines the information we collect and how we use it.
In order to comply with our obligations, we undertake to adhere to the GDPR principles:
We will make all reasonable efforts to ensure that individuals who are the focus of the personal data (data subjects) are informed of the purposes of the processing, any disclosures to third parties that are envisaged; given an indication of the period for which the data will be kept, and any other information which may be relevant.
We will ensure that the reason for which it collected the data originally is the only reason for which it processes those data, unless the individual is informed of any additional processing before it takes place.
We will not seek to collect any personal data which is not strictly necessary for the purpose for which it was obtained. Forms for collecting data will always be drafted with this mind. If any irrelevant data are given by individuals, they will be destroyed immediately.
We will review and update all data on a regular basis. It is the responsibility of the individuals giving their personal data to ensure that this is accurate, and each individual should notify us if, for example, a change in circumstances mean that the data needs to be updated. It is the responsibility of the company to ensure that any notification regarding the change is noted and acted on.
We undertake not to retain personal data for longer than is necessary to ensure compliance with the legislation, and any other statutory requirements. This means we will undertake a regular review of the information held and implement a weeding process.
The Data Protection Officer is responsible for ensuring that any personal data which is held is kept securely and not disclosed to any unauthorised third parties.
We will ensure that all personal data is accessible only to those who have a valid reason for using it.
We will have in place appropriate security measures, which are reviewed annually.
In addition, we will put in place appropriate measures for the deletion of personal data.
Our Data Protection Officer is the Clive Wheatley. Any queries or complaints should be addressed to firstname.lastname@example.org
If you visit our website, you have the option of contacting us via the contact form. You will be asked to provide your name, email address and contact telephone number. You will then be contacted by our team to discuss your enquiry.
If you choose not to purchase anything this time, your details will be securely deleted and not retained by the business.
When you choose to purchase our products, you will be asked to provide your name, address, email address and contact telephone number. These details are used for invoicing purposes and kept for 6 years in line with HRMC requirements.
When taking payment by credit card or debit card, we securely delete the details as soon as a payment has been successfully processed. We do not store this data.
We have various delivery partners who require customers name and address in order to arrange delivery of your purchase. By placing an order with us, you agree to your personal details being issued to our delivery partners. We ensure that our partners are GDPR compliant.
We will only pass information to other third parties, if we have a legal obligation to do so. We may pass data on to HMRC, should we be required.
The company do not pass your data onto any other third party, without your explicit consent.
You may at any time contact the company and ask what information we hold on you. You may ask us to update this information if it is incorrect, which we will strive to do as quickly as possible.
Please write to the Data Protection Officer if you wish for data to be erased. However, there may be circumstances where we are unable to do this (to fulfil our legal responsibilities).
All data is password protected and only accessible by authorised staff. We take appropriate cyber precautions and review our security regularly.