- "Data Protection Law" means: the Data Protection Act 1998 (until repealed) ("DPA"), the Data Protection Directive (95/46/EC) (until repealed) and, from 25 May 2018, the General Data Protection Regulation 2016/679 ("GDPR") or any equivalent provision which may replace the GDPR following the formal political separation of the United Kingdom from the European Union; the Regulation of Investigatory Powers Act 2000; the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (SI 2000/2699); the Electronic Communications Data Protection Directive (2002/58/EC); the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003); and all applicable laws and regulations which may be in force from time to time relating to the processing of Personal Data and privacy, including where applicable the guidance and codes of practice issued by the Information Commissioner or any other supervisory authority, and the equivalent of any of the foregoing in any relevant jurisdiction; and
- "Personal Data", "Data Controller", "Data Processor" and "processing" shall have the meanings given to them in the DPA or, from 25 May 2018, the GDPR.
Information we may collect about you
- credit reference and fraud prevention agencies;
- where you have consented for other organisations to lawfully share data with us; or
- where we receive data from trusted third parties to assist us in our marketing efforts.
Safety of Children
How long we keep your Information
Legal basis for processing your Information
- you have given us your consent to process your Personal Data (see below); or
- processing is necessary for the performance of a contract you have entered into (i.e. we need to process your Information in order to provide you with products), or in order to take any preliminary steps that you consider are required before you can enter into such a contract; or
- processing is necessary to allow us to comply with our legal obligations; or
- processing is necessary in order to protect your vital interests; or
- processing is necessary for us to perform tasks that are of public interest or in the exercise of official authority (where applicable); or
- processing is necessary for our legitimate interests, provided that these legitimate interests are not overridden by your fundamental rights.
Your consent to processing
How we use your Information
- to help us identify you and any account you hold with us;
- administration of your account and any products you order from us;
- to assist us in complying with or enforcing any legal obligations;
- research, statistical analysis and behavioural analysis;
- to provide insights based on aggregated, anonymous data collected through the research and analysis referred to above;
- fraud prevention and detection;
- billing and order fulfilment;
- to improve our services; and
- marketing (see ‘Marketing’ below).
- other companies within our group;
- our suppliers, subcontractors, agents and service providers who help us to provide our products (and we will ensure they have appropriate measures in place to protect your Information);
- law enforcement agencies in connection with any investigation to help prevent unlawful activity;
- regulatory bodies, in response to any official request; and
- if our business is sold or integrated with another business, your Information may be disclosed to our advisers and any prospective purchasers and their advisers and will be passed on to the new owners of the business.
Keeping your Information secure
Information about other individuals
- give consent on his/her/their behalf to the processing of his/her/their information;
- receive on his/her/their behalf any data protection notices; and
- give consent to the transfer of his/her/their information abroad (if applicable).
- You have the right (which up until 25 May 2018 may be subject to the payment of a small fee) to request information about Personal Data that we may hold and/or process about you, including: whether or not we are holding and/or processing your Personal Data; the extent of the Personal Data we are holding; and the purposes and extent of the processing.
- You have the right to have any inaccurate information we hold about you be corrected and/or updated. If any of the Information that you have provided changes, or if you become aware of any inaccuracies in such Information, please let us know in writing giving us enough information deal with the change or correction.
- You have the right in certain circumstances to request that we delete all Personal Data we hold about you (the 'right of erasure'). Please note that this right of erasure is not available in all circumstances, for example where we need to retain the Personal Data for legal compliance purposes. If this is the case we will let you know.
- You have the right in certain circumstances to request that we restrict the processing of your Personal Data, for example where the Personal Data is inaccurate or where you have objected to the processing (see below).
- You have the right to request a copy of the Personal Data we hold about you and to have it provided in a structured format suitable for you to be able to transfer it to a different data controller (the 'right to data portability'). Please note that the right to data portability is only available in some circumstances, for example where the processing is carried out by automated means. If you request the right to data portability and it is not available to you we will let you know.
- You have the right in certain circumstances to object to processing of your Personal Data. If so, we shall stop processing your Personal Data unless we can demonstrate sufficient and compelling legitimate grounds for continuing the processing which override your own interests.
- You have the right in certain circumstances not to be subject to a decision based solely on automated processing, for example where a computer algorithm (rather than a person) makes decisions which affect your contractual rights. Please note that this right is not available in all circumstances. If you request this right and it is not available to you we will let you know.
Social Media Plugins
The social media share buttons, which can be added to all product pages and blog pages, and the Facebook share for discount button, only transmit data once they have been clicked. Therefore, the button only becomes active once the customer has clicked on it and at this point they will be using the social media's website. The only data the social media's servers receive from your site is referral information from the page, such a product title and image. No personal data is transmitted.
The Facebook login feature works in a similar way, and no personal information is transmitted to Facebook. However, once the customer has clicked on the button, any data that is gathered from their Facebook account, such as name and Facebook ID, will be stored within their User Account. This can be deleted as usual, if requested.