We understand that privacy and the security of your personal data is extremely important and we’re committed to ensuring that any personal data we collect from you is lawfully managed under the terms of the General Data Protection Regulation (EU) 2016/679 (‘GDPR’). This Policy sets out the basis on how we collect your information, what we do with your information, and what we do to keep it secure. It also explains your rights over any personal information we hold on you and how you can instruct us if you prefer to limit the use of that information.
What sorts of information do we hold?
- Information that you provide to us such as your name, postal address, email address, phone number and bank account details (for payments).
- Information about what products you have previously purchased from us.
- Information collected on electronic communication you receive from us, including whether that communication has been opened and if you have clicked on any links within that communication.
- Information from other sources such as credit agencies and marketing/research companies.
How do we use your information?
We will only process your personal data for the purposes for which we collected it. If we need to process your personal data for an unrelated purpose, we will provide notice to you and, if required by law, seek your consent.
- We gather this information to allow us to make our services available to you and to process your requests accordingly.
- The information may be used to communicate with you on any matter relating to the provision of the service in general.
- We may also use aggregate information and statistics for the purposes of monitoring web site usage in order to help us develop the web site and our service and may provide such aggregate information to third parties. These statistics will not include information that can be used to identify any individual.
- Information from credit reference agencies and credit insurers may be used in making credit decisions such as setting credit limits and payment terms.
- We may process your personal data without your knowledge or consent where required by applicable law or regulation.
Who might we share your information with?
- We use partners and suppliers in aspects of our service delivery; we may share your information with them in order to facilitate them in providing their services.
- We may supply your email addresses to external agencies for promotions and tracking your responses to specific communications.
- We may need to disclose your personal data where we are under a legal duty to comply with any legal obligation or in order to enforce/apply our Terms and Conditions.
- We may need to disclose your information to protect our rights, property or safety of our customers which includes exchanging information with third party organisations for the purposes of fraud protection and credit risk reduction.
- If ever the event that this business is sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchasers’ advisers, and will be passed on to the new owners of the business so that they can continue to provide the service that we currently provide. We will require the purchaser to follow the practices disclosed in this Privacy & Data Protection Policy or to give you at least three months’ notice of any proposed changes.
How we protect your information?
All information you provide to us is stored on our secure devices. We have implemented appropriate physical, technical, and organisational security measures designed to secure your personal data against accidental loss and unauthorised access, use, alteration or disclosure. In addition, we limit access to personal data to those employees, agents, contractors and other third parties that have a legitimate business need for such access.
We require all our third-party service providers, by written contract, to implement appropriate security measures to protect your personal data consistent with our policies. We do not permit our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes in accordance with our instructions.
Rights of Access, Erasure and Objection
It is important that the data we hold about your company is accurate and current. Please keep us informed if any details need to be changed. By law you may have the right to request access to and correct the personal data that we hold about you, or object to the processing of your personal data under certain circumstances. You may also have the right to request that we transfer your personal data to another party. If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact us at email@example.com or in writing to Customer Services, Redwood Innovations, 18 Arnside Road, Waterlooville PO7 7UP.
We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal data that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal data that we hold about you, or we may have destroyed, erased, or made your personal data anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal data, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
How long will we keep your information for?
Except as otherwise permitted or required by applicable law or regulation, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. In any event this will not usually exceed six years from our last engagement with you after which the personal information will be securely destroyed. Under some circumstances we may anonymise your personal data so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.
Right to Withdraw Consent
Where you have provided your consent to the collection, processing and transfer of your personal data, you may withdraw that consent at any time. This will not affect the lawfulness of data processing based on consent before it is withdrawn. To withdraw your consent please contact us at firstname.lastname@example.org
We may wish to provide you with information about special features of our website or any special service or products which we think may be of interest to you. If you would rather not receive this information, please send an email entitled ‘NO MAIL’ to email@example.com
We may also want to provide you with related information from third parties, which we think, may be of interest to you. If you would rather not receive this information, please send an email entitled ‘NO RELATED INFORMATION’ to firstname.lastname@example.org
Changes to Policy
We welcome your views about our website and our Privacy & Data Protection Policy. If you would like to contact us with any queries or comments please contact us via the feedback section of this website.
This is in addition to your right to contact the Information Commissioners Office (https://ico.org.uk/global/contact-us/) if you are unsatisfied with our response to any issues you raise.