Company Name are committed to safeguarding the privacy of our customers and website users.
We have a legal duty under the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) to protect and prevent unauthorized access to your personal data. We must also ensure that the information we hold about you is accurate, adequate, relevant and not excessive. This statement explains how we look after your personal information and what we do with it.
Company Name are acting as a data controller with respect to the personal information of our customers and website users. This means that we have a responsibility to determine the purposes and means of the processing of that information as outlined below. Third party suppliers who store and process your information on our behalf are “data processors” and should only use data for agreed purposes.
We may update this policy from time to time by publishing a new version on our website.
Personal information we collect and store
We may collect and store personal information from you through our website enquiry form, when you email or phone us. This information may include:
- Your name
- Your address and postcode
- Telephone / mobile number
- Email address
- [Add any others]
If we provide goods or services to you may also collect the following:
- Order/transaction details
- Details of all correspondence relating to an order/transaction
- [Any others ?]
This information is stored securely using any of the following [amend as required]:
- Trusted third party service providers, for example email marketing
- [Secure server]
- [Paper records]
What we use your personal information for
We use the personal information you provide for the following:
- To contact you regarding an enquiry you have made through our website, email or phone.
- To process and provide goods and services you have requested.
- To let you know about other services or products which may be of interest based on your previous orders by post.
- If you consent to receive email newsletters we will send you [monthly/regular] updates and offers relating to our services and products and those of our sister companies who provide similar services and products which may be of interest to you.
In addition to the specific purposes for which we may process your personal data set out above, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
If you do not provide us with the personal information we ask for, we may not be able to provide the goods or services you have requested or enter into a transaction with you.
Retaining and deleting personal information
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- We will keep your order/transaction details for a period of [X months/years].
- Your email address, name, phone / mobile and email address will be retained for a period of [X months/years] or until you ask us to remove them from our records.
[You can split these up further if applicable]
Keeping your personal information safe and secure
We will take all reasonable precautions to protect your personal information from misuse or unauthorized access by any third party.
We will never sell your personal information to a third party or for marketing purposes.
We may occasionally share your personal information for the following reasons:
- We may disclose your personal information to any member of our group of companies to inform you about similar goods or services.
- With third party suppliers who process your information on our behalf or to enable us to provide the goods/services you have requested.
- Where we are required to do so by law, or to satisfy a legal requirement or legal claim.
- When you have given us your consent.
International transfers of your personal data
[Include this if you are using any systems eg Mailchimp which transfer data outside the European Economic Area]
We use some trusted third party suppliers to [send email marketing/store website data/other] Some of these store your details in countries outside the European Economic Area (EEA).
In these circumstances we will ensure that your personal information will be protected by appropriate safeguards and to the same level as required by UK and EU data protection laws.
We use only per session cookies that remain in the cookies file of your browser until you leave the site.
For more information about cookies, please see www.allaboutcookies.org.
Your choices and rights
Under the General Data Protection Regulation (GDPR) you have the right to request:
A copy of the personal information we hold about you and what we use it for (providing the rights and freedoms of others are not affected).
That personal information we hold about you is updated or corrected.
That, under some circumstances, we stop using your personal information or remove it from our systems.
To request any of the above please contact:
- Company Name
- [Contact phone and email address]
We will comply with all reasonable requests within one month.