Table of Content
- Definitions used in this Policy
- Important information & contact details
- Data protection principles we follow
- What rights do you have regarding your Personal Data
- What Personal Data we gather about you
- How we use your Personal Data
- Who else has access to your Personal Data
- How we secure your data
- Information about cookies
- Contact information
Personal Data – any information relating to an identified or identifiable natural person.
Processing – any operation or set of operations which is performed on Personal Data or on sets of Personal Data.
Data subject – a natural person whose Personal Data is being Processed.
Child – a natural person under 16 years of age.
We/us – Naffco54, 1 Highclere Rd, Great Notley, Braintree, CM77 7WX
Important Information & Contact Details
Data Controller. For all of our services, the data controller (the company which is responsible for personal data) is Naffco54. Registered address: Naffco54, 1 Highclere Rd, Great Notley, Braintree, CM77 7WX, United Kingdom.
Email us on: email@example.com
Write to us: Data Protection Department, Naffco54, 1 Highclere Rd, Great Notley, Braintree, CM77 7WX, United Kingdom.
You have the right to file a complaint at any time to UK data protection supervisory authority, which is the Information Commissioner’s Office (ICO), www.ico.org.uk. We would, however appreciate the opportunity to deal with your concerns before approaching the ICO.
Data Protection Principles
We promise to follow the following data protection principles:
Processing is lawful, fair, transparent. Our Processing activities have lawful grounds. We always consider your rights before Processing Personal Data. We will provide you information regarding Processing upon request.
Processing is limited to the purpose. Our Processing activities fit the purpose for which Personal Data was gathered.
Processing is done with minimal data. We only gather and Process the minimal amount of Personal Data required for any purpose.
Processing is limited with a time period. We will not store your personal data for longer than needed.
We will do our best to ensure the accuracy of data.
We will do our best to ensure the integrity and confidentiality of data.
Data Subject's Rights
The Data Subject has the following rights:
- Right to information – meaning you have to right to know whether your Personal Data is being processed; what data is gathered, from where it is obtained and why and by whom it is processed.
- Right to access – meaning you have the right to access the data collected from/about you. This includes your right to request and obtain a copy of your Personal Data gathered.
- Right to rectification – meaning you have the right to request rectification or erasure of your Personal Data that is inaccurate or incomplete.
- Right to erasure – meaning in certain circumstances you can request for your Personal Data to be erased from our records.
- Right to restrict processing – meaning where certain conditions apply, you have the right to restrict the Processing of your Personal Data.
- Right to object to processing – meaning in certain cases you have the right to object to Processing of your Personal Data, for example in the case of direct marketing.
- Right to object to automated Processing – meaning you have the right to object to automated Processing, including profiling; and not to be subject to a decision based solely on automated Processing. This right you can exercise whenever there is an outcome of the profiling that produces legal effects concerning or significantly affecting you.
- Right to data portability – you have the right to obtain your Personal Data in a machine-readable format or if it is feasible, as a direct transfer from one Processor to another.
- Right to lodge a complaint – in the event that we refuse your request under the Rights of Access, we will provide you with a reason as to why. If you are not satisfied with the way your request has been handled please contact us.
- Right for the help of supervisory authority – meaning you have the right for the help of a supervisory authority and the right for other legal remedies such as claiming damages.
- Right to withdraw consent – you have the right withdraw any given consent for Processing of your Personal Data.
Data We Gather
The information we collect from you can vary depending on how you interact with us, this may include you name, date of birth, email address, IP address, physical address, geolocation etc. In particular:
Information you have provided us with
- When you create an account, or purchase a product we will collect your name, billing information, delivery information and contact details such as telephone number and/or email address.
- When you purchase something from us we collect your name, address and contact details such as email address and telephone number. We also collect information regarding the product you have purchased, which point of sale you purchased the item from, and your opinions of the product. There is also the option for you to opt into our marketing communications on this page.
- When you register to join our newsletter and product release mail outs, we collect your name, email address.
- When you complete a contact form, we capture your name & email address.
Information automatically collected about you
This includes information that is automatically stored by cookies and other session tools. For example:
- If you engage with us online via our website, our analytics software (Google Analytics & Facebook Pixel) will capture your IP address, your location and how you use our website.
- If you interact with the websites eCommerce system to track items added to your shopping cart, your shopping history, and previously viewed product. This information is used to improve your customer experience.
- When you use our services or look at the contents of our website, your activities may be logged.
Publicly available information
We might gather information about you that is publicly available.
How We Use Your Personal Data
We use information held about you in the following ways:
- To enhance the user experience whilst you are browsing our website(s) and supply you with a fluid experience on our platforms.
- To provide you with information relating to new product development and releases – where you have given us prior consent.
- To provide you with other products and services that you have requested.
- To provide you with promotional items at your request and communicating with you in relation to those products and services
- To communicate and interact with you; and notifying you of changes to any services.
- When you order from us, or enter a competition we are hosting, we use your information to fulfil our contact with you.
- To comply with law enforcement requests.
We use your Personal Data on legitimate grounds and/or with your Consent.
On the grounds of entering into a contract or fulfilling contractual obligations, we Process your Personal Data for the following purposes:
- To identify you.
- To provide you a service or to send/offer you a product.
- To communicate either for sales, invoicing or order query / fulfilment.
With your consent we Process your Personal Data for the following purposes:
- To send you newsletters and campaign offers (from us and/or our carefully selected partners).
- For other purposes we have asked your consent for.
We Process your Personal Data in order to fulfil obligation rising from law and/or use your Personal Data for options provided by law. We reserve the right to anonymise Personal Data gathered and to use any such data. We will use data outside the scope of this Policy only when it is anonymised. We save your billing information and other information gathered about you for as long as needed for accounting purposes or other obligations deriving from law, but not longer than required. Once orders are fulfilled your order information is archived and stored securely offline.
If you wish to we might process your Personal Data for additional purposes that are not mentioned here, but are compatible with the original purpose for which the data was gathered.
To do this, we will ensure that:
- The link between purposes, context and nature of Personal Data is suitable for further Processing
- The further Processing would not harm your interests and there would be appropriate safeguards in place for Processing.
We will inform you of any further Processing and purposes.
We use multiple website analytic tools provided by third parties such as Google Analytics and Facebook Pixel to collect information about how visitors use our website services, including how you discovered our website, how you browse through the website, what operating system and browser software combination you’re using, and network/IP information. Both of these analytic tools place persistent cookies in your browser to identify you as a unique user for the next time you visit our site. These cookies cannot be used by anyone other than the service provider. Information collected by these third party analytic tools does not include personal data such as name, billing address, etc.
Cookies and similar technologies
Necessary cookies – these cookies are required for you to be able to use some important features on our website, such as logging in. These cookies don’t collect any personal information.
Functionality cookies – these cookies provide functionality that makes using our service more convenient and makes providing more personalised features possible. For example, they might remember your name and e-mail in comment forms so you don’t have to re-enter this information next time when commenting.
Analytics cookies – these cookies are used to track the use and performance of our website and services.
Advertising cookies – these cookies are used to deliver advertisements that are relevant to you and to your interests. In addition, they are used to limit the number of times you see an advertisement. They are usually placed to the website by advertising networks with the website operator’s permission. These cookies remember that you have visited a website and this information is shared with other organisations such as advertisers. Often targeting or advertising cookies will be linked to site functionality provided by the other organisation.
ou can remove cookies stored in your computer via your browser settings. Alternatively, you can control some 3rd party cookies by using a privacy enhancement platform such as optout.aboutads.info or youronlinechoices.com. For more information about cookies, visit allaboutcookies.org.
We may share your data with trusted third parties in some instances to fulfil services between you as us. This includes
- We pass your contact details to a third-party courier company who may contact you via email or SMS to confirm the delivery data and/or time slot of your order.
- We pass your shopping cart information to either Shopfiy, Stripe, Xero or PayPal to allow them to process the payment for your order.
- We pass your email address and name to Klaviyo to allow us to create and send marketing campaigns (where you have previously given us explicit consent).
- We pass browsing data to Google Analytics and Facebook Pixel for performance analysis of the way visitors use our online services.
- We use an ISO accredited third-party cloud backup solution for protecting our data.
We only share your personal data as necessary for any third party to provide the services as requested or as needed on our behalf. These third parties are subject to strict data processing terms and conditions, and are prohibited for utilising, sharing or retaining your personal data for any purpose other than as they have been specifically contracted for (or with your consent).
Links to whom we share your data with:
International Data Transfers
Your personal data will not be transferred outside of the EEA (European Economic Area).
Accessing, Updating or deleting your data
Please contact our sales team (firstname.lastname@example.org) to access, update or request to have your data deleted. If you make a request to delete your personal data, and that data is necessary for the products you have purchased, the request will be honoured only to the extent it is no longer required for our legitimate business purposes or legal or contractual record keeping requirements. Please note: If you request to have your details removed from our guarantee database, we will no longer be able to honour the product guarantee.
Data storage and retention
We’re committed to keeping your personal data secure, and have put in place appropriate security measures to prevent your personal data from being lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to our employees and sub-contractors on a need-to-know basis. If there is no business use for these parties to access your personal data, then access is prohibited by security measures such as passwords and user permission groups. All personal data is encrypted and securely backed up on a daily basis.
We use safe protocols for communication and transferring data (such as HTTPS). We use anonymising and pseudonymising where appropriate . We monitor our systems for possible vulnerabilities and attacks and enforce strong password policies on any accounts.
Even though we try our best, we can not guarantee the security of information on the website. However, we promise to notify suitable authorities of data breaches. We will also notify you if there is a threat to your rights or interests. We will do everything we reasonably can to prevent security breaches and to assist authorities should any breaches occur.
If you have an account with us, note that you have to keep your username and password secret.
We do not store any of your financial information on our website.
We only retain your personal data for as long as necessary to fulfil the purpose we collected it for, including for the purpose of satisfying any accounting, legal or reporting requirements.
We always aim to keep your data for the minimum time in line with data protection regulations and our processes. For example, we keep:
- Records of payment information in line with tax law and audit requirements.
- Information relating to the guarantee registration of your product
If you decide to unsubscribe to marketing communications, we keep a record of this request indefinitely to ensure we do not send you direct marketing communications again. We may keep your data for longer if we cannot delete it for legal, regulatory or technical reasons.
We do not intend to collect or knowingly collect information from children. We do not target children with our products or services.
Last modification was made 24/05/2018.