Privacy Statement and your rights under GDPR
This Privacy Statement explains in detail the types of personal data we may need to collect from you when you order from us or submit a query to us, together with how we’ll securely handle and store that data.
The privacy of all our offline and online customers is extremely important to us and we are committed to protecting your privacy.
We trade as P.P.Enhancements Limited (PPE), and will be the “controller” and “processor” of the personal data you (as a customer) provide to us. Bowsandwhistles.co.uk is a trading company of PPE.
For simplicity throughout this statement, “we” and “us” means PPE and bowsandwhistles.co.uk.
Reasons for collecting and processing personal data
There is a number of different reasons, as set out within the law on data protection, for which we may collect and process your personal data. These include:
- Consent – you have given us clear consent for us to process your personal data for a specific purpose; e.g. If you tick a box confirming you would like to receive updates from us.
- Contract – processing your data is necessary for a contract we have with you; e.g. in order for our delivering agent to deliver your parcel we will need to obtain your address and contact details.
- Legal obligation – the processing is necessary for us to comply with the law; e.g. we have a responsibility to pass on details of people involved in criminal activity to the appropriate law enforcement agency. We have a legal obligation to retain appropriate records, for example for accounting purposes.
- Legitimate interests – the processing is necessary for our legitimate interests insofar as it may reasonably be expected as part of the running of our business; e.g. selling and supplying goods, or handling customer queries.
What personal data do we collect?
You usually provide us with your personal details when you:
- create an online account with us;
- purchase a product over the telephone or online;
- leave a review or query on our website; or
- e-mail an order or enquiry to us.
The nature of the personal data provided can include, but is not limited to:
- Company name
- Billing/delivery address
- Email address
- Telephone number(s)
- Bank account details (where appropriate, e.g. to facilitate payment of our suppliers).
We do not collect or hold any highly sensitive data, such as health details/religious or political views nor credit/debit card information. Our data is the minimum required to complete orders, and unless otherwise agreed with you is only basic personal data.
How and why we collect your personal data
In order to process and deliver customers’ orders we need to collect certain details from you, which we may keep for a reasonable period of time afterwards to ensure customer satisfaction with the product(s) ordered and to facilitate repeat orders. In addition, your details will usually need to be passed to a third party delivering agent in order for the item(s) to be successfully delivered. We need to collect your personal data during the checkout stage of ordering to ensure that we can process your order and comply with our contractual and legal obligations.
We also need to ascertain certain details from you to respond to customer queries or complaints (either verbally or in writing). We may keep a record of these to inform any future communications.
We do not monitor or analyse specific personal data and we do not use your personal data to generate income unless you have specifically consented to receiving offers or marketing material from us. We do collect and analyse certain website usage data for legitimate business purposes but this is not specific in nature and does not contain customers’ personal data.
We may use technology to track the patterns of behaviour of visitors to our website. This can include using a “cookie” which would be stored in your browser. The information collected in this way can be used to identify you although you can modify your browser settings to prevent this.
How we protect your personal data
Data security is of the utmost importance to us, and we have implemented a number of measures to keep your personal details safe. The administrative access to our websites are password protected, and third party websites which hold customer data are also secured with regular password updates.
We have taken steps to protect our websites from a cyber security attack, and regularly test our security measures. We also have internal policies setting out our data security approach and undertake staff training on this topic.
The personal information that you provide will be held securely in accordance with our internal security policy and the law.
How long will we keep your personal data?
Whenever we collect or process your personal data, our intention is to keep it for the purpose of assisting each individual customer, until such time that the information would no longer be useful for processing repeat orders.
Who do we share your personal data with?
The day-to-day running of our business requires us to sometimes share your personal data with trusted third parties. For example, in order to deliver your order we will need to provide our external delivery agents with your address and contact details. Other parties who may have secure access to your data include our website developers, stock control- and accounting-system suppliers (access only), external suppliers where goods are sourced for customers, and PPE employees (in their capacity as data processors).
In order to keep your data safe, we only provide the information third parties need to perform their specific services. We monitor our Suppliers’ Privacy Policies to ensure that your privacy is protected. No personal information is sold or traded to any party outside PPE.
What are your rights over your personal data?
You have the right to request confirmation of the personal data we hold about you at any time, together with the right to amend any aspect of your personal data if it is incorrect, out of date or incomplete. You can check the information we hold about you by emailing us at email@example.com and we will promptly rectify any inaccuracies.
Under the European General Data Protection Regulation (GDPR) in some instances you also have the “right to be forgotten” if you no longer want us to process your personal data and we have no other legal grounds to keep it. In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue.
If you have any questions about the information we hold about you, please contact us in writing at the below address:
Unit 9, Wolf Valley Business Park
Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any request you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. You can contact the ICO by calling 0303 123 1113 or go online to www.ico.org.uk/concerns.