Paguro Limited – Privacy and Cookies Policy – May 2018
1. In a nutshell
We are not in the business of selling your personal information. Our underlying aim is to use your information solely to operate our website effectively and to comply with our obligations under our Terms and Conditions . Your privacy is extremely important to us and we appreciate the enormous level of trust that you are placing in us by providing your personal information to us. We are committed to ensuring that we fulfil our obligations and protect your rights under the law.
This Privacy Information explains how we use your personal data: how it is collected, how it is held and how it is processed. It also explains your rights under the law relating to your personal data.
3.What is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data and other online identifiers.
The personal data that we use on this site, including that collected in the process of online ordering, is set out in Part 5 below.
4. What Are My Rights?
Under the GDPR, you have the following rights, which we will always work to uphold:
a) The right to be informed about our collection and use of your personal data.
b) The right to access the personal data we hold about you.
c) The right to have your personal data rectified if any data is inaccurate or incomplete.
d) The right to be forgotten, i.e. you can request that we delete, shred or otherwise dispose of any of your personal data that have retained.
e) The right to restrict (i.e. prevent) the processing of your personal data.
f) The right to object to our using your personal data for a particular purpose.
g) The right to data portability. This means that you can ask for a copy of your personal data held by us to be re-used with another service or business.
h) Rights relating to automated decision-making and profiling.
Further information about your rights can also be obtained from the Information Commissioner’s Office (ICO) or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the ICO.
5.What Personal Data Do You Collect?
When you complete an order form, or submit an enquiry to us, the details contained in that communication will be collected. We may collect some or all of the following personal data
- Email Address
- Telephone / Mobile Number
- Billing Address
- Postal Address
However, we do not store credit card details. When paying for your purchase online, our payment gateway providers (PayPal and Stripe) will require you to enter your payment information on their websites. We do not store this information on our site. It is stored within the payment gateway provider’s server and is subject to their own Privacy Policies which can be found here:
- Please see our Cookies Policy below
6. Our Use and Disclosure of Information That We Collect:
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data will be used for internal use only:
- Data is processed to the extent necessary to enable us to fulfil our obligations to you under our Terms and Conditions;
- to provide an audit trail;
- to help us improve the content and functionality of the our website;
- to better understand our users;
- to protect against, identify or address wrongdoing;
- to enforce our Terms and Conditions.
- to returning a contact request
- to allow you to manage your account
- supplying you with any data as part of a data access request
- sending marketing material (where you have opted to receive such information, though you can unsubscribe or retract permission at any time)
Other situations in which your data may be made available to third parties: We may disclose any data if we are required to do so by law or reasonably believe that such action is necessary
- to comply with a legal obligation,
- to protect or defend our rights, interests or property or that of third parties,
- to prevent, investigate, or identify possible wrongdoing in connection with the website,
- to act in urgent circumstances to protect the personal safety of you or others, or
- to protect against legal liability.
We may store your data, either directly or within databases, on servers which are owned and maintained by our affiliates, agents or service providers. We take what we believe to be reasonable steps to protect the data from loss, misuse, unauthorised access, inadvertent disclosure, alteration and destruction. However, no Internet or e-mail transmission is ever fully secure or error free.
7. How Long Will You Keep My Personal Data?
We will not keep your personal data for any longer than is necessary in light of the reasons for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):
- Contact request submission data will be held for a period no greater than 3 months
- Desensitised / sanitised (removal of your personal data) financial data about orders will be held for a period of 6 years from the end of the current financial year as is legally required.
8. How and Where Do You Store or Transfer My Personal Data?
We will only store your personal data in the UK. This means that it will be fully protected under GDPR.
The security of your personal data is essential to us and we will always strive to protect your data, We take a number of important measures, including the following:
- Encrypted data transfer and storage
- Secure and restricted access to customer data
- Secure paper record shredding and digital data removal
9. Do You Share My Personal Data?
We will not share any of your personal data with any third parties for any purposes, subject to the following important exceptions.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are ever involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
While we do not share data with our web site developers (Xdev Limited), from time to time they are required to access data where there are issues with payments or registration. They are ICO registered and adhere to GDPR, any data used as part of their investigation; into any system issues, is deleted as soon as the issue is resolved.
10. How Can I Access My Personal Data?
If you want to know what personal data we have about you, you can contact our DPO for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 11.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within 1 month from the date the request is received. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request.
11. How Do I Contact You?
To contact our DPO about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:
(for the attention of Data Protection Officer)
Office 1013, 109 Vernon House
12. Cookies Policy
What are cookies?
Like virtually all websites, we keep an eye on how people find our website and how they use it – as this helps us to decide how we can make it better! We do this using harmless cookies which collect anonymous information – for example, about how many people visit our website each day and which pages were looked at the most. These cookies will be placed on your equipment automatically when you visit the website and by continuing to use it, you will be consenting to this.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you would prefer not to accept cookies, most browsers will allow you to: (1) change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; (2) to disable existing cookies; or (3) to set your browser to automatically reject any cookies. However, please be aware that if you disable or reject cookies, some features and services on our sites may not work properly because we may not be able to recognise and associate you with your account. In addition, the offers we provide when you visit us may not be as relevant to you or tailored to your interests.
Please note that cookies can’t harm your computer. We don’t store personally identifiable information such as credit card details in cookies we create.
Understand and save users’ preferences for future visits.
Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.
Instructions for blocking or allowing cookies in popular web browsing software
Internet Explorer 7 and 8
13. Third Party Links
Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
We use Google Analytics (GA) on this website, no data stored in the GA data can identify you as an individual, it collects device data (operating software, screen resolution, browser type and other basic device information) and uses this to track device interaction on the site. This data is used to establish where improvements with site structure and services can be made. We will never share this data with any parties other than Google, whom are only involved as it is the data processor and hosts the platform by which we can access the data.
15. Changes to this Privacy Notice & Cookies Policy
We reserve the right to update or modify this Privacy and Cookies Policy at any time by posting a new version of it on our website. Your continued use of the website after any changes or revisions to this Privacy and Cookies Policy indicates your agreement with the revised terms.
Any changes will be made available via this page on the website, so please check back regularly, we will always start this document with the last update date.