As we receive data from our customers we have to be clear and concise as to what we collect and how we use it. Also, what we store and what we don`t.
The following page has been produced to make it clear to our customers what data we collect, how we use it and what their rights are. We are doing this to comply with the new standards required and be totally transparent.
When a customer places and order or creates a profile on our website we collect basic information:
Name, Address, email address, and phone number.
When a customer places an order on our website we collect the same data as above, also if the billing address is different we collect that as well.
Card details which are entered are never seen by us, we use Secure Trading and when a transaction has occurred we can only see a portion of the card details, we do see the expiry date but not the three digit security number.
The is all the info we hold.
We do not send out offer emails like some companies do on a daily basis.
The only emails you may receive from us are order updates, one off offers (these are very rare) or occasionally we may ask for feedback on the sales process or ask for images of the wall mounted electric fire. If at any stage you don`t want to be contacted by us in any form then let us know.
We do not call you unless we need to speak to you about your order.
We do not under any circumstances share any data with any other organisations or people.
Below we will highlight all aspects of data control and protection which we are guided to make publicly known.
- Your company has a list of all types of personal information it holds, the source of that information, who you share it with, what you do with it and how long you will keep it.
- We maintain this data in a spreadsheet which is password protected and only the MD on the company has access to this spreadsheet.
- Your company has a list of places where it keeps personal information and the ways data flows between them
- Information is held on the above master spreadsheet, on the website database (password protected), paypal, ebay, amazon and our merchant account with Secure Trading.
- That is this webpage
- Personal information is needed to process the sale of wall mounted electric fires, payment making, delivery and then we maintain the customers basic data for the after sales process incase of warranties etc.
- Your company has appointed a Data Protection Officer (DPO)
- Chris Eltham - MD is the DPO
- Create awareness among decision makers about GDPR guidelines
- The whole workforce are aware but only the DPO has access to the information
- Make sure your technical security is up to date.
- Paypal, Secure Trading, Amazon, Ebay and CS Cart are all secure and protected. The Excel Spreadsheet with the information on is password protected and only the DPO knows this password.
- If your business operates outside the EU, you have appointed a representative within the EU.
- We don`t operated outside the EU.
- You report data breaches involving personal data to the local authority and to the people (data subjects) involved
- If this ever occured, which it hasn`t we would follow our obligations.
- There is a contract in place with any data processors that you share data with
- We don`t share any data only with Parcelforce and DX Freight our couriers.
- Your customers can easily request access to their personal information
- Anyone who places and order can setup and account where they can view this, if they checkout as a guest they can email or call us and discuss the information we hold and we can send this to them without an issue.
- Your customers can easily update their own personal information to keep it accurate
- As above
- You automatically delete data that your business no longer has any use for
- We only hold address and contact information over the long term incase customers have issues with their fireplaces so we can track their order down.
- Your customers can easily request deletion of their personal data
- An email or phone call and we will do this, we will highlight that it will make it difficult to track an order down if we have no record of the customer.
- Your customers can easily request that you stop processing their data
- We don`t process customers data on an ongoing basis - if we do email asking for feedback or customer images and they don`t want us to contact them again the email will state that all they have to do is to reply with unsubscribe and we will remove their data.
- Your customers can easily request that their data be delivered to themselves or a 3rd party
- As above a simply phone call or email will make this happen.
- Your customers can easily object to profiling or automated decision making that could impact them
- Nothing like this occurs in our business.
- Ask consent when you start processing a person's information
- The customer is making an order for a product on our website, there is implicit consent in their actions.
- This document is clear and concise.
- It should be as easy for your customers to withdraw consent as it was to give it in the first place
- Very simple, quick phone call or email.
- If you process children's personal data, verify their age and ask consent from their legal guardian
- Children won`t be ordering off our website.
The above is our policies and we hope it`s clear and full - if our customers have any issues or concerns at all then please feel free to call or email us on:
0800 072 8669
Written by Chris Eltham - MD 16th May 2018