Our Privacy Principles
We are bound by the GDPR (General Data Protection Regulation). We have adopted internal policies and procedures to ensure that personal information that we collect, store, use and disclose is dealt with in accordance with the GDPR. You can see the full text of the GDPR online at https://www.eugdpr.org/.
Information we collect
In order to provide our customers and consumers with our products and services, we may collect and use personal information about them. If we are not provided with all the personal information we request, we may not be able to supply our products and services to you, and you or your organisation may not be able to participate in future offers of goods or services which we supply.
The type of information we collect includes names, addresses, email addresses and other contact details. We may also collect additional details such as your age, gender and lifestyle habits if you partake in marketing surveys and provide consent. We may collect or store ‘sensitive information’ e.g. information about health. However, where we are required to and able to do so, we will ask for your consent before collecting your sensitive information and let you know the purpose at the same time.
However, credit card numbers are NOT stored in any form by us on any internal or external database – all transactions are completed through a secure payment gateway. We will retain your order information for 5 years.
Our Payment Service Provider is Sage Pay (formerly Protx) – the largest independent payment service provider (PSP) in the UK and Ireland. Sage Pay provides a secure payment gateway (Level 1 PCI DSS), processing payments for thousands of online businesses, including ours. It is Sage Pay’s utmost priority to ensure that transaction data is handled in a safe and secure way. Sage Pay uses a range secure methods such as fraud screening, I.P address blocking and 3D secure. Once on the Sage Pay systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards. Sage Pay is PCI DSS (Payment Card Industry Data Security Standard) compliant to the highest level and maintains regular security audits. They are also regularly audited by the banks and banking authorities to ensure that their systems are impenetrable. Sage Pay is an active member of the PCI Security Standards Council (PCI SSC) that defines card industry global regulation. In addition, you know that your session is in a secure encrypted environment when you see https:// in the web address, and/or when you see the locked padlock symbol alongside the URL. So when buying through our sites, you can be sure that you are completely protected.
How we collect personal information
Generally, we collect your personal information from you. For example, we may collect information from you when you register an account on our website or sign up to our email marketing database, or when you provide us with information, whether in person, by telephone, online or in writing. If you submit an order (including by telephone or online), we will collect information necessary to fulfil that order.
How we store personal information
We take all reasonable steps to keep secure any personal information which we hold about you and to protect your personal information from loss, misuse or unauthorised alteration. Any personal information you provide to us is stored on secure servers. We also maintain physical security procedures to manage and protect the use and storage of records containing personal information.
Our employees are obliged and trained to respect the confidentiality of any personal information held by us.
To help us protect your privacy, you should maintain the secrecy of the user names and passwords you use to access and use our websites.
We are not responsible or liable for the security of data sent via the internet.
Purpose of collection
We collect, hold, use and disclose personal information so we can:
· meet our legal obligations;
· identify our customers, potential customers and their representatives as well as the consumers of our products;
· provide our products and services or other benefits to you;
· communicate with you;
· inform you of any initiatives we think may be of interest to you;
· inform you about our products and services, the benefits of using our products and about offers or other benefits that may become available;
· seek your opinion or comments about our products and services;
· carry out billing and debt recovery activities;
· carry out our management, administrative, quality assurance and complaint handling activities in a professional and efficient manner;
· develop and implement initiatives to improve our products and services; and
· contact you to enable us to manage your account (if any) and fulfil our obligations to you or your organisation.
We usually disclose the personal information we collect to our related entities, service providers and contractors that help us supply our products and services. For example, we may disclose the personal information we collect to our information technology providers, providers of marketing and promotional services, professional advisers such as legal practitioners and accountants, debt collectors and insurers.
Except as indicated above, we will not disclose your personal information to a third party unless:
· you have consented to the disclosure;
· the third party is our service provider or contractor, in which case we will require them to use and disclose the personal information only for the purpose for which it was provided to them;
· the third party is a person involved in a dealing or proposed dealing (including a sale) of all or part of our assets and business;
· the disclosure is to a related entity; or
· the disclosure is permitted, required or authorised by or under law.
We may use personal information to advise you of new products and marketing initiatives that we think may be of interest to you. This may include product or service offerings, newsletters and general information about us.
If you prefer not to receive information about our products and services, you can ask to be removed from the relevant circulation list by contacting us using the contact details listed below or follow the unsubscribe link at the bottom of all our marketing emails.
We never disclose personal information to a third party for the purpose of allowing them to direct market their products or services to you, unless you have expressly consented to that disclosure.
We may contact you from time to time for market research purposes. We may contact you by email, phone or mail. We may use the information we collect from you to customise our websites according to your interests.
Access, quality and correction
If at any time you want to know what personal information we hold about you, you are welcome to request access to that information by contacting us at the contact details listed below.
We always try to make sure that the information we hold about you is accurate, complete and up-to-date. If at any time you believe the personal information that we hold about you is incomplete or inaccurate, please let us know by contacting us at the contact details listed below. We will use all reasonable efforts to correct the information.
Websites and cookies
To ensure we are meeting the needs and wants of our website users, and to develop our online services, we may collect aggregated information by using cookies or similar electronic tools.
Cookies are unique identification numbers like tags that are placed on the browser of our website users. These cookies are used to retain login and location information in order to make your experiences more convenient and personal. No other business or organisation has access to our cookies.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
We do not use this technology to access your personal information in our records and you cannot be personally identified from a cookie. You can find out more about the way cookies work on www.cookiecentral.com and www.allaboutcookies.org.
Changes to this policy
As our business evolves, our business processes and policies will be reviewed and may be amended. We may change this policy at any time. We will notify you of any change by posting an updated version of the policy on our website. Please be aware that it is your responsibility to check our website and make sure you keep up-to-date with any changes to this policy.
We are committed to constantly improving our procedures so that your personal information is treated appropriately. If you feel that we have failed to deal with your personal information in accordance with this policy or GDPR, please contact us at the contact details listed below so we have an opportunity to resolve the issue to your satisfaction.
Our privacy officer will:
· listen to your concerns and grievances;
· discuss with you the ways in which we can remedy the situation; and
· put in place an action plan to resolve your complaint and improve our information handling procedures if appropriate.
If you require more detailed information about how we deal with personal information or if you have any concerns about how we have dealt with your personal information, please let us know by contacting us at:
We will aim to respond to your concerns as quickly as possible.