Data Protection and Privacy Policy
G&S Specialist Timber takes your privacy and the protection of your data very seriously. We are committed to complying with all data protection laws applicable to the United Kingdom.
This privacy policy explains how we collect, use, and share your data as well as how to manage your marketing preferences and a confirmation of the rights you have over the control and use of your data. It is important that you read this privacy policy so that you are aware of how and why we are using your personal information.
We may occassionally update our privacy policy. When we make significant changes to the policy we will also notify you via our email newsletter.
If you have any questions regarding our privacy policy or you object to any changes made in the future, please contact our Data Protection Officer using the contact details at the end of this policy.
Contents
- Who we are
- Why we collect your personal data
- What information we collect about you
- How we use your data
- How we share your personal data
- How we protect your personal data
- Where we process your personal data
- Your rights over your personal data
- Updating your direct marketing preferences
- How long we keep your information
- Complaining about our use of your data
- Contact us
Who we are
G&S Specialist Timber is registered as Alpaca Centre Ltd. in England and Wales, number 04390444. For all our services, the data controller responsible for the privacy of your data is Alpaca Centre Ltd.
Throughout this policy, ‘we’, ‘us’ and ‘G&S’ are used to refer to G&S Specialist Timber.
Why we collect your personal data
It is necessary for us to collect and process personal data so that we, as a retailer, may provide a service and fulfill any obligations to you (as a visitor, user or our customer) . The EU General Data Protection Regulation (Regulation EU 2016/679), (GDPR) sets out in law a number of different reasons why a company may collect and process your personal data. We use the following lawful bases for processing your personal information:
Consent
We may process your information in situations where we have gained your explicit consent. For example, when you subscribe to receive our email newsletter.
You have the right to withdraw your consent to marketing at any time by unsubscribing (via the link in every newsletter) or by contacting us using the contact details at the end of this policy.
Contractual obligations
We process personal data to comply with contractual obligations. For example, we need to collect your delivery address and phone number and pass these on to our couriers in order to deliver your purchase to you.
Legitimate interest
We require your data to pursue our legitimate interests in a way which might reasonably be expected and which does not impact your interests, freedoms and fundamental rights. For example, we may use your order history to send you personalised offers by email.
Legal compliance
Sometimes we are required to collect and process your data to comply with our legal or regulatory obligations. For example, we can pass details of fraudulent transactions or other criminal activity affecting our business to law enforcement.
What information we collect about you
Personal data
We have grouped the different kinds of personal information we may collect, use, share or otherwise process about you below:
- Your identity
- title, first name, last name, username or social identifier, date of birth and gender.
- your image may be recorded by CCTV if you visit our shop.
- Your contact details
- billing address, delivery address, email address and telephone numbers.
- Financial details
- bank account and payment card details.
- Transaction details
- payment transaction details to and from you (order receipts, refunds etc)
- Technical data
- Internet protocol (IP) address, login data (for registered accounts), browser type and version, time zone setting and location, operating system and platform and other technology on the devices you use to access our website. More information is on our cookies page
- Website usage data
- details of your visit and which site you came from to ours, the web pages viewed during your visit, any search terms you entered and the advertisements you clicked on. You are not personally identifiable from this data. More information is on our cookies page
- Marketing data
- what information you would like to receive from us and by what method (by email, by mail etc). This may also include us making a note of conversations we have had with you in person and/or communications you sent to us.This enables us to manage our relationship with you effectively and ensures you only receive communications from us that are relevant.
Aggregated Data
We may also collect, use and share some Aggregated Data about our customers' behaviour patterns and browsing actions. This data may be derived from your personal information but it does not identify you as an individual so is not considered personal data in law. For example, we may aggregate Usage Data to calculate the number of users visiting a specific website location.
Personal identification documents
Where the law requires or we deem it necessary to prevent fraudulent activity we may ask you to provide proof of age or identity (including your passport and driver’s licence). For example, when purchasing an age restricted item. This will usually include details of your full name, address, date of birth and facial image. All data provided in this way will be treated as personal data and used in accordance with this Privacy Policy.
How we use your data
We will only use your personal information when the law allows us to. The ways in which we use your data are given below. The legal main legal basis for each is given in brackets:
- To confirm your identity (contractual obligation).
- To process your orders (contractual obligation).
- To notify you on updates to your order (contractual obligation).
- To update and correct our customer records (contractual obligation).
- To notify you of new products, special offers, and important announcements (consent).
- To carry out statistical and market analyses, including benchmarking exercises, to enable us to understand you better and improve our services (legitimate interests).
- To develop, test and improve our systems (legitimate interests).
- To notify you about changes to our services (legitimate interests).
- To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes (legitimate interests)
- To improve our website to ensure that content is presented in the most effective manner for you and for your computer (legitimate interests).
- We record CCTV footage for both the security and well-being of visitors to our premises (legitimate interests).
How we share your personal data
We do not, and will not, sell any of your personal data to any third party for any purpose. However, we sometimes share your personal data with trusted third parties as an essential part of providing our services to you.
We share information with trusted third parties on the following basis:
- We provide only the information they need.
- They may only use your data for the exact purpose we specify.
- We work closely with them to ensure your privacy is respected and protected, including checking their compliance with relevant regulations such as GDPR and PCI DSS.
- If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Where necessary we may share your data with the following example categories of companies:
- Companies that enable us to get your purchases to you, such as payment service providers and delivery companies
- Professional service providers, such as marketing agencies, advertising partners, IT companies and website hosts who help us run our business.
- Credit reference agencies, law enforcement and fraud prevention agencies, so we can protect against fraud.
- Companies approved by you, such as social media sites (if you choose to link your accounts to us) or payment providers such as PayPal where you choose to use their payment service.
- Advertising platforms such as Google and Facebook to show you products that might be of interest to you whilst browsing the internet.
- Direct marketing services to send our newsletter
- Professional advisors such as our auditors, regulators, external legal and financial advisors.
We may, in exceptional circumstances, share your information with third parties for their own purposes. For instance, we may be required by law to disclose your personal data to the police or other enforcement, regulatory or Government bodies. This information is shared on the basis of legal compliance.
To help personalise your experience on our website we currently use the following companies who in specific scenarios will process your personal data as part of their contract with us:
- Reviews.co.uk
You have the right to object to any of this processing at any time. If you wish to do this, please contact us using the details at the end of this policy.
How we protect your personal data
Your data security is important to us and we take all appropriate steps to safeguard the collection, transmission and storage of the data we collect.
All areas of our website are protected with secure, encrypted connections. Access to your personal data is password protected to ensure only those who need to see it are able to..
If you use your credit or debit card to purchase from us, we will ensure that this is carried out securely. Online transactions are processed by our payment gateway and we have no access to your card details. If you pay over the phone we enter your card details directly into our card reader and we do not store them. We are compliant with the payment card regulations (PCI DSS) and we carry out annual checks on our payment gateway providers to enure they are too.
Where we process your personal data
We store your data on secure servers in the UK. However, sometimes we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA). Examples of this include:
- when placing an international order we’ll need to transfer your personal data between countries to enable us to supply the goods or services you’ve requested.
- if you subscribe to our newsletter your name and email address are stored on servers in the USA
Your rights over your personal data
If you choose to share personal data with us you have rights relating to your personal information. You have the right to request:
- Access to the personal data we hold about you. There will be no charge for this in most cases.
- That any inaccurate personal data is corrected.
- Your personal information is erased, not processed, or collected where there is no good reason for us to continue doing so. Otherwise known as `the right to be forgotten`.
- We stop using your personal data for direct marketing.
- We transfer your data to you for use with another service provider.
We may need to request specific information from you as a security measure. This is to confirm your identity and prevent personal information being disclosed to any person who has no right to receive it. We aim to respond to all legitimate requests within one month. Occasionally it may take us longer if your particular request is complex or you have made a number of requests.
If we choose not to action your request we will explain to you our reasons for refusal.
If you are not happy with our response you may complain to the data protection regulator.
Updating your direct marketing preferences
If you want to stop receiving direct marketing communications from us you can:
- Use the unsubscribe or edit preferences link in any email newsletter
- Contact us directly with the request by email, telephone, or in-store.
When editing your preferences you will have the option to select the types of marketing you receive and by what means. You can also opt to unsubscribe from all direct marketing communications. There may be a small delay in updating your preferences whilst our systems update.
You may request that your online account is deleted by contacting us. Once deleted, your data, including previous order history, cannot be recovered. We will still keep transactional records for as long as we are legally required to do so.
How long we keep your information
When we collect or process your personal information we will only keep it for as long as needed to provide our services to you and to comply with our legal and contractual obligations. At the end of that retention period, your data will be either deleted or anonymised. If we anonymise your data it may be used in a non-identifiable way for statistical and business planning purposes.
For purposes such as tax, accounting and warranty we will keep a record of all orders placed with us for the legally required duration of seven years.
Complaining about our use of your data
We hope that you are confident that we are looking after your personal data properly. However, if you wish to make a complaint about the way we collect, store or use your personal data you can contact the Information Commissioner’s Office (ICO) by calling 0303 1231113 or contacting them via their website: www.ico.org.uk. You may also contact them if you are unhappy with our response to any data requests you have made to us
If you are based outside the UK, you have the right make your complaint tothe relevant data protection regulator in your country.
Contact us
If you have any questions about this Privacy Policy, please contact our Data Protection Officer who will be pleased to help you.
Call us:
01768 891445
Email us:
Write to us:
Data Protection Officer
G&S Specialist Timber
The Workshop
Snuff Mill Lane
Stainton
Cumbria
CA11 0ES