T-shirtzone.co.uk ("We") are committed to protecting and respecting your privacy.
This Policy sets out the basis on which we collect personal data from you and the way in which it will be processed by us. Please read this Policy carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purposes of the relevant data protection legislation, the “controller” (or “data controller”) is: T-Shirtzone.co.uk. 49 Halton Road, Lancaster. LA1 2EA. Questions, comments and requests regarding this Policy are welcomed and should be sent to sales (at) t-shirtzone.co.uk .
• We only use the personal information you provide on a lawful contractual basis to process your order, process your payment, deliver your order and for business record-keeping as required by HMRC.
• We have no access at all to your card details (ie. we do not see, receive or store them) - our payment processor (Paypal) handles all card data on their own secure webpages.
• You can see all of the personal data (including details of previous orders) we hold on you at any time by logging into your account on our website and looking at the 'My Account' section. Apart from some performance statistics (number of page views, length of time on website etc. which are deleted at the end of each month) that is all we keep.
• We do not give/sell/swap/loan/share (etc.) your personal data with anyone apart from our payment processor Paypal, and Royal Mail who are given your name, address, phone number and email address, as appropriate.
• Cookies on our website are purely functional - so our website knows who you are and what you have in your basket (or not) at any time - they do not track you outside of our website.
• We do not take part in any marketing or advertising schemes or place anything on your computer to track you around the web - we hate that sort of thing too.
HOW WE USE YOUR PERSONAL DATA
We collect different types of information about you for the following reasons:
• Performance of Contract - this means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. This means for the provision of goods to you that you have ordered on our website.
• Legitimate Interest - this means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
• Comply with a legal or regulatory obligation this means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to, such as keeping business records for HMRC and Customs & Excise, or to comply with The Sale and Supply of Goods Act 1994, for example.
• If we have your permission, to market specific goods or services to you. We will make sure it is clear when you are able to give us permission to do this, for example, we have an online form and boxes that you need to tick if you want to receive a product updates newsletter [NOTE: we do not currently offer a newsletter service].
WHEN DO WE COLLECT INFORMATION
We collect information on you:
• when you place an order with us and/or create an account on our website;
TYPES OF PERSONAL DATA WE COLLECT
The minimum information we need from you so that you can place an order on our website is your company name, a contact name, your invoice and delivery address, a telephone number (the courier needs at least one phone number in case he can't find your address and needs to call you) and email address.
In processing your order we may use your data in the following ways:
• to provide you with our products and services on a lawful contractual basis, which includes managing, processing and despatching your orders as well as arranging for the processing of payments for your orders;
• to manage your customer account and to keep adequate records of your past purchases;
• to contact you regarding your order, or if we change the way that our products or services work;
• to email you about other products and services we think may be of interest to you based on your previous purchases and enquiries (only if you have given us your permission to do so - we do not currently offer a newsletter); and
• to send you our product updates newsletter (if you have given us your permission to do so).
We also collect technical information about you when you visit our site in order to help us monitor or improve the products or services we offer. This information includes the IP address of the computer used to connect to our site, browser type and version, time zone setting, operating system and computer platform. We will also collect information about your visit to our site, including the full URL used to access our site, products which you have viewed or searched for, how long you have visited certain pages. This helps us to monitor and improve on the products and services we provide. In doing so, we may use your data in the following ways:
• to improve our site so that content is presented in the most effective manner for you and for your computer;
• as part of our efforts to keep our site safe and secure;
• for troubleshooting, data analysis, testing, research, statistical and survey purposes; and
• to provide customers with the opportunity to manage their orders online.
This data is deleted automatically at the end of each month since it can grow quite rapidly.
Please note that we do not use Google Analytics or any other form of tracking or analysis cookies/software that could track you once you leave our site - we hate that too.
If we need to process your personal data for a reason which is not outlined above, we will contact you in order to obtain your prior consent for such use.
WHEN WILL WE SHARE YOUR PERSONAL DATA?
We will not share/sell/loan/give/swap (etc.) your personal data with any third parties for marketing purposes - that means none at all, in any way.
We will however, share your personal data with the following parties (“Third Parties”), for the following necessary and purely functional reasons:
• SagePay (our payment processor) and WorldPay (the bank that handles our card transactions) in order to process your card payment. Note we do not handle or have access to any card data you enter apart from the name of the card issuer and the last 4 digits of the card number - all card details are entered by you directly onto SagePay's secure payment page and are stored by them under their own security procedures.
• Courier services/postal that deliver your order: currently DPD and Tuffnells.
• Card fraud agencies (such as Third Man) to verify the card you're using isn't reported stolen or lost.
We reserve the right to disclose or share your personal data in order to comply with any legal requirements, enforce our terms and conditions (https://www.lunesdale-pumps.co.uk/content/3-terms), or any other agreement we enter into with you, or to protect the rights, property, or safety of our business and other customers. This includes exchanging information with other companies and organisations for the purposes of fraud protection and risk reduction.
WHERE WILL WE STORE YOUR PERSONAL DATA?
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use industry standard security features to try to prevent any unauthorised access to your personal data.
HOW LONG WILL WE KEEP HOLD OF YOUR PERSONAL DATA
How long we will store your personal information depends upon the type of information we are holding and the purpose for which we need it.
We will keep your data for the period of time you hold an account with us, to enable us to contact you, keep a record of your past orders and supply you with any new orders. We will not keep your personal information for any longer than necessary to fulfil our obligations to you or to meet our legitimate business interests or legal requirements. These requirements include the legal requirement imposed by HMRC and HM Customs & Excise, and The Sale and Supply of Goods Act 1994 for us to keep business records for a period of 6 years after the tax year to which those records relate.
Where you have given us your permission to contact you for marketing purposes, including to receive our product updates newsletter, we will contact you every five years from the date on which you originally gave your permission to ensure that you still wish to be contacted in this way. (Note: we do not currently offer product update newsletters, so will only contact you about your order.
You have the following rights:
• to request that we provide you with a copy of the information we hold about you (“Access Request”);
• to request that we rectify any information we hold about you (“Right to Rectification”);
• to request that we erase any information we hold about you (“Right to be Forgotten”);
• to restrict the level of processing we carry out with your information (“Restriction of Processing”);
• to obtain from us all personal data we hold about you in a structured, machine readable form, and have this information transmitted to another organisation (“Data Portability”);
• to object to our processing your information in certain ways (“Right to Object”); and
• to withdraw your consent at any time to our processing of your data.
Please see the relevant sections below for further details on your rights as a data subject. You can exercise any of the above rights by emailing us at firstname.lastname@example.org. You also have the right to lodge a complaint with the Information Commissioners Office if you are unhappy in any way with how we treat your personal information.
You have the right to request a copy of the information that we hold about you at any time. Please note that in most circumstances, we will not make a charge for this, however we may make a reasonable fee based on administrative costs for any further copies requested.
We will comply with any request made under this section as soon as possible, and normally within one month from the date of your request.
Please note you can access all of the personal information we hold about you, including your order history, from the customer area of our website once logged in. All of this information can be printed from your browser at any time.
RIGHT TO RECTIFICATION
You have the right at any time to ask us to rectify any personal data that we hold for you which is incorrect or incomplete.
If we have disclosed any incorrect or incomplete data to any third parties, we shall inform them of any necessary amendments or corrections made to your personal data under this section.
RIGHT TO BE FORGOTTEN
You have the right to ask us to erase the personal data we hold about you in circumstances where:
• it is no longer necessary for us to handle your personal data for the purpose for which it was originally collected;
• you have withdrawn your permission for us to hold your personal data (where this was the basis on which it was collected or used);
• you object to the processing of the data and there is no lawful overriding reason for us to continue processing your personal data;
• the personal data was unlawfully processed; or
• we have to erase your personal data in order to comply with a legal obligation.
RESTRICTION OF PROCESSING
You can ask us to restrict how we use your data in the following circumstances:
• where you believe that the information we hold about you is inaccurate, you can ask that we refrain from using your data until we can verify the accuracy of it;
• where we have unlawfully processed your data, you can ask that we restrict our usage of it rather than erase it completely; or
• where we no longer need to hold your information, but you wish us to retain your information for the purpose of establishing, exercising or defending a legal claim.
AUTOMATED DECISION MAKING
We do not use any form of automated decision making.
You have the right to obtain from us all personal data which you have provided to us in a structured, commonly used and machine readable form, provided that such data was processed based on your consent, or for the purpose of a contract between us and the processing was carried out by automated means.
This will allow you to move, copy or transfer personal data easily from one IT environment to another. Alternatively, we can transmit such data directly to another organisation.
Please note that we will not be able to comply with a data portability request if this will affect the rights and freedoms of others.
DATA TRANSFER OUTSIDE THE EEA
We do not transfer personal data outside of the EEA.
RIGHT TO OBJECT
You have the right to object, on grounds relating to your particular situation, to our processing of your personal data where we are doing this for the performance of a task carried out in the public interest (which we will have told you about, if applicable), or where we are carrying out processing for the purposes of legitimate interests pursued by us.
THIRD PARTY WEBSITES
Our site may contain links to other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for them. We advise you to check these policies before you submit any personal data to these websites.
CHANGES TO THIS POLICY
DATE OF LAST REVISION
This document was last revised 22nd May 2018