This Policy describes:
- what information we may collect about you
- how we will use the information we collect about you
- when we may use your details to contact you
- whether we will disclose your details to anyone else
- your choices regarding the personal information you provide to us
We are committed to safeguarding your personal information. Whenever you provide such information, we are legally obliged to use your information in line with all applicable laws concerning the protection of personal information, including the Data Protection Act 2018 and the European General Data Protection Regulation, namely Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 repealing Directive 95/46/EC, also known as the “GDPR” (these laws are referred to collectively in this Policy as the “data protection laws”).
WHO WE ARE
This Policy is issued on behalf of the Hazell & Gray Design Limited, responsible for processing your data. Hazell & Gray Design Limited (reg. no. pending), with registered address at Nuneham Park, Oxford, OX44 is the controller and responsible for this website.
We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below.
We are not currently required to register as a Data Controller under the Data Protection Act 2018 with the Information Commissioner’s Office.
This Policy applies to anybody who browses our webpage(s) or who provides personal data via our webstore portal at www.hazellandgray.com (our “Website”). It also applies to those who request communication via our Website, orders products via our Website, those who post material on our Website, and to personal data processed in pursuit of our own marketing and business development efforts. We may also ask you for personal data when you report a problem on our Website.
This policy does not apply to the personal data of our Job Applicants, Employees, Agents and Contractors. The fair, lawful and secure processing of these types of data is governed by other company policies outside the scope of this Policy.
This Website is not intended for children and we do not knowingly collect data relating to children.
CHANGES TO THIS POLICY
We reserve the right to amend this Policy from time to time. This version of the Policy was last updated on 11 July 2019. We will publicise any updates to this Policy by way of our Website.
We reserve the right, in the event that we buy or sell all or part of our business or assets, to disclose personal data held by us to the prospective seller or buyer of such business or assets.
By submitting personal data to Hazell & Gray you acknowledge and accept the practices described in this Policy.
We will endeavour to bring this Policy to your attention every time we ask for your personal information and we will seek your specific consent whenever this is required.
PERSONAL DATA WE COLLECT FROM YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity concerned has been removed.
We may collect (and subsequently use, store and transfer) the following personal data about you:
- when you sign up for our newsletter, e.g. your name, email address and county;
- your name and contact details when making an enquiry, or registering as a customer, or otherwise submit data via this Website;
- when you place an order with us for our products: your name and delivery address, contact details (email address, phone number) and bank and payment details;
- when you browse this Website: technical data including internet protocol (IP) address, browser type and settings and other information about your device
- your marketing preferences, which may be adjusted or withdrawn at any time;
- information you provide when you complete surveys or enter competitions or enrol in promotional events;
- information about your use of our Website and apps;
- when you make a data subject access request.
You are not obliged to provide your personal data to us, but if you fail to provide personal data required to allow us to fulfil our contract with you, for example a delivery order for our products, we may not be able to carry out the contract and may have to cancel the relevant order or service in these circumstances.
We will only use your personal data when the law allows us to. The following schedule summarises the types of data processing activities we will undertake in relation to personal data subject to this policy:
|Information we Process||Purposes for Processing||Legal Basis for Processing|
|Any personal data you provide to us on or after registration, such as names, contact details, occupation, purchase history, etc.||(1) To facilitate the delivery of the services offered on this Website by:· establishing and maintaining contact between us and you;·to provide you with information regarding products or services reflecting your preferences and which we feel may interest you;·to process and deliver your orders, including managing payments, fees and charges;·providing training and receiving feedback;·any other requests you may have as a user of this Website.|
(2) To deliver promotional materials when:·specifically requested;·consent is given by way of your marketing preferences;·authorised in the context of a specific request.
(3) To allow you to participate in competitions, prize draws, surveys or special features of our Service, if you choose to do so;
(4) To notify you about changes to our services and policies;
(5) To publish reviews and testimonials;
(6) To promote security and good practice on the Website, to investigate suspicious activity, and to ensure the Website is being used for legitimate purposes.
|(1) The performance of our contractual obligations to our Customers.|
(2) The performance of our contractual obligations to users of this Website.
(3) Your consent (private individuals) or our legitimate interests, specifically the pursuit of our own marketing and business development efforts.
|Information you generate when you visit our Website or our apps||To:(1) Ensure that content from our Website is presented in the most effective manner for you and your device;(2) to administer and protect our business and the Website, including troubleshooting, data analysis, testing, system maintenance, reporting and hosting od data;(2) provide and/or enhance functionality on our Website;(3) analyse the performance of our Website;(4) to use data analysis to improve our products and customer experience, marketing, customer relationships;(5) deliver relevant marketing from time to time from us and our partners.||Our legitimate interests, namely monitoring and improving our Website and level of service to customers, and your consent whenever required.|
You will only receive marketing communications from us if you have signed up for our newsletter or requested to receive marketing communications from us in the past.
We will ask for your express opt-in consent before we share your personal data with any third party for marketing purposes.
You may ask us to stop sending you marketing messages by clicking on the “unsubscribe” link in our marketing messages. You may also opt out of marketing at any time by sending an email to email@example.com
Any opt out requests will not apply in respect of personal data provided to us for the purposes of fulfilling an order.
DISCLOSURE TO THIRD PARTIES
You understand and acknowledge that we use third party service suppliers to facilitate business transacted via this Website. These suppliers have given contractual undertakings that they will safeguard personal data disclosed to them in the course of providing such services in accordance with our instructions, and have agreed to be held liable in the event of any breach of data protection law for which they are responsible.
In addition to these suppliers, there are other third parties with whom we may need to share your personal information for the reasons set out below:
|Third Party||Purposes for Processing||Legal Basis for Processing|
|Companies within our corporate group (including affiliates and ultimate beneficial owners), or who acquire a controlling interest in our business or its assets||To facilitate the provision and promotion of our business and to monitor our business development.||The performance or negotiation of the contractual relationship between us and our customers, and our legitimate interests, specifically the pursuit of our own marketing and business development efforts, and your consent whenever required by law.|
|Suppliers, such as payment merchants, software/IT systems and PR agencies||To facilitate the provision, promotion and sale of our products via this Website.||The performance or negotiation of the contractual relationship between us and our legitimate interests, specifically the pursuit of our own marketing and business development efforts.|
|Professional advisors, such as accountants and solicitors||Only when necessary, and limited to what is necessary.||Our legitimate interests, namely the proper administration of our business, or fulfilling our legal obligations to users of this Website or in relation to enforcing or defending legal claims.|
|Competent authorities, such as regulatory authorities, the Police and HMRC||Only when compelled to and/or when under an obligation to do so.||Compliance with legal obligations, such as for the purposes of fraud reporting or other criminal activity, or in order to apply or enforce.|
YOUR DATA SUBJECT RIGHTS
We are committed to guaranteeing the statutory rights of individuals. If you send us a request regarding your rights under data protection law, we will respond within 30 calendar days of receipt and, where possible, address your request within such time. Where necessary, this period may be extended by up to a further 60 days.
The persons to whom this Policy applies are under no statutory or contractual obligation to provide personal data to Hazell & Gray. However, should you decide to submit personal data to us, you will have the following rights, as a data subject, under data protection law as summarised below:
|the right to be informed||the right to access||the right to rectification|
|the right to erasure||the right to restrict processing||the right to object to profiling|
|the right to data portability||the right to complain to the Information Commissioner’s Office||the right to withdraw consent (e.g. to direct marketing)|
Please note these rights may not always apply, for example if fulfilling your request would require us to reveal personal data relating to another user, or if you ask us to delete information which we are required by law to keep or have a compelling legitimate interest in keeping. If this is the case, then we will let you know at the same time as we respond to your request.
Hazell & Gray does not engage in profiling which is capable of producing legal or other significant effects for individual data subjects.
Detailed information on the content and the means to exercise your rights is provided by the United Kingdom’s Information Commissioner’s Office, available here.
In respect of personal data within the scope of this Policy, we will retain such personal data until you advise us to securely dispose of it, or until it becomes outdated, or it is no longer appropriate for us to retain such data. It is your responsibility to inform Hazell & Gray of any material changes to your personal data to ensure it is accurate. Outdated personal data will be periodically deleted in accordance with our internal data retention policies.
We have taken appropriate technical and organisational measures to ensure our own and our suppliers’ information security standards are appropriate to the risks associated with the personal data processing we undertake. Our security objectives include guaranteeing the confidentiality, integrity and availability of personal data and the resilience of the systems that process it. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Where applicable, it is your responsibility to keep the password provided to you on registration secure and confidential at all times. We will not be held liable for any breach of data protection law arising from your improper use of the Website, or due to your password details being disclosed to any third party. In the event you have reason to believe your interactions with us are not secure, or the integrity of your login has been compromised, please contact us immediately.
Neither we nor any of our data processors transfer personal data to countries outside of the European Economic Area.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies. Cookies are very easy to delete and block.
Most, if not all, browsers allow you to refuse to accept cookies by adjusting your settings. For example: (1) in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector; (2) in Firefox you can block all cookies by clicking “Tools”, “Options”, and un-checking “Accept cookies from sites” in the “Privacy” box.
You can also delete cookies already stored on your computer: (1) in Internet Explorer, you must manually delete cookie files (you can find instructions for doing so at http://support.microsoft.com/kb/278835); (2) in Firefox, you can delete cookies by, first ensuring that cookies are to be deleted when you “clear private data” (this setting can be changed by clicking “Tools”, “Options” and “Settings” in the “Private Data” box) and then clicking “Clear private data” in the “Tools” menu.
Doing this may have a negative impact on the usability of many websites. In the case of our Website, disabling cookies means its functionality will be impaired.
In relation to any queries about this Policy or any other data protection matters, please email our DPO at firstname.lastname@example.org
© HAZELL & GRAY DESIGN LIMITED. REGISTERED IN ENGLAND NO. PENDING
VAT NUMBER GB PENDING REGISTERED OFFICE: HAZELL & GRAY, NUNEHAM PARK, OXFORD, OX44