1 Policy Statement
2 General Information
3 What information do we collect?
3.1 When you register to use our services and/or our sites or order our products we may ask you to provide certain contact and payment information such as; your name, address, email address, and contact number. This may vary depending on whether you are purchasing products from our site for your personal use, or whether you are purchasing products on behalf of a business customer for use by a business.
3.2 We may also collect personal information when you contact us to make an enquiry or complaint. If you purchase with us on a regular basis, we will keep records of your order history (which will also be available to you).
3.6 We will not collect any sensitive personal data or special categories of data about you in connection with your use of our services and/or our sites.
4 What do we use your information for?
4.1 We may use your information for the following purposes:
(a) in the normal course of our business, to allow us to register you to receive our services and to provide you with our products on the basis that processing is necessary in order to perform our contract with you to provide our services;
(b) to allow us to manage your account on the basis that processing is necessary in order to perform our contract with you to provide our services;
(c) to allow us to analyse your personal preferences and personalise our services to you on the basis that processing is in our legitimate interests to optimise our sites;
(d) to store your data to pre-populate fields to make it easier for you to provide information when you return to our sites on the basis that processing is in our legitimate interests to optimize user experiences of our sites;
(e) whether you are acting on behalf of a business customer or in a personal capacity, we will use your contact details to get in touch with you about our products and services, on the basis that processing is in our legitimate interests to promote our products and services. Where you are acting on behalf of a business customer, such contact may be by way of a telephone call from one of our sales team and regular email updates, and if you are acting in a personal capacity, such contact will be by regular email updates. You will be able to opt-out of such communications at any time by following the unsubscribe link in any of the emails which we send you;
(f) to validate your information (and, in some cases, match it against information that has been collected by a third party) to check that the data we hold about you is accurate, consistent and up to date on the basis that processing is necessary in order to perform our contract with you to provide our services;
(g) to comply with any legal obligations to which we are subject on the basis that processing is necessary to comply with a legal obligation to which we are subject;
(h) we may share personal information with other divisions within the Matthew Algie group on the basis that processing is in our legitimate interests to cross-sell other products and services provided by other divisions within our corporate group, and to ensure a consistent sales approach;
(i) when you contact us via telephone, your call may be recorded, on the basis that processing is in our legitimate interests to monitor the resolution of queries and to ensure a consistent customer services approach; and
(j) where you are acting on behalf of a business customer that is looking to open a credit account with us, we may run a credit check against the business on the basis that such processing is in our legitimate interests to ensure that we are not offering credit to a business that cannot afford such credit. This may involve the processing of personal information of the individuals in control of the business.
4.2 Please ensure that the personal information associated with your account (whether as a business customer or a consumer) is kept accurate and up to date. You will have the ability to update your account online, or alternative you can contact us at the details in section 13 below with your updated details.
4.3 The provision of the information marked with an asterisk in the order form is mandatory if you are to receive our services. Examples include your contact details (so that we can complete and send you your order) and also confirmation as to whether you are acting on behalf of a business customer or as a consumer (as different contractual terms will apply). If you fail to provide such data we shall be unable to provide our services.
4.4 The provision of information in the order form which is not marked with an asterisk is voluntary and you do not need to provide such information to receive our services if you do not wish too. For example, if you are acting on behalf of a business customer, we may ask for certain information about the type of business operated. While the provision of such information is not essential, if this type of information is not provided, we may not be able to offer you tailored products and services.
4.6 Marketing. We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanisms:
(a) Promotional offers from us. We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
(b) You may receive marketing communications from us if you have requested information from us or purchased goods or services from us or if you provided us with your details when you attended an event, entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing
(c) Third-party marketing. We will obtain your express opt-in consent before we share your personal data with any company outside the Matthew Algie group of companies for marketing purposes.
(d) Opting out. You can ask us or third parties to stop sending you marketing messages at any time by logging into your online account and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or by contacting us at any time. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.
5 Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
6 Who do we share your information with?
6.1 As part of using our services, we will share your personal information with the following parties:
(a) we appoint various service providers and third party partners, who process and store data on our behalf, for example:
(i) Our online payment service providers (Worldpay)
(ii) Our email marketing campaign provider (Campaign Monitor)
(iii) Our CRM provider and database manager (Goldmine and eLeader)
(iv) Microsoft (our IT systems use various Microsoft applications);
(v) our mailing house service providers, who process personal data on our behalf for running mail marketing campaigns;
(b) professional advisors acting as processors including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services;
(c) We may also disclose your personal data to our supply and delivery partners, repair and service providers, insurance company for the purpose of processing and fulfilling your order. Where such disclosures are made, this will be under contractual arrangements with us and carried out in accordance with the requirements of the GDPR.
(d) if you opt in the marketing consent statement to receive information about third party products and services, trusted third parties whose products, services and other offers we believe may be of interest to you. You will be able to opt-out of such communications at any time by following the unsubscribe hyperlink in any of the emails which we send to you;
(e) any member of our group, which means Matthew Algie & Company Limited and other companies which may be added to our group from time to time.
6.2 We may also share your personal information with third parties:
(a) in the event that we, our business, or substantially all of its assets are acquired by a third party (in which case personal information about customers will be one of the transferred assets);
(b) if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any contract with you; or to protect our rights, property, or safety of our employees, customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
7 How long do we store your personal data for?
7.1 We only store your personal information for as long as necessary for the purposes listed in paragraph 4.
7.2 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
7.3 We may, instead of destroying or erasing your personal information, make it anonymous such that it cannot be associated with or tracked back to you. Once you are no longer an employee, worker or contractor of the company we will retain and securely destroy your personal information in accordance with applicable laws and regulations.
7.4 If you do not want us to retain your data for this period, please contact us at the details in section 13 below.
8 What are your rights?
8.1 Access to your personal data: You may request access to a copy of your personal data by requesting it from us using the contact details below. If you make a request please include details of any relevant time periods to help us to locate the data which you are requesting.
8.2 Right to withdraw consent: Where processing is based on your consent, you may withdraw your consent at any time. You can do this by, for example, following the unsubscribe link in any marketing emails we send you or contact us using the details below.
8.3 Rectification: You may ask us to rectify inaccurate information held about you. If you would like to update the data we hold about you, please contact us on using the details below and provide the updated information.
8.4 Erasure: You may ask us to delete your personal data. If you would like us to delete the personal data we hold about you, please contact us using the details below, specifying which information you would like us to delete and why.
8.5 Portability: You may ask us to provide you with the personal information that we hold about you in a structured, commonly used, machine readable form, or ask for us to send such personal data to another data controller.
8.7 Make a complaint: You may make a complaint about our data processing activities to a supervisory authority, for the UK this is the Information Commissioner's Office, at ico.org.uk.
8.9 No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
8.10 What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
8.11 Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
9 Cookies policy
9.1 A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.
9.3 You can find more information about the individual cookies we use and the purposes for which we use them in our Cookies Policy.
9.5 You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
9.6 The following cookies are used throughout our website:
Cookies Necessary for the Functioning of the Store:
|_ab||Used in connection with access to admin.|
|_orig_referrer||Used in connection with shopping cart.|
|_secure_session_id||Used in connection with navigation through a storefront.|
|Cart||Used in connection with shopping cart.|
|cart_sig||Used in connection with checkout.|
|cart_ts||Used in connection with checkout.|
|checkout_token||Used in connection with checkout.|
|Secret||Used in connection with checkout.|
|Secure_customer_sig||Used in connection with customer login.|
|storefront_digest||Used in connection with customer login.|
Reporting and Analytics
|_landing_page||Track landing pages.|
|_orig_referrer||Track landing pages.|
|_shopify_sa_p||Shopify analytics relating to marketing & referrals.|
|_shopify_sa_t||Shopify analytics relating to marketing & referrals.|
|tracked_start_checkout||Shopify analytics relating to checkout.|
10 Transfers out of the EEA
10.1 We may transfer your personal data outside of the European Economic Area (EEA). We shall ensure that any such transfers and processing of personal data outside the EEA is lawful (for example, we will ensure that any such transfers would governed by standard contractual clauses approved by the European Commission) and that your personal data is kept secure in accordance with the GDPR.
11 Security and Data Storage
11.1 We will treat all of your information in the strictest confidence and we will endeavour to take all reasonable steps to keep your personal information secure once it has been transferred to our systems. We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information, and data stored on the website and associated database.
11.2 Your personal data may be stored in the cloud by our IT service providers listed in section 6 above. We take steps to ensure that these third parties implement appropriate technical and security measures to ensure this information is kept securely.
11.3 Please note that the internet is not a secure medium and we cannot guarantee the security of any data you disclose online. You accept the inherent security risks of providing information and dealing online over the internet and will not be held liable for this.