- 1. Introduction
- Foremost. Your data is secure. The website is secured with SSL (secure socket layer) https therefore any emails sent to us are encrypted so no one can intercept your data and retreive data about you.
- It also tells you about your rights and how the law protects you.
- It is important that you read this policy, together with any other policies we may provide, so that you are fully aware of how and why we use your data.
- 2. Our website
- Our website at shop4windowfilms sells window film products and services which are aimed at business users and the general DIY public.
- Shop4windowfilms is made up of a single 'sole trade' entity.
- 3. Personal data which we collect about you
- Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data)
- We collect as part of buying goods and services about our customers (you!).
- *Identity data. includes title, firstname, last name, address, email address and telephone number. This also includes a billing and delivery address. We share delivery data, name, address and a contact number with our suppliers who often ship goods direct from their stock direct to you on behalf of shop4windowfilms as we may not have products in stock (called third party shipping). No other data is shared as part of the physical buying/delivery process.
- Courier services are also passed buyer name and delivery address, contact telephone number as part of their contract to deliver your goods. They do not receive any other data.
- Financial data - we do not collect this data.
- Transaction data and card data (financial data) is collected by PayPal powered by Braintree or PayPal as part of the process of buying goods. *We only receive identity data based on delivery address to complete the order. This data is printed and stored on paper versions for the term, in years, as government revenue requires us, by law, to hold data for the purpose of accounting.
- Technical data. We do not collect the following login data, IP address, browser type, browser version, time zone settings or location, browser plug-in types and versions, operating system or platform or any other technology on the devices you use to access this website.
- Tracking data. We do not use any type of analytics or data cookies or other tracking technologies to collect any data that identifies you.
- Marketing and communications data. We do not take or store any preferences as we do not use any marketing and or third party data collection to communicate with you apart from this website. We do not use or push 3rd party adverts.
- We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) nor do we collect any information about criminal convictions and offences.
- 4. Cookies
- 5. How is your personal data collected?
- Direct actions. You may give us your identity, contact details from form filling - email contact form
- 6. Payment information.
- Our shopping cart. Uses a third party data collection service 'Romacart' who process billing address and delivery address on behalf of shop4windowfilms. The cart offers (you) the buyer to select from two payment processors. You are taken off-site to Romancart to enter billing and delivery detail(s).
- Shop4windowfilms uses third party payment processors PayPal powered by Braintree and normal PayPal access to process payments made for products and services via the Website. All online payments will be conducted in accordance with Payment Card Industry (PCI) data security standards (which are high!) and your billing information (which is only used by these payment processors for the purpose of performing fraud protection). Payments data is encrypted before being communicated to them. Subject to the below exceptions, your credit card details are communicated directly from your browser to these payment processors - shop4windowfilms never (ever!) sees your full Permanent Account Number (PAN). This means that the payment form is off-site (not hosted on shop4windowfilms and is secured at the payment gateways (PayPal powered by Braintree or PayPal https secure data connection sites).
- PayPal. We receive order data from Paypal regarding a sale/purchase made up of buyer name, email and delivery address, consignee name address, goods bought and payment total and a transaction id for the sale it relates to with which we can identify transactions made by PayPal and issue refunds. Again, you are taken off-site to PayPal's website to pay for your goods securely.
- 7. International transfers. We do not transfer any of your personal data out of the EEA. We are solely trading within the UK mainland.
- 8. Data Security
We have put in place appropriate security measures to prevent any personal data via email being stolen. It is secured by the https (ssl) secure socket layer protocol and is encrypted end to end.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- We do not store any of your personal purchase data, title, name, address, email, telephone number on any local or external database that we have direct access. Romancart hold title, name, surname, billing, delivery address data, email and telephone number for 1 month.
- 9. Third-party links
- 10. Data retention
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers for tax purposes.
In some circumstances you can ask us to delete your data; see Your legal rights below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
- 11. Your legal rights
If the General Data Protection Regulation applies to you because you are in the European Union, you have rights under data protection laws in relation to your personal data:
The right of access – that’s a right to make what’s known as a ‘data subject access request’ for copy of the personal data we hold about you;
The right to rectification – that’s a right to make us correct personal data about you that may be incomplete or inaccurate;
The right to erasure – that’s also known as the ‘right to be forgotten’ where in certain circumstances you can ask us to delete the personal data we have about you (unless there’s an overriding legal reason we need to keep it);
The right to restrict processing – that’s a right for you in certain circumstances to ask us to suspend processing personal data;
The right to data portability – that’s a right for you to ask us for a copy of your personal data in a common format (for example, a copy of the file that is sent to us regarding your order);
The right to object – that’s a right for you to object to us processing your personal data (for example, if you object to us processing your data for direct marketing); and
Rights in relation to automated decision making and profiling – that’s a right you have for us to be transparent about any profiling we do, or any automated decision making.
These rights are subject to certain rules around when you can exercise them. You can see a lot more information on them, if you are interested, on the UK Information Commissioner’s Office website.
If you wish to exercise any of the rights set out above, please contact us (email@example.com).
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
- You have the right to make a complaint at any time to the Information Commissioner's Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
- 1. Our Payment Service Providers are Sage Pay and Paypal – the largest independent payment service providers (PSP) in the UK and Ireland.
- 3. Sage Pay uses a range secure methods such as fraud screening, I.P. address blocking and 3D secure. Once on the Sage Pay systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards.
- 4. Sage Pay is PCI DSS (Payment Card Industry Data Security Standard) compliant to the highest level and maintains regular security audits. They are also regularly audited by the banks and banking authorities to ensure that their systems are impenetrable.
- 5. Sage Pay and PayPal are active members of the PCI Security Standards Council (PCI SSC) that defines card industry global regulation. Shop4windowfilms is also PCI DSS compliant having to pass PCI checks on a yearly basis by the WorldPay merchant bank.
- 6. In addition, you know that your session, via SagePay OR PayPal, is in a secure encrypted environment when you see https:// in the web address, and/or when you see the locked padlock symbol alongside the URL.
- 7. So when buying through our site via SagePay OR PayPal, you can be sure that you are completely protected.
- 8. PayPal: PCI DSS compliance please read here.