James Inglis
0
James Inglis
0

Privacy Policy (GDPR v1.0.0)

In line with new legislation regarding the use of customer data (GDPR) we have updated our privacy policy to set out in detail how we obtain, use, store and protect the data we hold for you.

We hope the following information will answer any questions you may have but if not, feel free to get in touch with us.

The legal basis we rely on

Data Protect law sets out several reasons for which a company may collect and process your personal data including:

Legal compliance

If the law requires us to, we may need to collect your personal data. For example, where data must be shared with law enforcement.

Contractual obligations

To fulfill our contractual obligations to you we do require and record your personal information, such as your home address for delivery.

Legitimate interest

In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedoms or interests. For example, we will use your shopping history to provide tailored offers and provide advice on suitable future purchases you may make. We will also use your address to send you marketing relevant to the services we provide and that we think may interest you.

When we collect your personal data

What personal data do we collect?

We will always collect your name and address. Further to this if you have a web account or request an e-receipt in store then we may also collect your email address and password, which is stored encrypted. Once you begin shopping with us we will store transaction details, receipts, your order history and notes.

Optional data which may be stored includes telephone/mobile numbers, information about your feet including size, width and any medical problems you have that could affect the fitting of our products.

If you purchase from us your credit/debit card information and billing address will be passed onto, and stored by, our PCI Level 1 payment provider. This is done for the processing of your payments, refunds, convenience when shopping with us again and to screen for fraud.

Details of your interactions with us through contact in store and online. For example, we collect notes from our conversations with you, details of any complaints or comments you make, details of purchases you made, items viewed or added to your basked, gift list and wish list choices, brands you show interest in, web pages you visit and how and when you contact us.

Details from your visit to our website. For example how you reached our website.

We only use your personal data collected to provide and enhance the service we provide to you. We never request or keep information that has nothing to do with selling you our products and all information provided is not shared with any third party for marketing purposes.

How and why do we use your personal data?

To give you the best possible shopping experience. As with most companies, understanding our customers enables us to better service their needs and this is best done by building a comprehensive picture of who our customer is and what they want.

The data privacy law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service.

Here's how we use your data:

How do we protect your personal data?

We use a server certificate to assure you of our identity and Transport Layer Security (TLS) to encrypt data transmissions to/from our website. When navigating secured pages on our website, a padlock will appear at the bottom of your browser or at the top next to the address bar. Every page on our website is secured.

You can verify our server certificate by clicking on the padlock at the bottom or top of your browser depending on version and software.

Access to your personal data is password protected and the password itself is one-way encrypted, and sensitive data (such as payment card information) is secured by TLS encryption.

How long will we keep your personal data?

Unless specifically requested to remove your data then it will be retained for the purposes for which it was collected until it is no longer required.

Who do we share your personal data with?

We only ever share your data with third parties for the express purpose of fulfilling our contractual obligations and law enforcement if required. The information passed to these companies only relates to the fulfilment of our contractual obligations and nothing futher.

For example:

We will never share your personal infromation with any other company for their own marketing purposes.

What your rights are

You have the right to request a copy of any information about you that we hold at any time and also to have that information corrected if it is inaccurate. To ask for your information, please contact us.

If we choose not to action your request we will explain to you the reasons for our refusal.

Your right to withdraw consent

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

Where we rely on our legitimate interest

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reasons to continue processing your personal data.

Direct marketing

You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We will always comply with your request.

Checking your identity

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Policy. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

How to stop direct marketing

There are several ways you can stop direct marketing communications from us:

Click the "unsubscribe" link in any email communication that we send you. We will then stop any further emails.

Contact us by telephone or in writing.

Please note some communications already in processing may still be received after a removal request is placed.

How to contact the regulator

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner's Office.

You can contact them by calling 0303 123 1113.
Or visit www.ico.org.uk/concerns.

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.