PRIVACY and SECURITY POLICY - GDPR October 2019
P R I VAC Y P O L I C Y - HARTLEYS
PRIVACY
POLICY – Website Usage
LAST
UPDATED OCT 2019
We
are committed to protecting and respecting your privacy. This policy tells you
how personal information which we may collect from you, or which you
provide
to us, will be processed by us.
Please
read this policy carefully to understand our views and practices regarding your
personal data and how we will treat it. By using our website
www.hartleysmenswearbridlington.co.uk you are accepting and consenting to the practices set out in this policy. Please do not use the Hartleys website or purchase any products over the telephone with our customer services team unless you agree with this policy.
For
the purposes of the Data Protection Act 1998, the data controller is Hartleys.
WHAT
IS THE PURPOSE OF THIS PRIVACY STATEMENT?
Under
EU-GDPR data protection legislation, Hartleys
menswear is required to explain to you why we collect information
about you, how we intend to use that information and whether we will share your information with
anyone else.
This statement applies to customers, and users of our website. Please read this statement carefully to understand our views and practices regarding your personal data and how we will treat it. This statement tells you how personal information which we collect from you, or which you provide to us, will be processed by us.
This
statement relates to information collected from you through your use of our
website www.hartleysmenswearbridlington.co.uk It also relates to
information which we may collect from you in our shop, over the telephone or if you contact us in writing.
Please
do not use the www.hartleysmenswearbridlington.co.uk or
purchase any products over the telephone with our customer services team unless
you agree with this policy.
This
statement does not form part of any contract to provide services. We may update
this statement at any time.
It
is important that you inform us of any changes to your personal information
which we may hold so that the information which we hold is accurate and current.
WHO
ARE WE?,
We
are Hartleys Menswear Bridlington.
OUR
DATA PROTECTION OFFICER
We
are not legally required to adopt a Data Protection Officer.
All
enquiries should be sent to Data Protection at our registered address, or email
WHY
ARE WE COLLECTING YOUR INFORMATION?
The
information that you provide to us is required in order for us to:
Fulfill your orders for products
with us;
For
the purpose of keeping our store and website
secure.
TYPES
OF PERSONAL INFORMATION MAY WE USE
We
may collect information about you in order to achieve the purposes set out
above (see 'Why are we collecting your information?'). This includes:
Personal
details and payment
Personal
details (such as name, gender and date of birth);
Contact
details (such as your address, phone number and email address);
Payment
information (such as payment methods, billing address details and other
information related to payment.) Please note Hartleys do not retain or store credit card, debit card or other confidential payment information.
Website
use and communications.
Details
of any contact with our support or customer services team,such as a record of your
correspondence with us.
Details
of your visits to Hartleys and
any calls that you make to us (such as location data, other communication data and resources that you
access);
Information
about your use of our information and communications systems;
Browser
information and online identifiers (such as your browser types, browser version host operating
system, browser language and your IP address); information about your visit to www.hartleysmenswearbridlington.co.uk (such as full Uniform
Resource Locators (URL), clicks to, through and from our site, products viewed or
searched for, page response times, download errors, lengths of visits to
certain pages, page interaction information (such as scrolling, clicks and mouse
overs) and methods used to browse away from the page);
In
store security
Images
of you captured through the use of in store CCTV cameras.
PRIVACY
OF CHILDREN AND SPECIAL CATEGORIES OF PERSONAL DATA
We
do not knowingly collect personal data from anyone under the age of 18.
We
do not knowingly obtain or store any Special Categories of Personal Data, such
as information about health or medical conditions, race or religious
beliefs.
If
we are made aware that we have received information from anyone under the age
of 18 or Special Categories of Personal Data, we will use reasonable
efforts to locate and remove that information from our records.
SOURCE
OF YOUR PERSONAL INFORMATION
The
information which we may collect about you will be obtained through a variety of
sources which include:
Information
provided by you
If
you register to use the www.hartleysmenswearbridlington.co.uk
If
you are placing an order online at www.hartleysmenswearbridlington.co.uk
in
store or over the telephone with our customer service team. We will never ask
you to confirm
or supply
any account or credit card details via email or text message. If you receive
such an email or text message, please do not respond.
When
you report a problem with our site and/or your order;
When
you contact our support or customer service teams;
CCTV
footage when you visit our store.
WHAT
WE DO WITH YOUR INFORMATION
We
do not
use your personal data, and permit third parties on our behalf to use your
personal data. (See Sharing Your Information below)
Placing
an order
We
use your personal data to process and fulfill your orders effectively and to carry out any further
obligations arising from any contracts entered into between you and us. This
will include using your email address and/or mobile phone number so that we can
send you information confirming your order.
If
you report a problem with your order, we may use your personal data to
investigate that problem.
When
you use the Hartleys website we may use your personal data to:
Register
you to use the Hartleys website (if you choose to do so);
To
ensure that content is presented in the most effective manner for you and your
computer, tablet or mobile phone (this may include providing you with content and services in
your country's local language and currency); only UK. We
Prevention
of fraud and security
When you enter our store, your
image may be recorded by our CCTV cameras. CCTV footage may be used in order to
ensure the security and safety of our staff and customers and could potentially be used
as evidence in an investigation or civil or criminal legal proceedings.
WHAT
MAY HAPPEN IF YOU DO NOT PROVIDE YOUR PERSONAL INFORMATION?
Placing
an order
Many
of the services that we offer are only made available if we have certain
information about you. To access these services, you will, from time to time,
be asked to submit personal data about yourself. If you do not provide that
personal data, we will not be able to offer those services to you. For example,
if you do not provide information about your method of payment or delivery
address, we will not be able to complete your order with us.
If
you do not agree for us to your personal information when you access the Hartleys website,
you should not use the Hartleys
website.
COMPLYING
WITH DATA PROTECTION LAW
We
will comply with data protection law. At the heart of data protection laws are
the "data protection principles" which say that the personal information
we hold about you must be:
Used
lawfully, fairly and in a transparent way;
Collected
only for valid purposes that we have clearly explained to you and not used in
any way that is incompatible with those purposes;
Relevant
to the purposes we have told you about and limited only to those purposes;
Accurate
and kept up to date;
Kept
only as long as necessary for the purposes we have told you about; and
Kept
securely.
WHAT
IS OUR LAWFUL BASIS FOR USING YOUR INFORMATION?
In
accordance with the data protection laws, we need a "lawful basis"
for collecting and using information about you. There are a variety of
different legal
bases for using personal data which are set out in the data protection laws.
The
lawful bases on which we rely in order to use the information which we collect
about you for the purposes set out in this statement will be:
Contract:
Using your information will be necessary for us to either perform the contract
between us or in order to take steps at your request prior to entering
into the contract;
Legal
compliance: Using your information will be necessary for us to comply with a
legal or regulatory obligation which is placed on Hartleys website.
Legitimate
interest: Using your information will be necessary for our legitimate
commercial interest and our interest is not outweighed by the potential
impact on your privacy. If you would prefer not to receive marketing information
from us, please email us at hartleys.brid@gmail.com
Consent:
It is possible that you may give us your consent to use your information for a
particular purpose.
SHARING
YOUR INFORMATION
Sharing
you information with third parties
We
may also share your personal information with third parties, such as:
To
our nominated third party carriers to enable them to deliver your order and to
contact you if there is a problem with delivery (i.e. telephone, name and
address only);
To
registered credit reference or fraud prevention agencies who may retain and use
your personal information;
SECURITY
OF YOUR DATA
We
have put in place appropriate security measures to prevent your personal
information from being accidentally lost, used or accessed in an unauthorised
way, altered or disclosed. In addition, we limit access to your personal
information to those employees, agents, contractors and other third
parties who have a business need to know. They will only process your personal
information on our instructions and they are subject to a duty of confidentiality.
We
will never ask you to confirm or supply any account or credit card details via email or
text message. If you receive such an email or text message, please
do not respond and notify us immediately at hartleys.brid@gmail.com. All information you provide to us is stored on our secure
servers. Any payment transactions will be encrypted using SSL technology. When
you proceed
to make your purchase and your browser connects to the secure section of a Hartleys website
your browser window frame will show a padlock
icon
to indicate that you are entering a secure area.
If
you are using a computer or other device to access the Hartleys website
in a public location we recommend that you always log out and close the website
browser down when you complete an online session for your security.
Where
we have given you (or where you have chosen) a password which enables you to
access certain parts of our site, you are responsible for keeping
this password confidential.
We ask you not to share a password with anyone.
Unfortunately,
the transmission of information via the internet is not completely secure.
Although we will do our best to protect your personal data, we
cannot guarantee the security of your data transmitted to our site; any
transmission is at your own risk. Once we have received your information, we
will use strict procedures and security features to try to prevent unauthorised
access.
Third
parties security measures
Third
parties will only process your personal information on our instructions and
where they have agreed to treat the information confidentially and to
keep it secure.
All
our third-party service providers, data processors and other entities in the
group are required to take appropriate security measures to protect your
personal information in line with our policies. We do not allow our third-party
service providers to use your personal data for their own purposes.
We only permit them to process your personal data for specified purposes and in
accordance with our instructions.
TRANSFERRING
INFORMATION OUTSIDE THE EU
The
data that we collect from you is not transferred to, and stored
at, a any destination
outside the European Economic Area ("EEA").
CAN
WE USE YOUR INFORMATION FOR ANY OTHER PURPOSE?
We
typically will only use your personal information for the purposes for which we
collect it. In limited circumstances we may use your information for
a purpose other than those set out in this policy. If we intend to do so, we
will provide you
with information relating to that other purpose before using it for the new
purpose.
We
may use your personal information without your knowledge or consent where such
use is required or permitted by law.
LINKS
TO OTHER WEBSITES
The Hartleys website may contain links to third party websites. If you follow a link to any such website, please note that your use of such website will be subject to the terms of that website’s privacy policy and we do not accept responsibility or liability for your use of such website. Please check the terms of the third party website’s privacy policy before submitting any personal data to such a website.
COOKIES
The Hartleys website
use cookies to distinguish you from other users of the Hartleys website.
This helps us to provide you with a good experience when you
browse the Hartleys website and also allows us to improve the Hartleys website.
STORING
YOUR INFORMATION AND DELETING IT
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
YOUR
RIGHTS
If
you have any questions about our use of your personal data, you are welcome to
contact us. You will find
our contact details at the bottom of this page. If you notice any
errors in your personal data, you have the right to have them corrected.
Under
certain circumstances, by law you have the right to:
Request
access to your personal information (commonly known as a “data subject access
request” or DSAR). This enables you to receive a copy of the personal
information we hold about you and to check that we are lawfully processing it.
Request
correction of the personal information that we hold about you. This enables you
to have any incomplete or inaccurate information we hold about
you corrected.
Request
erasure of your personal information. This enables you to ask us to delete or
remove personal information where there is no good reason for us
continuing to process it. You also have the right to ask us to delete or remove
your personal information where you have exercised your right to object
to processing (see below).
Object
to processing of your personal information where we are relying on a legitimate
interest (or those of a third party) and there is something about
your particular situation which makes you want to object to processing on this
ground.
Request
the restriction of processing of your personal information. This enables you to
ask us to suspend the processing of personal information about
you, for example if you want us to establish its accuracy or the reason for
processing it.
Request
the transfer of your personal information to another party.
You
are not always entitled to exercise each of these rights. The rights which you
are entitled to exercise depend on a number of factors including the lawful
basis on which we rely to use your personal data. Therefore, if you make a
request to exercise a right which is not available to you, we have the right
to decline the request.
If
you want to review, verify, correct or request erasure of your personal
information, object to the processing of your personal data, or request that we
transfer a copy of your personal information to another party, please contact hartleys.brid@gmail.com
RIGHT
TO WITHDRAW CONSENT
In
the limited circumstances where you may have provided your consent to the
collection, processing and transfer of your personal information for a specific purpose, you have the
right to withdraw your consent for that specific processing at any time. To withdraw your consent, please
contact hartleys.brid@gmail.com
Once
we have received notification
that you have withdrawn your consent, we will no longer process your
information for the purpose or purposes you originally agreed to,
unless we have another legitimate basis for doing so in law.
CHANGES
TO THIS PRIVACY STATEMENT
We
may amend this privacy policy at any time so please review it frequently and at
least each time you submit personal information to us. The date at the
top of this page will be amended each time this policy is updated. Our current
privacy policy applies to all information that we have about you and your
account.
CONTACT
If
you have any questions, comments or requests regarding this privacy policy,
our
products, please send us an email at: hartleys.brid@gmail.com
Alternatively,
you can call us on: 01262 606448
or you can write to us at: Customer Services Team, Hartleys,