PRIVACY and SECURITY POLICY - GDPR October 2019

 P R I VAC Y  P O L I C Y - HARTLEYS


PRIVACY POLICY – Website Usage

 

LAST UPDATED OCT 2019

 

We are committed to protecting and respecting your privacy. This policy tells you how personal information which we may collect from you, or which you

provide to us, will be processed by us.

Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it. By using our website

www.hartleysmenswearbridlington.co.uk  you are accepting and consenting to the practices set out in this policy. Please do not use the Hartleys website or purchase any products over the telephone with our customer services team unless you agree with this policy.

For the purposes of the Data Protection Act 1998, the data controller is Hartleys.

 

WHAT IS THE PURPOSE OF THIS PRIVACY STATEMENT?

Under EU-GDPR data protection legislation, Hartleys menswear is required to explain to you why we collect information about you, how we intend to use that information and whether we will share your information with anyone else.

This statement applies to customers, and users of our website. Please read this statement carefully to understand our views and practices regarding your personal data and how we will treat it. This statement tells you how personal information which we collect from you, or which you provide to us, will be processed by us.

This statement relates to information collected from you through your use of our website www.hartleysmenswearbridlington.co.uk It also relates to information which we may collect from you in our shop, over the telephone or if you contact us in writing.

Please do not use the www.hartleysmenswearbridlington.co.uk or purchase any products over the telephone with our customer services team unless you agree with this policy.

This statement does not form part of any contract to provide services. We may update this statement at any time.

It is important that you inform us of any changes to your personal information which we may hold so that the information which we hold is accurate and current.

 

WHO ARE WE?,

We are Hartleys Menswear Bridlington.  21-23 Chapel Street, Bridlington, YO15 2DP. This means that we are responsible for deciding how we hold and use personal information about you.

 

OUR DATA PROTECTION OFFICER

We are not legally required to adopt a Data Protection Officer.

All enquiries should be sent to Data Protection at our registered address, or email

hartleys.brid@gmail.com.

 

WHY ARE WE COLLECTING YOUR INFORMATION?

The information that you provide to us is required in order for us to:

Fulfill your orders for products with us;

For the purpose of keeping our store and website secure.

 

TYPES OF PERSONAL INFORMATION MAY WE USE

We may collect information about you in order to achieve the purposes set out above (see 'Why are we collecting your information?'). This includes:

Personal details and payment

Personal details (such as name, gender and date of birth);

Contact details (such as your address, phone number and email address);

Payment information (such as payment methods, billing address details and other information related to payment.) Please note Hartleys do not retain or store credit card, debit card or other confidential payment information.

Website use and communications.

Details of any contact with our support or customer services team,such as a record of your correspondence with us.

Details of your visits to Hartleys and any calls that you make to us (such as location data,  other communication data and resources that you access);

Information about your use of our information and communications systems;

Browser information and online identifiers (such as your browser types, browser version host operating system, browser language and your IP address); information about your visit to www.hartleysmenswearbridlington.co.uk (such as full Uniform Resource Locators (URL), clicks to, through and from our site, products viewed or searched for, page response times, download errors, lengths of visits to certain pages, page interaction information (such as scrolling, clicks and mouse overs) and methods used to browse away from the page);

In store security

Images of you captured through the use of in store CCTV cameras.

 

PRIVACY OF CHILDREN AND SPECIAL CATEGORIES OF PERSONAL DATA

We do not knowingly collect personal data from anyone under the age of 18.

We do not knowingly obtain or store any Special Categories of Personal Data, such as information about health or medical conditions, race or religious beliefs.

If we are made aware that we have received information from anyone under the age of 18 or Special Categories of Personal Data, we will use reasonable efforts to locate and remove that information from our records.

 

SOURCE OF YOUR PERSONAL INFORMATION

The information which we may collect about you will be obtained through a variety of sources which include:

Information provided by you

If you register to use the www.hartleysmenswearbridlington.co.uk

If you are placing an order online at www.hartleysmenswearbridlington.co.uk

in store or over the telephone with our customer service team. We will never ask you to confirm or supply any account or credit card details via email or text message. If you receive such an email or text message, please do not respond.

When you report a problem with our site and/or your order;

When you contact our support or customer service teams;

CCTV footage when you visit our store.

 

WHAT WE DO WITH YOUR INFORMATION

We do not use your personal data, and permit third parties on our behalf to use your personal data. (See  Sharing Your Information below)

Placing an order

We use your personal data to process and fulfill your orders effectively and to carry out any further obligations arising from any contracts entered into between you and us. This will include using your email address and/or mobile phone number so that we can send you information confirming your order.

If you report a problem with your order, we may use your personal data to investigate that problem.

When you use the Hartleys website we may use your personal data to:

Register you to use the Hartleys website (if you choose to do so);

To ensure that content is presented in the most effective manner for you and your computer, tablet or mobile phone (this may include providing you with content and services in your country's local language and currency); only UK. We 

Prevention of fraud and security

When you enter our store, your image may be recorded by our CCTV cameras. CCTV footage may be used in order to ensure the security and safety of our staff and customers and could potentially be used as evidence in an investigation or civil or criminal legal proceedings.

 

WHAT MAY HAPPEN IF YOU DO NOT PROVIDE YOUR PERSONAL INFORMATION?

Placing an order

Many of the services that we offer are only made available if we have certain information about you. To access these services, you will, from time to time, be asked to submit personal data about yourself. If you do not provide that personal data, we will not be able to offer those services to you. For example, if you do not provide information about your method of payment or delivery address, we will not be able to complete your order with us.

If you do not agree for us to your personal information when you access the Hartleys website, you should not use the Hartleys website.

 

COMPLYING WITH DATA PROTECTION LAW

We will comply with data protection law. At the heart of data protection laws are the "data protection principles" which say that the personal information we hold about you must be:

Used lawfully, fairly and in a transparent way;

Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;

Relevant to the purposes we have told you about and limited only to those purposes;

Accurate and kept up to date;

Kept only as long as necessary for the purposes we have told you about; and

Kept securely.

 

WHAT IS OUR LAWFUL BASIS FOR USING YOUR INFORMATION?

In accordance with the data protection laws, we need a "lawful basis" for collecting and using information about you. There are a variety of different legal bases for using personal data which are set out in the data protection laws.

The lawful bases on which we rely in order to use the information which we collect about you for the purposes set out in this statement will be:

Contract: Using your information will be necessary for us to either perform the contract between us or in order to take steps at your request prior to entering into the contract;

Legal compliance: Using your information will be necessary for us to comply with a legal or regulatory obligation which is placed on Hartleys website.

Legitimate interest: Using your information will be necessary for our legitimate commercial interest and our interest is not outweighed by the potential impact on your privacy. If you would prefer not to receive marketing information from us, please email us at  hartleys.brid@gmail.com

Consent: It is possible that you may give us your consent to use your information for a particular purpose.

 

SHARING YOUR INFORMATION

Sharing you information with third parties

We may also share your personal information with third parties, such as:

To our nominated third party carriers to enable them to deliver your order and to contact you if there is a problem with delivery (i.e. telephone, name and address only);

To registered credit reference or fraud prevention agencies who may retain and use your personal information;

 

SECURITY OF YOUR DATA

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We will never ask you to confirm or supply any account or credit card details via email or text message. If you receive such an email or text message, please do not respond and notify us immediately at hartleys.brid@gmail.com. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. When you proceed to make your purchase and your browser connects to the secure section of a Hartleys website your browser window frame will show a padlock

icon to indicate that you are entering a secure area.

If you are using a computer or other device to access the Hartleys website in a public location we recommend that you always log out and close the website browser down when you complete an online session for your security.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Third parties security measures

Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

All our third-party service providers, data processors and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

 

TRANSFERRING INFORMATION OUTSIDE THE EU

The data that we collect from you is not transferred to, and stored at, a any destination outside the European Economic Area ("EEA").  

 

CAN WE USE YOUR INFORMATION FOR ANY OTHER PURPOSE?

We typically will only use your personal information for the purposes for which we collect it. In limited circumstances we may use your information for a purpose other than those set out in this policy. If we intend to do so, we will provide you with information relating to that other purpose before using it for the new purpose.

We may use your personal information without your knowledge or consent where such use is required or permitted by law.

 

LINKS TO OTHER WEBSITES

The Hartleys website may contain links to third party websites. If you follow a link to any such website, please note that your use of such website will be subject to the terms of that website’s privacy policy and we do not accept responsibility or liability for your use of such website. Please check the terms of the third party website’s privacy policy before submitting any personal data to such a website.

 

COOKIES

The Hartleys website use cookies to distinguish you from other users of the Hartleys website. This helps us to provide you with a good experience when you

browse the Hartleys website and also allows us to improve the Hartleys website

 

STORING YOUR INFORMATION AND DELETING IT

We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

YOUR RIGHTS

If you have any questions about our use of your personal data, you are welcome to contact us. You will find our contact details at the bottom of this page. If you notice any errors in your personal data, you have the right to have them corrected.

Under certain circumstances, by law you have the right to:

Request access to your personal information (commonly known as a “data subject access request” or DSAR). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.

Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

Request the transfer of your personal information to another party.

You are not always entitled to exercise each of these rights. The rights which you are entitled to exercise depend on a number of factors including the lawful basis on which we rely to use your personal data. Therefore, if you make a request to exercise a right which is not available to you, we have the right to decline the request.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact hartleys.brid@gmail.com

 

RIGHT TO WITHDRAW CONSENT

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact hartleys.brid@gmail.com

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

 

CHANGES TO THIS PRIVACY STATEMENT

We may amend this privacy policy at any time so please review it frequently and at least each time you submit personal information to us. The date at the top of this page will be amended each time this policy is updated. Our current privacy policy applies to all information that we have about you and your account.

 

CONTACT

If you have any questions, comments or requests regarding this privacy policy,

our products, please send us an email at: hartleys.brid@gmail.com

Alternatively, you can call us on: 01262 606448 or you can write to us at: Customer Services Team, Hartleys, 21-23 Chapel Street, Bridlington, YO15 2DP.