The EU General Data Protection Regulation (GDPR) as well as the UK Data Protection Act 2018 (“Data Protection Laws”) give you various rights regarding the way in which we store and use your personal information. These are set out below in the section “What are your legal rights in relation to your personal information?” below. You can also get further information about data protection and privacy laws by visiting the Information Commissioner’s web site at: https://ico.org.uk/.
2.1 Purchasing products from our online shop
When you order products from our online shop we collect personal information about you to enable us to fulfil your order. The types of personal information we collect will includes name, email address, delivery address and payment card information.
2.2 When you sign up for our e-newsletter, request information from us, or provide us with information
In our dealings with you, whether in person, by telephone, letter, email or webchat, you may directly provide us with various types of personal information, including your name and contact details such as your address, email address and telephone numbers. We may also collect personal information if we are communicating with you on social media sites such as Facebook, Instagram or LinkedIn.
2.3 When you visit our website
When you visit our website we obtain personal information from your IP address and the operating system and web browser that you use. This enables us to compile statistical data on the use of our website which helps us to improve the user experience.
2.4 When you interact with us
If you join our ChangeMaker Community, complete one of our surveys, participate in our research, or attend any of our events, we will collect various types of personal information that you provide to us, which may include your name and contact details. Also, although we will not intentionally ask you for information regarding your health, if you provide us with information about products that you are interested in, your opinions about existing or proposed products, this may directly or indirectly reveal information about your health.
2.5 When you apply for a job
If you apply for a job with us you may provide us with personal information, including special category personal information. Your application directly to us, or via a recruitment agency, will constitute your consent to our use of this information. We will use the information to consider your application for a job with us. We may also use the information to carry out checks to verify the information provided by you (including reference, background and criminal record checks). We may disclose the information to recruiters, referees and your current and previous employers.
2.6 When you agree to receive marketing information
If you agree to receive marketing information your personal information may be stored in our contact database. If you no longer wish to receive any marketing emails from us you can unsubscribe at any time by using the "Unsubscribe" button on the email footer or by contacting email@example.com.
3.1 We will only use your personal information in compliance with Data Protection Laws. Accordingly we will therefore only process your personal information if:
4.1 We will only retain your personal information for as long as is necessary for the purpose for which it was collected, including for the purposes of complying with any legal, accounting or insurance requirements. If you wish to know more about our retention periods, please contact firstname.lastname@example.org.
4.2 On expiry of the applicable retention period, we will securely destroy your personal information in accordance with applicable law.
5.1 If you purchase products via our online shop, we will share your personal information with Box Limited which hosts and manages our online shopfront, and also provides order processing and product delivery services on our behalf.
5.2 We use third parties who provide services on our behalf and will share your information with them, for example technology suppliers may have access to your personal information when managing our email database or providing customer relationship management tools.
5.3 If you participate in our market research activities, we may share your information with our market research partners and design partners.
5.4 Some of your personal information may be stored in a single private cloud and managed by a third party service provider.
5.5 In addition we may share your personal information with third parties where:
5.6 Some of our suppliers and service providers may store or otherwise process personal information outside the UK or the European Economic Area. Where this is the case, we will ensure that your personal information will only be transferred either to countries that have been identified as providing adequate protection, or to a third party where there is a legal transfer mechanism in place to protect your personal information, for example where the supplier or service provider has entered into the European Commission's Standard Contractual Clauses, or is Privacy Shield certified (for transfers to US-based third parties).
6.1 We use up to date data storage and security to hold your personal information securely in electronic and physical form to protect your personal information from unauthorised access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss. Our premises are access controlled and our electronic databases require logins and password authentication.
6.2 All our partners, staff and third party service providers who have access to confidential information (including personal information) are subject to confidentiality obligations.
6.3 However, the transmission of information via the internet is not completely secure. Although we take appropriate and proportionate steps to manage the risks posed, we cannot guarantee the security of your information transmitted to our online services.
7.1 Our website contains links to other sites which are controlled by third parties. You should review these other sites’ privacy policies. We do not accept any responsibility for their use of your personal information.
8.1 You have the following data protection rights:
8.2 If you wish to exercise any of the rights set out in paragraph 7.1 you can do so by sending us an email at email@example.com or by writing to us at 4 Valentine Place, London SE1 8QH.
Sign up for the latest updates on our range of products, including release dates and special offers