Lawful Basis for Processing Personal Data
For the purposes of The GDPR, we are the Data Processor and controller when selling directly to customers. Under Article 6 of The GDPR, the lawful basis on which we process personal data is that of “Contract” – whereby processing is necessary in order to fulfil buyer orders and enquiries. We retain information provided by customers such as transaction information for internal financial accounting purposes. It is a legal requirement to retain this information for a period of 7 years.
Data We Receive: Personally Identifiable Information
We receive personally identifiable information only when it is voluntarily submitted by buyers when placing an order or joining our mailing list. The data we receive includes all of some of: name, billing address, delivery name, delivery address, e-mail address, telephone number, date of order, items ordered, item size, value of items ordered, chosen method of delivery
How we use buyers’ personal information
We may use any personal buyer information to:
– Process and dispatch buyers’ order.
– Contact you via email with information about special offers or new products (only if you have consented to this by actively joining our mailing list).
We treat all information we hold about buyers as private and confidential. We will not reveal any personal details or details concerning buyers’ orders to anyone not connected with us, unless:
– A buyer asks us to reveal the information, or we have a buyer’s permission to do so
– We are required or permitted to do so by law.
– If is required by law enforcement, fraud prevention or credit reference agencies
Data Subject Access Requests
Under The GDPR buyers are entitled to obtain from us a copy of the data held concerning them and to have any inaccuracies in the data rectified. We are obliged to provide this data to within 1 calendar month of the request and free of charge. However we have the right to refuse or charge for requests that are manifestly unfounded or excessive and repetitive.