Privacy statement of thebigtightscompany.co.uk, dated May 20th 2018.
Thebigtightscompany.co.uk is owned by Penningtons (Falmouth) Ltd, a UK-registered company. Our registered office address is: Bohelland House, Church Road, Penryn, TR10 8BY, United Kingdom. This policy below applies to all of our web sites.
thebigtightscompany.co.uk will at all times:
- make privacy and security a fundamental part of our business
- respect your privacy
- never sell your personal data
- only send marketing information (for example, about new products and special offers) if you have opted in to our mailing list
- provide an easy unsubscribe link on every email in case you change your mind
- only work with trusted partners who are committed to keeping your personal data safe and secure
- not use your personal data in any unexpected ways
- never send you unsolicited correspondence by post
- respect your rights and always try to accommodate any request you have in line with the legal and operational responsibilities of running a business
Our lawful basis for using personal data
Whenever we use your personal data we must have a legal basis for doing so. For example, this could be where you have asked us to provide a service (such as delivering an order, informing you of special offers and new products) or where we have a legitimate interest to do so, as defined by the General Data Protection Regulation (GDPR). A legitimate interest is where we use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing. For example, we may send an email to notify you that an order has been despatched, or we may need to take action to protect your account, prevent fraud, maintain security, and comply with legal requirements (e.g. keeping accountancy records in line with the demands of HMRC).
Data collection and purpose
We collect the personal data that you may volunteer while using our services. This can include:
- your name
- your email address (for order process updates and marketing communications if you have opted into the mailing list)
- your billing and/or delivery address (for the purpose of fulfilling an order that you have placed)
- your IP address (to help prevent fraud, make sure our systems are secure, and to protect against fake accounts)
- your order history with us (for future reference in case of queries, refunds, returns, exchanges and the like. We keep permanent records of orders that have been placed, but this can be deleted on request.)
- details concerned with your subscription to our email mailing list (such as the IP number you used at the time of subscribing. This is used to verify that requests are genuine and that we do not send emails to people who have not opted in and do not want to receive them.)
We do not collect information about our visitors from other sources, such as public records or bodies, or private organisations. We do not keep credit card numbers. We do not see your password. All passwords are kept encrypted. We do not knowingly collect personal data from children. You do not need to provide specific consent during the ordering process for us to fulfil your order.
We have implemented security policies, rules and technical measures to protect the personal data that we have under our control from:
- unauthorised access
- improper use or disclosure
- unauthorised modification
- unlawful destruction or accidental loss
All of our employees and data processors, who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of our visitors’ personal data.
We work with several trusted third parties but we only supply information as necessary for them to provide the services you request, or as are needed on your behalf. Third parties are subject to strict data processing terms and conditions and are forbidden from using, sharing or retaining personal data for any other purpose. We work with the following companies:
- Microsoft – our email provider for day-to-day company emails
- Sagepay – our primary payment processing company
- PayPal – our secondary payment processing company
- Storefeeder (multi-channel ecommerce software, part of the Royal Mail Group)
We only work with companies that have strict policies and processes for data security. We do not grant permission to any third party to communicate with you, unless this is specifically required in order for us to provide a service. For example, if you are a PayPal customer, you can contact PayPal to discuss activity on your PayPal account connected with an order placed with us, but PayPal do not have permission to send marketing emails to our customers.
Thebigtightscompany.co.uk takes reasonable precautions to protect its site from viruses, trojans and unauthorised software. However, we do not consider our site to be a “secure site” and we can make no guarantees due to the inherent risks associated with internet sites. We will not be responsible for any harm or infiltration causes by unauthorised software introduced to our site directly or indirectly by any third party.
Thebigtightscompany.co.uk make no representations about any other website that you may access via a link on this site. If you visit a site outside of this one please understand that it is independent of us, and that we have no control of the content or security of that site. In addition, a link to a non-thebigtightscompany.co.uk site is in no way an endorsement of that site, and we accept no responsibility for the content or use of such a website. It is your sole responsibility to ensure that you use adequate precautions when visiting websites to prevent viruses, trojans, worms or any other security issue.
Thebigtightscompany.co.uk does not directly collect any data that allows us to track the behaviour of individual visitors. Through advertising analytical programmes, we do track data about visitor numbers and behaviour but this is in a format that does not enable the identification of any specific individual – it is collected against individual IP addresses. This information is only used to help monitor and improve the performance and development of our site.
Access to the personal data we may hold about you
- You have a right to be informed about the collection and use of your personal data and we will provide you with information regarding our purposes for processing it, our retention periods, and who it will be shared with, unless this requires disproportionate effort. The information we provide will be concise, transparent, intelligible, easily accessible, and in clear and plain language. We do not charge a fee for this.
- You have a right to have any personal data we hold about you permanently erased. This is also known as ‘the right to be forgotten’. This can be requested either verbally or in writing and we will respond within one month.
- You have a right to access any personal data we hold about you. This is referred to as a subject access request. You can make such a request verbally or in writing. We do not charge a fee for providing this information and we will respond within one month.
- You have a right to have inaccurate personal data rectified or completed. This can be requested either verbally or in writing and we will respond within one month.
- You have the right to request the restriction or suppression of your personal data. When processing is restricted, we are permitted to store personal data, but not use it. This can be requested either verbally or in writing and we will respond within one month.
- You have a right to obtain and reuse your personal data for your own use across different services. This enables you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. This can be requested either verbally or in writing and we will respond within one month.
- You have the right to object to the processing of your personal data in certain circumstances, and an absolute right to stop your data being used for direct marketing purposes. This can be requested either verbally or in writing and we will respond within one month. We will only send marketing emails if you have opted in to receive them, and every marketing email we send will contain an unsubscribe link in case you have changed your mind.
In the unlikely event of a personal data breach, we will report the breach to the relevant supervisory authority within 72 hours of becoming aware of the breach. If required, we will also inform the individuals concerned without delay. We will keep a record of any personal data breaches, regardless of whether there is a legal requirement to notify.
Address: Bohelland House, Church Road, Penryn, TR10 8BY, United Kingdom
Phone number: 01326 373 268
Email address: firstname.lastname@example.org