Privacy Notice

INTRODUCTION

This Privacy Notice describes the ways in which The Original Factory Shop Group Limited ("TOFS", “we”, “us”, “ours”) processes and protects the personal data of our customers, vendors and other business contacts (“you”, “yours”).

We are an online and in-store retail outfit. The types of personal data that we process, as described in this Privacy Notice, are those necessary for us to provide our customers, vendors and business contacts with an effective service locally and regionally, and to carry out various ancillary activities.

We take very seriously our obligations to protect customer, vendor and business contact information, including personal data entrusted to us. The technical and organisational security measures that we employ to safeguard the information in our possession are constantly monitored, reviewed and enhanced in order to meet our responsibilities and the needs of our customers, vendors and business contacts.

1               Data Controller

1.1           The data controller responsible for Processing your Personal Data is The Factory Shop Ltd which is registered with company number 02882042 and maintains its registered office at Orient Business Park, Billington Road, Burnley, East Lancashire, BB11 5UB.

2               CONTACT US

2.1           Please direct all general communications or queries relating to this Privacy Notice to [email protected] This email address is also provided for the convenience of data subjects wishing to exercise their rights under this Privacy Notice.

3               What information do we collect AND WHY

3.1           We may source, use and otherwise process personal data in different ways, as set out in the table below.

Categories of Personal Data

Who do we collect this from?

Purpose of Processing

Lawful Basis for Processing

Name


Contact details including email

 

 

Customers, vendors, business contacts, website visitors

 

 

·     Internal Record Keeping

·     Improving our products and services

·     To send promotional materials (by email / phone)

·     To provide our website services to you

·     Establish and manage our relationship

·     Learn about our website(s) users’ browsing patterns and the performance of our website

·     Security

·     Let you know about our products and services and promotions or materials that may be of interest to you by letter, email other forms of electronic communication

·     Learn about how our products or service may be used

·     To effect a sale (online)

·     To complete a purchase

·     To receive and address complaints (Tell TOFS

Legitimate Interest

Contract

 

CCTV images

Customers, vendors, business contacts, visitors to our premises

CCTV surveillance at The Original Factory Shop is intended for the purposes of: 

·      protecting our buildings and company assets

·      investigating any health and safety related incidents involving colleagues, customers and/or visitors;

·      investigating allegations of misconduct involving our colleagues;

·      reducing the incidence of crime and anti-social behaviour (including theft and vandalism);

Legitimate interest

credit or debit card information

Customers

Making a purchase

Contract

IP address

Customers
Website Visitors

shopping online / completing a survey

Legitimate interest

Demographic information

Customers
Website Visitors

 

To provide you with items that may interest you based on your purchase patterns

Legitimate interest

information relevant to customer surveys and/or offers

Customers
Website visitors

To provide you with items that may interest you based on your purchase patterns

Legitimate interest

Date of birth

Customers
Visitors to our premises

For the purposes of reporting an accident

Legal obligation

Home address

Customers
Visitors to our premises

For the purposes of reporting an accident

Legal obligation

 

·       Contract: In order to allow us to fulfil our contractual obligations with you, we may need to contact you regarding purchases or sale orders and will therefore process your name and contact details. If you contact us, we may keep a record of that correspondence.

·       Legitimate Interest: As our current or potential business contact it is in our legitimate business interest to process your name and contact details for the following purposes:

§  business development;

§  marketing to you;

§  providing you with promotional material

As a user of our website we may process your personal data for the following purposes:

§  To fulfill your order;

§  To enroll you into our original factory shop club card to receive promotional materials

§  As our website user we may collect your cookie data allow us to distinguish you from other users of our website, which helps us to provide you with a personalised experience when browsing our website and allows us to improve our site, as well as to keep track of what you have in your basket, and to analyse visitor information. To find out more about how we use cookies please see our Cookie Notice https://www.tofs.com/customer-service/cookie-policy/

§  Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over the external website(s) and these website(s) will have their own privacy notices, for which we do not accept any responsibility for. You should exercise caution and look at the privacy notice applicable to the website in question

§  If you object to us using your contact details for these purposes, including direct marketing, please send an email to us at [email protected]

 

§  Where we use your email to communicate marketing information to you we will seek your prior consent where required to do so by law.

4               How we source your personal data

4.1           We may collect this information in a variety of ways, e.g.: data might be collected through application for an original factory shop club card, through making an online purchase, through returning an item into store or vendors expressing interest to supply us goods or services.

5               Who has access to your data?

5.1           In the below circumstances the data will be subject to confidentiality arrangements with our selected third parties:

·       original factory shop club – your data is processed by our data management agency and email provider to ensure all email campaigns are sent according to the previously stated reasons. The data management agency specifically uses your information for profiling, which consequently allows us to provide much more accurate direct marketing relevant to you and your shopping habits.

·       online purchases – we do not hold stock of the products online; we instead employ several ‘drop ship’ suppliers (they hold the stock in their own warehouses). They use your personal information to know when and where to send their products to you.

·       Tell tofs – your data is processed by our data management agency in the USA, the comments/feedback that you provide us helps us to make improvements to our products and services.

·       Accident reporting / CCTV / Third party vendors – this information is not shared with any external bodies. We may also use and disclose Personal Data that you provide us for other purposes if authorised by you.

5.2           Your information may be shared internally if access to the data is necessary for performance of their roles.

5.3           Where the parties we engage with are located outside the European Economic Area, in particular the United States, these transfers are governed by the EU Commission-approved Standard Contractual Clauses, GDPR-compliant Data Processor clauses where the US vendor is certified under the EU-US Privacy Shield Programme Framework, or Binding Corporate Rules for Processors.

6               How do we protect data?

6.1           We take the security of your data seriously. We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our colleagues in the performance of their duties. This includes using individual passwords and restricted access to folders and systems on our IT network.

6.2           Where we engage third parties to process personal data on our behalf, we do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

7               For how long do we keep data?

7.1           We will hold your personal data for the following duration/s:

·       original factory shop club

o   name and address – indefinitely, unless you choose to opt out of the club

o   transaction information – 400 days

·       online purchases

o   name, email, telephone number, address and credit/debit card details – 400 days, unless you choose to opt in to receive our club emails

·       customer queries/complaints and returns

o   name, email, telephone number – 400 days,

·       tell tofs

o   name, email, transaction details and ip address – 400 days,

·       Accident reporting

o   name, address, date of birth and telephone number – 3 ½ years

·       CCTV

o   Images are over written each month

·       Vendors

o   name, email, telephone number – kept for as long as we have supplier/retailer relationship

o   visitor book – name, company & car registration – 6 months

8               Your rights

8.1           The GDPR provides you with certain rights in relation to the Processing of your Personal Data, including to:

·       Request access to Personal Data about you (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you.

·       Request rectification, correction, or updating to any of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

·       Request erasure of Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to Process it. You also have the right to ask us to delete or remove Personal Data where you have exercised your right to object to Processing (see below).

·       Request the restriction of Processing of your Personal Data. This enables you to ask us to suspend the Processing of Personal Data about you (e.g. if you want us to establish its accuracy or the reason for Processing it).

·       Request the transfer of Personal Data provided by you (“data portability”).

Object to the Processing of your Personal Data in certain circumstances.

8.2           The exercise of these rights is not absolute and may be subject to certain pre-conditions and exemptions under the GDPR. Should you wish to exercise the rights accorded by the GDPR, please contact our Chief Privacy Officer: [email protected].

9               COMPLAINTS

9.1           We strive to process your personal data in accordance with the applicable legal obligations but if you have any complaint(s) in that regard, please address your complaint(s) to [email protected]

9.2           You also have the right to lodge a complaint with the UK Information Commissioner’s Office (“ICO”) if you are not happy with how TOFS processes your personal data and we cannot provide you with a satisfactory resolution to your request.

This Notice may be amended from time to time. We will post any change to this Notice on our website.

 

[This Notice was last updated on 11th June 2018]