3.2 IF YOU FAIL TO PROVIDE PERSONAL DATA
The provision of your personal data is voluntary, however, if you do not provide certain personal data which we need in order to comply with our legal obligations or in order for us to enter into or perform a contract with you (such as your delivery and billing address when you place an online order), we may be unable to provide the goods or services you have requested
4. LAWFUL BASIS
4.1 We will only use your personal data where we have a lawful basis to use it, for example:
Contract: In order to allow us to fulfil our contractual obligations with you, we may need to process your name, contact details and payment details, as set out above. If you contact us, we may keep a record of that correspondence.
Legitimate Interest:It is in our legitimate business interests to process your personal data in ways which might reasonably be expected as part of running our business and which do not materially impact your interests, rights or freedoms, such as:
- business development;
- responding to your customer services queries;
- marketing to you by telephone and letter; and
- personalising and/or tailoring the communications that we may send you by profiling, as explained further in the ‘Profiling’ section below.
Legal Obligation: We may sometimes need to use data to comply with our legal obligations (for example to report an accident).
Consent:Where we use your email or telephone number to communicate marketing information via email and SMS, we will seek your prior consent to do so. You can withdraw your consent at any time, by contacting us using the details provided above.
4.2 As a user of our website we may process your personal data for the following purposes:
- To enable you to purchase items online. You will have the option to register an account with us or to proceed through the checkout as a guest, in which case we will only collect the personal data which we require to process your order.
- To handle any customer service issue, including any returns, [in accordance with our terms and conditions].
- To improve your online shopping experience, such as to notify you by email when items in your basket have been abandoned.
- To enroll you into our original factory shop Club card or email programme, to receive promotional materials.
- Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over the external website(s) and these website(s) will have their own privacy notices, for which we do not accept any responsibility for. You should exercise caution and look at the privacy notice applicable to the website in question.
5. HOW WE SOURCE YOUR PERSONAL DATA
5.1 We may collect this information in a variety of ways, e.g.:
- When you provide your personal data during the check-out process on our website,
- data might be collected through application for an original factory shop Club card,
- when you sign up to our email programme,
- when you update your details in store/online/via customer services, or
- when you return an item into store or online, or vendors expressing interest to supply us goods or services.
6.1 We use your purchase history and demographic information (such as your home address and date of birth) to build a picture of your preferences and interests, which we use where it is in our legitimate interests to tailor the marketing that we provide to you by email, SMS, telephone and post to you and your shopping habits.
6.2 If you would like any further information about the information that we use to create this profile please contact our Chief Privacy Officer – email@example.com.
7. ONLINE ADVERTISEMENTS
7.1 When you are browsing on apps and other websites, such as Facebook, we will display advertising about products and services which we think will be of interest to you based on your use of our website (such as the content you read on the website) and your shopping habits. We do this using services offered by sites and social networks, for example, Facebook's Custom Audiences, and using pixels on our website.
8. WHO HAS ACCESS TO YOUR DATA?
8.1 In the below circumstances the data will be subject to confidentiality arrangements with our selected third parties:
- Tell tofs – your data is processed by our data management agency in the USA, the comments/feedback that you provide us helps us to make improvements to our products and services.
- Accident reporting / CCTV / Third party vendors – this information is generally not shared with any external bodies unless we are required to do so by law.
- Delivery Partners – if you place an order for delivery, we will pass your contact details to our delivery partners so that they can arrange for, and fulfil the delivery.
- Website Provider– your data may be processed by our website provider, Shopify, in order for them to assist us in the provision of the site and to provide data to our data and campaign management agency.
- Payment Processors – when you place an online order your data will be transferred to Stripe or Paypal (whichever payment processor you select) to process your payment.
8.2 Your information may be shared internally with our personnel if access to the data is necessary for performance of their roles.
8.3 Where the parties we engage with are located outside the UK/European Economic Area, in particular the United States, then (unless an exemption applies) these transfers are governed by the EU Commission-approved Standard Contractual Clauses, Binding Corporate Rules for Controllers or Processors or the transfer is to a country which is the subject of an adequacy-decision by the European Commission;
9. HOW DO WE PROTECT DATA?
9.1 We take the security of your data seriously. We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our colleagues in the performance of their duties and our approved service providers. This includes using individual passwords and restricted access to folders and systems on our IT network.
9.2 Where we engage third parties to process personal data on our behalf, we do so on the basis of written instructions, they are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
10. FOR HOW LONG DO WE KEEP DATA?
10.1 We will hold your personal data for the following duration/s:
original factory shop club card and email programme
- name, contact details and, where you are a club card holder, transaction information – up to 7 years
Online order data
- name, contact details and transaction information – up to 7 years
customer queries/complaints and returns
- name, email, telephone number – 400 days
- name, email, transaction details and ip address – 400 days
- name, address, date of birth and telephone number – 3 ½ years
- Images are over written each month unless we are required to keep them to deal with a particular issue
- name, email, telephone number – kept for as long as we have supplier/retailer relationship
- visitor book – name, company & car registration – 6 months
11. YOUR RIGHTS
11.1 The GDPR provides you with certain rights in relation to the Processing of your Personal Data, including to:
Request access to Personal Data about you (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you.
Request rectification, correction, or updating to any of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to Process it. You also have the right to ask us to delete or remove Personal Data where you have exercised your right to object to Processing (see below).
Request the restriction of Processing of your Personal Data. This enables you to ask us to suspend the Processing of Personal Data about you (e.g. if you want us to establish its accuracy or the reason for Processing it).
- Request the transfer of Personal Data provided by you (“data portability”).
11.2 Object to the Processing of your Personal Data in certain circumstances.
Where we are processing your personal data on the basis of our legitimate interests, you can ask us to stop processing it and we must do so unless we believe we have an overriding legitimate reason to continue processing your personal data or we need to process your personal data to deal with a legal claim. This includes where we are carrying out profiling activities using your personal data.
11.3 The exercise of these rights is not absolute and may be subject to certain pre-conditions and exemptions under the GDPR. Should you wish to exercise the rights accorded by the GDPR, please contact our Chief Privacy Officer – firstname.lastname@example.org
12.1 We strive to process your personal data in accordance with the applicable legal obligations but if you have any complaint(s) in that regard, please address your complaint(s) to email@example.com
12.2 You also have the right to lodge a complaint with the UK Information Commissioner’s Office (“ICO”) if you are not happy with how TOFS processes your personal data and we cannot provide you with a satisfactory resolution to your request.
This Notice may be amended from time to time. We will post any change to this Notice on our website.
This Notice was last updated on 10th November 2020.