HOW WE OBTAIN YOUR PERSONAL DATA
Information provided by you
You provide us with personal data via online queries through our website, over the telephone, face to face, by email that you complete. This includes, but isn’t limited to, name, address, date of birth, email address & personal telephone numbers. We use this information to manage customer accounts and orders. Our legal basis for collecting and processing this data is therefore for the performance of a contract.
We may also keep information in any correspondence you may have with us by post or via email.
HOW WE USE YOUR PERSONAL DATA
We use your personal data to manage customer accounts and orders. We undertake at all times to protect your personal data, including any health and financial details, in a manner which is consistent and in line with GDPR concerning data protection. We also take reasonable security measures to protect your personal data in storage.
Do we use your personal data for marketing purposes?
We may use your personal data to share email updates about our services. You have the right to opt out at any point. At no point will we share or sell your data to third party marketing companies.
DISCLOSURE OF YOUR PERSONAL INFORMATION
We will keep information about you confidential. We may also share information to satisfy compliance or audit requirements. We will not share your information without obtaining your express consent except with the following third parties where we need to share this in our role as intermediary and to satisfy our contract with you:
- Any contractor and/or adviser that provide a service for us or act as our agents on the understanding that they collect and process data in line with Hickory Dickory Dock standards and who we are satisfied with all requirements of the GDPR
- Anyone to whom we transfer our rights and duties under any agreement we have with you
- Any legal or crime prevention agencies and/or to satisfy any regulatory request (including recognised practitioner bodies) if we have a duty to do so or if the law allows us to do so.
All Hickory Dickory Dock employees have received training on protecting personal data and are duty bound as part of their contract of employment to confidentiality and data protection. A summary of our rules and procedures in respect of IT use and the protection of personal data are contained in our Acceptable Use Policy which is available on our website.
Transfer of your personal data outside of the European Economic Area
We do not transfer your personal data outside of the EEA.
If in the future we have to transfer your personal data outside of the EEA, we will ensure that the receiver agrees to provide the same or similar protection as we do and that they only use your personal data in accordance with our restrictions.
How long do we keep this information about you?
Our data retention periods are in line with the amount of time we need to keep your personal information in order to manage your account and process any orders or refunds. We will also retain your personal data to comply with any legal, statutory and regulatory obligations. More information about this can be found in our Data Retention Policy, which can be found on our website. In all cases our need to keep your personal data will be reassessed on a regular basis and information which is no longer required will be disposed of permanently and confidentially.
Where your data is kept
Your personal data is kept on our Company IT systems, the security of which is governed by our Information Security Policy. A copy of this is provided on our website.
DATA SUBJECT RIGHTS
Subject access requests
You have the right to access personal data that we hold about you. This is referred to as a subject access request. In order to make a subject access request please email to the Data Protection Lead at firstname.lastname@example.org
Our response to a formal request shall include details of the personal data we hold about you, including the following:
- Sources from which we acquired the information
- The purposes for processing the information
- Persons or entities with whom we are sharing the information
Right to rectification
You have the right, without undue delay, to have any personal information about you which is not accurate, corrected. You also have the right to any incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
You have a right to request for us to erase personal data concerning you, without delay. This refers only to data that we are not legally required or entitled to keep for a specified length of time in order to comply with any legal, statutory and regulatory obligations.
Right to the restriction of processing
Subject to exemptions, you have the right to restrict the processing of your personal data when:
- You are contesting the accuracy of the data, and restrict the processing until the accuracy of the data has been verified
- The processing is unlawful and you oppose the erasure of the personal data but instead request the restriction in its use.
- We no longer need the personal data for processing, but it is required by you for the establishment, exercise or defence of claims
- You object to processing of your personal data pending the verification of whether there are legitimate grounds for us to override these objections.
We shall communicate any rectification or erasure of personal data as described above to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall provide you with information about those recipients if you request it.
Right to data portability
You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine readable format, and have the right to transmit this data to another controller without hindrance from us.
Right to object
You have the right to object on grounds relating to your particular situation, at any time to the processing of personal data concerning you, including any personal profiling; unless this relates to necessary processing for the performance of a task carried out in public interest or an exercise of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of you, or in the establishment, exercise and defence of legal claims.
Right to not be subject to decisions based solely on automated processing
We do not carry out any automated processing, which may lead to an automated decision based on your personal data.
Invoking your rights
If you would like to invoke any of the above data subject rights with us please email to the Data Protection Lead at email@example.com.
Accuracy of information
In order to provide the highest level of customer service we need to keep accurate personal data about you. We take reasonable steps to ensure accuracy of personal data or sensitive information we obtain. We ensure that the source of any personal or sensitive data is clear. We will consider when it is necessary to update the information, such as names and/or addresses and you can help us by informing us when these changes occur.
Hickory Dickory Dock will review this policy regularly to make sure we meet the highest standards and the protect your information. We reserve the right to update this policy at any time. We will not significantly change how we use data given by you to us, without your prior agreement.
If you have a complaint please email to the Data Protection Lead at firstname.lastname@example.org.
If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them on 0303 123 1113. You also have the right to judicial remedy against a legally binding decision of the ICO where you consider that your rights under this regulation have been infringed as a result of the processing of your personal data. You have the right to appoint a third party to lodge the complaint on your behalf and exercise your right to seek compensation.