Loading... Please wait...

Data Protection & Privacy Policy

Data Protection and Privacy Policies


Nature of Data Held by Grace & Oliver
Legal Basis for Holding Data
Data Protection Policy
Cookies Policy for this Site
Our Privacy Policy
Data Access Policy
Your Right to be Forgotten
Our Complaints Procedure
Data Retention Term
Automated Data Processing
Data Protection Officer

Nature of Data Held by Grace & Oliver



In order to ensure customer satisfaction, fulfil our contractual obligations to customers and satisfy our legal obligation to HMRC, we hold the following information:

  • Name
  • Name
  • Address
  • E-Mail
  • Telephone Numbers
  • Products Purchased
  • Source of Enquiry
  • Original Question

Data held relating to customers

Contact information is held for the purposes of:

  • Invoicing and delivery
  • Sending occasional news items and product information

In practical terms, this will involve no more than 12 emails in any year.

Grace & Oliver Legal Basis for Processing Data


Consent.
Site visitors may opt in to our mailing list at any time by checking the appropriate box on our contact form or order form. This implies consent to receive a limited number of promotional emails only from Grace & Oliver.
Fulfillment of contract.
For customers, to complete delivery or exchange of products.

Invoice and other commercial details, whether or not they contain personally identifiable data will be retained for long enough to fulfil any legal obligations upon us for tax record purposes. This is currently seven years, but this may change owing to factors outside our control.

Grace & Oliver Data Protection Policy



Scope
This document defines the policy for managing data for the Grace & Oliver web site, not taking into account the data holdings at their fixed office or mobile facilities.

Online Shop
The online shop is operated through and managed by Big Commerce. Please follow this link to view their security and privacy policies. We do not authorise Big Commerce, or any other organisation to share, or process any data apart from for the purpose of receiving and satisfying orders.

Online Payments
All our online payments are handled by SagePay, using their fully hosted solution. This gives us the benefit of using the security arrangements put in place by Sage. We do not handle or process any personal payment data ourselves. Please see the SagePay site for their own data protection and privacy policies.

Newsletters and Promotional Mailing
Our opted in mailing list is managed by MailChimp. No personal data are stored other than name and email address for the purpose of occasional information broadcasts. Please see the MailChimp site for details of their security and data protection arrangements.

Grace & Oliver Cookies Policy

Use of Cookies on this Web Site


Grace & Oliver site uses only one cookie. It is a session cookie, which is deleted at the end of your browser session. It holds no personally identifiable data relating to our site visitors, other than the broad geographical location. This serves to ensure the site delivers the correct information in terms of local contacts, currency and taxes.

No personal data is ever held in a cookie on our web site.

However, a number of social media sites and search engines use practically every web site for tracking cookies and so called Interest Based Advertising. They do this without our consent or co-operation. While we make strenuous efforts to prevent them from doing this, their evolution is such that they can generate new ones faster than we can block the old ones.

We strongly recommend that if you do not want every moment of your web browsing catalogued and analysed, you should use the controls available in your browser to prevent tracking and to block third party cookies.

To get more information and help on how to use these blocking tools, here are some links:
privacy.net
Privacy Badger
Disconnect
AdBlock Plus
Firefox Tracking Blocker Instructions
Firefox Cookie Manager
Ghostery Tracking Blocker for Chrome
Managing Cookies in Chrome
Tracking Blocker Advice for Vivaldi

The only cookies that our site will place are for strictly functional purposes like identifying your broad geographical area to ensure accurate local informattion, and to retain the contents of a shopping basket if one is used.

Grace & Oliver Privacy Policy



Your Privacy

Data we may collect and how we use it


We will collect personal data about you. This includes data collected when you contact us, register to use our site, search for a product, create a design through our bespoke service, place an order on our site and when you report a problem with our site. This may include your name, address, e-mail address and phone number, financial and credit card data. We will use this data:

  • to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
  • to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
  • to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you (please see Marketing and Opting-Out below);
  • to notify you about changes to our service; and
  • to ensure that content from our site is presented in the most effective manner for you.

When you visit our site, we may automatically collect technical data, including where available your IP address and your login data. We may also collect data about your visits to our site, for example traffic data, location data and products you viewed or searched for. This is statistical data and does not identify you personally. We will use this data:

  • to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
  • to allow you to participate in interactive features of our service, when you choose to do so;
  • as part of our efforts to keep our site safe and secure;
  • to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
  • to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.

We will work with third parties (including for example sub-contractors in payment and delivery services) and may receive data about you from them. We may use this data for any of the purposes already set out above.

Marketing and Opting-Out


If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this.
You have the right to ask us not to process your personal data for marketing purposes. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please opt-out by ticking the relevant box when you register to use the site/when you place an order.
You will at all times be able to unsubscribe, by clicking here [LINK] or by using the link in any e-mail we send you.
Cookies
Our site uses cookies to distinguish you from other users of our site. This helps us to provide you with a good experience when you browse our site and also allows us to improve our site. By using our site you agree that we can place these types of cookies on your device and access them when you visit the site in the future.
For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.

Disclosure of your data


We may share your personal data with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may share your data with selected third parties including:

  • Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
  • Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose data about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in London). We may make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience.
  • Analytics and search engine providers that assist us in the improvement and optimisation of our site.
  • Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
    We may disclose your personal data to third parties:
  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If Grace and Oliver Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our General Terms and Conditions and other agreements; or to protect the rights, property, or safety of Grace and Oliver Limited, our customers, or others. This includes exchanging data with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Where we store your personal data


The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.
All data you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of data via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your data, we will use strict procedures and security features to try to prevent unauthorised access.

There are no admin fees associated with any of your rights, and everything can be achieved by contacting us.

Good practice dictates that in order to review, modify or remove data, we ascertain that your identity is as stated. Assuming your email address to be a unique identifier of you as an individual, the first stage in the process is to send a secure link to your email address, which will bring you back to this page, with the relevant options enabled. This is in the interests of keeping your data private and preventing malicious deletions or modifications.

Grace & Oliver Data Access Policy



Data Access Policy
Under the provision of the General Data Protection Regulation, you have the right to access any data held by any organisation relating to you as a natural person.

By following the relevant link, our policy is to make your information freely available to you to view or amend as necessary.

Naturally, we have to ensure that the identity of the person requesting the information is valid, so when you make a request, an email will be generated to the address held on file for yourself. This will contain a secure link to this page, which will then display your information in editable fields.

Once you have finished amending any information that you want to update, click on the submit button to apply changes. The new information will then be presented for you to review.

Grace & Oliver Right to be Forgotten Policy



Your Right to be Forgotten
Under the provisions of the General Data Protection Regulation, you have the right for all data held relating to yourself to be completely and permanently erased.

In pursuance of this policy, Grace & Oliver provides a link that will completely delete all information relating to an individual, identified by their email address from the current database. That request sends an email to the responsible individual informing that the records relating to a record, identified by sequential number have been removed.

To ensure that only you can remove your records, your RTBF request will generate an email to the address held on file for you, with a secure link back to this page, with the RTBF confirmation button showing. Confirming removal will delete all information held in association with your email address from Grace & Oliver database. If you have made enquiries on more than one occasion, using different email addresses, you will need to repeat the process for each address used.

The Regulation also provides for this information being removed from all backup copies and other repositories in the organisation. To ensure that this requirement is followed, Grace & Oliver adopts the following practices:

  • Only one copy of the database exists, held on a remote server in a secure data centre
  • For disaster recovery, a backup is held on a local NAS unit
  • The backup is a snapshot of the most recent data and only the latest version is retained
  • Every week that backup file is overwritten with the latest data
  • In case of a backup being restored, the responsible individual is required to manually reconcile any RTBF requests that may have been overridden by the restoration

Please note that the server is backed up weekly, so there will be a latency of seven days between removal from the active database and removal from the backup copy.

For instant removal from the backup copy as well as the active database, contact the responsible individual who will manually destroy your record in the backup copy on the day of request.

Grace & Oliver Complaints Procedure



Complaints Procedure
Complaints about the management, security or handling of personal data should be addressed to the responsible individual using the link on this page. In the event of receiving a complaint, the responsible individual will:

  • Investigate via the database within three working days
  • Consult relevant customer or team member within five working days
  • Respond with intial findings within seven working days
  • Take appropriate remedial action within three working days of your reply
  • Report on outcome of remedial action on the same day
  • Follow up within a further three working days to ensure satisfaction

In the unlikely event of the outcome being unsuccessful or unsatisfactory, your rights as an individual allow for complaints to be escalated to the Office of the Information Commissioner, who may proceed on your behalf if a serious data breech is suspected. Their contact details are:
Web site: ico.org.uk
Phone: 0303 123 1113

Through the web site or phone line, you can express concerns to the ICO relating to:

  • Nuisance Calls or messages
  • Accessing or Re-using Information
  • Information Handling
  • Internet Search Results
  • Web Site Cookies
  • EU-US Privacy Shield
  • Comments Relating to ICO Services



Grace & Oliver Data Retention Policy



Customers
Until contract expiry or termination

Other Contacts
3 Years or data removal by subject, whichever is the sooner.

Invoice details will be retained in accordance with our legal obligation in relation to tax regulations.

Automated Processes


The only automated process carried out on data from this site, is the transmission of orders to our fulfilment house in order to ensure correct delivery. The recipients of such data are bound by our own policies of non-disclosure and non-sharing.

Responsible Person (Web site Data Protection Officer):

For the purposes of this policy, the Data Processor is Grace & Oliver, Devonshire Place, London W1

Contact number: 01923 210111