Privacy Policy & GDPR Statement

D&R Furnishers (Marlborough) GDPR Statement

May 2018

D&R Furnishers safeguards your information through a data protection regime that is effective and adheres to GDPR compliance.  Our procedures are summarised in this statement.

Our managerial staff are responsible for adhering to this policy.

Data Controller – Camilla Dible

Your information, how we use it and who has access to it.

In accordance with GDPR compliance, we confirm the only personal information we hold is;

-Current and delivered sales orders – accessed by sales, production and accounts staff for administration purposes.

-Sales invoices – accessed by accounts staff for administration purposes and our accountants for tax purposes.

-Home addresses, telephone numbers and email addresses – accessed by sales and accounts staff.  Used for administration purposes. We use MailChimp for our email marketing, their privacy policy can be found here: https://mailchimp.com/legal/privacy/

External workshops, suppliers and accountants’ firms we use are GDPR compliant and our own staff know of our strict adherence.

How we keep your information and to whom it is disclosed.

Emails – kept on a secure server and archived after one year.  Depending on subject matter, deleted after 1-5 years.  Only accessed by administration and sales staff.

Letters – kept as hard copy and on PC.  Depending on subject matter, shredded in the appropriate manner after 1-5 years.  Only accessed by administration and sales staff.

Orders – kept in accordance with HMRC recommendations for 5 years on as hard copy.  Then shredded/deleted in the appropriate manner.  Only accessed by sales and accounts staff.

Invoices – kept in accordance with HMRC recommendations for 5 years on our computers and as hard copy.  Then shredded/deleted in the appropriate manner.  Only accessed by sales and accounts staff and our accountants firm.

Our computer system.

Access to our computers is by passwords.  Two directors and 4 members of staff have access to the computer system and all have knowledge of current GDPR legislation.  We use up to date firewalls and anti-corruption systems.  Our computers are regularly checked to ensure their security has not been compromised.  Back-ups are via One Drive and 1 external hard drive.

Our IT Support company is GDPR compliant.

Sharing your information.

We will never give any personal information we hold for you to any third parties without your permission.

Occasionally it is necessary for us to provide your information for goods to be sent direct to you from a supplier. If this is the case we will seek your permission first.

Your access to the information we hold on you and up-dating/corrections/deletion.

Upon request, and with 30 days’ notice, we are happy to let you know of any information we hold on you, how we use it and how we intend to keep/delete it.  Subject to any tax implications, we would be happy to up-date, correct or delete such details.

Your rights.

You have the right to request erasure or restrict processing in accordance with data protection laws.  You also have the right to lodge a complaint or seek judicial remedy if our systems are found to be unfit for purpose.

Privacy on our site

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

How long we retain your data.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What we collect and store as an online shop.

While you visit our site, we’ll track:

• Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
• Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
• Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!

We’ll also use cookies to keep track of basket contents while you’re browsing our site.

When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:

• Send you information about your account and order
• Respond to your requests, including refunds and complaints
• Process payments and prevent fraud
• Set up your account for our store
• Comply with any legal obligations we have, such as calculating taxes
• Improve our store offerings
• Send you marketing messages, if you choose to receive them

If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.

We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 5 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.

We will also store comments or reviews, if you choose to leave them.

Who on our team has access.

Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:

• Order information like what was purchased, when it was purchased and where it should be sent, and
• Customer information like your name, email address, and billing and shipping information.

Our team members have access to this information to help fulfil orders, process refunds and support you.

Payment Gateways

We accept payments through PayPal and Stripe. When processing payments, some of your data will be passed to PayPal and Stripe, including information required to process or support the payment, such as the purchase total and billing information.

Please see the PayPal Privacy Policy  and the Stripe Privacy Policy for more details.