1. Who are we?
1.3 We have a legal duty to protect personal information that we collect under the Data Protection Act 2018 (the “DPA”) and the General Data Protection Regulation (EU) 2016/679, (the “GDPR”). For the purpose of the DPA and GDPR, we (Marchanson Limited) are the data controller (in other words, the organisation that determines how your personal information is used) and are located at 120 Kensington Church Street, London, United Kingdom, W8 4BH. Our contact details are set out in part 9 below.
2. Personal information we collect, how we use it and our lawful basis for processing
2.1 We may collect and use various types of personal information about you when you use our website to access our services. Details of this information, together with an overview of the way that we use it and our lawful bases for the processing in each case are set out below:
(a) We will collect personal information from you when you make an enquiry about our business on our website or placing an order on our website. This includes your name and contact information, details about the particular products that you are most interested in, and any additional information which you voluntarily give to us. We may also collect details about the best time to contact you, your postal address and any other requests or comments that you may make
We will use this information so that we can provide you with information that you have requested or contact you if you have indicated you want to hear from us. We use your personal information to help us better understand, direct and respond to your enquiries and requests.
We have a legitimate interest to use your information in this way to make sure that we are able to help provide you with the right services, and to enable us to contact you in the most appropriate and business-efficient manner. Where we rely on our legitimate interests, we’ll always ensure that your rights are protected.
Creating an account on our website and making a purchase
(b) If you create an account on our website we will ask you to provide certain details as part of your account setup. This is likely to include your name and contact details. If you create an account without ordering any goods, we won’t get in touch with you unless you have asked us to. We will use this information to provide you with an account so that you can place orders and manage your newsletter subscriptions.
We have a legitimate interest to use your information in this way to make sure that we are able to contact you in the most appropriate and business-efficient manner. Where we rely on our legitimate interests, we’ll always ensure that your rights are protected.
We also use this information to analyse and find out more about our general customer base as a whole (and not to find out more about you as an individual) to ensure that the promotions, products and services that we offer are most likely to interest our customers.
We have a legitimate interest to use your information in this way to make sure that we are providing you with the information that we think is most relevant to you. Where we rely on our legitimate interests, we’ll always ensure that your rights are protected.
Our website, marketing and advertising
(c) We will collect certain technical information about you when you visit our website. When using our website, this is likely to include: the internet domain you use, your IP address or other device identifier, your browser type and version (e.g. Chrome or Internet Explorer), the screen resolution of your device, the dates and times when you access our website, the full URLs of the pages you visit and the website or links that you use to access our website, login information, details of products or services that are viewed, how you interact with our website (including how you move your mouse) and the length of visits to certain pages of our website.
We use this information for site management and security purposes (such as troubleshooting and testing) as well as to help us improve our website. We do not try to identify individual users or their usage habits from this data.
We collect this information so we can fulfil our legitimate interests as a business to ensure that our website is fit for purpose and promotes our services appropriately for our customers, including by displaying information that our customers are interested in. We also rely on our legitimate interest in measuring customer satisfaction and troubleshooting any website issues. Where required by law, we may also seek and rely on your consent.
(d) We shall use the personal data that you have provided to us to contact you with certain marketing messages (e.g. newsletter marketing e-mails) where you have told us you are happy to receive them. We may also use data we collect from you (either directly or via our website or advertising) to help us to measure the effectiveness of our advertising and to establish what interests you and what doesn’t.
We rely on your consent or our legitimate interests to contact you directly about our offering. In other scenarios in carrying out efficient and appropriate marketing and advertising for our services, we will rely on our legitimate interests, whilst always ensuring that your rights are protected. You can withdraw your consent or opt out of our direct marketing at any time through the ‘unsubscribe’ option in any marketing email or, if you have an account, via your account settings.
(e) We may collect details about you, such as your user name, when you engage with us on social media (by mentioning or tagging us in a post or contacting us directly) this is so that we can respond to any comments and queries you have.
We rely on our legitimate interests to do this as we want to ensure our customers have the best possible experience, whilst always ensuring your rights are protected.
Administrative or other business purposes
(f) We may collect certain other information that you give us, for example, when you contact us for a particular reason other than those set out above such as to report problems with our website.
(g) It is in our legitimate interests as a business to use your data in this way, for example, we have a clear interest in ensuring that our website works properly and in ensuring that we operate our business efficiently. We will always ensure that your rights are protected.
2.2 As well as collecting personal information directly from you, we also collect some from certain third parties such as Google Analytics.
3. How we share personal information
3.1 In order to make sure that we run our business efficiently, and to make sure that you get the service that you expect, we will need to share your personal information, from time to time, as necessary, with the following third parties:
(a) Selected trusted third-party business partners and service providers (such as our delivery fulfilment providers and our payment provider) to perform services related to the contracts we enter into with you, or where we have a legitimate interest to do so.
(b) Prospective buyers of our business or assets, which may include your personal information.
(c) Any other third parties if necessary to comply with legal obligations or enforce agreements, such as with law enforcement agencies, regulatory bodies or public authorities in order to prevent or detect crime. We will only ever disclose your personal data to these third parties to the extent we are required to do so by law.
(d) Any other third parties if this is necessary to protect our or your rights, property, or safety and/or those of others.
3.2 We do not share your personal information with third parties for them to use for the purposes of sending you marketing information or for those third parties to use your information for their own purposes.
4. Where we transfer and store personal information
4.1 From time to time we may process (or ask or permit a third party to process) your personal information outside of the UK and the European Economic Area (EEA) where local laws may not provide legal protection for your information in the same way as is applicable in the UK or the EEA.
4.2 Whenever we send (or permit a third party to send) your personal data outside of the UK and the EEA, we will make sure that we take steps necessary to protect your data as required by applicable laws. For example, we may require the overseas recipient to enter into particular contract terms, or we will make sure that the information that we give to them will be limited to what is needed to perform our contract with you.
4.3 If you wish to learn more about the safeguards in place to protect your personal information when we transfer it outside of the UK and the EEA, please contact us using the details in part 9 below.
5. Security of your personal information
We take the security of your information very seriously and have put physical, technical, operational and administrative strategies, controls and measures in place to help protect your personal information from unauthorised access, use or disclosure as required by law and in accordance with accepted good industry practice. We will always keep these under review to make sure that the measures we have implemented remain appropriate.
6. Retention of personal information
We will keep your personal information for limited and appropriate periods of time only and the applicable retention periods will always be linked to our purposes for processing your personal information. This means that the retention periods will vary according to the type of personal information. If you need more information on this, please contact: firstname.lastname@example.org.
7. Your rights in your personal information
7.2 You have the right:
- to ask us not to use your personal data for direct marketing purposes;
- to ask to see what personal data we hold about you and to find out about the way that we process the data (and in some circumstances, you can ask us to provide a copy to a third party);
- to ask us to correct or update any personal data which is inaccurate;
- to ask for personal data to be deleted in some (but not all) circumstances where there is no good reason for us to continue to use it;
- to ask us to temporarily stop using your data if you don’t believe that we have a right to use it, or to stop us from using your personal data where there is no good reason for us to continue to use it; and
- not to be subject to decisions made solely on the basis of ‘automated processing’ (i.e. the right not to be subject to decisions made solely by algorithms or computers without input from a human) in certain circumstances.
8. Changes to our policy
9. Contact and complaints