(UPDATED MAY 2018)
We abide by and are compliant with the Data Protection Act 1998 (herein referred to as “The DPA”) and the General Data Protection Regulation (herein referred to as “The GDPR”) which comes into effect on 25th May 2018. We are committed to keeping buyers’ personal information secure and confidential.
For the purposes of the General Data Protection Regulation (“GDPR”) and UK Data Protection Act, the controller is Hexeal Chemicals Limited.
HOW WE COLLECT YOUR INFORMATION
We may collect your personal information in a few ways, these include: Directly from you, when you fill in an account application form, when you make enquiries on our website, when you provide information on orders sent to us, from Amazon.co.uk and/ or eBay.co.uk and/or Shopify via our direct website.
For the purposes of The GDPR, we are the Data Processor when selling on Amazon.co.uk and/or eBay.co.uk and/or Shopify via our direct website and processes all personal data lawfully, fairly and in a transparent manner. Under Article 6 of The GDPR, the lawful basis on which we process personal data received from Amazon.co.uk and/or eBay.co.uk and/or Shopify via our direct website is that of “Contract” - whereby processing is necessary in order to fulfil buyer orders and enquiries. We retain information provided by Amazon.co.uk and/or eBay.co.uk and/or Shopify via our direct website, such as transaction information for internal financial accounting purposes. It is a legal requirement to retain this information for a period of 7 years under instruction from HMRC.
THE TYPE OF INFORMATION WE COLLECT
We may collect the following types of personal information about you:
Financial information when account applications are made;
Each time you visit our website we use third party services to collect basic internet log information;
Contact information (including email address(es), telephone numbers and delivery invoice address(es) and records of communications and interactions we have had with you);
Visitors to our buildings may opt to use our Wi-Fi. If so, we may collect data about your device, the volume of data which you use, the websites and applications which you access and your usage by access time, frequency and location;
Online orders* - We receive personally identifiable information from Amazon.co.uk and/or eBay.co.uk and/or Shopify via our direct website only when it is voluntarily submitted by buyers when placing an on-line order. The data we receive includes: name, billing address, delivery name, delivery address, e-mail address (in encrypted format), telephone number, date of order, items ordered, value of items ordered, chosen method of delivery. We do not sell or rent personally identifiable information to any third party for any purpose;
We do not make, neither directly or via third party services, any attempt to find out the identities of those visiting our website.
HOW WE USE YOUR DATA/INFORMATION
We will use your personal information for the following purposes:
Carry out regulatory checks to meet our legal obligations to prevent and detect crime;
Storing your details on the software platform we use for logging orders and invoicing;
Taking payment of orders made;
Fulfilment of orders for physical goods;
Administration on your orders;
Undertake anonymised statistical analysis (we won’t be able to identify individuals from this data);
We treat all information we hold about buyers as private and confidential. We will not reveal any personal details or details concerning buyers’ orders to anyone not connected with us, unless we are required or permitted to do so by law, fraud prevention or credit reference agencies.
HOW LONG WILL WE KEEP AND STORE YOUR DATA?
Your personal data will be deleted or blocked as soon as the purpose of the storage has lapsed. Storage may take place beyond this if this has been envisaged by the European or national laws, in EU legal regulations, acts or other provisions, to which the controller is subject. Any blockage or deletion of data shall also take place if a storage period prescribed by the aforementioned standards expires,
Under certain circumstances, by law you have the right to:
• Request access to your personal information (Subject Access Request).
This enables you to receive a copy of the personal/business data we hold about you and to check that we are lawfully processing it;
• Request correction of the personal information data that we hold about you.
This enables you to have any incomplete or inaccurate information we hold about you corrected;
• Request erasure of your personal information.
This enables you to ask us to delete or remove personal information where there is no reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party).
This gives you the right to object where we are processing your personal information for direct purposes;
• Request the restriction of processing of your personal information.
This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it. You can also withdraw your consent, where this is the basis for our processing your data (without affecting the lawfulness of our previous processing based on consent);
• Request the transfer of your personal information to another party.
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
CONTACT AND COMPLAINTS
Our Data Protection Officer is Toby Veart.
Telephone: +44 (0)1603 720202
Post: Data Protection Officer, Hexeal Chemicals, Norwich, Norfolk, NR13 6LJ, U.K.