Data controller - A controller determines the purposes and means of processing personal data.
Data processor - A processor is responsible for processing personal data on behalf of a controller.
Data subject – Natural person
Categories of data - Personal data and special categories of personal data
Personal data - The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.
Special categories personal data - The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
Processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third party - means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
2. Who are we?
The Firm of Gordon Bannerman trading as Bannerman Decorators/Bannermans Colour Studio is the data controller. This means we decide how your personal data is processed and for what purposes. Our contact details are: 18 Dunkeld Road, Perth, PH1 5RW, Phone Number 01738 622591. For all data matters contact our Data Protection Representative, on 01738 622591 or email firstname.lastname@example.org.
3. What personal data do we process?
In particular, we may collect and process the following personal data about you:
• Information that you provide by filling in forms, including those on our Website. This includes information provided by you if you enter any competition or promotion sponsored by us. This information could include your name, date of birth, address, contact details and information about you and products you have bought.
• When you place order(s) for goods or services, we collect personal data to process and fulfil your order(s), including your payment card details and delivery address.
• Details about the transactions you carry out with us.
• In the event that you have an accident while on our premises that you bring to our attention, we may record details of that accident and any injury you suffer in the relevant store's accident log.
• Information contained in and records of communications between us.
• Information that we receive from third parties (including third parties who provide services to you or us, and credit reference, fraud prevention or government agencies);
• Information that we gather from publicly available sources, such as the press, the electoral register, company registers and online search engines.
• Details of your visits to our Website, including, but not limited to, traffic data, location data (including the country and telephone area code where your computer is located) and the resources that you access (including the pages of our Website that you view).
• We may also collect information concerning your marketing preferences.
4. How do we use your personal data?
We use your personal information in connection with our business activities. In particular, we may use your personal information in the following ways:
• to carry out our obligations arising from any contracts entered into between you and us; for example, we will use your payment card details and delivery address to process and fulfil your order(s);
• in the event that you do not complete your order, we may use any contact information you have provided us to follow-up on your partial order;
• to manage and administer any other arrangements between you and us (or one or more of our affiliates);
• to notify you about changes to our services and to otherwise communicate with you; for example, we will use your contact details in order to respond to any queries that you submit to us;
• at or following any purchase or order you make, we may carry out security checks to protect against fraudulent transactions and to prevent and detect criminal activity; for example, we may undertake verification checks to identify any discrepancies with your payment details;
• to carry out market research; for example, we use details of your purchases to understand market trends and to identify popular products;
• to address any claims made against us; for example, we may share details of our accident logs with our claims handlers and insurers in connection with any claim made or likely to be made against us.
Your personal information may also be used by us, our employees, contractors or agents, and disclosed to third parties, in order to comply with any legal obligation (including in connection with a court order), or in order to enforce or apply our terms and conditions of sale or other agreements we have with or otherwise concerning you (including agreements between you and us (or one or more of our affiliates)), or to protect our rights, property or safety or those of our customers, employees or other third parties.
5. What is our legal basis for processing your personal data?
Processing necessary for the performance of a contract with the data subject or to take steps to enter into a contract. More information on lawful processing can be found on the ICO website.
6. With whom do we share your personal data?
In connection with the above uses of your personal information, we may share your personal information with third parties as described below.
We may disclose your personal information to third parties, including in the following circumstances:
• We use third parties to carry out certain activities on our behalf that involve the processing of personal information. For example, we may engage third party service providers to fulfil orders, deliver packages, send postal mail and email, maintain, update and back up our databases of customer details, analyse data, process card payments, provide customer service and handle claims. These third parties have access to personal information needed to perform their functions, but may not use it for other purposes.
• We may pass personal information to external agencies and organisations (including the police and other law enforcement agencies) for the purpose of preventing and detecting fraud (including fraudulent transactions) and criminal activity. These external agencies may check the information we give them against public and private databases and may keep a record of such checks to use in future security checks. We may also disclose personal information to the police and other law enforcement authorities in connection with the prevention and detection of crime.
• We may pass personal information to our insurers in the event that a claim is made or could be made against us. For example, we may send information contained in our accident logs to our insurers.
• In the event that we sell or buy any business or assets, we may disclose personal information held by us about our customers to the prospective seller or buyer of such business or assets. If we or substantially all of our assets are acquired by a third party, personal information held by us about our customers will be one of the transferred assets.
• We may pass your personal information to third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation (including in connection with a court order), or in order to enforce or apply our terms and conditions of sale or other agreements we have with or otherwise concerning you (including agreements between you and us (or one or more of our affiliates)); or to protect our rights, property or safety or those of our customers, employees or other third parties.
7. How long do we keep your personal data?
By providing you with products or services, we create records that contain your information, such as customer account records, activity records, tax records and credit account records. Records can be held on a variety of media (physical or electronic) and formats.
We manage our records to help us to serve our customers well (for example for operational reasons, such as dealing with any queries relating to your account) and to comply with legal and regulatory requirements. Records help us demonstrate that we are meeting our responsibilities and to keep as evidence of our business activities.
Retention periods for records are determined based on the type of record, the nature of the activity, product or service, the applicable legal or regulatory requirements. We normally keep customer account records for up to six years after your relationship with us ends, whilst other records are retained for shorter periods. Retention periods may be changed from time to time based on business or legal and regulatory requirements.
We may on exception retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies.
If you would like more information about how long we keep your information, please contact us on 01738 622591.
8. Providing us with your personal data
We may process your information where it is necessary to enter into a contract with you for the provision of our products or services or to perform our obligations under that contract. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account and/or provide products and services to you.
9. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
• The right to request a copy of the personal data which we hold about you;
• The right to request that we correct any personal data if it is found to be inaccurate or out of date;
• The right to request your personal data is erased where it is no longer necessary to retain such data;
• The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
• The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
• The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).
10. Transfer of Data Abroad
We do not transfer personal data outside the EEA.
11. Automated Decision Making
We do not use any form of automated decision making in our business.
12. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
14. Privacy on our Website
14 i: Website Compliance
We regularly review the bannermanscolourstudio.co.uk website for GDPR compliance and makes updates as appropriate. The website uses the HTTPS protocol and is in addition otherwise currently compliant.
14 ii: Cookies
14 iii: Emails
If you provide us with your email address we may send you emails, either in reply to specific enquiries (such as one made using a contact form) or if you have opted in to our email newsletters. You have the ability to opt out of any of this communication at any time. We will never provide your personal information or email address to any third parties except where they are specifically employed to help deliver our own services.
14 iv: Facebook, Twitter and other social networks
These services provide social buttons and similar features which we use on our website - such as the "Like" and "Tweet" buttons. To do so we embed code that they provide and we do not control ourselves. To function, their buttons generally know if you're logged in; for example Facebook uses this to say "x of your friends like this". We do not have any access to that information, nor can we control how those networks use it. Social networks therefore could know that you're viewing this website, if you use their services (that isn't to say they do, but their policies may change). As our website is remarkably inoffensive we imagine this is not a concern for most users.
14 v: Google Analytics
We measure visitors to our website using Google Analytics. This records what pages you view within our site, how you arrived at our site and some basic information about your computer, such as the web browser you use and the screen resolution. All of that information is anonymous - so we don't know who you are; just that somebody visited our site. The information we collect from analytics helps us understand what parts of our sites are doing well, how people arrive at our site and so on. Like most websites, we use this information to make our website better. Any data collected by Google Analytics that is associated with cookies, user identifiers or advertising identifiers is retained for a period of up to 26 months. You can learn more about Google Analytics or opt out if you wish.
15. How to make a complaint
To exercise all relevant rights, queries or complaints please in the first instance contact our Data Representative on 01738 622591. If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.