Information we need and how we use it
When you order with us, we ask for the following information:
- Your name
- Your e-mail address.
- Your address
- A contact telephone number (optional) may also be required so that we may contact you urgently if there is a problem with your order.
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data will be used for the following purposes:
- To process your request, notify you of acceptance of your order and send you the item(s) you have ordered.
- To be able to process any returns or warranty claims during the warranty period.
How long we keep your personal data
We may retain information for a period of six years after your association with us has come to an end. We only retain personal information for as long as necessary to provide a service, or to improve our services in future, or where we are legally required to do so.
While we retain this data, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure, and cannot guarantee absolute data security.
Under the GDPR you have the right to require us to erase personal data. To do so please email firstname.lastname@example.org with your request. Please note that this may prevent us from fulfilling some of our obligations – such as process warranty claims.
Security of your information
Our site uses secure server software to protect your information and encrypt the data sent between you and the server whenever you place an order or access your account information.
For payment you will be re directed to Paypal. PayPal uses SSL technology to keep your information safe. In addition, when you send a payment using PayPal, Posie & Bear, the recipient, won’t receive sensitive financial information like your credit card or bank account number.
We also follow a tight security procedure as required under UK Data Protection Legislation (the Data Protection Act 1998) to protect the information that we store about you from unauthorised access.
We will never pass on your details on to a third party for marketing purposes.
Use of ‘cookies’
Can I access my personal data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
You can make a subject access request by e-mailing email@example.com and stating this. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
If for any reason, you are unsure about the personal and account information we are holding in your name, please contact firstname.lastname@example.org. They will happily review your file and update the records if required.
If you wish to change your existing preferences on receiving marketing information from Posie & Bear Ltd please see below for further details:
If you do not wish to receive any further emails from Posie & Bear Ltd please email email@example.com but please remember that if you unsubscribe we will not be able to send you special email offers and sale details before anyone else.
Under the GDPR, you have the following rights, which we will always work to uphold:
- The right to be informed about our collection and use of your personal data.
- The right to access the personal data we hold about you.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
If you have any questions about your rights or the information we store about you please contact firstname.lastname@example.org and we will do our best to help you out and answer any questions.
This policy is effective as of 25 May 2018.