WHAT PERSONAL DATA DO WE COLLECT?
When you set up an account with us on our website, we collect your user ID, password, name, address and contact details.
When you purchase our products we collect your name, address, contact details, payment conﬁrmation and information on the product purchased. Card payment data is only collected by our external payment providers (please see the section WHO WILL HAVE ACCESS TO YOUR PERSONAL DATA for more information).
When you make a warranty claim for products purchased from us, we collect your name, address, contact details, proof of purchase and information in relation to the warranty claim.
When you register to our newsletter or when we send you information on products and services that are similar to those purchased from us, we process your name and contact details. You can unsubscribe at any time by contacting us using the details in the “How to Contact Us” section or clicking the “unsubscribe” link in the emails that you receive.
When you contact us for general enquiries we collect your name, contact details and information regarding your query.
WHY DO WE PROCESS YOUR PERSONAL DATA?
We use your personal data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section HOW IS PROCESSING YOUR DATA LAWFUL for further detail).
|PERSONAL DATA PROCESSED||PURPOSE||LEGAL BASIS|
|USER ACCOUNT DATA||
||Contract, Legitimate Interest|
||Contract, Legitimate Interest|
||Consent, Legitimate Interests|
Furthermore, we will process your personal data for the following purposes:
- Comply with any procedures, laws and regulations which apply to us; and
- Establish, exercise or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others.
HOW IS PROCESSING YOUR PERSONAL DATA LAWFUL?
We are allowed to process your personal data based on the following legal bases for the purposes explained in the previous section “Why do we process your personal data”:
- Legitimate Interests – We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in our interests. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. The table in the previous section “”Why Do We Process Your Personal Data” explains the personal data processed on this basis. You can object to processing that we carry out on the grounds of legitimate interests. See the section headed “Your Rights” to find out how.
- Contract – It is necessary for our performance of the contract you have agreed to enter with us. If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms of your contract.
- Legal obligation – We are subject to legal obligations to process your personal data for the purposes of complying with applicable regulatory rules (e.g. product recall related regulations) and to make mandatory disclosures to government bodies and law enforcement agencies.
- Consent – Sometimes we want to use your personal data in a way that is entirely optional for you, such as when you sign up to our newsletter. On these occasions, we will ask for your consent to use your information. You can withdraw this consent at any time by following the instructions in the marketing communication (e.g. clicking “unsubscribe” in the marketing email) or reaching out to us using the information in the “How to Contact Us” section.
HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?
The following categories of personal data will be kept for the following periods.
|DATA WE PROCESS||HOW LONG WILL THIS BE HELD FOR|
Held whilst account is active and deleted after more than 3 years of inactivity.
7 years from purchase period. (For select products where the warranty period is longer than 7 years, retention period is warranty period + 1 year.)
Warranty period of each specific product + 1 year.
Until you tell us that you no longer wish to receive marketing material.
1 month after enquiry is resolved.
WHO WILL HAVE ACCESS TO YOUR PERSONAL DATA
We use external providers that act as our processors who provide typical services required by all organisations such as website development, data storage, email service providers and IT hosting. These providers process your personal data as part of the services they offer to us. We take steps to ensure that our service providers process your data in accordance with the Data Protection Laws, only use it in accordance with our contract with them and keep it secure. If you would like more information about our processors, please contact us using the details at the “How to contact us” section.
We also use external providers that act as separate controllers of your personal data. In order to complete your purchases of our products and services, we share your Purchase Data with the payment service provider you choose to complete your purchase with. For our digital marketing purposes, we share your Purchase Data and User Account Data with social media platforms. Please refer to their respective privacy policies for more information on how they process your personal data.
International Transfer of Data – Your personal data is transferred outside of the UK and the EEA in order for our affiliate which is located in Australia, to perform software development and marketing and product development activities. Any transfer of your data outside the UK and the EEA will be carried out in accordance with the law to safeguard your privacy rights and give you remedies in the unlikely event of a security breach or to any other similar approved mechanisms.
We strive to implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data. We follow recognised industry practices for protecting our IT environment and physical facilities.
As a data subject, you have the following legal rights under the Data Protection Laws in relation to your personal data. You can exercise these rights free of charge, by contacting us (please see HOW TO CONTACT US). We will respond to any rights that you exercise within a month of receiving the request unless the request is particularly complex, in which case we will respond within three months.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response
Please be aware that there are exceptions and exemptions that apply to some of these rights, which we will apply in accordance with the Data Protection Laws.
|YOUR DATA PROTECTION RIGHTS||WHAT DOES THIS MEAN?|
|RIGHT OF ACCESS||
|RIGHT TO RECTIFICATION||
You are entitled to have your information corrected if it is inaccurate or incomplete.
|RIGHTS TO ASK US TO STOP CONTACT YOU WITH DIRECT MARKETING||
You can ask us to stop contacting you for direct marketing purposes.
|RIGHTS IN RELATION TO AUTOMATED DECISION MAKING||
These rights are not applicable as we do not carry out any automated decision making.
|RIGHT TO ERASURE||
This is also known as the ‘right to be forgotten’ and enables you to request the deletion or removal of your information where:
|RIGHT TO RESTRICT PROCESSING||
You have rights to ‘block’ or suppress further use of your information. When processing is restricted we can still store your information, but may not use it further. You may request that we stop processing your personal data temporarily if:
|RIGHT TO DATA PORTABILITY||
You have rights in certain circumstances to obtain and reuse your personal data for your own purposes across different services.
|RIGHT TO OBJECT TO PROCESSING||
You have the right to object to certain types of processing, including processing based on our legitimate interests and processing for direct marketing.
|RIGHT TO WITHDRAW CONSENT||
If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (for example, by clicking “unsubscribe” at the bottom of the email newsletter).
What if your rights are breached?
You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.
Complaints to the regulator
HOW TO CONTACT US
|Company||ABI Interiors International Limited c/o Jordan Adelson|
|VAT Number||369 5909 37|
Current version: October 2020