Updated: 29 Nov 2020
Name: Sally Roots (trading as Green Lane Glass)
Postal address: 10 Parkhurst Cottages, Green Lane, Churt, Farnham, Surrey GU10 2PA
Email address: firstname.lastname@example.org
PERSONAL INFORMATION COLLECTED
To fulfil your order, you must provide me with certain information, such as your name, email address, postal address, payment information, and the details of the product that you’re ordering. You may also choose to provide me with additional personal information (such as your phone number) if you contact me directly or leave additional comments as order notes.
THE LAWFUL BASES FOR INFORMATION COLLECTION
The EU General Data Protection Regulation (Regulation (EU)2016/679) (known as the GDPR throughout the rest of this Policy) requires that I explain the lawful bases I rely on for processing your personal information. The most common uses are
• Where needed to perform the contract between us. This may include use of your postal address, email address and/or telephone number for the resolution of any order enquiries, settling of disputes and the delivery of customer service standards.
• Where it is necessary for my legitimate interests (or those of a third party) and where your interests and fundamental rights do not override those interests.
• Where I need to comply with a legal or statutory obligation.
STORAGE OF YOUR PERSONAL DATA
I am committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, I have put in place suitable security measures to prevent your data from being accidentally lost, used or accessed in an unauthorised way or otherwise disclosed.
I have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally obliged to do so.
YOUR DATA PROTECTION RIGHTS
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, I have one month to respond to you. I may need to request specific information from you to help me confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Please contact me at email@example.com if you wish to make a request.
THIRD PARTIES WITH WHOM I MAY SHARE PERSONAL INFORMATION
The GDPR requires that I disclose the details of any personal information I share with third parties.
Information about my customers is important to my business. I only share your personal information for very limited reasons and in limited circumstances, as follows:
- Service providers. I engage certain trusted third parties to perform functions and provide services to my shop, such as delivery companies – for example the Royal Mail, CollectPlus or Parcel2Go. I will share your personal information with these third parties, but only to the extent necessary to perform these services.
- Professional advisors including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accountancy services.
- HM Revenue & Customs, regulators and other authorities based in the UK and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
I will not sell, distribute or lease your personal information to third parties unless I have your permission or are required by law to do so.
The GDPR requires me to disclose the period of time during which I will store personal information.
All data will be disposed of securely at the end of the retention period, either by electronic or physical means.
TRANSFER OF DATA OUTSIDE OF THE EU
The GDPR requires me to disclose if I transfer personal information outside of the EU and the legal bases I rely upon to do so.
Many of my third parties service providers are based outside of the EU so their processing of your personal data will involve a transfer of data outside of the EU.
The only circumstance in which I transfer personal information out of the European Union is for delivery purposes in fulfilment of our contract, through trustworthy services such as the Royal Mail, UPS, FedEx or similar postal services.
Any transfer of information held by Etsy, Facebook, PayPal or iZettle is subject to their own privacy policies and you should refer to the relevant policy as required.
For purposes of EU data protection law, I, Sally Roots, am the data controller of your personal information. If you have any questions or concerns, you may contact me by email at firstname.lastname@example.org or via post to Sally Roots, 10 Parkhurst Cottages, Green Lane, Churt, Farnham, Surrey GU10 2PA
If you believe that any information I am holding on you is incorrect or incomplete, please write to me or email me as soon as possible at the above address.
If you contact me with a request to access, correct or delete personal information held by Etsy, Facebook, Paypal or iZettle, I will ask that you send a request directly to the relevant third party.
HOW TO COMPLAIN
If you have any concerns about my use of your personal information, you can make a complaint to me at Green Lane Glass.
You can also complain to the ICO if you are unhappy with how I have used your data. If you do have a complaint, I would be grateful if you would contact me first so that I can try to resolve it for you.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk