2. What data is collected:
2.1. Identity Data (your title, first name, last name, date of birth)
2.2. Contact information (billing address, delivery address, e-mail address, telephone numbers)
2.3. Financial Data (bank account and payment card details) – these are not stored anywhere in our system and only being used at the time of the transaction, using the secure online payment methods.
2.4. Transaction Data (details about payments to and from you and other details of services you have purchased from our site, including the time, date, location, purchased products, relevant delivery address, any vouchers, coupons, discount codes or any other alternative payment methods used)
2.5. Profile Data (username, password, purchases, and orders made by you, interests, preferences, feedback, product/service ratings, survey responses)
2.6. Technical data (IP address, login details, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website, information on how you have accessed our site and how long you have spent on each page)
2.7. Usage Data (information about how you use our website, products, and services and hat you view and click on our Site and access by way of our marketing emails.
2.8. Marketing and Communications Data (includes your preferences in receiving marketing from us and our third parties and your communication preferences.
3. How we collect your information and how is it used:
3.1. Direct interactions - You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
3.1.1. Enquire about or request to order our products or services.
3.1.2. Create an account on our website.
3.1.3. Subscribe to any service or publications.
3.1.4. Request that information about us or our products and services is sent to you.
3.1.5. enter a competition, promotion or survey or give us some feedback.
3.3. Third parties or publicly available sources. We may receive personal data about you:
3.3.1. Technical Data from the following parties based inside or outside the European Economic Area (EEA):
126.96.36.199. Analytics providers such as Google.
188.8.131.52. Advertising networks.
184.108.40.206. Search information providers.
3.4.2. Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
3.4.3. Identity and Contact Data from data brokers or aggregators.
3.4.4. Identity and Contact Data from publicly availably sources.
3.5. We will only use your personal data when the Data Protection Requirements allows us to. Most commonly, we will use your personal data in the following circumstances:
3.5.1. Where we need to perform the contract, we are about to enter or have entered in to with you.
3.5.2. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
3.5.3. Where we need to comply with a legal or regulatory obligation.
3.6. Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
4. Purposes for which we will use your personal data:
4.1. To create an order for products or services.
4.2. To process your order, including managing payments.
4.3. To manage our relationship with you which will include:
4.3.2. Asking you to leave a review or take a survey.
4.3.3. Reminding you about an abandoned basket or transaction.
4.4. To enable you to partake in a competition or complete a survey.
4.5. To administer and protect our business and this website.
4.6. To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.
4.7. use data analytics to improve our website, products/services, marketing, customer relationships and experiences.
4.8. To make suggestions and recommendations to you about goods or services that may be of interest to you.
4.9. We may provide aggregate statistics about sales, customers, traffic patterns and information to third parties, but these statistics will not include any information that identifies you.
4.10. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
5.1. Promotional offers - if you have expressly opted-in to receive marketing from us we may use your Identity, Contact, Technical, Usage and Profile Data. You will receive marketing communications from us if you have requested information from us or purchased goods or services from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing.
5.2. Third - party sites - we will get your express opt-in consent before we share your personal data with any company outside EJ Timber LTD for marketing purposes.
5.3. Email marketing - We use a third-party email service (MailChimp) to manage our regular email communications to customers for our company newsletters, announcements and updates, promotional offers, and surveys and MailChimp act as a data-processor on behalf of EJ Timber LTD.
5.3.1. MailChimp is a US company and has staff based outside the EEA and stores your data in the US. MailChimp is certified under the EU-US Privacy Shield framework. When you sign up to our email alerts, you agree to your data being stored in this way.
5.3.2. As a subscriber to our email alerts, we may contact you from time to time to ask for your feedback on how to improve our email alert service.
5.3.3. As a data processor on behalf of British Hardwoods, MailChimp will use your information to send you email alerts if you request them. Click here to find out more about how MailChimp collects and stores your information.
5.4. Google Analytics - We use Google Analytics to help us to understand how you make use of our content and work out how we can make things better. These cookies follow your progress through our Site, collecting anonymous data on where you have come from, which pages you visit, and how long you spend on the site. This data is then stored by Google to create reports. These cookies do not store your personal data.
5.4.1. The information generated by the cookie about your use of the Site, including your IP address, may be transmitted to and stored by Google on servers in the United States. Google may use this information for the purpose of evaluating your use of the Site, compiling reports on Site activity for us and providing other services relating to Site activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. By using this Site, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
5.5. Social Media - If you share our content through social media, for example by liking us on Facebook, following us on Twitter, Instagram or YouTube, those social networks will record that you have done so and may set a cookie for this purpose. In some cases, where a page on our Site includes content from a social network, such as a Twitter feed, or Facebook comments box, those services may set a cookie even where you do not click a button. As is the case for all cookies, we cannot access those set by social networks, just as those social networks cannot access cookies, we set ourselves.
5.6. Other websites - Our Site may contain links to other websites of interest. However, once you have used these links to leave our Site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
5.7. Opting out - You can ask us to stop sending you marketing messages at any time by contacting us at firstname.lastname@example.org or clicking an opt out option at the bottom of any of our newsletter emails.
6. Disclosure of your personal data - we may have to share your personal data with:
6.1.1. Service providers who provide IT and system administration services.
6.1.2. Providers of logistics for the delivery of products ordered by you.
6.1.3. Subcontractors who are to deliver a service we are to provide to you.
6.1.4. Our professional advisers.
6.1.5. Regulators and other authorities in the United Kingdom who require reporting of processing activities in certain circumstances.
6.2. The personal data disclosed to third parties may:
6.2.1. Relate to performance of our contract with you.
6.2.2. Be necessary for our legitimate interests or to comply with a legal obligation.
6.2.3. Be third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
6.2.4. We require all third parties to respect the security of your personal data and to treat it in accordance with the Data Protection Requirements. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
7. Your Rights - Under the Data Protection Laws your rights are:
7.1. To be informed – We must make available this privacy notice with the emphasis on transparency over how we process your data.
7.2 Access – You are entitled to find out what details we may hold about you and why.
7.3 Rectification – We are obliged to correct or update your details.
7.4 Erasure – This is also known as the request to be forgotten.
7.5 Restrict processing – You have the right to ‘block’ or suppress the processing by us of your personal data.
7.6 Data portability – You have the right to obtain and reuse your personal data that you have provided to us.
7.7 Object – You have the right to object to us processing your data in relation to direct marketing and or profiling.
7.8 Rights in relation to automated decision making and profiling – We do not use automatic decision making or profiling.
8. Legitimate interest and Marketing:
8.1 Where we use Legitimate Interests, we will record our decision and our method on making this decision.
8.2 If you are an existing contact or customer, we will only contact you by postal and electronic means (e-mail) with information about services or goods which you have previously purchased from us or enquired about. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by post or electronic means only if you have consented to this. You can choose to not receive these types of communication by contacting us.
9. Working for us:
If you apply to work for us (directly or indirectly) in any role (including volunteers) we may receive data about you from third parties. In addition, we will keep the details of your application and any additional information provided to us by you or others during your application so that we can keep you informed of future opportunities that you may be interested in. If you do not wish for us to keep your details for this reason, please let us know by contacting us using the details provided in this policy.
10. Data Retention:
Our data retention policy is dictated by the Data Protection Laws and is available for inspection by submitting a written request using the contact details provided in this policy.
11. Data Deleting:
Under Data Protection Laws you have the right to erasure under specific circumstances. A request for your personal data to be deleted will be decided on a case-by-case basis and must be submitted in writing to the contact details provided in this policy.
12. Data Correction:
We will correct or update your data without delay provided you make the request in writing to the contact details provided in this policy, clearly specifying which data is incorrect or out of date.
13.1 We strive to be as open as we can be in terms of giving people access to their personal data. Individuals can find out if we hold any of their personal data by making a formal request under the Data Protection Laws. Such requests must be in writing to the contact details provided in this policy. If we do hold your personal data, we will respond in writing within one calendar month of your request (where that request was submitted in accordance with this policy).
13.2 The information we supply will:
13.2.1 confirm that your data is being processed.
13.2.2 verify the lawfulness and the purpose of the processing.
13.2.3 confirm the categories of personal data being processed.
13.2.4 confirm the type of recipient to whom the personal data have been or will be disclosed; and
13.2.5 let you have a copy of the data in an intelligible form.
13.3 Please note that you may need to provide identification to prove who you are to access your data.
13.4 If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
13.5 In the instance that we do not hold information about you we will also confirm this in writing at the earliest opportunity.
You have the right to complain about the processing of your personal data. Please contact us using the details provided above. If you are still unsatisfied you have the right to complain to the Information Commissioners Office.