1. About this Policy
2. Why do we have a Policy?
3. What is Personal Data?
4. The Personal Data we collect and process
5. How we use your Personal Data
6. Retention of your Personal Data
7. Access to your Personal Data
8. Data Controller
1. About this Policy
1.1. This is the Privacy Policy (“Policy”) of EGGBOXES DIRECT.
1.2. This Policy covers the collection, storage, retention and use of your personal data.
1.3. We have updated this Policy to comply with new legislation effective from May 25, 2018, the General Data Protection Regulation (“GDPR”).
1.4. We encourage you to read this Policy.
1.5. By using our web site (www.eggboxesdirect.co.uk) you confirm you have read, understand and agree to the terms in this Policy.
1.6. This Policy only covers this web site and does not cover the web site of any associated company or business.
1.7. Ths Policy was last updated during August 2018.
2. Why do we have a Policy?
2.1. We have developed this Policy to provide you with information on how we collect and process your personal data when you purchase our products, create an account with us, contact our customer services team, or visit our web site.
2.2. We receive personal data from our customers in many forms. This could be readily indentifiable personal information such as a phone number, a postal or email address, or bank details. It can be more discreet information such as when and how often you use our web site.
2.3. Whatever form the personal data takes, we aim to be transparent and to help you understand how we use it.
2.4. Being transparent and providing accessible information about how we use your personal data is a key element of GDPR.
3. What is Personal Data?
3.1. The GDPR defines personal data as:
“any information relating to an identified or identifiable natural person”
3.2. A natural person is defined in the GDPR as a person:
“who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
3.3. A natural person means an individual, such as you, rather than a limited company, partnership or business.
3.4. Although you may be providing us with information as part of your employment, or running your business, if that information, separately or together with other information we hold, means you could be identified as an individual, that information will still be considered personal data for the purposes of GDPR.
3.5. The GDPR does not only apply to information stored electronically but applies equally to manual paper-based filing systems where personal data is accessible according to specific criteria.
3.6. Personal Data would obviously include personal details such as your name and address from which you could be easily identified. It could also include your telephone number, date of birth, email address, the IP address for your computer as well as all the information connected to any customer account you have with SFC.
4. The Personal Data we collect and process
4.1. We have set out in the Schedule to this Policy details of when we collect data, the data we collect and the justification we have for processing it.
5. How we use your Personal Data
5.1. We will only ever use your Personal Data;
5.1.1. in a manner to which you have expressly consented;
5.1.2. to fulfil any contract with you; or
5.1.3. for the supply of goods; or
5.1.4. where another legitimate business interest exists.
5.2. We never share your personal data with any third party and will only use the Personal Data you give us to:
(i) set up and manage your account
(ii) help us identify who you are
(iii) supply you with the goods you have asked us to supply
(iv) collect payments
(v) analyse your account history
(vi) deal with any complaints
(vii) contact you in the event of a product recall
(viii) improve our service to you which will include sending you emails relating to promotions and competitions
(ix) to provide you with marketing information where you have indicated to us you wish to receive these communications
(x) train our staff and monitor our services
(xi) for general business purposes such as carrying out internal reporting, profiling, modelling and analysis, market research, producing statistics, diagnosing problems, testing systems to help improve the way we provide our services and goods.
6. Retention of Your Personal Data
6.1. The Personal Data we collect is the minimum we require to enable us to perform our contract with you.
6.2. We collect this data, not only to enable us to process and deliver your order efficiently and to provide after sales service but also to enable us to contact you in the unlikely event we need to recall any products.
6.3. Whenever we collect or process your personal data, we will only keep it for as long as necessary for the purpose for which it was collected. At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
7. Access to Your Personal Data
7.1. Under the GDPR you have the right to:
7.1.1. obtain confirmation whether SFC is processing your Personal Data;
7.1.2. access any Personal Data SFC holds
7.2. Ordinarily you are entitled to this infomation free of charge. However, SFC can charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive. We may also charge a reasonable fee to comply with requests for further copies of the same information.
7.3. Any information will be provided without delay and usually at the latest within one month of receipt of your request.
7.4. We may extend the period of compliance by a further two months where requests are complex or numerous. If this is the case, we will inform you within one month of the receipt of the request and explain why the extension is necessary.
7.5. Where requests for information are manifestly unfounded or excessive, in particular because they are repetitive, we can:
7.5.1. charge a reasonable fee considering the administrative costs of providing the information; or
7.5.2. refuse to respond, if, however we do refuse to respond we will explain why we are refusing to provide the information and advise you of your right to complain to the supervisory authority and to a judicial remedy without undue delay and at the latest within one month of the request having been received.
7.6. If you do wish to exercise your right of access to your personal information you can do so by:
7.6.1. emailing us at info@eggboxesdirect.uk saying you wish to make a ‘Subject Access Request’; or
7.6.2. write to us at EGGBOXES DIRECT, address saying you wish to make a ‘Subject Access Request’.
8. Data Controller
8.1. Your Personal Data is collected by EGGBOXES DIRECT.
8.2. The Data Protection Officer is at the same address and can be contacted by email at info@eggoboxesdirect.co.uk