Cookie: a small text file placed on your device by our website when you visit and use website features.
Data: refers to all data you supply to us and includes personal data.
Personal data: data that relates to a person who can be directly or indirectly identified using that data.
Our website: www.cardaxis.co.uk.
3. YOUR RIGHTS
3.1 As a data subject, under the GDPR you have the right(s):
3.1.1 to be informed about our collection and use of your personal data;
3.1.2 of access to the personal data we hold about you;
3.1.3 to rectification if any personal data we hold about you is inaccurate or incomplete;
3.1.4 to be forgotten, meaning the right to ask us to delete any personal data which we hold about you;
3.1.5 to restrict the processing of your personal data;
3.1.16 to data portability, meaning the right to copies of your personal data for re-use with another organisation;
3.1.7 to object to us using your personal data for particular purposes; and
3.1.8 with respect to automated decision making and profiling.
3.2 If you wish to complain about our use of your personal data, please contact us. We will endeavour to resolve any problems and if we are unable to help, you have the right to submit a complaint to the Information Commissioner’s Office (ICO).
4. DATA COLLECTION
4.1 We may collect and store some or all of the following (personal) data when you use our website or contact us:
4.1.1 your name;
4.1.2 business or organisation name;
4.1.3 job related data of yours, your colleagues or other personnel of whom you supply data for;
4.1.5 contact information such as email addresses and telephone numbers;
4.1.6 delivery and billing address details;
4.2 any other data not mentioned in paragraph 4.1 which you supply to us may be collected and stored.
4.3 We collect data which is provided to us by you. We may collect data when you:
4.3.1 send an enquiry to us via our website contact form, or by email or telephone;
4.3.2 send an enquiry to us via external websites where we may advertise our services;
4.3.3 place an order with us via our website or via email or telephone;
4.3.4 visit and browse our website.
5. HOW WE USE YOUR DATA
5.1 We process and store personal data securely for no longer than is necessary considering the reasons for which it was first collected.
5.2 Our use of your personal data will always have a lawful basis, either because it is necessary for our performance of the contract, because you have consented to our use of your personal data, or because it is in our legitimate interests.
5.3 Specifically, we may use your data for the following purposes:
5.3.1 to help us identify you when you contact us;
5.3.2 to supply you with goods and services and to manage your customer account;
5.3.3 to allow us to contact you by mail, email and telephone about our goods and services that we have a legitimate interest to contact you about, unless you have asked us not to do so;
5.3.4 personalising and tailoring your experience on our website;
5.3.5 market research purposes.
5.4 We sometimes contract with third parties to perform functions on our behalf. Any third parties we engage with are bound by contractual provisions with us and only have access to personal data needed to perform their functions which will not be used for any other purposes. The types of third parties that we use include:
5.4.1 courier and delivery companies;
5.4.2 secure online payment platforms;
5.4.3 contracted printing partners and suppliers;
5.4.4 customer relationship management software providers.
5.5 In certain circumstances, we may be legally required to share personal data we hold about you, for example, if we are involved in legal proceedings or if we are complying with legal requirements, a court order, or a governmental authority.
6. PROTECTING YOUR DATA
6.1 Some or all of the data you submit to us through our website (i.e. when viewing parts of our website, placing orders or contacting us) may be stored outside of the European Economic Area (EEA). Where data is stored outside the EEA, we will take all reasonable steps to ensure your data is treated as securely as it would be within the UK and under the GDPR. The information you supply when using our website is protected by Secure Socket Layer (SSL) software which encrypts all data you input.
6.2 We will only retain your personal data for as long as necessary to fulfil the purposes which we collected it for, including for the purposes of satisfying legal, accounting or reporting requirements. This is usually for a period of six years. We retain account data until you ask us to delete it or until your account has been inactive for 3 years.
6.3 Personal data you supply to us to produce personalised products is stored on our in-house, encrypted hard drives and is permanently deleted within 12 months of your order being processed.
6.4 To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the data and the potential risk of harm from its unauthorised use or disclosure, and the purposes for which we process your personal data and whether we can achieve those purposes through other means.
8. COOKIES & THIRD PARTY TOOLS
8.1 Third parties whose content appears on our website may use third party cookies. Please note that we do not control the activities of such third parties, nor the data they collect and use and we advise that you check the privacy policies of any such third parties.
8.2 We use Google Analytics to monitor the performance of our website, which means our website uses third party cookies. Google may collect the following data about you anonymously:
8.2.1 Your IP address.
8.2.2 Web browser type and version used to access our website.
8.2.3 Operating system used to access our website.
8.2.4 Referral websites used to access our website.
8.3 You can learn more about how Google uses data obtained from sites or apps that use their services here: https://policies.google.com/technologies/partner-sites.
8.4 Our website is hosted by Wix.com which allows us to present and sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. Wix.com store your data on secure servers behind a firewall.
8.5 All direct payment gateways offered by Wix.com and used by us adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
8.6 We use Stripe Checkout services to process card payments. Stripe Checkout may collect the following data about you when you make payments through our website:
8.6.1 Only if you register for a Stripe account: Your full name, email address and account log-in credentials.
8.6.2 Only if you use the "Remember Me" function during Stripe Checkout, Stripe will collect your email address, payment card number, CVC code and expiration date.
8.7 Find out more about how Stripe Checkout may store and process your information here:
8.1 Cookies are small pieces of data which are placed on your computer by our website. Cookies help us to understand your use of our website and which parts of our website you find most useful. There are two types of cookies:
8.1.1 Session (Transient) cookies: are erased when you close your browser. They do not collect information from your computer. They typically store information in the form of a session identification that does not personally identify the user.
8.1.2 Persistent (Permanent or Stored) cookies: are stored on your hard drive until they expire or until you delete them. These cookies are used to collect identifying information about the user, such as web surfing behaviour or user preferences for a specific site.
8.2 When browsing our website, the following cookies may be placed on your computer by our website:
8.3 To learn more about cookies, please visit: allaboutcookies.org.
9. WHAT HAPPENS IF CARDAXIS CHANGES HANDS?
10. RIGHT TO BE FORGOTTEN & REQUESTING COPIES OF YOUR DATA
10.1 You have the right to receive a copy of your data in a structured format and to request that any data we hold about you is deleted from our systems.
10.2 Your request will be processed within 28 days, providing there is no undue burden and it does not compromise the privacy of other individuals.
10.3 If any personal data you supplied to us needs updating, please contact us so we can update it accordingly.
10.4 If you no longer want us to process your data, please contact us to let us know.
10.5 All requests can be sent by email to: email@example.com or by post to: Ashley Lloyd Emmott t/a Cardaxis, 286 Bolton Road, Greater Manchester, M26 3GP.
Our Details & Contact Information:
Ashley L Emmott t/a Cardaxis™
286 Bolton Road, Greater Manchester, M26 3GP.
tel. 0161 900 5383 | firstname.lastname@example.org
This document was last updated on 11th February 2020