Cookies & Privacy Notice - Customers
Graham & Brown Ltd (“Graham & Brown”) are committed to complying with the General Data Protection Regulation and the Data Protection Act 2018, once enacted. Looking after the personal information you share with us is very important, and we want you to be confident that your personal data is kept safely and securely and to understand how we use it to offer you a better and more personalised shopping experience.
We have published this notice to help you understand
- how and why Graham & Brown collect information from you;
- who we share your information with, why and on what basis; and
- what your rights are.
If we make changes to this notice we will notify you by updating it on our website. Graham & Brown will be what is known as the ‘Data Controller’ of the personal data you provide to us, and we will sometimes refer to ourselves in this notice as “we” or “us”. By Data Controller, this means Graham & Brown determines the purposes and way in which any personal data are, or will be, processed.
Should you need to contact us please write to:or via firstname.lastname@example.org quoting Security and Privacy Enquiry.
This privacy notice was last updated on 16th May 2018.
Cookies, what are they and why do we use them?
- Site Functionality - these cookies allow you use the site and help with things like navigation, add to bag and just make the site work as it's supposed to.
- Site Analytics - these cookies allow us to monitor how user use the site, in order for us to improve the site and your shopping experience.
- Customer Preference - these cookies will save your preferences like your location and language to try and make the site as relevant to you as we can.
- Targeting and Advertising - these cookies are used to allow us to deliver ads that are relevant to you, it also allows us to measure the effectiveness of our campaigns and limit the number of times you see adverts from us.
By using our site you agree to us placing these types of cookies on your device, and for us to access them when you visit our site. If you want to remove cookies that are on your computer, the "help" section in your browser will provide instructions on how to locate the file or directory that stores cookies and how to disable or remove them. Please be aware that by deleting or disabling cookies, your user experience will be affected and you may not be able to use certain functions of our site and it may not work how we intended.
What information we collect and why?
When you buy goods from us, you are entering into a contract with us. When you are ordering form us you will need to provide some personal information so that we are able to deliver your order to you, identify you when you contact customer services and where you have given your consent to market to you, such as;
- full name
- address (and previous addresses)
- contact numbers, and
- email address.
We do not collect or store any personal payment information.
When you shop in our stores Graham & Brown uses CCTV for security monitoring purposes.
How do we use your information?
Data Protection says that we are allowed to use and share your personal data only where we have a proper reason to do so. The law says we must have one or more of these reasons and these are:
- Contract - your personal information is processed in order to fulfil a contractual arrangement e.g. in order to send you your order.
- Consent – where you agree to us using your information in this way e.g. when you create an account with us or sign up for marketing communications
- Legitimate Interests - this means the interests of Graham & Brown in managing our business to allow us to provide you with the best products and service in the most secure and appropriate way e.g. to transfer your data to certain Third Party’s such as delivery partners.
- Legal Obligation – where there is statutory or other legal requirement to share the information e.g. when we have to share your information for law enforcement purposes.
Here is a list of the ways that we may use your personal information, and which of the reasons described above we rely on to do so. Where we list legitimate interests as a reason, we also describe below what we believe these legitimate interests are.
|What We Use Your Personal Information For||Our Reasons (Legal Basis)||Our Explanation Of Graham & Brown’s Legitimate Interests|
|Set up your Graham & Brown account||Legitimate interest||Process efficiency in dealing with such activity.|
|Process your orders||Fulfilling a contract||N/A|
|Notify you of your order status.||Legitimate interests||Process efficiency in dealing with such activity, and to make improvements to our services.|
|Manage your account/ provide customer services to you. This may include: transfers to Third Countries who undertake call recording data verification customer complaints/queries||Legal obligation/ Legitimate interests (depending on nature of services)||Keeping our records up to date, handling our customer contact efficiently and effectively, working out which of our products and services may interest you and telling you about them.|
|To detect, investigate and report financial crime (e.g. Fraud)||Legal Obligation / legitimate interests||Developing and improving how we deal with financial crime. Complying with any legal obligation placed on us by regulators such as the FCA. Complying with any regulations that apply to us. Process efficiency in dealing with such activity, and to make service and process improvements.|
|Undertake website personalisation and administration.||Legitimate interests||Developing products, services, applications and designs that attract and retain customers. Improving customer interaction with our sites. Defining types of customers for new products or services|
|Marketing communications to inform you of special offers, promotions, new lines and Sales. Provide you with online advertising.||Consent||N/A|
|Notifying you about enhancements to our services, such as changes to the website and new services that may be of interest to you.||Legitimate interests||Developing products, services, applications and designs that attract and retain customers. Improving customer interaction with our sites.|
|Contact you to undertake customer satisfaction surveys, invite you to provide product reviews or for market research.||Legitimate interests||Developing products, services, applications and designs that attract and retain customers. Improving customer interaction with our sites.|
|Maintaining network and data security||Legitimate interests||To maintain the security of our network this in turns helps us to maintain the safety and confidentiality of your information.|
|Logistics planning, demand forecasting, management information and research||Legitimate interests||We use information about shopping habits, products bought and volumes, to help us to respond to demand, ensure the right products get to the right areas and to help us plan our ranges.|
Who we share your information with and why
Graham & Brown works with a number of trusted suppliers, agencies and businesses in order to provide you the high quality goods and services you expect from us such as delivery companies, fraud prevention agencies, and market research companies amongst others.
Some examples of the categories of third parties with whom we share your data are:
Graham & Brown works with a number of trusted partners brands who sell our products on our behalf. All partners are subject to thorough security checks and will only hold the minimum amount of personal information needed in order for you to place your orders.
In order for you to receive your goods, Graham & Brown works with a number of delivery partners. Again, we only pass limited information to them in order to ensure delivery of your items.
Graham & Brown works with business who support our website and other business systems.
Graham & Brown may work with marketing companies to help us manage our electronic communications with you or carry out surveys and product reviews on our behalf.
Graham & Brown works with trusted third party payment processing providers in order to securely take and manage payments.
Transfers to third countries
Some of the information you provide to us may be transferred outside the European Economic Area to countries such as India and the US. This is a transfer to a “third country”. For example Graham & Brown has a business relationship with PFS who provide us with Development support and services. Although the data is held in UK data centres colleagues in India may access it to undertake the activities described above.
If you place an order with us and you are outside of the UK we will transfer the data that we hold on you to Graham & Brown in the UK.
Graham & Brown also works with suppliers and partners who may make use of cloud and/or hosted technologies. We undertake data security due diligence on our partners and ensure that that these partners conform to appropriate accreditations.
Wherever transfers of data to third counties occurs Graham & Brown will put in place an appropriate contractual provisions to ensure that there are strict rules regarding both the confidentiality and security of your information. To find out more please contact us at email@example.com
Keeping in touch with you
We want to keep you up to date with information about new ranges, special offers and improvements to our website. When you set your account up, we will ask you if you want to receive this type of marketing information.
Graham & Brown will not share your information with outside companies for their marketing purposes.
If you decide you do not want to receive this marketing information you can request that we stop by writing to the Data Protection Officer at Graham & Brown, Design Centre, Stanley Street, Blackburn, Lancs, BB1 3BW, emailing firstname.lastname@example.org, by calling the Contact Centre on 0808 168 3795, via My Account online or the unsubscribe link within the email.
You may continue to receive communications for a short period while your request is dealt with.
How long we keep your information
If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws.
We may need your personal information to establish, bring or defend legal claims. For this purpose, we will always retain your personal information for 7 years after the date it is no longer needed by us for any of the purposes listed under How we use your information above. The only exceptions to this are where:
- the law requires us to hold your personal information for a longer period, or delete it sooner;
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law;
- we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible; or
- in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.
What are your rights
You are entitled to request the following from Graham & Brown, these are called your Data Subject Rights and there is more information on these on the Information Commissioners website www.ico.org.uk
- Right of access –to request access to your personal information and information about how we process it
- Right to rectification –to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
- Right to erasure (also known as the Right to be Forgotten) – to have your personal information erased. Contact Call Centre 0808 168 3795
- Right to restriction of processing – to restrict processing of your personal information
- Right to data portability - to electronically move, copy or transfer your personal information in a standard form
- Right to object - to object to processing of your personal information
- Rights with regards to automated individual decision making, including profiling –rights relating to automated decision making, including profiling
If you have any general questions about your rights or want to exercise your rights please contact email@example.com
You have the right to lodge a complaint with a data protection regulator in Europe, in particular in a country you work or live or where your legal rights have been infringed. The contact details for the Information Commissioner’s Office (ICO), the data protection regulator in the UK, are available on the ICO website www.ico.org.uk where your personal information has or is being used in a way that you believe does not comply with data, however, we encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have.