This is about the personal data we collect, what we use it for and how we look after it. We try to keep personal data to a minimum while using other data we collect to provide a great shopping experience for you and all our customers.
Effective Date: 25th May 2018.
GDPR is the law that governs your personal data and every company in the UK needs to abide by it and let you know how your personal data is used.
- We promise to respect your personal information by keeping your data safe and private
- We collect your delivery name and address - this is passed on the courier for your order (mainly Royal Mail) so that they can deliver your order
- We collect the billing name and address - we need that to verify payment details and check for fraud
- We collect your email address to send you order and delivery confirmations. We also do marketing and there's more about this below
- We collect telephone numbers so we can call you if there are any issues or to follow up an enquiry that's been made
- We use tracking and clever technology to provide analytics and better shopping experience - more on this below
- We utterly respect your privacy and have always done our best to keep your data secure. You have rights around your data - more on this below
- We do not sell your information on to third parties - we never have done and we never will
With GDPR, we will introduce a new level to how we use your data by offering old and new customers different ways to manage their marketing choices.
Who is tunics.co.uk?
tunics.co.uk is a trading style of NCL Limited, a company registered in England and Wales. Our company registration number is 07770335 and our registered office is at 2a, Royal Street, Barnsley, South Yorkshire, S702ED, United Kingdom. We operate the tunics.co.uk website and we are the data controller responsible for your personal data.
The Personal Data We Collect:
tunics.co.uk collects data in order to give you the best shopping experience and to make sure we can deliver your orders. There are several types of data that we collect:
- Data you input when you place an order
- Transaction data includes the payments made and the goods and services you purchase from us
- Data you type in to send us an enquiry
- Data that records how you use our website, for example, using third-party technologies like Google Analytics
- Recordings of calls - we may record calls for training purposes
We do not obtain personal contact data from any third parties.
For an order, we only ask you to provide the following personal data:
- Name and contact data for both the billing and delivery purposes. We collect your title, first and last name, email address, postal address, phone number and other similar contact data;
- The goods and services you want to buy;
- Payment details are collected on our website or over the phone. We do not store any credit card details - these are held securely by PayPal. For telephone orders, we stop recording calls when taking card details and our customer services team are not allowed to use any recording devices in their workspace. We are PCI Compliant and regularly test our security;
- Marketing data includes your preferences in receiving marketing from us and your communication preferences.
Other information you might provide directly:
We also collect the information you provide to us and the content of messages you send to us, from product reviews you might write for example, or any queries and conversations you have with our customer care team. When you contact us, phone conversations or chat sessions with our advisors may be monitored and recorded. Any recorded calls are kept securely on-site and are deleted after 6 months.
Who can view your order data?:
Our Customer Services team are the main people who handle customer data and have access to order information should a customer call up. Data is archived after 12 months and we further limit the number of people who have access to this archive. Our Admin team and Product Development team also have access to order information.
Usage Data includes information from browsing our website:
tunics.co.uk uses a cookie which is a small, anonymous text file placed on your device to help us follow you through our website so you can add items to the basket, continue shopping and buy when you are ready. This cookie doesn't contain anything personal in itself as it is just a long string of letters and randomised numbers which gives your visit to the website a unique identity. You can browse our website without this cookie but you cannot add to the basket without it.
Browsing our website will also mean that cookies from carefully selected third-party websites will be collecting anonymised data on our behalf. These are used for:
- Presenting you with more relevant results based on your browsing and what other people have looked at;
If you wish, you can switch off third-party cookies in your browser settings but switching off our main browser cookie will affect your shopping experience.
Disclosure of your personal data:
We may share your data with other reputable businesses and data processors to help provide a great service to you. Our requirement is that all third parties treat this data in full confidence to fully comply with all European and UK Data Protection and consumer legislation. Please also note:
- We will not share your data with third parties for their own mailing or marketing purposes;
- Should the UK Government HMRC, the Police or any other regulatory body require to see your data, we are obliged to show this;
- We may also share data with parties who may buy or sell this business in future or if any of our assets are acquired.
Storage of your personal data:
We take the security of your data storage extremely seriously:
- Your data is held on secure servers that are regularly tested for PCI Compliance. Some of the data that is collected from you may be transferred and then stored by one of our approved data processors who have a storage destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers;
- For your security, we strictly limit access to our administration of the data to our work-based locations;
- By law, we have to keep records of transactions for at least 6 years. For marketing purposes, we don't write to people who have never responded to any marketing in 6 months - we then keep the record but mark it as unsubscribed so we know not to write to that data again;
- The third parties that we engage with are required to only keep your data stored on their systems for as long as is necessary to provide you or ourselves with the relevant services they provide;
- Occasionally, our staff may print off order details which include customer names, address and contact details. Such print is kept in the workplace until it has been dealt with. At this point, it is stored ready for shredding and a professional shredding company regularly collects to confidentially shred and recycle upon which we receive a Certificate of Destruction;
- If a call was recorded, it will be deleted from our system after 6 months.
If you have consented to our marketing, which is a great idea as you'll be kept informed of our offers and products you may not have been aware of, then you will always have a simple way to opt-out or amend your preferences with every email sent and we will also attempt to do the same with any printed material should we do a direct mailshot.
From the 25th May 2018, marketing will only proceed to new customers who opt-in to receive it. Customers who bought from us or signed up to receive our newsletters prior to this date will continue to be marketed to as we have evidence that our marketing is of benefit to both the customer and ourselves. Please see our Legitimate Use of Data for Marketing in Our Legitimate Interests.
We take our security very seriously but in the unlikely event of a data breach, we will contact anyone affected by the breach within 3 working days of us knowing about it. This contact is likely to be via email.
You have a right to know what data we hold about you and are welcome to make a Subject Access Request. Please get in touch and allow us up to 30 days to provide you with this. If anything is incorrect, please let us know.
Similarly, if you want us to delete any of your data, we'll work with you on that. Please note that as tunics.co.uk only retains data upon placing an order, and as we don't ask anything other than the data we need to process that order, then we need to keep a certain amount of data on record.
Wherever possible, we will show you how to control your marketing preferences.
If you wish to exercise any of your rights or want to ask us a question or make a complaint about how we handle your personal data, then please get in touch with us in the first instance. We will then be in touch with you to explain it through, make sure we can deal with all your requests and then we will carry out everything as required.
You also have the right to lodge a complaint with the UK regulator, the Information Commissioner (ICO).