Who we are
Our registered address is 168 Church Road, Hove, East Sussex, BN3 2DL and additional contact details are available from our website at www.yearbooksdirect.co.uk
We are committed to protecting any data that we collect concerning you and processing it in accordance with the Data Protection Act 1998 (“the DPA”) and the General Data Protection Regulation (Regulation (EU) 2016/679) (“the GDPR”).
This Policy explains what personal data we collect about you, what we do with it, and explains the legal basis on which we process your personal data under the GDPR.
We collect information about you online when you provide it, such as when you make a purchase from our website, create an account and subscribe to our email service. Website usage is collected using cookies.
We may also obtain personal data through offline methods, for example, over the telephone.
How we use your information
To promote our services and provide you with information which may be helpful to you, we will use your information to contact you via direct mail, email, and/or telephone with selected material that you may find of interest.
From 25 May 2018, the GDPR will replace the existing DPA. From that date, we will only contact you via direct mail, email, and/or telephone if we have explicit consent to do so. Please note that this does not apply to emails containing services, maintenance and transactional information.
Where we hold your information for these purposes, we may also process it in order to deal with any enquiry, to personalise our information we provide to you, and to ensure that our records are accurate and up-to-date.
We will not share your information for marketing purposes. However, under the GDPR we will have the right to contact you and pass your details to third parties where we have a genuine and legitimate reason to do so, unless this is outweighed by harm to your rights and interests. We also have the right to share your details in the event the sharing of such information is necessary for the performance of a contract.
You have the right to tell us not to process your personal data for direct marketing purposes. We will give you the option to refuse marketing when we collect your details. You can also exercise this right at any time by contacting us directly.
Access to information
Under the DPA and GDPR, you have the right of access to information we hold on our records about you. We will not charge you for requests made to access such information. Please contact us if you would like a copy of some or all your personal information.
We will take appropriate security measures to ensure that any information you provide to us is stored securely and confidentially and is processed in accordance with the DPA and GDPR.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; and transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to try and prevent unauthorised access. We currently use Security-Metrics to complete periodic penetration tests to ensure the integrity of our IT Security as part of our companies GDPR Compliancy.
You have the following rights in relation to your personal data under the GDPR from 25 May 2018:
- the right to require us to correct any inaccurate personal data we hold on you or to supplement or complete such data;
- the right to object to any processing we undertake for our own legitimate interests on grounds related to your own personal situation; and
- the right to have your personal data erased:
- if it is no longer necessary for the purposes we have processed it for;
- where we have used it only by your consent and you have withdrawn your consent;
- where we hold that data for direct marketing only;
- where you have exercised a right under article 21(1) (right to object) of the GDPR, we cannot meet the requirements of that article for continued use of your data, and there is no other legal basis for our use of it;
- if we have unlawfully used your data;
- we have a separate legal obligation under European or domestic law to erase it; or
- you are a child under the law of your own EU member state.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports for website activity.
You can set your browser not to accept cookies, however, in a few cases some of our website features may not function as a result.
Changes to our Policy
We reserve the right to update our Policy at any time. We will take reasonable steps to draw your attention to any changes to our Policy. Should you disagree with any changes made, you may withdraw your consent at any time using the methods outlined above. This Policy was last updated on March 28th, 2018.
How to contact us
Please contact us if you have any questions about our Policy or information we hold about you by emailing, Conan Sly, email@example.com or by telephone 01403 321904.
Data Protection Officer
Conan Sly, firstname.lastname@example.org
IBITGQ Certified, EU Data Protection Regulation Practitioner (GDPR P)
Qualification Date: 10/06/2017
Certification Number: 982083
IBITGQ Certified, EU Data Protection Regulation Foundation (GDPR F)
Qualification Date: 10/02/2017
Certification Number: 984633