Privacy Policy

Hanley’s Premium Confectionery

Purpose

Hanley’s Premium Confectionery privacy policy sets out the way in which the company retains and processes personal data. All personal data held will be processed in accordance with data protection legislation as of 25th May 2018.

Definitions

Data controller – Determines the means and the purposes of processing the personal data

 

Data processor – Body processing personal data on behalf of data controller

 

Data subject – A person who’s personal data is being retained and processed by the controller or processor

 

How we collect your data

Hanley’s Premium Confectionery obtains personal data in two ways:

-          Guest checkout: asks the individuals to submit personal details before placing an order to enable Hanley’s Premium Confectionery to process and organise the delivery for the order.

-          Registration: Individuals chose to complete the online registration form to enable Hanley’s Premium Confectionery to process the order. It also enables individuals to complete orders more efficiently in future and benefit from discounts and offers. As part of registration, individuals consent to receiving direct marketing informing them about offers and updates from Hanley’s Premium Confectionery.

What personal data we hold and what we use it for

Hanley’s Premium Confectionery, hold personal information such as: names, surnames, emails, addresses & postcodes and phone/mobile numbers.

The personal data is stored securely and is used for:

-          Processing deliveries

-          Email/telephone/sms marketing informing of any offers

-          To inform about any issues with the order

Personal data information is shared with third party organisations solely for the purposes of processing deliveries. Example is sharing name & address details with courier company to deliver parcels. Where Hanley’s Premium Confectionery engages third parties, it is done on the basis of written instructions and under a duty of confidentiality. Third parties and are obliged to implement appropriate technical measures to ensure the security of data.

 

We may also use collective information and statistics for the purposes of monitoring website traffic and usage through third party providers like Google Analytics (you can find Google Analytics privacy policy by following the link https://support.google.com/analytics/answer/6004245?hl=en) This is done in order to help us develop our website and continue providing best possible service to customers. These statistics will not include information that can be used to identify any individual, and will be used purely for aggregate statistical analysis.

The personal data which is held can be deleted and the copy of all personal data can be provided to an individual upon request (please note in some cases this may result in administrative charges for the individual wishing to obtain copy of their personal data).

Frequency

The frequency of direct marketing will depend on the frequency of promotions run by Hanley’s Premium Confectionery.

Phone/mobile – minimum once a month

Email – minimum once a month

Text – minimum once a month

How we protect your data

We are serious about keeping the data of our customers protected. The personal data such as name, surname, address and postcode are stored in the back end of our system which is secure and password protected. To process payments, we use a third party payment processing company PayPoint, which has achieved a PCI DSS (Payment Card Industry Data Security Standards) compliance, which requires retailer processing card payments to take responsibility for protecting sensitive card data. You can find PayPoint privacy policy by following this link https://www.paypoint.com/en-gb/retailer/privacy-statement.  Hanley’s Premium Confectionery also undergoes a data security compliance check annually undertaken by Barclaycard. Hanley’s Premium Confectionery do not process or hold any bank details on the system.

Data subject rights and responsibilities

The data subject will have the rights to:

-          Access all data held

-          Rectify inaccurate data

-          Restrict or object to data being processed

-          Export data in a format that can be used in another IT environment

-          Completely erase all data

Data subjects are responsible for helping Hanley’s Premium Confectionery keep their personal data up to date. Individuals should let Hanley’s Premium Confectionery know if data provided changes, for example change of address, bank details or any other data.

 

If you are registered and wish to amend your personal data, you can do so by going into your account and altering any information as required. If you wish for any data to be deleted or request for the data to be transferred please email info@hanleysconfectionery.co.uk or call us on 01270 618 407. You may also unsubscribe from any newsletters by going into your Account and going onto the Subscribe/Unsubscribe section. 

If you wish to have all your data completely erased contact info@hanleysconfectionery.co.uk or calling us on 01270 618407.  

Those using guest check out will need to email info@hanleysconfectionery.co.uk to request for their personal data to be removed once the order is placed. Please note we require your personal details initially to process the order.

Marketing

From time to time, Hanley’s Premium Confectionery may contact you via email, phone, text and post regarding any of our offers or other promotions. To comply with new GDPR regulations, Hanley’s Premium Confectionery will be sending out an annual review email giving you the opportunity to opt out/unsubscribe. If you wish to unsubscribe at any point, please contact info@hanleysconfectionery.co.uk or by calling us on 01270 618407.

Hanley’s Premium Confectionery staff responsibilities

Individuals who have access to personal data are required:

 

·         To access only data that they have authority to access and only for authorised purposes.

·         Not to disclose data except to individuals (whether inside or outside HANLEYS PREMIUM CONFECTIONERY) who have appropriate authorisation.

·         To keep data secure (for example by complying with rules on access to premises, computer access, including password protection, and secure file storage and destruction).

·         Not to remove personal data, or devices containing or that can be used to access personal data, from HANLEYS PREMIUM CONFECTIONERY's premises without adopting appropriate security measures (such as encryption or password protection) to secure the data and the device.

·         Not to store personal data on local drives or on personal devices that are used for work purposes.

·         Not to share access logins with anyone who is unauthorised to have it.

 

Failing to observe these requirements may amount to a disciplinary offence, which will be dealt with under HANLEYS PREMIUM CONFECTIONERY's disciplinary procedure. Significant or deliberate breaches of this policy, such as accessing employee or customer data without authorisation or a legitimate reason, may constitute gross misconduct and could lead to dismissal without notice.

 

Consent

If you provide consent, you agree for Hanley's Premium Confectionery to retain and process personal data in accordance to the Privacy Policy.

Should Hanley’s Premium Confectionery experience any changes in the way the personal information is obtained, held or used, the policy will be updated accordingly and will be accessible upon request or on the website www.hanleysconfectionery.co.uk