Hanley’s Premium Confectionery
Data controller – Determines the means and the purposes of processing the personal data
Data processor – Body processing personal data on behalf of data controller
Data subject – A person who’s personal data is being retained and processed by the controller or processor
How we collect your data
Hanley’s Premium Confectionery obtains personal data in two ways:
- Guest checkout: asks the individuals to submit personal details before placing an order to enable Hanley’s Premium Confectionery to process and organise the delivery for the order.
- Registration: Individuals chose to complete the online registration form to enable Hanley’s Premium Confectionery to process the order. It also enables individuals to complete orders more efficiently in future and benefit from discounts and offers. As part of registration, individuals consent to receiving direct marketing informing them about offers and updates from Hanley’s Premium Confectionery.
What personal data we hold and what we use it for
Hanley’s Premium Confectionery, hold personal information such as: names, surnames, emails, addresses & postcodes and phone/mobile numbers.
The personal data is stored securely and is used for:
- Processing deliveries
- Email/telephone/sms marketing informing of any offers
- To inform about any issues with the order
Personal data information is shared with third party organisations solely for the purposes of processing deliveries. Example is sharing name & address details with courier company to deliver parcels. Where Hanley’s Premium Confectionery engages third parties, it is done on the basis of written instructions and under a duty of confidentiality. Third parties and are obliged to implement appropriate technical measures to ensure the security of data.
The personal data which is held can be deleted and the copy of all personal data can be provided to an individual upon request (please note in some cases this may result in administrative charges for the individual wishing to obtain copy of their personal data).
The frequency of direct marketing will depend on the frequency of promotions run by Hanley’s Premium Confectionery.
Phone/mobile – minimum once a month
Email – minimum once a month
Text – minimum once a month
How we protect your data
Data subject rights and responsibilities
The data subject will have the rights to:
- Access all data held
- Rectify inaccurate data
- Restrict or object to data being processed
- Export data in a format that can be used in another IT environment
- Completely erase all data
Data subjects are responsible for helping Hanley’s Premium Confectionery keep their personal data up to date. Individuals should let Hanley’s Premium Confectionery know if data provided changes, for example change of address, bank details or any other data.
If you are registered and wish to amend your personal data, you can do so by going into your account and altering any information as required. If you wish for any data to be deleted or request for the data to be transferred please email email@example.com or call us on 01270 618 407. You may also unsubscribe from any newsletters by going into your Account and going onto the Subscribe/Unsubscribe section.
If you wish to have all your data completely erased contact firstname.lastname@example.org or calling us on 01270 618407.
Those using guest check out will need to email email@example.com to request for their personal data to be removed once the order is placed. Please note we require your personal details initially to process the order.
From time to time, Hanley’s Premium Confectionery may contact you via email, phone, text and post regarding any of our offers or other promotions. To comply with new GDPR regulations, Hanley’s Premium Confectionery will be sending out an annual review email giving you the opportunity to opt out/unsubscribe. If you wish to unsubscribe at any point, please contact firstname.lastname@example.org or by calling us on 01270 618407.
Hanley’s Premium Confectionery staff responsibilities
Individuals who have access to personal data are required:
· To access only data that they have authority to access and only for authorised purposes.
· Not to disclose data except to individuals (whether inside or outside HANLEYS PREMIUM CONFECTIONERY) who have appropriate authorisation.
· To keep data secure (for example by complying with rules on access to premises, computer access, including password protection, and secure file storage and destruction).
· Not to remove personal data, or devices containing or that can be used to access personal data, from HANLEYS PREMIUM CONFECTIONERY's premises without adopting appropriate security measures (such as encryption or password protection) to secure the data and the device.
· Not to store personal data on local drives or on personal devices that are used for work purposes.
· Not to share access logins with anyone who is unauthorised to have it.
Failing to observe these requirements may amount to a disciplinary offence, which will be dealt with under HANLEYS PREMIUM CONFECTIONERY's disciplinary procedure. Significant or deliberate breaches of this policy, such as accessing employee or customer data without authorisation or a legitimate reason, may constitute gross misconduct and could lead to dismissal without notice.
Should Hanley’s Premium Confectionery experience any changes in the way the personal information is obtained, held or used, the policy will be updated accordingly and will be accessible upon request or on the website www.hanleysconfectionery.co.uk