INTRODUCTION AND DEFINITIONS
Warrens of Winchester Limited, trading as Winchester Office Supplies, ("we", "our" and "us") is committed to protecting and respecting your privacy.
By visiting www.winchesterofficesupplies.co.uk you are accepting and consenting to the practices described in this policy.
Our site may, from time to time, contain links to and from partners', affiliates' and social network sites. If you follow a link to any of these websites, please note that these sites have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check their privacy policies before you submit any personal data to those websites as they may not be on the same terms as ours.
If you have questions about correcting or deleting your personal data please refer to sections 3 and 8 below.
References in this policy to "data protection law" mean (as applicable) the Data Protection Act 1998, the General Data Protection Regulation (Regulation (EU) 2016/679) and all related data protection legislation having effect in England from time to time.
References in this policy to "data or "information" include "sensitive personal data" and "special categories of data" (as defined under data protection law) where applicable.
1 Our details
1.1 The data controller is Warrens of Winchester Limited of 85 High Street, Winchester SO23 9AE.
2 How we use your information
2.1 The following sections set out why we are processing your information, what information we collect, the legal basis for and duration of our processing of your information and (if applicable) who your information will be shared with and where those recipients are based.
Which information do we process and for what purpose?
2.2 We process the following information from you:
2.2.1 Information you give us. This is information about you that you give us by filling in forms on our site, by email, by telephone, in person or otherwise within our customer relationship. It includes information you provide when you register to use our site, request marketing information, enter a competition, promotion or survey and when you report a problem with our site. The information you give us may include your name, address, email address and phone number.
2.2.2 We process information you give to us for the following purposes:
184.108.40.206 to supply you with the goods and/or services you have ordered and/or purchased from us;
220.127.116.11 to manage your account with us; and
18.104.22.168 to notify you about changes to our service.
2.2.3 Information we collect about you. Like most other website operators, we collect non-personally identifying information of the sort that web browsers and servers typically make available. This includes technical information, such as your IP address and your login information and information about your visit, such as records of how you navigate the pages on our site and how you interact with the pages.
2.2.4 We process information we collect about you for the following purposes:
22.214.171.124 to allow us to administer the account you hold with us;
126.96.36.199 to improve our services;
188.8.131.52 to comply with our legal obligations to process and keep a record of your data; and
184.108.40.206 to ensure that content from our site is presented in the most effective manner for you and for your computer; and
220.127.116.11 to measure or understand the effectiveness of advertising we serve to you and others, and possibly to deliver relevant advertising to you on our site.
2.2.5 Information obtained from or provided by third parties. Personal data of business customers which we have obtained from or which has been supplied by data marketing agencies.
2.2.6 We process information we obtain from or are provided with by third parties for the following purposes:
18.104.22.168 To pursue our legitimate interest of marketing the services of our business to prospective customers.
What are the grounds for processing your information?
2.3 We are processing your data on the following ground(s):
2.3.1 the processing is necessary for the performance of the contract for the supply of goods and services between you and us. This includes where you have instructed us to take some pre-contractual steps (such as quotations or measuring up) prior to us formalising the contract.
2.3.2 the processing is necessary for achieving our legitimate interest of personalising our website’s content to improve your user experience, business to business contacts and direct marketing. In accordance with data protection law, we have carefully weighed your interests and fundamental rights and freedoms against our interest to process your information and are satisfied that we are justified in processing your information for this purpose.
Duration and further processing
2.4 To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
2.5 Generally speaking, we will store your personal data for the following periods:
2.5.1 Where you are a customer, we will delete your personal data 6 years after the end of our relationship;
2.5.2 Where your personal data is collected from our website and/or as a potential customer, we will delete it after 12 months; and
2.5.3 Where your personal data is obtained in relation to miscellaneous third parties, we will delete it after 6 years.
2.6 If we need to keep your information for a longer period then we will notify you of the reason and grounds for doing so. This may be the case, for example, where a dispute arises in relation to a contractual relationship. You will receive our notification by email. We will regularly review the duration of these longer periods of retention.
Who is your information shared with?
2.7 Your personal information is not shared with anyone except where we are required to do so to comply with the law, to protect our rights, or to improve and expand our products and services.
2.8 Personal information is not retained on our systems unless it is required for the ongoing operation of one of our services (including where we keep a record of your data).
2.9 We may share anonymised, pseudonymised and non-personal information with sub-contractors engaged by us to help us operate our site and to analytics and search engine providers that assist us in the improvement and optimisation of our site.
2.10 To the best of our knowledge, understanding and belief, your information will not be transferred outside of the European Economic Area or to any country which is not approved by the European Commission. If this changes then we will let you know.
Automated decision making
2.11 We do not make automated decisions about you based on your information.
3 Your rights
3.1 Under data protection law you have the following rights:
3.1.1 the right to be informed as to what we do with your information. This includes but is not limited to the right to know what information we gather, process and store, what we do with it, who we share it with and how long we keep it for;
3.1.2 the right to access a copy of your information which we hold. This is called a 'subject access request'. Additional details on how to exercise this right are set out in section 5, below;
3.1.3 the right to object to processing of your information where it is likely to cause or is causing damage or distress;
3.1.4 the right to prevent us processing your information for direct marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us using the details set out in section 8, below;
3.1.5 the right, in certain circumstances, to have your information rectified, blocked, erased or destroyed if it is inaccurate; and
3.1.6 the right, in certain circumstances, to claim compensation for damages caused by us breaching data protection law.
3.2 From 25 May 2018 you will have the following additional rights under data protection law:
3.2.1 enhanced rights to request that we erase, rectify, cease processing and/or delete your information; and
3.2.2 in certain circumstances, the right to request the information we hold on you in a machine readable format so that you can transfer it to other services. This right is called 'data portability'. Additional details on how to exercise this right are set out in section 5, below.
3.3 You also have the general right to complain to us (in the first instance) and to the Information Commissioner's Office (if you are not satisfied by our response) if you have any concerns about how we hold and process your information. Our contact details are set out in section 8, below. The Information Commissioner's Office website is www.ico.org.uk.
3.4 For further information on your rights under data protection law and how to exercise them, you can contact Citizens Advice Bureau (www.citizensadvice.org.uk) or the Information Commissioner's Office (www.ico.org.uk).
4.3 We use two types of cookie:
4.3.1 session cookie – which stores an ID which matches to records in our database. It has no personal identifiable data in it but can be linked to an individual through the data stored in the database; and
4.3.2 preferences cookie – which stores personal settings on how to display records on the store based on the choices and preferences of the user. It has no personal identifiable data and can't be linked to a user in the database.
4.4 Both cookies provide us with web store functionality and are stored until cleared by the user.
5 ACCESS TO INFORMATION
5.1 Under data protection law you can exercise your right of access by making a written request to receive copies of some of the information we hold on you. Prior to 25 May 2018 there is a £10 fee for making the request. From 25 May 2018 you will:
5.1.1 no longer have to pay a £10 fee but we will be allowed to charge you for our reasonable administrative costs in collating and providing you with details of the requested information which we hold about you, if your request is clearly unfounded or excessive; and
5.1.2 in certain circumstances, be entitled to receive the information in a structured, commonly used and machine readable form.
5.2 Requests should be sent to the Compliance Manager, Warrens of Winchester Limited, 85 High Street, Winchester SO23 9AE. We will need to see proof of your identity before processing your request.
6 Data security
We will always store your digital information on secure servers. Unfortunately, however, the transmission of information via the internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your information transmitted to our site or otherwise to our servers (such as by email). Any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.