Sam Tully is named under Sam Grigg sole trader working in the UK, High View Pump Lane North, Marlow, Buckinghamshire, England, SL7 3RD. In this document and others we might addressed as, we, us, our. Sam Grigg owns and operates the www.samgrigg.co.uk and www.samtullydesign.co.uk websites. When you interact with our websites you may provide to us, or we may collect, certain information from which is referred to as personal data.
Under data protection laws, we known as a “data controller”, meaning that we have responsible for deciding how your personal data is used and more importantly, for keeping your data safe and only using it for legitimate purposes.
What this policy explains
- Who is collecting the data?
- What data we collect about you
- Why we use your data and our legal grounds for doing so
- Who we share your data with
- Whether we send your data outside of the EEA or not
- How to opt-out or marketing communications
- When and why you might see adverts for Sam Tully online
- How we keep your data safe
- Third party websites
- How long we store your data
- Your rights and how to exercise them
- Changes to our policy
- How to contact us
What data do collect we about you?
We have set out below a break down of what personal data in collected and why it is being used under different legal grounds. It it completely your choice if you do or do not want to pass on any data but if you don’t it may effect customer experience, for example the purchasing of items. But this is completely your choice to do so or not.You may provide us with the following types of personal data when you directly interact with websites or in person.
Contact – first name, surname, gender, date of birth, account log-in information, country of residence, email address, telephone numbers and address
Profile – your preferences for marketing, other website preferences, your contact history.
I may also collect the following types of personal data from you when you use our websites (using Cookies or other tracking technologies):
Technical – browser type, device information, IP address, hardware type, network and software identifiers, operating system and system configuration
Usage – information about how you use my websites, including time spent on page, click-throughs, download errors, browsing patterns
In this subsection you should note what information is captured through comments. We have noted the data which WordPress collects by default.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
After approval of your comment, your profile picture is visible to the public in the context of your comment.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
By default, WordPress does not include a contact form. If you use a contact form plugin, use this subsection to note what personal data is captured when someone submits a contact form, and how long you keep it. For example, you may note that you keep contact form submissions for a certain period for customer service purposes, but you do not use the information submitted through them for marketing purposes.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Why do we use your data and what are our legal grounds?
The table below is how we use your personal data and my lawful basis for doing so. In addition to these purposes, please note that we also anonymise and aggregate personal data (so that it does not personally identify you) and use it for testing our internal systems, carrying out research and general customer data analysis. Because this is not personally identifiable, we can use this for any purposes.
|Reasons why we use the data||What data||Legal grounds for using the data|
|Register you as a Customer of Sam Tully||Contact, profile||Perform our contract with you. Necessary for our legitimate interests incase further assistances is needed|
|Enable for you to put products in your basket||Contact, technical, usage||Same as above|
|Process payments of items which you make through our websites and to action refunds||Contact, financial||Perform contract with you|
|Deliver your tickets||Contact||Perform contract with you|
|Send you service messages by email, including item receipts||Contact||Perform contract with you|
Necessary to comply with a legal obligation
|For internal administration and record keeping purposes||All||Perform our contract with you
Comply with our legal obligations
Necessary for our legitimate interests (to effectively operate my business and perform our services)
|Providing customer support, including answering your questions which may involve contacting you by post, e-mail or phone||All||Performance of a contract with you
Necessary for our legitimate interests (to ensure my customers are informed and satisfied with my services)
|To understand who is buying my products||Contact||Necessary for our legitimate interests (to develop our business and understand our customer base to inform our marketing strategy)|
|Get in touch with you about relevant products||Contact, Profile||We will only do this if we have your consent|
|Improve and personalise your user experience by delivering more relevant content and advertising whilst you browse and to remember your preferences||Contact, Profile, Technical, Usage||Necessary for our legitimate interests (to develop our business and understand our customer base to inform our marketing strategy)|
|Administer our websites, including website trouble shooting, testing and analysis and to enable you to participate in interactive features of my websites||All||Performance of a contract with you
Necessary for our legitimate interests (to ensure that our websites are fully functional and operating in the most effective way for you)
|Verify your identity and detect fraud and security issues||All||Necessary for our legitimate interests (to prevent and detect fraud, security incidents and criminal activity)|
Who we share your data with?
For the purpose of third party marketing we do not pass your personal data to any third parties. If we want to do this in the future, we will ask for your permission if not already given, therefore only doing so if consented too.
We do need to share your data with the following third parties as its an essential part of providing our service for you, which will all be in accordance with the purposes set out above. In any case we will only ever share the minimum amount of information required, to ensure that the relevant third parties are subject to suitable obligations in respect of confidentiality and security:
- Companies which are within the same corporate group as Sam Grigg, who are responsible for managing different aspects of our service.
- Our delivery service provider, who will transfer goods to your location
- Payment service providers and our delivery companies
- Our professional service providers,such as marketing agencies, advertising partners and website hosts and our professional advisors
- Credit reference agencies, law enforcement and fraud prevention agencies, so we can help tackle fraud
- Companies approved by you, such as social media sites (if you choose to link your accounts to us)
In some cases we may need to share your personal data with third parties if we are legally obliged.
We collect information about you during the checkout process on our store.
What we collect and store
While you visit our site, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for XXX years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.
We will also store comments or reviews, if you choose to leave them.
Who on our team has access
Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:
- Order information like what was purchased, when it was purchased and where it should be sent, and
- Customer information like your name, email address, and billing and shipping information.
Our team members have access to this information to help fulfill orders, process refunds and support you.
We accept payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information.
Do we send your data outside of the EEA?
“EEA” which stands for The European Economic Area is seen as having good standards when it comes to data privacy so we try to limit the transfer of any data outside of this region. From time to time, we will have to do this if third parties services mentioned above have cloud servers located outside or if we need to move servers to outside this region. In cases such as this, we make sure that your data is still treated fairly and lawfully in all respects, including making sure we have a legal ground for the transfer and putting in place all necessary safeguards for such arrangement where the third party is not based in a country which is deemed to have “adequate” data protection laws.
Marketing messages and opt-ing out
If you have said we can, we’ll send you marketing messages by email and/or post to keep you aware of what we’re up to and tell you about future promotions or products we think will be relevant to you. If you change your mind, you can opt-out of receiving marketing at any time either by Contacting us, or by using the opt-out function detailed in any e-mail communication. Once you do this, we will update your profile to ensure that you don’t receive further marketing messages. Please note, it might take a few days for all our systems to be updated, so you might get messages from us while we process your request.
We do not currently pass your data onto any third parties for third-party marketing purposes. However, if we ever wish to do so in the future we will always get your consent. You can then opt-out from any third-party marketing at anytime following the same process as above.
We do pass your data onto third parties who deliver our own marketing, and any updates to your preferences will also be passed onto these third parties.
If you have given the appropriate consent, We use target banners and ads to you when you have left our websites and are on other websites and apps. We do this using a variety of digital marketing networks and ad exchanges, and we use a range of advertising technologies as well as specific services offered by some sites and social networks, such as Facebook’s Custom Audience service.
The banners and ads you see will be based on information we hold about you, or your previous purchase or search history on Sam Tully (for example, items recommended or left in your basket.)
How we keep your data secure?
We use industry standard security processes to ensure your data is kept safe and secure and to prevent unauthorised access or use or loss of your data. We also make sure that when we are required to share your data with third parties, they are subject to suitable confidentiality and security standards.
Despite these measures, the transmission of data via the internet is not completely secure. As such, we cannot guarantee that information transmitted to us via the internet will be completely secure and any transmission is at your own risk.
Links to third party websites
How long do we store your data?
We will store your data for as long as you have an “active” Sam Tully purchase*, or as long as is needed to be able to provide the services to you. After this, we may still need to keep hold of your data if there is a legal reason for doing so (such as for tax or other financial reasons (such as being able to deal with chargebacks), where we need to resolve any disputes with you, or where we need to enforce our terms and conditions). In such circumstances, we will only retain the amount of data strictly necessary for these reasons and otherwise, will remove your data from our systems.
You have various rights under GDPR which entitle you, in certain situations, to:
- ask us for a copy of the personal data we hold about you;
- correct or update your personal data, which you can do yourself by logging into your account or if you would prefer, please contact us and we can assist;
- request that we delete your personal data;
- object to the handling of your personal data where we are relying on a legitimate interest (as set out in the above table);
- restrict the processing of your personal data;
- request the transfer of your personal data (or some of it) to a third-party service provider; or
- where you have provided your consent for something, in certain circumstances, you may withdraw this consent (but note that we may continue to use your personal data if we have legal grounds for doing so).
And how to exercise them….
Please contact us if you would like to exercise your rights, which you can do for free. The only time we may be allowed to charge a reasonable fee is where your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. Otherwise, we will always respond within one month (unless there is a legal reason to take longer).
We may also need to ask you to confirm your identity before we proceed with your request if it is not clear who is making the request.
If you are concerned about the way we are handling your personal data you may also contact the ICO (Information Commissioner’s Office). However, where possible, we would really appreciate the opportunity to help with your concern in the first instance.
Changes to this policy
We may change this policy from time to time, to reflect how we are handling your data and will upload these updates onto our websites. If we make significant changes, we will make sure these are notified to you by email or other suitable method so that you are able to review the changes before you continue to use our services.
How to contact us
If you would like to discuss anything in this policy, want to exercise your rights or have any issues with the way we are handling your data, please:
Email us: firstname.lastname@example.org
Write to us at: Sam Tully High View Pump Lane North Marlow SL7 3RD
LAST UPDATED: August 2018