In the course of its business the Posh Watch Shop Limited captures personal information about you. We respect and protect your privacy and are as transparent as possible regarding the personal information we collect and how it is used. We always aim to handle your data fairly and lawfully.
This notice informs you how we collect and protect personal information you provide, how you can control what personal information we collect from you and what we do with it. It sets out how we intend to use your information, who we will share it with and what rights you have about its use.
PERSONAL DATA WE COLLECT
We may collect the following information about you:
- Your name, age/date of birth and gender;
- Your contact details: postal address including billing and delivery addresses, telephone numbers (including mobile numbers) and e-mail address;
- Purchases and orders made by you;
- Your social media handles;
- Your online browsing activities on our websites including what items you store in your shopping bag;
- Your password(s) to our store;
- Information about the device you use to browse our websites including the IP address and the device type;
- When you make a purchase or place an order with us, your payment card details;
- Your communication and marketing preferences;
- Your interests, preferences, feedback and competition and survey responses;
- Your location;
- Your correspondence and communications with us; and
- Other publicly available personal data, including any which you have shared via a public platform (such as Instagram, YouTube, Twitter or public Facebook page).
We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources.
Our websites are not intended for children and we do not knowingly collect data relating to children.
LEGAL BASIS FOR PROCESSING DATA
We collect and use customers’ personal data to perform our contract with you and to comply with our duties and exercise our rights under contracts for the sale of goods or services to customers with their consent or as necessary for the pursuit of our legitimate interests including:
- Selling and supplying goods and services to our customers.
- Promoting, marketing and advertising our products and services.
- Sending promotional communications which are relevant and tailored to individual customers.
- Understanding our customers’ behaviour, activities, preferences, and needs.
- Improving existing products and services and developing new products and services.
- Protecting customers, employees and other individuals.
- Good governance, accounting and management of operations. Complying with legal obligations.
- Preventing, investigating and detecting crime or fraud and prosecuting offenders, including working with law enforcement agencies.
- Handling customer contacts, queries, complaints or disputes.
- Managing insurance claims by customers.
- Protecting our company, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to us.
- Handling any legal claims or regulatory enforcement actions taken against us.
- Fulfilling our duties to our customers and other stakeholders.
You have the right to withdraw consent at any time. Where consent is the only legal basis for processing your personal data, we will cease to process your personal data for that purpose after consent is withdrawn.
SHARING DATA WITH THIRD PARTIES
We do not sell or rent your personal information to other organisations for marketing purposes and will not disclose your personal information to any third party, except for our legal and other professional advisers, Credit reference agencies where necessary for card payments, governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so to comply with our legal obligations, to exercise our legal rights (for example in court cases), for the prevention, detection and investigation of crime or prosecution of offenders, our service providers and suppliers.
We may need to share your personal information with certain trusted third parties including IT, mailing, payment services, delivery and marketing service providers. They only handle your personal information having confirmed that they apply appropriate data protection and security controls and can only use your information to provide services to us and to you, and for no other purposes.
USE OF DATA
The Posh Watch Shop generally uses personal data as follows:
- To provide goods and services to you;
- To manage any account(s) you hold with us;
- To verify your identity;
- For crime and fraud prevention, detection and related purposes;
- To email you about offers, events, products and services which we think may interest you;
- For analysis, insight and market research purposes to ensure we are providing relevant information;
- To manage customer service queries;
- Where we have a legal right or duty to use or disclose your information
The Posh Watch Shop may use your personal data for marketing purposes and send you postal mail, texts and emails to update you on our latest offers and other matters that may interest you. You have the right to opt out of receiving promotional communications at any time, by emailing (email@example.com) or making use of the simple “unsubscribe” link in our emails.
In order to provide more personalised services and experiences, we may ask your permission to review third party data about you, for example, your Twitter or Facebook feeds, to get to know you better and to provide more effective personalisation. Some of our services enable you to sign-in via a third-party service, such as Facebook. If you choose to sign-in via a third-party app, you will be presented with a dialog box which will ask your permission to allow us to access your personal information (e.g. your full name, date of birth, email address and any other information you have made publicly accessible).
Cookies are small data files which are placed on devices when you browse websites. They are used to ‘remember’ when your device accessed the website and allow us to know whether you are logged in and what items were in your shopping bag. Cookies are essential for the effective operation of our website and to help you shop online. All data collected by cookies is anonymous and never contains individual details (name, address, telephone number or payment details).
There are two types of cookie used during visits to our site, session cookies, which are deleted after each visit to our site. Session cookies allow you to add an item to the basket and then move through the checkout. Disallowing these cookies on your web browser means you will not be able to place an order on the site. The second type are persistent cookies which remember details for a period and whether you logged into or out of your account while browsing.
Most web browsers provide the option to turn off or disallow cookies. This will depend on the web browser used. Instructions for disallowing cookies can usually be found in the browser’s ‘Help’ menu.
PROTECTION OF DATA
The Posh Watch Shop Limited is committed to keeping your personal data safe and secure. Security measures include the following:
- Encryption of data.
- Cyber security assessments of service providers who may handle your personal data.
- Planning to ensure we are ready to respond to cyber security attacks and data security incidents.
- Security controls which protect our IT systems infrastructure from unauthorised access.
- Internal policies setting out our data security rules.
- Regular training for employees.
We will ever ask you to confirm any bank account or credit card details via email. If you receive an email claiming to be from The Posh Watch Shop Limited asking you to do so, please ignore it and do not respond.
HOW LONG WE KEEP YOUR DATA
We will not retain your data for longer than necessary for the purposes set out in this Notice. Our Data Retention Policy sets out the length of time we will usually retain personal data and where these default periods might be changed. Various laws, accounting and regulatory requirements require us to retain certain records for specific amounts of time and we will hold your data as required for legal or regulatory reasons.
RECORD RETENTION PERIOD
|Record||Type of Personal Data||Retention Period|
|Contracts with Suppliers||Names||10 years after expiry|
|Supplier details||Names, addresses, email addresses, telephone numbers||Permanently|
|Payment services agreements||Names||10 years after expiry|
|Cookies||Web tracking information including IP addresses||5 years|
|Contracts with Customers||Names, addresses, telephone numbers, transactional details||10 years from date of transaction|
|Customers waiting lists||Names and products||Until purchase or as long as customer requires|
|Contracts with Customers||Email addresses||website emails: 7 years, customer care emails: 7 years, store support emails: 2 years|
|Customer complaints||Names, addresses, telephone numbers, email addresses||7 years|
|Promotional materials||Names and customer images||3 years|
|Customer listings for promotional communications||Names and addresses, email addresses||30 days|
|Marketing databases||Names and addresses, email addresses||15 years|
|Social Media communications||Names, addresses, email addresses, transactional data, hobbies, interests, payment references||Permanently|
|Product and service reviews by customers||Names, emails and products services purchased||Personal data: 12 months, review content: permanently|
|Records of administration of watch and jewellery insurance claims for Insurance Companies||Names, addresses, telephone numbers, email addresses, insurance policy number, item claimed for, call recordings, bank sort code details||Permanently|
|Call recordings||Telephone numbers, call recordings||28 days|
|Repair records||Names, addresses, watch and damage/repair details||7 years|
To deliver products and services to you, it is sometimes necessary to share your personal information outside of the European Economic Area (the EEA). This will typically occur when service providers are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under data protection laws. If we transfer your personal information outside the EEA, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure. Our standard practice is to assess the laws and practises of the destination country and relevant service provider and the security measures that are to be taken as regards the data in the overseas location; Alternatively, we use standard data protection clauses.
You have the following rights:
- To be informed about our processing of your personal data which is the aim of this Notice.
- To request access to personal data that we hold about you at any time.
- To ask us to update and correct any out-of-date or incorrect personal data that we hold about you.
- To object to processing of your personal data and/or to withdraw any consent you have given us and to opt out of any marketing communications that we may send you.
- The right to prevent processing that is likely to cause damage or distress to you or anyone else.
- Certain rights in relation to automated decision-making processes including the right to object to profiling;
- To request that we erase or destroy your personal data in certain circumstances (the right to be forgotten) for example when the data are no longer necessary for the purpose for which we collected them.
- To have your personal data provided to you by us in a structured, commonly used and machine-readable format and the right to have that data transmitted to another data controller. This is known as the right to data portability.
If you wish to exercise any of the above rights, please email us at firstname.lastname@example.org or write to us at The Posh Watch Shop, 11, Madeira Way, Eastbourne, East Sussex BN23 5UQ.
You have the right to lodge a complaint with the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow SK9 5AF, United Kingdom if you believe we have not handled your personal data in accordance with the law. Further information, including contact details, is available at https://ico.org.uk.