1. Home
  2. Login
  3. Recent Orders
  4. View Cart
  5. Checkout

Your Personal Data

The personal data we process falls into three categories as detailed below. We have specified our privacy policy separately for each category of data collected as it varies between them in some cases.

Category 1: The Personal Data of our Customers and Prospective Customers

How is this Defined?

This is any personally identifiable information provided to us (the “Data Controller” in this context), by you (the “Data Subject” in this context) as part of a sales transaction or sales enquiry with us.

What is Collected?

This may include your name, address, telephone and email contact details and details of products you have ordered from us. 

How is it Collected?

This information is provided directly by you by completing either the checkout process, ‘Contact Us’ form or ‘Consent to Contact’ form on our SSL certified website, or by email or telephone communication.

How will we use it?

It will be used to process and record the sales transaction and/or respond to your enquiry. Additionally, if you have given us express consent to do so via either our website’s checkout procedure, ‘Contact Us’ form, or “Consent to Contact” form (see link below) and have not subsequently revoked that consent via the same consent form, then we may contact you with occasional emails advising of significant changes to any of our products and services, or the introduction of new products or services.

Our consent form can be found here.

Will we share data with anyone?

We will not disclose personal information to any third parties (except for the purposes of storage and backup as explained in the “Where do we keep it?” sub-heading directly below) unless you provide us with a clear, written instruction and reason to do so. Placing an order with us, or submitting an enquiry, by any means, does not constitute such an instruction.

Where do we keep it?

Your information is stored on a secure local network in a private building. It is also backed-up to an encrypted cloud backup service for the purpose of ensuring we have adequate data loss recovery procedures for our records. Like any reputable cloud data storage service, they treat the privacy and security of data lodged with them very seriously and are bound to only provide access to it as strictly necessary for the provision of their service.

How long we keep it?

To comply with UK law, we will retain any personal information collected for 6 years after our most recent sales transaction with you. If you provided your data as part of an enquiry, but did not enter into a sales transaction, then at your request, we will remove your information from our records at source within 48 hours, and from all backups within 30 days.

Use of Cookies

As with most other websites, cookies are used on this shopping site where they are necessary for the site functionality. They are used to aid navigation, and to keep track of the contents of your shopping cart. If you select the 'Remember Me' Option in the checkout, a cookie will be used to remember your details. You can turn off cookies by blocking them in your browser privacy settings, but If you turn off cookies, you will be unable to place orders on the website or use other features we may provide.

Category 2: Third-party Data – Collected via Web-Based Applications Provided by Us.

How is it Defined?

Any personally identifiable data collected by our customers (the “Data Controller” in this context), pertaining to their customers (the “Data Subjects” in this context), using one of our web-based applications (e.g. Soapbox Product Reviews) installed on the data controller’s website, and then stored by us (the “Data Processor”).

Legal Basis

If you use one of our web-applications on your website to collect and retain personally identifiable information from your customers, which is then stored on our servers as part of the normal service provided by these applications, then it is your responsibility to ensure that you have a legal basis to do so. 

What is Collected?

Soapbox: May include name, email address, general location and personal views about a product purchased or the service received from the company providing it.

Order Tracking: May include name, order number and date, products purchased, price paid and courier delivery tracking updates.

How is it Collected?

This information is provided by the data subject via one of our web-based applications. Such applications can be launched either from a link on the data controller’s website which uses the application, or in a link provided via email by the data controller.

How will we use it?

Codepath (the “Data Processor”) will use this information solely to provide the functionality of the web-based application in question.

Will we share it with anyone?

We will not share this kind of data with anyone except for the purposes of storage and backup as explained in the “Where do we keep it?” sub-heading directly below)

Where do we keep it?

The information is stored on a UK-based web-server managed by a reputable storage provider.

It is periodically, at our discretion, backed-up to a reputable encrypted cloud backup service, via our local secure network, for the purposes of data loss recovery.

Like any reputable data hosting service or cloud data storage service, they treat the privacy and security of data lodged with them very seriously and are bound to only provide access to it as strictly necessary for the provision of their service.

How long we keep it?

We have no policy of removing data from these servers unless we are requested to do so by either the data subject or the data controller, as historical analysis of data is a large part of the service provided by these applications. As the data controller, you may request removal of the information about a particular data subject, or of all information collected by our applications and stored by us on your behalf. On receipt of such a request, we will remove the requested information from our records at source within 48 hours, and from all backups within 30 days.

Category 3: Third-party Data – Sent to Us Directly

How is it Defined?

Any personally identifiable data we receive from our customers (the “Data Controller” in this context), pertaining to their customers (the “Data Subjects” in this context), in the form of either a copy of their e-commerce database, or a subset thereof via spreadsheet or other human readable formats.

Legal Basis

If you provide us with data of this kind, then it is your responsibility to ensure that you have a legal basis to do so. 

What is Collected?

Any data which can be stored via the database application which generates and manages the database including but not limited to names, addresses, email and telephone contact information, products ordered and price paid. As the data controller, it is your responsibility to remove any elements of this data for which you do not have a legal basis to provide to us for data processing.

How is it Collected?

The delivery method of this data is not under our control. This information is provided to us at the data controller’s discretion, via whatever means they deem to be sufficiently secure. 

How will we use it?

We will use this information solely for providing support for our programs which normally use the data provided at the data controller’s location, or for data modelling and design of a new application to the specification of the data controller.

Will we share it with anyone?

No, this data is never shared with anyone.

Where do we keep it?

The information is stored on a secure local network in a private building. As this data is only ever a copy of the original, and used for the purposes outlined above, accidental destruction of this data is inconsequential. We therefore do not backup such data to minimize any risk of accidental exposure.

How long we keep it?

The data will be deleted at source once you, the data controller, notifies us that the purpose of our obtaining the data has been fulfilled and you are happy for the data to be deleted. If we do not receive such notification within 90 days of receiving the data, and we believe the purpose of our obtaining the data has been fulfilled, then we will delete the data.

 

Your Rights in All Cases

If you believe we hold personally identifiable data relating to you, or your data subjects, that you would like removed, or you believe that we have not operated in accordance with our stated policy set out above, please contact us via our contact form at the link below and we will be happy to address your concerns.

Contact us: click here