Who we are
Our website address is: https://therealsantalincoln.co.uk.
Like every organisation, we are required to comply with the new EU General Data Protection Regulation (GDPR), which came into force on 25th May 2018 replacing the 1998 Data Protection Act. The GDPR aims to protect the privacy, rights and freedoms of all EU citizens, and places stricter requirements on organisations relating to how they process personal information. This new law will not be affected by Brexit. The UK Government is currently processing further law (the Data Protection Bill), which will enhance the provisions of the GDPR and clarify areas of it that have been left to individual states to govern.
Personal Information is defined as any information (data) which can be used to directly or indirectly identify a living individual. This can include obvious things like: your name; date of birth; National Insurance number; driving licence number; home or work address, postcode; telephone and mobile numbers; email addresses. It also protects your identification through less obvious things like your computer IP address and device location data. #
Your Rights: The GDPR brings clarity to your rights whenever a company collects information about you. You are entitled to the following:
- To be informed when and how we collect, process or store your data. Ideally, this is done before your data is collected, however there may be times when this is not possible, for example when your data is not collected directly from you. In this case, organisations are now required to inform you that they have acquired your data within one month of its collection.
- To access information we hold about you so requests for your personal information are £10. To help us respond in the most efficient and effective way, please email firstname.lastname@example.org with your request.
- To rectify any discrepancies or errors in the information we hold about you. If we have stored any information about you, and you believe it to be incorrect, you may ask that it be rectified.
- To restrict processing. We’ll be honest here, other than processing your orders and handling service communications and marketing emails, we don’t tend to process your identifiable information.
- The right to data portability. If you want to transfer your data that we hold, we can.
- To object to processing, for example to stop receiving direct marketing communications.
- To ask us to erase the data we hold about you. However, you should note that there may be overriding legal statutory or regulatory reasons that prevent us from doing this.
- Where Automated Decision Making is used, there must be an option for human intervention.
Principles of Data Protection: In addition to your rights as a “Data Subject”, the GDPR also outlines several specific principles that organisations should adhere to in order to help maintain the integrity and security of your data. These principles are intended to support your rights as outlined above. Processing should be:
- Lawful, Fair and Transparent – In other words, we should have a legal reason for processing your data, we should be fair in processing your data and we should be transparent in processing your data.
- Limited Purpose – We should only process your data for the purpose that we informed you about, e.g. processing orders, sending product updates and offers, marketing, handling complaints. We should not use data collected for one purpose to fulfil another purpose.
- Data should be Minimal – We won’t ask you for more information than is necessary to carry out the activity we are collecting it for, i.e. we wouldn’t ask for your National Insurance number, unless you were joining our team.
- – Any data we hold about you should be kept accurate and up to date. We will often rely on you to notify us of any changes that affect our ability to do this. This principle supports your right to rectify discrepancies and errors.
- Storage Limitation – This means that we won’t keep your data for longer than is necessary to perform the purpose for which it was collected, or to satisfy any legal statutory or regulatory requirement to keep it.
- Integrity & Confidentiality – We will take every reasonable organisational effort and technical measure to protect the data we hold about you from unauthorised access, alteration or disclosure.
Data Sharing: We don’t usually share your information with any other parties, however, there are occasions when we might have to, for example to provide a delivery agent with your address. If we do, we will endeavour to obtain your consent before sharing your information although there may be times when we do this without obtaining your permission, for example where a third party performs a duty directly on our behalf and under our instruction.
Thank you for taking the time to read this.