YOU HAVE A RIGHT TO KNOW HOW WE WILL USE YOUR PERSONAL DATA
We are committed to ensuring the security of your personal data.
Data Protection Laws place obligations on us to process your information fairly and lawfully and to keep it secure. For the purposes of Data Protection Laws, the controller of your personal data which is collected through the Website when users make an online enquiry is Crafty Bear Club, 40 King Street, Somersham, Cambrigshire, PE28 3EJ.
What is “Personal Data”?
Personal data broadly means information that relates to an identified or identifiable living individual (“identifiable” refers to being able to identify the living individual when the information held is combined with other information).
How Will We Comply With Data Protection Laws?
Contract: Where you are an existing customer we will process your personal data to the extent required for us to provide you with services related to products that you have purchased from us in accordance with its terms. Additionally, if you are not an existing customer but you have requested further information about one of our products or services, we will use your personal data to provide you with such requested information;
Consent: Where you have provided your consent, we also rely on your consent to use your personal data in certain ways (for example, in some circumstances to market our products and services to you).
The type of personal data we will collect about you via the Website
The Website provides users who are interested in our products/services with an opportunity to submit online inquiries to us. The personal data that you may provide to us through the Website is set out below:
your contact details (including postal address, email address and phone number);
any personal data you choose to include when typing into Web-Chat or when typing additional comments in free text boxes;
your debit/credit card details (only when you choose to make a payment online through the Website); and
we may automatically collect technical information (including IP address, device details and your login information) and information about each visit you make to the Website (such as page response times and length of visit).
How we handle your personal data
We will observe the rights granted to you under applicable Data Protection Laws and will ensure that queries relating to privacy issues are dealt with promptly and in a transparent manner. See below for details about how to contact us and how to exercise your right to obtain copies of your personal data from us under Data Protection Laws.
We will only collect and process your personal data where we have lawful grounds to do so.
We will update our records if you inform us that your details have changed. Please tell us as soon as possible about this. We will update our records promptly once we are satisfied that the new information (such as your new address or contact detail) is accurate.
How we will use the personal data we collect about you
We will store and process your personal data on our computers. Please see the Data Security header below for details about how we keep your personal data secure, in line with our obligations under Data Protection Laws.
We will use your personal data collected (including from any third parties, where relevant and lawful) to:
contact you about our products/services (in response to your request for this contact which you have made via our Website);
provide our products/services to you if you decide to go ahead and obtain them (but please note as explained above that supplemental privacy information, notices and/or statements will also be relevant to that processing);
manage and contact you about any products or services that we provide to you;
contact you in respect of any complaints that you submit;
process payments you choose to make if you make a payment to us relating to any services via the Website; an
comply with our legal obligations;
Please note that our services / products may be available via other websites and we may link to other websites through the Website. We are not in control of these websites. Their use of your personal data is governed by their privacy policies.
We therefore recommend that you check the policy of each website that you visit and make sure that you are comfortable with the terms of such policies before providing any personal data.
Who do we pass your data to?
We may use third parties to provide services on our behalf which may include processing (but not using themselves for their own purposes) your personal data and this means we will disclose your personal data to them.
We will provide your personal data to the following categories of third parties:
companies that provide data hosting and website management services; and
companies that provide website analytics services such as Google Analytics or Response Tap.
In each case, we will, in accordance with our obligations under Data Protection Laws, put in place appropriate written protections for your personal data, including in our contract with them.
In addition to the disclosures described above, we may disclose your personal data to:
our solicitors, professional advisors, who have agreed to treat your personal details as confidential;
anybody having a legal right to your personal data, including the police and any other legal and regulatory authorities and government bodies; and
to any third party who acquires all, or substantially all, of the assets or shares in Crafty Bear Club, and/or the Website, whether by sale, merger, acquisition or otherwise;
How long we keep your personal data
We take steps with a view to permanently deleting, destroying or anonymising your personal data (which means that we are no longer able to identify you from it) when it is no longer necessary for its purpose and we are not required by law to keep it.
How long we keep your personal data depends upon the purpose for which your personal data was collected was provided. Generally however:
we will keep the information no longer than is necessary to enable us to provide you with a service that you have requested for as long as it takes us to provide that service. After that, we will only keep information about you if it is necessary for us to do so to comply with our legal obligations; and
we will keep your contact details for a reasonable period after you have given us your consent to use them for marketing purposes (but we will not retain these details indefinitely or after your consent has been withdrawn).
Will my personal data be transferred outside of the European Economic Area?
We currently do not intend to transfer your personal data to third parties and organisations who hold data outside of the European Economic Area (EEA). However, some third party suppliers or service providers may have back up or disaster recovery data centres that are located in multiple jurisdictions outside the EEA (for example, in the United States). This may mean that in certain limited circumstances personal data is transferred to countries which do not provide the same level of protection for personal data as the EEA.
Where your personal data is being transferred outside the EEA, we will ensure that appropriate safeguards are in place, such as the use of the EU Commission approved model contract clauses to protect your information in accordance with Data Protection Laws.
Your rights in relation to your records
You have a number of rights under Data Protection Laws in relation to the way we process your personal data. These are set out below. You may contact us using the details below to exercise any of these rights and we will respond to any request received from you within one month from the date of the request.
DESCRIPTION OF RIGHT
A right to access personal data held by us about you.
A right to require us to rectify any inaccurate personal data held by us about you.
A right to require us to erase personal data held by us about you. This right will only apply where (for example): we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent (if we are using your personal data based on your consent); or where you object to the way we process your data (in line with Right 6 below).
A right to restrict our processing of personal data held by us about you. This right will only apply where (for example): you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or where we no longer need to use the personal data to achieve the purpose we collected it for, but you require the data for the purposes of dealing with legal claims.
A right to receive personal data, which you have provided to us, in a structured, commonly used and machine readable format. You also have the right to require us to transfer this personal data to another organisation, at your request.
A right to object to our processing of your personal data (including for the purposes of sending marketing materials to you).
If you would like to exercise the rights listed above, you can send a request:
By mail to: Crafty Bear Club, 40 King Street, Somersham, Cambrigshire, PE28 3EJ
By e-mail to:firstname.lastname@example.org
By telephone to: 07879444195
In accordance with our obligations under Data Protection Laws, to prevent unauthorised access to or disclosure of your personal data (including card payments), maintain data accuracy, and ensure the appropriate use of your personal data, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the personal data we collect online.
However, you acknowledge that, unfortunately, the transmission of information via the internet, including the online enquiry forms you submit to us and/or any information provided Web-Chat, is not completely secure. We cannot guarantee the security of your data transmitted to the Website: any transmission (i.e. your sending of the personal data to us) is at your own risk. Once we have received your personal data, we will use the steps detailed above to protect it.
You should be aware that there are inherent risks in transferring personal data over the Internet. For example, if you send us an e-mail from your private mailbox, we cannot guarantee the security of the content during its transmission to us. For that reason, please do not send to us an unsecured e-mail with confidential information such as your National Insurance or bank account numbers, or any sensitive personal data.
Customer feedback and complaints
If you are not happy with the way in which your personal data is held or processed by us, or if you are not satisfied with our handling of any request by you in relation to your rights or any automated profiling that we carry out, our Data Protection Officer would be happy to help. You can contact our Data Protection Officer at 40 King Street, Somersham, Cambrigshire, PE28 3EJ. .
Alternatively, you have the right to complain to the Information Commissioner’s Office (ICO) by calling 0303 123 1113. The ICO is the UK’s independent body set up to uphold information rights. You can find out more about the ICO on its website (www.ico.org.uk/).