Version 2 updated 10th May 2018
Here at Devon Disability Collective (“DDC”, “we” or “us”), we take your privacy seriously. We’re committed to protecting the privacy of any personal information you give us, and we will comply with all relevant data protection legislation and related applicable UK legislation.
We have a philosophy here about the way we use your data you share with us and the way that we communicate with you. If you hear from us, we will always aim to be respectful, relevant and appropriate. If at any time you don’t feel we’ve lived up to our philosophy, please let us know straight away by getting in touch with us, by writing to ‘The Data Protection Officer’ at 22 Marsh Green, Road Exeter, EX2 8PQ. Or email: firstname.lastname@example.org
This policy explains how we collect, use and store the personal information you provide to us. ‘Personal information’ is data that relates to you and that identifies or can be used to identify you – this might be your name, email address, or other digital identifiers relating to you, such as cookies, IP addresses or logs.
This policy may change from time to time and, if it does, the up-to-date version will always be available on the DDC website.
- What personal information do we collect?
We may collect and process the following data:
- Information you provide to us by filling in forms on our website
- Information collected through correspondence with our Sales and/or Customer Service team
- Information you provide when signing on to our free WiFi at Devon Disability Collective
- Information you provide when entering a competition through DDC
- Information you provide when purchasing online through DDC
- Information you provide for loyalty purposes
- Information you provide when booking a service
- Information you provide to us through the recruitment process
- Information you provide to us in order to register for alerts
- Information about disability for VAT exemption purposes
- Social Media interaction
- Recording of names, business and number plates in our car park for visitors
- Statistical data about your browsing actions and patterns for the administration of the websites
- Staff Personnel & training records, including trainees and apprenticeships
We may require you to submit personally identifiable information in order for you to make use of our services. You confirm that any information you enter will be true. We will only request and collect information which is necessary or reasonable in order to provide you with your requested services and to improve the services that we provide. It will not be a requirement to provide any additional information which is not needed to provide the services.
- Who do we share your information with?
DDC does not share information with any other companies. We offer a number of different services and may contact you from time to time if you have given us permission to do so. This can be cancelled at any time by using the opt out link at the bottom of emails, or by contacting us on 01392 428585 or emailing: email@example.com
- For your Peace of mind
Privacy is the number one priority as part of GDPR. People want to be safe in what information they provide and, how they provide it.
We use a Single Socket Layer, or SSL certificate on our retail websites, this is a small file that digitally binds a cryptographic key to an organisations details. When you have one as part of the website, it activates the ‘padlock’ symbol that you see in web browsers. It provides you with that https:// in your address bar – making all of your content secure between servers.
DDC does not process Card Payments online, this is done through our card processing partners Worldpay, using their market leading security protocols. More information can be found here: https://www.worldpay.com/uk/privacy-policy https://www.worldpay.com/uk/support/safeguard-your-business
- Cookies & IP tracking
Your IP address may be used by Google analytics, website plugins and Free WIFI to monitor your location. This data enables us to monitor which towns and cities are popular with accessing our website. We do not use your IP address for any other purposes.
5.1 What are cookies?
A cookie is a text file containing small amounts of information which is downloaded to your device when you access a website. The text file is then sent back to our server each time your browser requests a page from the server. This enables us to operate the site more effectively and load the site so that it reflects your personal preferences, based on your previous browsing on DDC as well as keywords we may be able to gather from URLs of other webpages from which you accessed the website. Cookies can also allow us to do various other things, as explained below.
5.2 What cookies do we use?
When you visit our website the following types of cookies may be downloaded to your device:
5.3 Functionality Cookies
We may use functional cookies that allow us to remember choices you have made on the site so as to provide you with a more enhanced user experience by delivering content specific to your interests.
5.4 Strictly Necessary Cookies
These are cookies that are required for the administration and operation of our site. Some cookies that we use are necessary for our site to function properly and to enable you to move around the site and use its features.
Additionally to take your shopping trolly through to checkout we require the use of woocommerce cookies. More information can be found here: https://docs.woocommerce.com/document/woocommerce-cookies/ No personal information is stored within these cookies.
5.5 Third Party Cookies
We may use analytics service providers for website traffic analysis and reporting. Analytics service providers generate statistical and other information about the use of our website by using cookies. They allow us to recognise and count the number of visitors and to see how often visitors return to the site, how long they stay and how visitors move around our site when they are using it. This helps us to improve the way our site works, for example, it helps users to find what they are looking for easily. The information generated relating to the site may be used to create reports about the use of the site and the analytics service provider will store this information.
DDC has a strong presence on various social networks, so we try and make it as easy as possible to share content and to see what content is popular on those networks. We add buttons to allow people to easily share to those networks. We also use Facebook to power the commenting functionality on the site. When we include these social ‘plugins’, it gives those sites the flexibility to use their own cookies. They can’t read any cookies we set from our website, and we can’t read any cookies they set, but it lets them do the same kind of traffic measuring that we do on the rest of our website, and it also lets them know whether you’re logged into their site. For example, if you’re logged in to Facebook, read a post by us and want to make a comment, you can do that straight away without having to log in again – we never know whether you’re logged in or not, as you communicate directly with Facebook, through their plugins on our site.
5.6 We may use the following third-party cookies:
- MailChimp – Email distribution
- AddThis (Oracle) – Social Sharing tools
- Google Analytics – Web Analytics
- Google Doubleclick – DDC Advertising Performance
- Twitter – Advertising Targeting
- Facebook Social Graph – Social Comment publishing
- Facebook Social Plugins – Advertising Targeting
- Facebook Custom Audience – Advertising Targeting
- YouTube.com – Video Player
- Google Tag Manager – Tag Manger
- Perfect Market (taboola) – Advertising Targeting
- Linked-In – Advertising Targeting
- Tealium – Advertising Targeting
5.7 How do I turn cookies off?
If you do not wish us to install cookies or you don’t agree with how we use these cookies, you can change the settings on your internet browser to reject them. For more information please consult the “Help” section of your browser or visit www.aboutcookies.org, www.allaboutcookies.org or http://optout.aboutads.info/#/. Please note that if you do set your browser to reject cookies, you may not be able to use all of the features on our site.
6 What information do we collect if you sign up for our newsletter?
If you want to sign up to receive our newsletter, offers and competitions, we will only collect your email address and may ask what services you are interested in that we provide. When you submit your email address, you will receive an automated email to confirm that you wish to be added to our marketing list, you will need to click confirm to be added. You can remove yourself from our list at anytime by clicking on unsubscribe in emails, or by emailing: firstname.lastname@example.org
7 Will we use your information for marketing?
Once you have given your consent to marketing, we may display offers, promotions, products or services on the site which we think will interest you based upon the information we collect from your cookies. You may withdraw your consent to direct marketing at any time by clicking on unsubscribe in emails, or by emailing: email@example.com
8 How else will we use your information?
We may also use your information for the following purposes:
- To help us make the website and other related content available to you (please see the “Will we share your information with anyone else?” section below for more information)
- To make the website more relevant for you and our other visitors. This includes sometimes requesting personal information from you to help us run and develop our website and associated functions
- To send you our newsletter if you have signed up to receive it
- To carry out occasional surveys to analyse our user base — ultimately, we want to ensure that DDC provides everything that you — our audience — is looking for
- To check whether you are eligible for a competition and to contact you if you win
- To comply with the law
- As we feel is necessary to prevent illegal activity or to protect our interests
9 How long do we keep hold of the information?
There are certain reasons that we have to keep hold of some of your information. Naturally we keep your information while you are registered with us so that we are able to provide the service to you, but we also keep it after you’ve left us, though only for as long as we need it. How long we keep it depends very much on the type of information we are holding and the purpose for which we need it. We also have to take into account our legal obligations in respect of how long we keep that data.
You can request that we delete your personal information at any time, unless we require it for auditing purposes through HMRC, this is only if a purchase has been made.
10 Will we transfer any personal information outside the EU?
Countries outside the European Union may have a lower standard of protection for personal information than that required by EU data protection laws. The information we collect from you may be transferred to, and stored, outside the EU (including for example in the United States) and may also be processed by people operating outside the EU who work for us or one of our suppliers. If we need to transfer your data to a company based outside the EU (e.g. if our hosting company is based in the US), we’ll take steps to make sure your personal data is handled in line with EU law. If you would like any more details on this please get in contact with us.
11 Data Security
We employ administrative, electronic and physical security measures to ensure that the information that we collect about you is protected from access by unauthorised persons and protected against unlawful processing, accidental loss, destruction and damage. By using our website and/or services you acknowledge and agree that, except to the extent required by the Data Protection laws, we shall not be responsible for any unauthorised use, distribution, damage or destruction of personal data. We will only retain your information for a reasonable period or as long as is required by law.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the data transmitted to our site; any transmission is at your own risk.
We may link you to third party websites which have their own privacy policies. We do not accept any responsibility or liability for the privacy policies, content or security of these websites.
Some of the information you provide to DDC when applying for vacancies through our careers, work experience and apprenticeships service may be sensitive personal data.
We will only use this data:
- for confirming your suitability for the work that you carry out, including any checks that are required by DDC or any other body to be made with the Criminal Records Bureau which may result in DDC retaining information about criminal convictions;
- in connection with your health including screening and making decisions based on any health records which may be collected by, or transferred to, DDC ;
- for any statutory requirements relating to you or your application;
- for monitoring our selection processes;
- to transfer to your employee file if your application is successful;
- for retention following the outcome of any unsuccessful application.
13 Information Request
You have the right to request to see the personal information that we hold on you, as well as request that inaccurate information be corrected. Any request to update incorrect information or to opt-out of any communications that you initially agreed to receive should be directed to The Data Protection Officer at firstname.lastname@example.org.
In processing such requests we will require proof of your identity before we supply the information to you.
14 Payment Security
The WorldPay payment system uses a combination of both established and innovative techniques to ensure the security and integrity of all sensitive data. Furthermore, their public web servers are certified by Thawte, a public Certificate Authority, ensuring that both the shopper and retailer can have confidence that nobody can impersonate WorldPay to obtain confidential information.
The transfer of the purchase details from the retailers site to WorldPay are encapsulated using their own encrypted and digitally-signed protocol. This uses a combination of standard methods such as PGP, RSA and MD5 to ensure that the information passed is secure and tamper-proof via SSL.
Any communication between the shopper and WorldPay is also encrypted to the maximum strength supported by the shopper’s browser using 128 Bit SSL. Shoppers are also protected from fraudulent use of their card in a “card not present” environment, by their card issuers. The card issuers provide the right for shopper to dispute a transaction if the goods/services did not arrive or if the card was used fraudulently.
Data storage on WorldPay systems, and the communication between WorldPay and the worldwide banking networks, is regularly audited by the banking authorities to ensure a secure transaction environment.
Phishing is the practice of tricking someone into giving confidential information. Such as falsely claiming to be a legitimate company when sending an e-mail to a user, in an attempt to get the user to send private information that will be used for identity theft and fraud. DDC will never ask you to do this, we will always request that you contact us on our main phone number. Please report any ‘phishing’ attempts to us.
We endeavour to take all reasonable care, in so far as it is in our power to do so, to keep the details of your order and payment secure, but in the absence of negligence on our part we cannot be held liable for any loss you may suffer if a third party procures unauthorised access to any data you provide when accessing or ordering from the Website.
The technical steps required to create the contract between you and us are as follows:
You place the order for your products on the Website by pressing the place order button at the end of the checkout process. You will be guided through the process of placing an order by a series of simple instructions on the Website. By placing the order, you are legal bound to the purchase of the product(s) unless cancelled under the Consumer Contracts Regulations 2013 Act.
We will send you an order acknowledgement email detailing the products you have ordered. This is not an order confirmation or order acceptance from DDC.
Order acceptance and the completion of the contract between you and us will take place on the dispatch to you of the Products ordered unless we have notified you that we do not accept your order, or you have cancelled it in accordance with the instructions in Change or cancel an order.
Non-acceptance of an order may be a result of one of the following:
- The product you ordered being unavailable from stock.
- Our inability to obtain authorisation for your payment.
- The identification of a pricing or product description error.
- You’re not meeting the eligibility to order criteria.
17 Consumer Contracts Regulations 2013 and Returns
This legislation offers you the following cancellation rights when you buy online or by phone:
You are entitled to cancel your contract if you so wish, provided that you exercise your right no longer than 14 days after the day on which you receive the goods or services.
Your right to return products does not apply to goods made to your specification, that have been clearly personalised or which by reason of their nature cannot be returned or are liable to deteriorate or expire rapidly. If you wish to exercise your right of cancellation, you are obliged to retain possession of the goods and take reasonable care of them.
To exercise the right to cancel, you must inform us of your decision to cancel your contract by a clear statement, including details of your name, geographical address, details of the order you wish to cancel and, where available, your phone number and email address.
You can cancel by email: email@example.com, or call 01392 428585.
If you decide to cancel, you should return the goods in the condition they arrived in, in their original undamaged packaging to us within 14 days of such cancellation at your cost.
We may make a deduction from the reimbursement for loss in value of any goods supplied, if the loss is the result of unnecessary handling by you. We will make the reimbursement no later than 14 days after the day we receive back from you any goods supplied.
18 Faulty goods
All products will be repaired or replaced within a period of 6 months, unless proven that the product was fault free when purchased or it is evident that the product had been maliciously damaged. Goods must be returned by the original buyer with proof of purchase. Extended warranties may be offered by the manufacture of the products. For all returns please email: firstname.lastname@example.org, or call 01392 428585.
19 Refund Policy
A full refund for faulty items may be given providing DDC are informed within 14 days of receiving your items, DDC will arrange and pay for shipping. Further, undamaged goods may also be returned for a full refund as per the Consumer Contracts Regulations 2013 Act providing they are returned in the condition they arrived in, in their original undamaged packaging to us within 14 days with the cost born to the consumer.
Full refunds will not be given if:
- You knew an item was faulty when bought.
- The item is damaged by trying to repair it yourselves or getting someone else to do it without DDC’s prior consent.
- You no longer want an item (eg because it’s the wrong size or colour) after 14 days.
- Items have been personalized.
20 Delivery Policy
Products purchased online will be delivered Free of charge in the UK, however DDC reserves the right to cancel or contact the customer prior shipment should an unusual cost be incurred, this could be shipments to Highlands and Islands, where an additional fee may be applied for bulky items. Costs will only be applied with the prior permission of the customer, otherwise a full refund will be applied.
Split shipments may take place where several items are involved, at no additional cost to the customer.
We reserve the right to charge for re-delivery of products returned by courier due to failed attempted deliveries.
21 Limitation of liability
Whilst we will use reasonable endeavours to verify the accuracy of any information we place on the Website, we make no warranties, whether express or implied in relation to its accuracy. The Website is provided on an “as is” and “as available” basis without any representation or endorsement made and we make no warranties of any kind, whether express or implied, in relation to the Website, or any transaction that may be conducted on or through the Website including but not limited to, implied warranties of non-infringement, compatibility, security, accuracy, conditions of completeness, or any implied warranty arising from course of dealing or usage or trade.
We make no warranty that the Website will meet your requirements or will be uninterrupted, timely or error-free, that defects will be corrected, or that the site or the server that makes it available are free of viruses or bugs or represents the full functionality, accuracy, reliability of the Website. We will not be responsible or liable to you for any loss of content or material uploaded or transmitted through the Website.
To the fullest extent permissible under applicable law, we disclaim any and all warranties of any kind, whether express or implied, in relation to the Products. This does not affect your statutory rights as a consumer, nor does it affect your Contract Cancellation Rights.
We will not be liable, in contract, tort (including, without limitation, negligence), pre-contract or other representations (other than fraudulent or negligent misrepresentations) or otherwise out of or in connection with the Conditions for: any economic losses (including without limitation loss of revenues, profits, contracts, business or anticipated savings); or any loss of goodwill or reputation; or any special or indirect losses suffered or incurred by that party arising out of or in connection with the provisions of any matter under the Conditions.
The Conditions shall be governed by and construed in accordance with the laws of England and you irrevocably submit to the exclusive jurisdiction of the courts of England.