Important information regarding how we handle data related to you
The essence of this notice is to delineate the legal framework that undergirds our processing of personal data acquired from you or furnished by you. Your diligent review of this document is advised to fully understand our commitment to the protection of your privacy and our protocols for managing your personal data.
In our endeavor to ensure the utmost transparency and compliance, we also wish to impart the following details that complement the overview of this policy:
- Company Registration Details: The specific registration number of our company, which is a legal requirement for identification and verification purposes, is available upon request.
- Data Protection Officer: We have designated a Data Protection Officer (DPO) who oversees compliance with privacy laws and regulations. Contact details for the DPO are accessible for your queries and concerns regarding data privacy.
- Legal Basis for Processing: We process your personal data based on one or more lawful grounds, including but not limited to your consent, the necessity for contract performance, compliance with legal obligations, and our legitimate interests.
- Your Privacy Rights: You possess specific rights concerning your personal data, including the right to access, correct, delete, or transfer your data, as well as the right to object to or restrict certain processing activities.
SECTION 1 - Amendments to Privacy Notice
We reserve the right to amend this privacy notice. Any such amendments will be posted on this page and, when material, communicated to you via email. You are encouraged to review this page periodically for any such amendments.
SECTION 2 - Data Collection
'Personal data' or 'personal information' is defined as any information pertaining to an identifiable individual. This does not encompass anonymized data.
The categories of personal data that we may collect, process, store, and transfer are as follows:
- Identity Data: comprises names, usernames, titles, dates of birth, professional designations, gender, or other identifiers you may provide upon registration as a customer on our website.
- Contact Data: consists of billing, invoicing, and delivery addresses, email addresses, and telephone numbers.
- Financial Data: pertains to bank account and payment card information.
- Transaction Data: relates to details of payments to and from you and particulars of products and services purchased by you.
- Technical Data: includes the internet protocol (IP) address, login information, product search history, browser type, plugin usage, operating system, platform, and other technologies on devices used to access our website. This may extend to URLs, visit durations, download incidents, response timings, and interaction data. We may utilize geo-location data that ascertains your position within the UK.
- Profile Data: encompasses usernames and passwords, purchase history, interests, preferences, feedback, and survey responses.
- Usage Data: reflects information regarding your utilization of our website, products, and services.
- Marketing and Communications Data: indicates your marketing preferences with us and our third parties and your communication settings.
We may also generate and utilize 'Aggregated Data' for any purposes, which includes statistical or demographic analyses. Although 'Aggregated Data' may be rooted in your personal data, it is not 'personal data' per se as it does not disclose identity. However, if 'Aggregated Data' is linked with your personal data such that it can identify you, it will be treated as personal data under this notice.
We do not collect 'Special Categories of Personal Data' about you, which encompasses race, beliefs, sexual life, orientation, political views, union membership, health, and genetic or biometric data, nor data regarding criminal convictions and offences.
SECTION 3 - Obligation to Provide Personal Data
Where the provision of personal data is a statutory or contractual requirement, and you fail to provide such data, we may be unable to execute the contract (e.g., to provide goods or services). Should this occur, we may be compelled to cancel a transaction but will notify you at that juncture.
SECTION 4 - Data Collection Modalities
Our data collection methods include, but are not limited to:
By completing forms or through communication by mail, telephone, email, or otherwise, you provide us with Identity, Contact, and Financial Data. This occurs when you:
- Place an order for our products or services;
- Register an account on our site;
- Subscribe to our services or publications;
- Opt to receive marketing communications;
- Participate in competitions, promotions, or surveys; or
- Offer feedback.
Your interaction with our website may result in the automatic collection of Technical Data concerning your equipment and browsing activities. This data is gathered via cookies, server logs, and similar technologies. Refer to our Cookies section for more information.
Data Accuracy and Changes:
Maintaining accurate and current personal data is crucial. Inform us of any changes to your personal data during your association with us.
Data on Third Parties:
By providing us with someone else's data, you confirm that you have their authorization to act for them, to consent to the processing of their personal data, and to receive data protection notices on their behalf.
We may monitor and record our communications with you, including phone calls and emails, for quality control, training, fraud prevention, and regulatory compliance.
SECTION 5 - Data Usage Objectives
Outlined below is how we intend to use your personal data, along with the legal bases we rely upon. Where necessary, our legitimate interests are also noted. We may process your personal data based on more than one lawful ground, depending on the usage purpose. For specifics on the legal basis we rely on, please contact us.
- To register new customers, process orders, manage payments, and recover debts;
- To facilitate your participation in prize draws, competitions, or surveys;
- To administer our business and website, including troubleshooting, data analysis, and system maintenance;
- To tailor website content and advertisements to you, and gauge their effectiveness;
- To utilize data analytics to refine our website, products, services, marketing, customer relationships, and experiences;
- To suggest and recommend goods or services that may interest you.
Data from Other Sources: We may merge data from other sources with the data you provide and the data we collect about you. This combined information may be used for the above-stated purposes.
SECTION 6 - Personal Data Disclosure
Your information may be shared with third parties, including:
- Business associates, suppliers, and subcontractors for contract performance;
- Analytics and search engine providers to enhance our website; and
- Credit reference agencies for credit scoring as part of our contract.
Disclosure to Third Parties:
In business transactions such as sales or asset transfers;
- If a third party acquires our assets, customer data will be part of the assets transferred;
- If legally required, or to enforce our terms and protect our rights, property, or safety, as well as that of our customers or others, which includes fraud prevention and credit risk reduction.
We mandate that third parties maintain the security of your data in compliance with the law. We prohibit third-party service providers from using your personal data for their own purposes and only allow them to process your data for specific functions as per our directives.
SECTION 8 - Security Measures
We implement stringent security protocols to safeguard personal data from loss, misuse, unauthorized access, modification, or disclosure. Despite these measures, internet-based data transmission cannot be guaranteed as entirely secure. In case of a data breach, we will adhere to legal obligations to notify you and the relevant authorities.
SECTION 9 - Data Retention Policy
In accordance with our commitment to comply with data protection legislation, we articulate herein our Data Retention Policy. This policy is designed to ensure that personal data is retained only for the duration necessary for the provision of services, compliance with legal obligations, or for the purposes for which it was collected.
Retention of Inactive Accounts:
Accounts that demonstrate no activity over a continuous period of 12 months shall be subject to review and potential deletion. Inactive accounts will be evaluated, and users may be contacted prior to deletion to confirm whether continued retention of the account is required.
Retention of Customer Data:
Personal data pertaining to our customers shall be retained for a standard period of 7 years subsequent to their final transaction or interaction with us. This period is in observance of statutory requirements, particularly in relation to tax legislation which mandates the preservation of financial records.
Extension of Retention Period:
Notwithstanding the aforementioned, we may extend the retention of personal data beyond the standard period if deemed necessary for the maintenance of our business network. Such an extension shall not exceed a maximum of 7 years from the date of the individual's last interaction with our services, unless a specific request for deletion is received from the data subject.
Request for Deletion:
Data subjects retain the right to request the deletion of their personal data at any point. Upon receipt of a valid request for erasure, we will act expeditiously to remove the personal data from our records, subject to any prevailing legal or regulatory obligations that necessitate the continued retention of the data.
Review and Audit of Data Retention:
We shall conduct regular reviews and audits of all data retained, ensuring that personal data that is no longer necessary for legal, accounting, or business purposes is securely disposed of.
This Data Retention Policy is enacted to affirm our dedication to the principles of data minimization and limitation. Should you require further elucidation on this policy or wish to inquire about the specific retention periods applicable to your personal data, please direct your communication to our data protection officer.
SECTION 11 - Data Subject Rights
As a data subject, you are entitled to certain rights, outlined as follows:
- Access: You may request a copy of the personal data we hold about you to verify our lawful processing.
- Correction: Should your personal data be incomplete or inaccurate, you are entitled to request its rectification.
- Erasure: Under certain conditions, you may request the deletion of your personal data, such as when the data is no longer necessary for the purposes it was collected or if you withdraw consent and no other legal basis for processing exists.
- Objection: You may object to our processing of your personal data based on a legitimate interest or for direct marketing. Should your rights outweigh our interests, we may cease processing your data.
- Restriction: You have the right to request a pause in the processing of your personal data in specific scenarios, such as disputing its accuracy or objecting to its processing.
- Transfer: You may request the transfer of your personal data in a structured, commonly used format to another party, applicable only to automated information provided on the basis of consent or contractual necessity.
- Withdrawal of Consent: If you have granted consent for data processing, you may withdraw it at any time, which will not impact any processing conducted prior to the withdrawal.
- Complaints: You reserve the right to lodge a complaint with the Information Commissioner's Office (ICO), though we request that you first allow us the opportunity to address your concerns directly.
SECTION 12 - Glossary of Key Definitions
- Personal Data/Information:
- Information relating to an identifiable individual. Excludes anonymized data.
- Identity Data:
- Personal details such as names, usernames, titles, birth dates, professional titles, gender, or other identifiers.
- Contact Data:
- Information like billing, invoicing, and delivery addresses, email addresses, and phone numbers.
- Financial Data:
- Banking and payment card details.
- Transaction Data:
- Information on financial transactions, including details of products and services purchased.
- Technical Data:
- Data on website access and use, including IP addresses, login information, search history, browser details, and device information.
- Profile Data:
- Details like usernames, passwords, purchase history, interests, preferences, feedback, and survey responses.
- Usage Data:
- Data on how one engages with a website, products, and services.
- Marketing and Communications Data:
- Preferences in receiving marketing from us and our third parties and communication preferences.
- Aggregated Data:
- Summarized or statistical data which can include details derived from personal data but not revealing identity unless combined with personal data.
- Special Categories of Personal Data:
- Sensitive data including racial or ethnic origin, religious beliefs, sexual orientation, political opinions, health information, genetic and biometric data, and details on criminal convictions and offenses.
- A small text file stored on a user’s device by their web browser while browsing a website.
- Third-Party Cookies:
- Cookies set by websites other than the one the user is currently visiting, often used for cross-site tracking, retargeting, and ad-serving.
- Data Retention:
- The policy of maintaining records of personal data for a predetermined period for various purposes, including compliance with legal obligations.
- Data Subject Rights:
- Rights of individuals to access and control their personal data, including the rights to access, correction, erasure, objection, restriction, transfer, and the withdrawal of consent.
- ICO (Information Commissioner's Office):
- The UK’s independent authority set up to uphold information rights and data privacy for individuals.
This glossary provides succinct definitions of the terms used within this privacy notice. For further clarification on any of the terms or their application within this document, please contact us directly.
SECTION 13 – Contact
For more information regarding this policy please contact us by one of the following:
Post: GDPR, buysnacksuk.com, Unit 152 Maple Leaf Business Park, Manston, Ramsgate, KENT, CT12 5GY, GB.