General Data Protection Regulation (GDPR)
DATA CONTROLLER REGISTRATION
When you register and use this site you will be asked to provide certain information such as your contact details. This information will be collected and processed by ARCEDIOR.
DATA WE COLLECT
We only collect data which is necessary for its purpose for example the information you provide when making an order. Data we collect includes:
- Personal details like name and delivery address when you register an account or place an order;
- Payment information when you place an order (payment information will not be stored. See section 8 for further information on payment security);
- Contact information and preferences when you register your interest in our marketing communication;
- Information about your browser, device and the path you take through our website when you visit.
Some of this data is collected by us, and some is collected through a third-party placed on our site. We may also supplement the information you give to us with information supplied by third parties, including public databases and social media platforms to ensure we’re keeping your records up to date.
HOW WE USE YOUR INFORMATION
We only ever use your personal information for the reason it was collected, either with your consent, to perform a contract with you, or where we have a legitimate interest (where our interests do not override yours) to do so. For example:
- To register you with an account on our website;
- To fulfil an order and to deliver your goods;
- For assessment and analysis (e.g. market, customer and product analysis) to enable us to review, develop and improve the services we offer and to provide you and other customers with relevant information through our marketing programme;
- For the prevention and detection of fraud;
LEGAL BASIS FOR PROCESSING
Where we’ve collected your data in relation to an account sign up, the information we process will be based on the legitimate interest we have in administering that account to enable you to safely access your order history and the personal details you’ve provided us with.
Where data has been collected in relation to an order, it will be processed by necessity of entering into a contract whereby the payment you provide requires us to fulfil your order request, in which case we will only collect data which is necessary to fulfil and deliver your order.
Where data has been collected in relation to marketing, we rely on your consent. See section below for a more detailed explanation of how we process data for marketing.
If you have indicated that you’d like to be contacted for direct marketing purposes we rely solely on your consent. We review consent frequently and seek to refresh consent periodically as we see appropriate. At the time of sign up, you can choose which methods of direct marketing you would like to receive, from either email, and/or postal mail. We will never use other methods of direct marketing without your consent.
You have the right to withdraw your consent to receive direct mail communications at any time. This may be done by using the unsubscribe link provided in electronic communications, visiting your account preference centre, by contacting Customer Services.
Data security is very important to us and is at the centre of our business culture and practices. We take all reasonable steps to protect your personal details against abuse both in the setup of our technology systems and in our staff procedures.
We process and store data digitally within secured databases and limit who have access to the data. Those who have the privilege of handling personal data receive regular data protection training and must abide by a strict code of conduct for data-management.
We comply with the Payment Card Industry (PCI) and Data Security Standard (DSS) and will never store your card details. All credit card details relating to transactions are passed securely to our payment provider.
On our website, we use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers to ensure the security of your details.
We cannot guarantee the security of any data you disclose online. You accept the inherent security risks of providing information and dealing online and will not hold us responsible for any breach of security unless this is due to our negligence or wilful default.
The General Data Protection Regulation set out stringent policies on how companies may use your data. These are designed to give you the utmost control of your personal data. Your rights are described below:
The right to access all the personal data we hold on you and to receive a copy of that data without the obligation to pay a fee.
The right to the rectification of any inaccurate personal data we are processing, and have any incomplete set of data completed.
The right to have your data erased from our system in some circumstances such as it’s no longer necessary for the purpose for which it was collected.
- The right to restrict the processing of your personal data if it is incorrect or no longer needed.
- The right to object to the processing of your personal data for direct marketing purposes or profiling.
- The right to withdraw your consent from electronic marketing.
- The right to transmit the personal data you have provided us with to another service provider.
- Where you request the erasure of your data, we retain the right to continue processing it in some cases, such as for fraud detection, for statistical purposes, or to suppress the data from being used again. Where one of these situations apply, we will only retain the absolute minimum amount of data and the record will be purged of any personal identifiers where possible.
A cookie is an element of data that a website sends to your browser, which may then be stored on your system. Cookies allow us to understand who has seen our webpages and advertisements, so that we can determine how frequently particular pages are which are the most popular. Under the General Data Protection Regulation, a cookie is classed as personal data.
The Data collected using the First-Party Marketing Cookies may be processed by employees and/or collaborators of corporate functions assigned to achieve the aforementioned purposes, who have been specifically authorised to process the Data and who have received adequate operating instructions.
These Data may also be processed by trusted companies that carry out technical and organisational tasks on our behalf. We collaborate directly with these companies, who act as Data Processors. Specifically - in the context of Data processing carried out through the Website - the company that handles hosting and Data backup services for the Website has been appointed as Data Processor. Furthermore, the Data may be processed by third parties acting as independent Data Controllers such as, for example, supervisory and control authorities and bodies.
Data collected may be transferred outside the European Union. This Data transfer must comply with applicable legal provisions - including Articles 44, 45 and 46 of the General Data Protection Regulation (GDPR) - and also with the European Commission's Adequacy Decisions and also if necessary - and if no Adequacy Decisions are in force - by entering into agreements that guarantee suitable safeguards and/or by adopting the European Commission-recommended standard contractual clauses.