1.1 This policy sets out how we collect, process and hold your personal data if you visit the website, order products from us or otherwise provide personal data to us. We are E.J. Rawlins & Company Limited a company incorporated under the laws of England with company number 00197035 whose registered office is at Northspeed House, Moorview, Holbeck, Leeds, West Yorkshire, LS11 9NF, trading as Rawlins Paints. We are the data controller of your personal data.
1.2 This policy affects your legal rights and obligations so please read it carefully. If you have any questions, you can contact us at [email protected].
1.3 We reserve the right to update this policy from time to time at our discretion. If we do so, the updated version will be effective as soon as it is accessible on our website.
- Collecting Your Data
By personal data we mean identifiable information about you, such as your name, email address, gender, date of birth, mobile and home telephone number and your IP address.
Information you provide to us
2.1 From time to time you may provide to us personal data. This may be because you wish to:
◦ use our website;
◦ order products from us;
◦ apply for a job with us;
◦ provide services to us; or
◦ otherwise contact us including with queries, comments or complaints.
2.2 When you register on our website we will collect your name and email address. You can then also upload details of your geographical address to your account. Your account will also show details of your order history and any credit you have in respect of cancelled orders. If you register on behalf of your employer, you warrant that you have authority to do so.
2.3 We shall process all such personal data in accordance with this policy. Certain personal data is mandatory to be provided to us in order that we can fulfil your request for example to provide services to you and we shall make this clear to you at the point of collection of the personal data.
2.4 All personal data that you provide to us must be true, complete and accurate. At our request, you shall promptly provide evidence of your identity.
2.5 If you provide to us personal data about any other individual, you must have their consent to do so
2.6 If you provide us with inaccurate or false data, and we suspect or identify fraud, we will record this and we may also report this.
2.7 When you contact us by email or post, we may keep a record of the correspondence and we may also record any telephone call we have with you.
Information we automatically collect about you
2.8 When you use our website, we automatically collect and store information about your device and your activities. This information could include:
◦ technical information about your device such as type of device, web browser or operating system;
◦ your preferences and settings such as time zone and language; and
◦ how long you used the website and which services and features you used.
2.9 Some of this information is collected using cookies and similar tracking technologies. If you want to find out more about the types of cookies we use, why, and how you can control them, please see the cookies section below.
Information we receive from others
2.10 Your employer may from time to time provide personal data to us that relates to you.
2.11 If we reasonably believe that any of the personal data you have provided or that your employer has provided to us is inaccurate, we may receive further personal data from third parties, confirming or otherwise, your identity.
2.12 We may also receive personal data about you from our payment providers and our website security service partners.
- Use of your personal data
3.1 We will only use your personal data where we have a lawful basis to do so. The lawful purposes that we rely on under this policy are:
◦ consent (where you choose to provide it);
◦ performance of our contract with you;
◦ compliance with legal requirements; and
◦ legitimate interests. When we refer to legitimate interests we mean our legitimate business interests in the normal running of our business which do not materially impact your rights, freedom or interests.
3.3 If you have agreed to receive marketing communications from us, we will use your personal data to send you such communications. You can choose to no longer receive marketing emails from us contacting us at [email protected] or clicking unsubscribe from a marketing email. Please note that it may take us a few days to update our records to reflect your request.
3.4 If you ask us to remove you from our marketing list, we shall keep a record of your name and email address to ensure that we do not send to you marketing information.
3.5 From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.
3.6 We may from time to time need to use your personal data to comply with any legal obligations, demands or requirements, for example, as part of anti-money laundering processes or to protect a third party’s rights, property, or safety.
3.7 We may also use your personal data for our legitimate interests including to improve our products and website services and in connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company; to deal with any customer services you require; for audit purposes and to contact you about changes to this policy.
- Information about your device and use of our website
4.1 For our legitimate interests, we may share your personal data with our associated companies, including Rawlins Paints Limited (the owner of the website), our service providers, sub-contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including payment providers, IT service providers, accountants, auditors and lawyers.
4.2 We shall provide our service providers, sub-contractors and agents only with such of your personal data as they need to provide the service for us and if we stop using their services, we shall request that they delete your personal data or make it anonymous within their systems.
- Where we hold and process your personal data
5.1 Some or all of your personal data may be stored or transferred outside of the European Economic Area (the EEA) for any reason, including for example, if our email server is located in a country outside the EEA or if any of our service providers are based outside of the EEA
5.2 Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data or to a third party where we have approved transfer mechanisms in place to protect your personal data – i.e., by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties).
6.1 A cookie is a small text file containing a unique identification number that is transferred through your browser from a website to the hard drive of your computer.
6.3 Below is a list of the cookies used on the website and what information they collect:
The date and time the cookie was created (in YYYY-MM-DD HH:MM:SS format).
The ID of the selected language.
The ID of the selected currency.
The ID of the last visited category of product listings.
Whether the cart block is "expanded" or "collapsed".
The IDs of recently viewed products as a comma-separated list.
The ID of the current wishlist displayed in the wishlist block.
Whether the "Terms of service" checkbox has been ticked (1 if it has and 0 if it hasn't)
The guest ID of the visitor when not logged in.
The connection ID of the visitor's current session.
The customer ID of the visitor when logged in.
The last name of the customer.
The first name of the customer.
Whether the customer is logged in.
The MD5 hash of the _COOKIE_KEY_ in config/settings.inc.php and the password the customer used to log in.
The email address that the customer used to log in.
The ID of the current cart displayed in the cart block.
The Blowfish checksum used to determine whether the cookie has been modified by a third party.
6.4 We also use Google Analytics to monitor how our website is used. Google Analytics collects information anonymously and generates reports detailing information such as the number of visits to our website, where visitors generally came from, how long they stayed on our website, and which pages they visited. Google Analytics places several persistent cookies on your computer’s hard drive. These do not collect any personal data. If you do not agree to this you can disable persistent cookies in your browser. This will prevent Google Analytics from logging your visits.
7.1 We shall process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. In particular, access is restricted to employees who need to know your personal data, and we use appropriate password protection and appropriate strong encryption electronic measures within our systems.
7.2 However, unfortunately, because of the nature of electronic storage, we cannot promise that your personal data will always remain secure. If there is a security breach, we will do all that we can as soon as we can to stop the breach and minimise the loss of any data.
- Your rights
8.1 You have a number of rights under applicable data protection legislation. Some of these rights are complex, and not all of the details have been included below. Further information can be found here
◦ Right of access: You have the right to obtain from us a copy of the personal data that we hold for you.
◦ Right to rectification: You can require us to correct errors in the personal data that we process for you if it is inaccurate, incomplete or out of date.
◦ Right to portability: You can request that we transfer your personal data to another service provider.
◦ Right to restriction of processing: In certain circumstances, you have the right to require that we restrict the processing of your personal information.
◦ Right to be forgotten: You also have the right at any time to require that we delete the personal data that we hold for you, where it is no longer necessary for us to hold it. However, whilst we respect your right to be forgotten, we may still retain your personal data in accordance with applicable laws.
◦ Right to stop receiving marketing information: You can ask us to stop sending you information about our services, but please note we shall continue to contact you in relation to any matters relating to your report.
8.2 We reserve the right to charge an administrative fee if your request in relation to your rights is manifestly unfounded or excessive.
8.3 If you have any complaints in relation to this policy or otherwise in relation to our processing of your personal data, please tell us. We shall review and investigate your complaint and try to get back to you within a reasonable time. You can also contact the Information Commissioner, see www.ico.org.uk or if you are based outside of the United Kingdom, please contact your local regulatory authority
- Retention of personal data
9.1 Subject to the provisions of this policy, we will retain personal data in accordance with applicable laws.
9.2 In particular, we shall retain your personal data for as long as you access or use our online services and for at least 6 years after you have ordered a product from us.
9.3 However, we may also be required to retain personal data for a particular period of time to comply with legal, auditory or statutory requirements, including requirements of HMRC in respect of financial documents.
10.1 If any provision of this policy is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect.
10.2 This policy shall be governed by and construed in accordance with English law and you agree to submit to the exclusive jurisdiction of the English Court
Last updated: October 2018