How we obtain your personal data
You provide us with personal data either online via our website, or through Amazon.co.uk [Privacy Notice] or via our email to firstname.lastname@example.org. Our website domain is managed through Wix.com [Wix Privacy Notice]. Our website payment method is Paypal [Paypal Privacy Notice]. Hereon-in we will refer to these as “data channels”.
The information we collect via these data channels may include all or some of the following:
Any personal details you knowingly provide us for the purpose of processing your order. This includes your name, address, phone number and email.
Your preferences and use of email updates, recorded by emails we send you (if you elect to receive email updates)
Your IP address; this is a string of numbers unique to your computer, that is recorded by our web server when you request any page or component on the Website. This information is used to monitor your usage of the website.
What we do with your information
Any personal information we collect from these data channels will be used in accordance with the General Data Protection Regulation and other applicable laws.
The details we collect will be used to process any requests or orders you make.
Do we use your personal data for marketing purposes?
Where we process your personal data for direct marketing, whether for the purpose of sending communications from us, or from our business partners (third parties) it will be based on us having obtained valid opt-in consent from you to do so. You may remove your consent at any time.
We will keep personal data about you confidential and will only disclose your information with other third parties with your express consent, unless disclosure is required for Legal Reasons or in the Event of a Dispute; whereupon:
We may share your information if we believe it is required by applicable law, regulation, operating agreement, legal process or governmental request. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Transfer of your personal data outside of the European Economic Area (EEA)
How long do we keep this information about you?
We retain your information while your account with us remains active unless you ask us to delete your information or your account.
We deem an account to be active if there has been any engagement by the user, within a 4-year window +90 days to attempt to re-engage a user. After this period, any personally identifiable information is deleted or anonymised.
If you have been contacted by phone then a recording of your call may be kept for up to 3 months to ensure quality assurance in our business practices.
Any financial information that you share with us may be kept for up to 6 years in accordance with the FCA
DATA SUBJECT RIGHTS
The General Data Protection Regulation (GDPR) grants you the right to access particular personal data that we hold about you. We shall respond promptly, and certainly within one month from the point of receiving your valid request for information from you. Our formal response shall include details of the personal data we hold about you, including the following:
Sources from which we acquired the information
The purposes for processing the information; and
Persons or entities with whom we are sharing the information
Accessing and Correcting your Information
We will always give you the right to access information held about you. Your right of access can be exercised in accordance with the General Data Protection Regulation.
If you believe any of your information we hold is incorrect you may request correction by contacting us at email@example.com.
Right to Erasure or to restriction of processing
Request erasure of your personal information.
This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
Request the transfer of your personal information to another party.
Right to object
You, the data subject, shall have the right to object on grounds relating to your particular situation, at any time to the processing of personal data concerning you, including any personal profiling; unless this relates to processing that is necessary for the performance of a task carried out in the public interest or an exercise of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of you, the data subject, or for the establishment, exercise or defence of legal claims.
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:
Where we have notified you of a matter that is to be followed by an automated future action.
Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.
In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making unless we have a lawful basis for doing so and we have notified you.
We do not envisage that any decisions will be taken about you using automated means, however, we will notify you in writing if this position changes.
Invoking your rights
If you would like to invoke any of the above data subject rights with us, please write to the Data Controller at Mug for Life, Studio 8, the greenhouse, Mannings Heath Road, Poole, Dorset, BH12 4NQ or email firstname.lastname@example.org.
Questions & Queries
If you have a complaint
If you have a complaint regarding the use of your personal data or information, then please contact us by writing to the Data Controller at Studio 8, the greenhouse, Mannings Heath Road, Poole, Dorset, BH12 4NQ or email email@example.com and we will do our best to help you.
If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them on 01625 545745.