Last updated: 31st January 2020
Giftpoint Limited needs to gather and use certain information about individuals. We are committed to protecting your personal data and we respect your privacy. This privacy notice will inform you about the type of personal data we collect; through the use of our sites, any data you may provide when you sign up for a newsletter, make an enquiry, purchase a product, enter into a contract with us, supply us with a product, open an account with us or correspond with us by phone, email or otherwise and how we at Giftpoint Limited use, disclose and protect that information.
Our data protection representative is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us using the details below.
The data we collect
- Identity data; including title, first name, middle name, surname and job title
- Contact data; including billing address, delivery address, email address and telephone numbers
- Financial data; including bank account and payment card details and invoice address
- Transaction data; including payments to and from and purchase history
- Profile data; including username and passwords
We will not collect any special categories of personal data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any data about criminal convictions and offences.
How we collect your data
- Direct interactions; you may give us your identity, contact and financial data by face to face meeting or corresponding with us by post, phone, email or otherwise
- You open an account with us
- You enter into a contract with us
- You place an order with us
- You create an account on our websites
- Subscribe to our newsletters
- Request marketing to be sent to you
- Supplied to fulfil a marketing requirement (for example a gift is sent to you at our customers request)
- Third parties or publicly available sources
- Identity and contact data from data brokers or aggregators
- Identity and contact data from publicly available sources such as Companies House and the Electoral Register based inside the EU
How we use your data
We will only use your personal data as the law allows us to. Most commonly we will use your personal data in the following circumstances.
- Process, evaluate and respond to your enquiries
- To register you as a customer
- To process and deliver your order
- To manage our relationship with you
- To perform the contract that we are about to enter into or have entered into with you
- To send you newsletters and/or industry related updates
- To make you aware of our goods and services that may be of interest to you
- To verify your identity
- To operate, evaluate and improve our business
If you do not provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example to provide you with goods). In this case, we may be unable to process an order for a product and fulfil our contract with you. We will notify you at the time if this is the case.
Disclosures of your personal data
We may have to share your personal data for the purpose of fulfilling our contract with you. These may include
- Internal third parties such as our employees or officers and legal entities within the company
- External third parties including specialist IT support, suppliers and subcontractors for the performance of our websites and our contracts.
- Courier companies to deliver your order; including DHL, Yodel, FedEx, DPD, APC, Hermes, Royal Mail, Interlink
- Third party freight agents to deliver your goods
- Card payment solutions; including WorldPay, PayPal, First Data Merchant Solutions
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
The security of your data is very important to us and we are committed to protect the personal information we collect about you. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. Your personal data is processed only on our instructions and is subject to a duty of confidentiality. We have procedures in place to deal with a suspected data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your data for as long as necessary to fulfil the purposes we collected it for, satisfying any legal, accounting, or reporting requirements. To determine the length of retention we will consider the amount, nature and sensitivity of the personal data, the possible risk from unauthorised use or disclosure, the purpose for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements.
Your legal rights
- If you advise us that the data we hold about you is incorrect or incomplete we will correct and complete the information as soon as possible
- You have the right to request that your personal data be deleted, we will delete your data immediately unless continued retention is necessary and permitted by law
- You have the right to object to us processing your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- You have the right to request that we suspend processing your personal data, but hold it for you, in the event the data we hold is inaccurate, the processing is unlawful or we no longer need the personal data. Once restricted, we will only continue to process your personal data if you consent or we have legal basis for doing so
- You have the right to access information held about you and any access request will usually be free of charge.
- You have the right to receive a copy of your personal data that you gave to us
- You may withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent
- We may need to request specific information from you to confirm your identity and ensure your right to access your personal data.
- We will try to respond to legitimate requests within one month. Occasionally it may take us longer if your request is complex or you have made a number of requests. In this case, we will keep you updated.
Email address: firstname.lastname@example.org
Postal Address: Giftpoint House, Mill Mead, Staines-upon-Thames, Middlesex, TW18 4UQ
Should you have any concerns we would welcome the opportunity to deal with them in the first instance. Please raise any concerns to email@example.com You have a right to make a complaint at any time to the ICO (Information Commissioner’s Office, the UK supervisory authority for data protection issues www.ico.org.uk
Third party links
Our sites and services are not intended for children and we do not knowingly collect any data relating to children. If you become aware that your child, any child under your care, or a person otherwise not able to provide valid consent has provided us with information without a parent or guardian’s consent, please contact us immediately.