Lawful Basis for Processing Personal Data
For the purposes of The GDPR, we are the Data Processor when selling on sostalisman-retailer.co.uk (a website owned by Direct Watch Company Ltd) and processes all personal data lawfully, fairly and in a transparent manner. Under Article 6 of The GDPR, the lawful basis on which we process personal data received from sostalisman-retailer.co.uk (a website owned by Direct Watch Company Ltd) is that of “Contract” – whereby processing is necessary in order to fulfill buyer orders and enquiries. We retain information provided by sostalisman-retailer.co.uk (a website owned by Direct Watch Company Ltd), such as transaction information for internal financial accounting purposes. It is a legal requirement to retain this information for a period of 7 years.
Data We Receive: Personally Identifiable Information
We receive personally identifiable information from sostalisman-retailer.co.uk (a website owned by Direct Watch Company Ltd) only when it is voluntarily submitted by buyers when placing an on-line order. The data we receive includes: name, billing address, delivery name, delivery address, e-mail address (in encrypted format), telephone number, date of order, items ordered, value of items ordered, chosen method of delivery. We do not sell or rent personally identifiable information to any third party for any purpose.
How we use buyers’ personal information
We may use any personal buyer information provided by sostalisman-retailer.co.uk (a website owned by Direct Watch Company Ltd) to:
- process and dispatch buyers’ order/s
- carry out regulatory checks to meet our legal obligations
- prevent and detect crime
- develop and improve our products
- undertake anonymised statistical analysis (we won’t be able to identify individuals from this data)
We treat all information we hold about buyers as private and confidential. We will not reveal any personal details or details concerning buyers’ orders to anyone not connected with us, unless:
- a buyer asks us to reveal the information, or we have a buyer’s permission to do so
- we are required or permitted to do so by law
- it is required by law enforcement, fraud prevention or credit reference agencies
We may share buyer personal information with our suppliers, service providers and other contractors only to fulfil orders buyers place with us on sostalisman-retailer.co.uk (a website owned by Direct Watch Company Ltd).
Data Subject Access Requests
Under The GDPR buyers are entitled to obtain from us (the Data Processor for the purposes of The GDPR when selling on sostalisman-retailer.co.uk (a website owned by Direct Watch Company Ltd)) a copy of the data held concerning them and to have any inaccuracies in the data rectified. We are obliged to provide this data to within 1 calendar month of the request and free of charge. However we have the right to refuse or charge for requests that are manifestly unfounded or excessive and repetitive.
Cookies are pieces of data created when you visit a website. The cookies our site uses are ‘session cookies’, which store your preferences while you move around the site. (eg the items you choose to place in your shopping basket). You can set your computer not to accept cookies if you so wish. This will not in any way affect your ability to access the information on the site, but will prevent you placing an order, or the website remembering the contents of your shopping bag should you choose to return at a time in the future.
This site has security measures in place to protect the loss, misuse and alteration of the information under our control. All information you supply when ordering is completely secure. We use the most advanced encryption technology to protect you from unauthorised use of the information you supply.
You can obtain further information about data protection laws by visiting the Information Commissioner’s website at www.dataprotection.gov.uk
If you have any queries please telephone us.
We retain these details for up to 400 days (one year's guarantee plus one month) in case any issues arise with your order. After this period has elapsed, your details will be erased from our system. You can request that this happens at any time by sending an email to email@example.com together with your order reference number.
If you have registered with us, you can also request to have details removed at any time by sending a request to firstname.lastname@example.org or by clicking the Unsubscribe button on any communication we send.