What data does Gift in a Tin collect?
- Your name, age/date of birth and gender
- Your contact details: postal address, billing address and despatch address (if different), telephone numbers (including mobile number) and e-mail address
- Purchases and orders made by you
- Your browsing activity while on the website
- Your password if you create a registered account (not compulsory)
- Payment details (your card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions)
- Location via IP Address
- Device information when navigating our website
How we collect information
When you visit our website we may automatically collect information about your computer, including your IP address, information about your visit, your browsing history, and how you use our website. This information is combined with other information for example, completing contact forms or when you order, we need to have your name, e-mail address, card number and card expiry date. Without this information we will not be able to process your request or notify you of acceptance of your order. A contact telephone number may also be required so that we may contact you urgently if there is a problem with your order.
How we use your information
- When processing your order or contact query
- Providing information about our products which can be personalised based on the information we have collected about you
- To verify your Identity
- For crime and fraud prevention, detection and related purposes
Security of your data
- Access to customer account information is limited to those who need access for the performance of their job
- We use full login and password controls on our sales control system
- All full and part-time employees are required to sign a confidentiality clause as part of their terms of employment with the company
- Confidentiality and database access controls are reviewed periodically and updated as required to further protect your personal data
3rd Party Access
We do not share any information for marketing purposes. We share your data with courier and delivery services in order to deliver your order.
If, for any reason, you are unsure about the personal and account information we are holding in your name, please contact us via email or phone.
Right of Access – in accordance with Article 15 GDPR, you are entitled to obtain information, free of charge, about your saved data, where applicable, has a right to the correction, blocking, deleting of data (Article 5 (1 d), e) Article 12 and 17-19 GDPR). On request by email email@example.com We will inform the user in line with Valid Law in Writing of the User’s personal data (after appropriate security check to prove identity) we have saved. We will have one month (unless complex this can then be extended for 2 months) to respond to your request.
Right to lodge a complaint – In accordance to Article 77 GDPR. You have the right to complain to a supervisory body if you feel your data is being misused. Contact the ICO (Information Commissioners Office) for more information. We would hope that you would discuss with us any concerns so that we could look to resolve the issue before it gets this far.
Right to Data Portability – In accordance to article 20 GDPR. You have the right to receive the personal data concerning yourself which you have provided as the data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
Right to be Forgotten – In accordance with Article 17 GDPR, You have a right for your data to be forgotten and erased (anonymised personal data) from our systems. if you would like this to happen please email firstname.lastname@example.org.
Please note that the data cleansing process is total and we will have no records of your previous interaction. This is specific interest to rules following the Right to be Forgotten, which in turn may mean that we can legally acquire your data from opted in sources at a later date with no knowledge that you were a customer.
Please note, as advised by the ICO an Audit log comprising of just a name, plus the date the request came in, is kept for any access requests. A name on its own is not classed as personal identifiable information.
Sending your data outside of Europe
As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Economic Area (EEA). For example International customers are redirected to a 3rd party payment system outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you agree to this transfer, storing and processing.
Data Retention Policy
Any information relating to your account (including order history, communications and correspondence records) is kept while you are still an active customer. If you have not bought within six years all data will be safely destroyed. We hold very little paper records but any relevant materials will be shredded. Electronic data sets will be deleted or anonymised from master sources and backups. An automated process to identify, alert and process these deletions is in place.
Please note that the data cleansing process is total and we will have no records of your previous interaction. This is specific interest to rules following the Right to be Forgotten, which in turn may mean that we can legally acquire your data from opted in sources at a later data with no knowledge that you were once previous customer.