Thomson & Scott Limited ("us", "we" and "our") is committed to protecting the privacy of those who use and order products on our website www.thomsonandscott.com
This website is not intended for children and we do not knowingly collect data relating to children.
Email address: firstname.lastname@example.org
YOUR DATA RIGHTS
Under certain circumstances you have rights under data protection laws in relation to your personal data, as follows:
- The right to access the personal data we hold on you and other information about how we use it, who we share it with, where we obtain it, and how long we keep it for. We will usually have one month to respond, except for complex or multiple requests where this may be extended by a further two months. A fee is not normally chargeable for such a request, but if we choose to respond to any manifestly unfounded or excessive requests, we may charge a reasonable fee for doing so.
- The right to request that we correct and update any inaccurate or out of date personal data we hold about you.
- The right to data portability, which means the right to receive an electronically readable copy of your data, where your personal data was collected with your consent or under performance of contract, and our processing of that personal data is carried out by automated means.
- The right to withdraw your consent to the processing of your personal data at any time, where such processing is subject to your consent.
- The right to object to the processing of your personal data or to request that we erase your data, where we no longer have a legitimate reason for processing such data or it is being processed unlawfully.
- The right to lodge a complaint with the UK data protection regulator, the Information Commissioner's Office (ICO), if you think that we are breaching your rights under Data Protection Law.
If you wish to exercise any of your rights above or raise a complaint around how we have handled your personal data, please contact email@example.com.
We may ask for more information from you to verify your identity or clarify the nature of your request before we can respond in full.
If you are not satisfied with our response or you believe we are not processing your personal data in accordance with the law, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO) by telephoning +44 (0) 303 123 1113; sending a complaint by post to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF; or visiting their website at:
WHAT IS OUR LEGAL BASIS FOR PROCESSING?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
- Where it is necessary for the performance of a contract with you, in particular in relation to the placing of an order on our website and shipping such goods.
We will rely on our legitimate interests to conduct such activities as:
- To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
- To understand the effectiveness of the advertising we serve to you.
- To use data analytics to improve our website, products/services, marketing, customer relationships and experiences.
Such legitimate interests include the provision of administration and IT services, network security, to prevent fraud, to study how customers use our website and products, to develop them, to grow our business and to inform our marketing strategy.
WHAT DATA DO YOU COLLECT FROM ME?
When you use our website, we collect data in the following ways:
- Data you submit to us. When purchasing an item or when communicating with us (for example to request information about, or report a problem with, our website or our products, or when you sign up for marketing emails or amend your marketing preferences) you provide us with data about yourself. This data may include your name, address, e-mail address, phone number, and location.
- Technical data we collect from you. Technical data, about your device and your visit, which is generated when you use our website, will be collected by us, in some cases by third parties. This includes:
- Device Data: we collect data on the type of device or platform (such as a computer or mobile device) used by you to access our website. This includes data about the device itself, its operating system, the web-browser type and version you use and your browser language and plug-ins. We collect additional data when you access our website from a mobile device, for example data relating to your mobile network. This data is collected / stored by Google Analytics.
- Location data: your use of our website generates geographical data, including the location, time zone of your device and IP address, which is collected by Google Analytics, and Shopify.
- Log data about your visit: use of our website automatically generates data about your unique visit which we log using a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. This includes data about your internet service provider, the number and timing of clicks to and from our website content; pages viewed; page response times, download errors, length of visits to certain pages, page interaction data (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
We do this to find out things such as the number of visitors to the various parts of the site in order to optimise your experience. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
HOW AND WHY DO YOU USE MY DATA?
We shall respect and protect the privacy of your data, and it will only be used as necessary for the purposes set out below.
- Data you submit to us.
We use this data in order to:
- take and fulfil customer orders for products;
- process payment for your products *;
- obtain credit authorisation from your card issuer *;
- contact you with any queries about your order;
- generate reports for accounting purposes;
- send you marketing emails/newsletters which you have asked to receive;
- delete or anonymise your data.
* Note: We (Thomson & Scott) do not collect or store ANY customer payment details. This is done using trusted third-party suppliers, PayPal, Amazon and Shopify Payments, who collect and safeguard this data. For more information on how your data is handled, refer their Privacy Policies linked below:
- Technical data we collect.
We use this data to:
- administer our website and for our own troubleshooting, analysis, testing, research and statistical purposes;
- improve and optimise our website and the way content is presented;
- keep our website safe and secure;
- allow you to use interactive features of our website;
- delete or anonymise your data.
Will you disclose my data to third parties?
We share data we collect within our corporate group and with selected trusted third parties including:
- our shipping and fulfilment partner, EHD;
- analytics and search engine providers that assist us in the improvement of our website and the services we provide; and
- MailChimp, the marketing automation platform and email marketing service we use to send our newsletters, marketing emails and order notifications.
We will disclose data we collect to third parties:
- if Thomson & Scott undergoes a change of control or any of its business or assets are sold or transferred (in which case we would disclose your data to the prospective seller or buyer);
- if Thomson & Scott or substantially all of its assets are acquired by a third party, in which case data held by us about our website users will be one of the transferred assets; or
- if we are under a duty to disclose or share your data in order to comply with any legal obligation or legal process (for example, a court order), or in order to enforce or apply our contractual rights, including any other agreement; in order to protect the rights, property, or safety of Thomson & Scott, our website users, or others. This includes exchanging data with other companies and organisations for the purposes of fraud protection.
How and where do you store my data?
When you place an order on our website, you submit your data through to one of our third-party suppliers (Data processors) on our behalf (Shopify). This data is initially processed within the EEA by their Irish entity, Shopify International Ltd. It is then exported from the EEA to their Canadian parent entity, Shopify Inc. This export takes place within their corporate structure. Data within Shopify Inc. is protected under PIPEDA, Canada's privacy legislation, which is considered adequate under the GDPR.
Shopify Inc. uses a combination of data centres and cloud service providers to store this personal data in the United States and Canada.
When personal data is transferred outside the European Economic Area, it is done under measures to ensure that it is protected to the same level as within the EU. This includes through the EU-U.S. and Swiss-US Privacy Shield, for example for Shopify or Google Analytics’ own storage, or through contractual data protection addenda (DPAs) with third-party service providers. The EU-U.S. and Swiss-U.S. Privacy Shields are also considered adequate under the General Data Protection Regulation (GDPR). Shopify's Privacy Shield certification can be found on PrivacyShield.gov.
Your order data will be held for the duration of six years from the end of the financial year in which the transaction was made (January 31st), to comply with our legal and contractual obligations. After this period, it is anonymised and held for statistical / record keeping purposes, and any data that could be used to identify you will be deleted.
Technical data such as your IP address collected on our behalf by Google Analytics when visiting our site, will be kept indefinitely and only be processed in a way that does not identify any individual user. This data will not be combined with other data in order to identify you. We do not make, nor do we allow Google to make, any attempt to find out the identities of those visiting our website.
When you sign up to our newsletter or email marketing, your information will be securely stored by MailChimp. MailChimp's servers are located in USA. Because MailChimp certifies to the Privacy Shield framework, they can lawfully receive EU data.
How do you ensure my data is secure?
We take appropriate technical and organisational measures, physical and electronic, to ensure the security of your data and only work with trusted third parties who provide equivalent protections sufficient under the GDPR. However, the transmission of information via the internet is not completely secure. We do our best to protect your data, though we cannot guarantee the security of your data transmitted to our website and any transmission is at your own risk.
What about hyperlinks and links to other websites?
Our website may provide links to and from the websites of our affiliates, and business partners. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these websites’ privacy policies or for the way in which third-party websites collect or process data. Please check these policies before you submit any data to these websites. You understand, acknowledge and agree that all access to and use of any such third-party website by you shall be at your own risk.
What are cookies?
A cookie is a computer file consisting of letters and numbers which is installed on your device when you visit a website, and which allow our website to recognise a user and retain that user’s preferences when they return. Cookies do not collect data, instead they serve to act as unique identifiers, or information caches, which can be used to identify a user’s preferences, settings or previous activity and which in turn enable website operators to provide an optimised, improved and more individualised browsing experience.
Some internet browsers will temporarily store website data using a process known as ‘caching’. The creation of a website cache may improve loading speed and responsiveness and, in some cases, provide offline functionality. Most internet browsers support HTML 5 which permits website caching. Website caching typically requires greater storage capacity than cookies which, in turn, may provide greater improvements in speed and functionality.
Our partners including Shopify, Paypal, Amazon and Google Analytics will also drop cookies on your device when you browse our site and make purchases. Details of the cookies they use, their purposes and further details are here:
How do I manage cookies?
Whilst we advise that you allow the installation of cookies on your browser or device when using our website, you are not obliged to do so and you can choose to reject cookies by adjusting the settings for your browser or device. You can also delete those which already exist using the settings on your browser and/or device (however, this may interfere with your use of our website and adversely affect your browsing experience).
Find out how to manage cookies at your browser’s site, some of which are linked below:
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.