PRIVACY AND COOKIE POLICY

 This website is brought to you by [Kate Mills/heath Stores Horsmonden Limited]. We take the security and privacy of our website users very seriously. We ask that you read this Privacy Policy (‘the Policy’) carefully as it contains important information about how we will use your personal data.

For the purposes of the Data Protection Act 2018 (‘DPA’) and the EU General Data Protection Regulation (‘GDPR’), [name of data controller] (‘we’ or ‘us’) is the ‘data controller’, which means that we are responsible for, and control the processing of, your personal data).

[We have appointed a Data Protection Officer who is responsible for ensuring that we comply with our legal obligations in relation to data protection. Our Data Protection Officer is:

Name of Data Protection Officer: Kate Mills

Address: Heath Stores Horsmonden Limited, The Heath, Horsmonden, TN128HT

Telephone number:01892 722221

Email:heathstores@gmail.com

 Personal data we may collect about you

 We will obtain personal data about you such as your name, address, and other contact details whenever you complete an online form by which you consent to us holding that personal data for the purpose specified on that form.

 For example, we will obtain your personal data when you register for a Heath Stores credit account register to use this website, send us feedback, post material, contact us for any reason, sign up to a service, enter a competition, purchase goods or services

 We may monitor your use of this website through the use of cookies and similar tracking devices. For example, we may monitor [how many times you visit, which pages you go to, traffic data, location data and the originating domain name of your internet service provider This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually. Please see further the section on ‘Use of cookies’ below.

How we use your personal data

We will use your personal data for the purposes described in the data protection notice that was given to you at the time your data were obtained. These purposes include:

  • to help us identify you and any accounts you hold with us
  • administration
  • research, statistical analysis and behavioural analysis
  • customer profiling and analysing your purchasing preferences
  • marketing—see ‘Marketing and opting out’ below
  • fraud prevention and detection
  • billing and order fulfilment
  • customising this website and its content to your particular preferences to notify you of any changes to this website or to our services which may affect you
  • security vetting
  • improving our services

Lawful Basis for the Processing of Your Personal Data

We will use the personal data that we hold or the purposes of:

  • performing any contractual or other obligations that we may have to you,
  • complying with our legal obligations, and
  • protecting our legitimate interests or those of others but only if it is necessary to do so and those interest are not overridden by your own interests or rights. You have the right to challenge those interests and to request that we stop processing your personal data on this basis. For further information see ‘Your rights’

We can process your personal data for those purposes without your knowledge or consent, but we will not use your personal data held on that basis for any other purpose without telling you that we will do so and our legal basis for processing it.

We may also process your personal data for any purpose to which you have expressly consented. You can withdraw that consent at any time. For further information see ‘Your rights’ below.

You should be aware that if you do not provide or withdraw consent to our processing certain personal data it may not be possible for us to continue to provide credit accounts for you.

Special Categories of Personal Data

Special categories of personal data are types of personal data consisting of information as to:

  • your racial or ethnic origin;
  • your political opinions;
  • your religious or philosophical beliefs;
  • your trade union membership;
  • your genetic or biometric data;
  • your health;
  • your sex life and sexual orientation; and
  • any criminal convictions and offences.

We will only hold and process special categories of your personal data in certain situations in accordance with the law. For example, we can do so if we have your explicit consent. If we asked for your consent to process a special category of personal data then we would explain the reasons for our request. You do not need to consent and can withdraw consent later if you choose by contacting the Data Protection Officer/ Kate Mills].

We do not need your consent to process special categories of your personal data when we are processing it for the following purposes, which we may do:

  • where it is necessary for carrying out legal rights and obligations;
  • where it is necessary to protect your vital interests or those of another person where you or they are physically or legally incapable of giving consent;
  • where you have made the data public;
  • where processing is necessary for the establishment, exercise or defence of legal claims;
  • where processing is necessary for the purposes of occupational medicine or for the assessment of your working capacity.

We may process your race, ethnic origin, religion, sexual orientation, disabilities, medical condition or gender to monitor and to prevent possible discrimination.

Where Your Personal Data Will be Processed

We will not hold or send your personal data outside the European Economic Area.

Marketing

We will contact you by email, phone, SMS about our products, promotions and services only if you have asked us to do so. If you have changed your mind and would prefer us not to contact you, then you can opt out at any time. For further information see ‘Your rights’ below.]

Disclosure of your personal data

We may disclose your personal data to:

  • law enforcement agencies in connection with any investigation to help prevent unlawful activity
  • our business partners in accordance with the ‘Marketing’ section above

Keeping your data secure

We will use technical and organisational measures to safeguard your personal data, for example:

  • access to your account is controlled by password and username which are unique to you
  • we store your personal data on secure servers
  • payment details are encrypted using SSL technology

Whilst we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data which are transferred from you or to you via the internet.

Monitoring

We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance, training, fraud prevention and compliance

[Information about other individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his or her behalf and has agreed that you can:

  • give consent on his or her behalf to the processing of his or her personal data;
  • receive on his or her behalf any data protection notices;

Retention of Your Personal Data

We will not retain your personal data for longer than is reasonably necessary for the purpose for which it was obtained, and unless we have agreed otherwise with you we will at the end of the retention period securely destroy or delete it from our records.

For further information see our Data Retention Policy

Your Rights in Respect of Personal 

You have the right to information about what personal data we process, how and on what basis as set out in this policy.

You have the right to access your own personal data by way of a subject access request. We will respond as soon as reasonably practicable and in any event within one month unless the request is complex or numerous in which case the period in which we must respond can be extended by up to a further two months. There is no fee for making a subject access request, but if your request is manifestly unfounded or excessive we may charge a reasonable administrative fee or refuse to respond to your request.

You can correct any inaccuracies in your personal data. To do you should contact the [Data Protection Officer specified above/us via the contact details at the bottom of this policy].

You have the right to request that we erase your personal data if we are not legally entitled to process it without your consent or if it is no longer necessary to process it for the purpose for which it was collected. To do so you should contact the [Data Protection Officer/ us via the contact details at the bottom of this policy].

While you are requesting that your personal data is corrected or erased or are contesting the lawfulness of our processing, you can apply for its use to be restricted while that application is made. To do so you should contact the [Data Protection Officer/ us via the contact details at the bottom of this policy].

You have the right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop such data processing.

You have the right to object if we process your personal data for the purposes of direct marketing.

You have the right to transfer your personal data to another data controller. We will not charge for this and will in most cases aim to do this within one month.

With some exceptions, you have the right not to be subjected to automated decision-making.

You have the right to be notified of a data security breach concerning your personal data.

In most situations we will not rely on your consent as a lawful ground to process your data. If we do however request your consent to the processing of your personal data for a specific purpose, you have the right not to consent or to withdraw your consent later. To withdraw your consent, you should contact [the Data Protection Officer/us via the contact details at the bottom of this policy].

You have the right to complain to the Information Commissioner. You can do this be contacting the Information Commissioner’s Office directly. Full contact details including a helpline number can be found on the Information Commissioner’s Office website (www.ico.org.uk). That website has further information on your rights and our obligations.

Use of cookies

A cookie is a small text file which is placed onto your computer (or other electronic device) when you access our website. We use cookies [and other online tracking devices such as [specify, eg web beacons, action tags, Local Shared Objects, single-pixel gifs)] on this website to: [(specify as appropriate, e.g.:)

  • to keep track of the items stored in your shopping basket [and take you through the checkout process]
  • to recognise you whenever you visit this website (this speeds up your access to the site as you do not have to log on each time)
  • to obtain information about your preferences, online movements and use of the internet
  • to carry out research and statistical analysis to help improve our content, [products and services] and to help us better understand our [visitor/customer] requirements and interests
  • to target our marketing and advertising campaigns [and those of our partners] more effectively [by providing interest-based advertisements that are personalised to your interests]
  • to make your online experience more efficient and enjoyable.]

The information that we obtain from our use of cookies will not usually contain your personal data. Although we may obtain information about your computer [or other electronic device] such as your IP address, your browser and/or other internet log information, this will not usually identify you personally.] [In certain circumstances we may collect personal information about you – but only where you voluntarily provide it (e.g. by completing an online form) [or where you purchase goods or services from us].]

We will need your consent in order to use cookies on this website unless the cookie is necessary for us to provide you with a service you have requested such as [to enable you to put items in your shopping basket and use our check-out process].

If you visit our website when your browser is set to accept cookies, we will interpret this as an indication that you consent to our use of cookies [and other similar technologies] as described in this Privacy Policy. If you change your mind in the future about letting us use cookies, you can modify the settings of your browser to [reject cookies] [disable cookies completely].

Third-party cookies

We work with third-party suppliers who may also set cookies on our website, for example e.g. Facebook, Twitter, YouTube and Adobe Flashplayer which we use to display video content. These third-party suppliers are responsible for the cookies they set on our site. If you want further information about these third party cookies please go to the website for the relevant third party. You will find additional information in the table below.

How to turn off cookies

If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this website. For further information about cookies and how to disable them please go to: www.aboutcookies.org or www.allaboutcookies.org

Transfers of data out of the EEA

Our contact details

We welcome your feedback and questions. If you wish to contact us, please send an email to [heathstores@gmail.com] or you can write to us at [The Heath, Horsmonden, Kent, TN128HT] or call us on [01892 722221]. [Our registered office is The Heath, Horsmonden, Kent TN12 8HT

 

We may change this privacy policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version which will apply each time you access this website.