- TheSaltMan is registered with the Information Commissioner in accordance with the General Data Protection Regulation (GDPR). Registration no. ZA474836.
- This policy has been reviewed and enhanced to comply with GDPR which comes into effect 25th May 2018.
We take our commitment to your privacy seriously, and we treat any information you provide to us with care. As part of this commitment, TheSaltMan has appointed a Data Protection Officer who is registered with the UK supervisory authority, the Information Commissioner’s Office (ICO).
WHO WE ARE
- We are Milehouse Management Ltd t/a thesaltman.co.uk ("TheSaltMan”, "we”, "us”, or "our”), a company registered in England and Wales (Company No. 4913708), with a registered office at Poplars, Newpound, Wisborough Green, West Sussex RH14 0EJ. We are registered with the Information Commissioner in accordance with the General Data Protection Regulation (the "Act”, Data Protection Registration no. ZA474836. For the purposes of the Act we are the data controller of your personal data.
WHAT INFORMATION WE COLLECT
- When you place an order with us, or interact with our websites we may ask you for certain information and you may submit personal data to us (for example your name, phone number, postal address, email address, contact and bank / credit card details).
- We may also record which products you are interested in (browse history) and which products you purchase as well as customer traffic patterns and site use.
- Some examples of how information may be collected by us:
- Information you provide us: we receive and store information that you submit when using our website or that you provide us in any other way (for example by email or telephone). This information may be provided when ordering from us (via our website or by telephone); entering competitions; registering an account on our website; accessing your account; querying order status; or by submitting text/photo/video reviews of us and our products.
- Information automatically provided: we receive, process and store certain information whenever you interact with our website. Like many websites, we use "cookies” (see the ”Cookies” section below) and obtain certain information automatically when your web browser accesses our website. Information automatically received by us includes the IP address that your computer uses to connect to the internet; your computer, browser, operating system and internet connection details; purchase history ; path analysis of your journey through our website; and products you searched for. We may also use software tools to measure and collect session information, length of visits to certain pages, repeat visits and page interaction information (such as clicks).
- Email communications: to help us make our email newsletter more useful and interesting for our customers we attempt to receive a confirmation when you open and click on email newsletters from us (if your email software/service supports this option). If you no longer wish to receive email newsletters, please see the section below entitled ‘your rights’.
- Telephone calls: We regularly monitor and record telephone calls for training purposes and to improve the quality of our service to you.
- Information from 3rd parties: we may receive information about you from other sources and add this to our account information. For example, we update address information using data from third parties.
HOW WE USE THIS INFORMATION
- Information is kept securely in accordance with our internal security policy and may be used to:
- process and deliver your order via the services of our nominated fulfilment partner/carrier ; by placing an order you are giving permission to pass on the necessary details to our nominated fulfilment partner/carrier to enable delivery of your order. In order to dispatch your order, we will pass only the necessary data to the appropriate carrier for delivery & tracking;
- provide customer support services to you;
- provide you with an up to date, efficient, and reliable service;
- help prevent fraud (e.g. we may check payment card details with our credit agency, who may keep a record of that information, and reserve the right to refuse orders on that basis. Your credit rating can be checked for a nominal fee with the main UK agencies Equifax and Experian);
- open and run your customer account;
- administer prize draws; or
- provide a more personal shopping experience.
By placing an order over the website or by phone, accepting the terms and conditions and/or submitting your data to us you agree to this use. This meets the EU conditions for lawful processing and enables us to enter into and fulfil the contract of sale with you the data owner.
- We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
- Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
- Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
- We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
WHO ELSE MAY SEE YOUR DATA
- In order to fulfil your order we may need to disclose some of your information to our delivery partners including but not limited to; Royal Mail, Parcelforce, DPD, UPS, FedEx.
- TheSaltMan have engaged Sage Pay and PayPal to act as it’s payment gateway providers. Sage Pay and PayPal host the payment fields on our website which means they collect full payment details and manage the entire payment process. TheSaltMan do not store full payment details at all, but receive partial payment details back for internal tracking only, it is not possible to process a payment with the details received back. This ensures PCI compliance and supports the core GDPR concept of privacy by design.
- We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions and other agreements; or to protect our rights, property, our safety, or the safety of our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
THIRD PARTY LINKING
- Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Under the terms of this policy and in accordance with the GDPR legislation you have the following rights as regards your personal data:
- Right of access- you have the right to know what personal data we have collected and what we intend to do with the data. The ways we may use your data are listed above in the section entitled ‘How We Use This Information’. If you wish to request details of the personal data we hold about you, this can be made by any communication method on our website or shown below but to aid the efficiency of the request, we have set up a dedicated email address which is firstname.lastname@example.org.
- Right to withdraw consent to marketing or any data processing - you have the right to withdraw your consent to TheSaltMan using your data in all or specific ways. You can opt out of marketing communications at any time by selecting the option on your customer account under marketing preferences. There is also an ‘unsubscribe’ link contained at the end of every email communication. If you choose to withdraw all consent to any processing or usage of personal data then please be aware that we will be unable to fulfill your orders.
- Right to rectification- if you believe that the information we hold about you may be incorrect then you have the right to request that is updated and amended. Please use your customer account to complete any changes or contact email@example.com.
- Right of erasure- you can choose what personal data you wish us to hold and have the right to remove this data in full or in part at any time. You can update your customer account data directly or you can contact us at firstname.lastname@example.org for assistance.
- Right to be forgotten- you have the right to request that any personal data that could be used to identify you and that is held by TheSaltMan is permanently erased. This is an intractable request and once it has been made there is no way to reverse it. If you wish to have your data permanently deleted then please contact us at email@example.com for assistance. Please be aware that TheSaltMan is legally obliged to retain documents/records for a period specified by law, please see retention section below. If you make a request to have your data deleted we will inform you of any documentation we are legally obliged to retain and explain the timeline. After this has expired we commit to deleting this data too. We will action all requests for data deletion as quickly as possible but please allow a period of 30 days for the request to take full effect.
- Right to object to automated decision making- TheSaltMan uses automation for some order processing for example; fraud checking of orders. If you wish to object to automation of this data processing then please be aware that we may not be able to process your order.
- Consent- TheSaltMan will specifically request your consent to use your personal data in the following ways:
- By placing an order you are accepting our terms and conditions and consent to use the data you have provided to fulfill your order. TheSaltMan will only collect the data required to support and fulfill your order, if you choose not to give your consent then we will not be able to process your order.
- When creating a customer account and placing an order we will offer you the opportunity to opt in to our marketing offers & emails. You may opt out of marketing communications at the point of account creation or at any subsequent time by selecting/deselecting the boxes in your customer account/email preferences.
RETENTION OF DATA
One of the core principles of GDPR is storage/retention of data and the regulation states to keep data only for as long as reasonably required. The regulation also states if there is a legal or statutory obligation to retain data, this supersedes GDPR for the period of legal/statutory obligation.
TheSaltMan has reviewed all of its legal obligations and determines the following pieces of statute are applicable to data retention:
- Companies Act 2006
- HMRC Record Keeping Requirements
Adequate financial records will need to be kept for six complete financial years. To maintain adequate financial records, details of customer orders and supporting information will need to be kept.
After these periods, all Personally Identifiable Information will be removed.
WHERE WE STORE YOUR PERSONAL INFORMATION
- The primary location for data stored by The SaltMan and used for the processing of orders is in the UK where only authorised personnel have access to the data.
- Cookies are a technology which can be used to provide you with tailored information from our website. A cookie is an element of data that our website sends to your browser, which may then store it on your system. You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it.
- We use the cookies for the following purposes:
- site administration;
- operation of our website. These include, for example, cookies that allow you to log into our website or use the website’s shopping basket;
- recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily;
- completing the user’s current activity;
- reviewing browsing history in order to recommend more suitable products and more relevant marketing email communications;
- research and development.
- To find out more about cookies including how to manage your cookie settings, please visit www.allaboutcookies.org.
MARKETING COMMUNICATIONS & OTHER TECHNOLOGIES USED
The following list is not exhaustive but contains TheSaltMan and associated brands current core partners:
- Newsletter - When ordering from TheSaltMan, and creating your customer account, entering competitions or otherwise interacting with us we will give you the opportunity to subscribe to our email newsletter. You may opt in and out of marketing communications at the point of account creation or at any subsequent time by selecting/deselecting the boxes in your customer account/email preferences.
- Actinic/Oxatis - This service provider stores information about your account, your orders, and products which interest you. Personal data may be used to send triggered emails, such as cart abandonment and to personalize marketing, for example, to suggest products related to your previous purchases. It may also be used to send you special offers and product news by email.
LAWFUL BASIS FOR PROCESSING DATA
There are six lawful bases for processing personal data within the GDPR regulation, details of which can be found here . The following are the bases applicable to TheSaltMan :
- Contract – GDPR regulation states the contractual lawful basis for processing data is "processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.” This basis will be used in the fulfilment of orders placed via our websites.
- Consent – GDPR regulations state Consent is "the individual has given clear consent for you to process their personal data for a specific purpose.” This basis will be used in relation to sending direct marketing communications where consent has been freely given for the specific purpose, is an affirmative step and confirmation retained e.g. consent specifically given to receive our newsletter.
- Legitimate Interest – GDPR regulations state "the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.” This basis will be used for the protection of our customers & employees as well as promoting our products & services e.g. for relevant, targeted marketing emails to existing customers.
DATA PROTECTION IN ACTIVE OPERATION
TheSaltMan take their obligation under GDPR very seriously which is why a Data Protection Officer has been appointed. In addition to this, a comprehensive training programme has been constructed and rolled out to our team. This supports our commitment to protect our customer’s data and deliver a professional service.
- If we are unable to resolve your dispute, you can raise your concern directly with the Information Commissioner’s Office whose website can be found here.
- email to firstname.lastname@example.org
- post- FAO The Data Protection Officer, The Salt Man, Poplars Barn, Newpound, Wisborough Green, West Sussex RH14 0EJ
- by telephoning (UK) 01483 701929.