We understand how important your privacy is to you and ensure any personal data you provide us with is treated with respect.
Contained within this statement and set out below are details of the types of personal data we may hold about you, our customer, how we obtain and process any personal data we may have, and most importantly how we protect your privacy. This policy relates only to the personal data submitted or collected via this website which is owned and operated by Candinon Ltd, a company registered in England and Wales (company number 10227222) with its registered office at No.33 Cathedral Road, Cardiff, Wales, CF11 9HB. Licenced with the Information Commissioner’s Office with licence number ZA190581.
What personal data we collect
We collect several types of personal data about users of our websites, including information:
- by which you may be personally identified, such as name, postal address, e-mail address, telephone number or any other identifier by which you may be contacted online or offline;
- which is required to purchase our products namely financial information;
- that is about you but individually does not identify you;
- that relates to your visit to our website and the resources you access, including but not limited to IP address, traffic data, location data, cookies, web beacons and other tracking technologies.
How we collect your personal data
We collect this personal data:
- Directly from you when you provide it to us;
- From information that you provide by filling in forms on our website e.g. completing a purchase;
- From records and copies of any correspondence you have with us;
- From third parties; and
- Automatically as you navigate the website.
How we may use your personal data
We may use information to:
- Provide our products and improve and customise services;
- Offer products that may be of interest to you;
- Process payment for products that you purchase on our website;
- Facilitate use of our website;
- Manage your account and your preferences;
- Analyse use of and improve our website and services;
- Identify and protect against fraudulent transactions and other misuses of our website;
- Enforce our Terms and Conditions.
Legal basis for processing your personal data
We process your personal data in accordance with UK Data Protection laws and the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR).
In order for you to use and access our website services we must process your personal data. The legal basis for this processing is contained within Article 6 of the GDPR and in particular the following provisions:
- Article 6(1)(b) – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- Article 6(1)(c) – processing is necessary for compliance with a legal obligation to which we are subject e.g. contractual obligations or financial and auditing regulations; and
- Article 6(1)(f) – processing is necessary for the purposes of our legitimate interests e.g. in providing services including customer service, protecting the business, maintaining and providing a secure environment and training development and quality purposes.
Who we share your data with
We may share personal data that we collect or which you have provided to:
- Our subsidiaries and affiliates;
- Service providers and third parties we use to support our business such as credit-card payment processors or telecommunication/technological services required for the operation and maintenance of our website. Access to your personal data by these providers is limited to the information reasonably required for them to perform their function;
- Comply with any court order, law or legal process, including where necessary to respond to any government or regulatory request;
- A buyer or successor in the event of a sale or transfer of our business;
- To enforce or apply our Terms & Conditions; and
- If we believe disclosure is necessary or appropriate to protect the rights, property or safety of our company, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and reporting suspected criminal activity.
Transfer of your personal data
Your personal data may be held within the European Economic Area which comes under the General Data Protection Regulation (GDPR).. Where personal data is transferred or stored outside of the European Economic Area we check whether the EU Commission has issued an adequacy decision, which is a confirmation from them that the personal data will be afforded the same level of protection as if it was within the European Economic Area.
If there is not an adequacy decision in place, and to comply with GDPR requirements, we will ensure the transfer of personal data is protected by other means, including where explicit consent from the data subject has been received or through contractual obligations with relevant third parties regarding usage of the personal data.
Data confidentiality and security
Keeping your personal data secure and confidential is of tantamount importance to us. Due to this we have introduced rules, measures, specialist technology and implemented security policies to ensure that your data is protected.
We use Secure Sockets Layer (SSL) encryption to secure your personal data and only provide your personal data to the staff who have to access it for the function of carrying out their duties.
Whilst we make every attempt to protect your data there are still risks involved when inputting your data online and we need to make you aware of this.
Please be advised that, although we take all reasonable precautions to protect your data, no data storage or data transmission security is guaranteed. Accordingly, we cannot, and does not, represent, warrant, or guarantee the complete security of any data storage or data transmission. You agree that your access to and use of this site and your use of our services, which necessarily includes data storage and data transmission, is carried out at your own risk.
Data is processed and stored only as long as it is needed for the purpose for which it was collected, subject to the following overriding principles:
- Where legal obligations require us to keep the information for longer or for a specified period;
- Until the expiry of any limitation period in relation to potential claims against us;
- Until the expiry of a reasonable period of time in relation to potential complaints.
You have the following rights in respect of your data:
- The right to be informed about who is controlling your data, how, and for what purpose they intend to process the data, with whom they may share the data, and for how long they will keep the data.
- The right of access – you have the right to receive confirmation that your data is being processed. You also have the right to access your personal data in order to verify the lawfulness of the processing.
- The right to rectification – you can ask for inaccurate or incomplete personal data to be rectified
- The right to erasure or the right to be forgotten – you can ask for your personal data to be deleted or removed in specific circumstances.
- The right to restrict processing – you can ask us to “block” or suppress the processing of your personal data circumstances.
- The right to data portability – this allows you to obtain and re-use certain elements of your personal data for your own purposes across different services; it allows you to move copy or transfer your data easily from one IT environment to another in a safe and secure way, without hindering its usability.
- The right to object – You have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
- Rights in relation to automated decision making and profiling – you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects, or which similarly significantly affects you.
What we may need from you: We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
No fee usually required: You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
If you have any complaints about how we have used your personal data please contact our Data Protection Officer using the contact details on the website or write to: The Data Protection Officer, No.33 Cathedral Road, Cardiff, Wales, CF11 9HB.
We do recommend that you bring any issues to our attention as soon as possible. The sooner we know about the issue the sooner we can help resolve it.
We will do our best to resolve your complaint but if you remain unsatisfied with any aspect relating to your personal information, you have the right to complain to the Information Commissioner’s Office.
The ICO may be contacted at https://ico.org.uk/make-a-complaint/
By post at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
When you visit this website a small text file known as a ‘cookie’ is placed on your computer or other device which may provide some personal data details from you. Some cookies are required for the functioning of the website, others allow us to recognise you each time you visit and remember your preferences. Cookies are also used to improve user experience on the website, advertising, tracking and browsing habits.