GDPR-compliant Privacy Policy
Thirty8 London Ltd
We care about your privacy. We’re careful with your data, how we process it and who we share it with. This document explains what happens to your data when you interact with us and this site, and your data rights pertaining to any data we collect.
1. Introduction
1.1 This Privacy Notice sets out information on how and why Thirty8 London Ltd of 1st Floor Spitalfields House, Stirling Way, Herts, WD6 (“we“) processes personal information (“you“) and your rights in relation to that information. Under data protection laws we are a “controller” of personal information.
2. Data Protection Principles
2.1 There are 6 key principles under data protection laws which govern how we must deal with your personal information. We must:
· hold and use it lawfully, fairly and in a transparent way
· only use it for specific and lawful purposes that have been explained to you
· make sure that it is adequate, relevant and limited to what is necessary for those purposes
· make sure that it is accurate and where necessary up to date
· make sure that we only keep it for as long as is necessary for those purposes
· make sure that it is kept securely
3. What information do we collect about you?
3.1 The personal information about you which we expect to collect, hold and use (“process”) is likely to include the following. This list is not exhaustive but is intended to give you a clear idea of the personal information about you which we process:
3.2 What Data We Collect
- Your name(s)
- Your contact information, e.g., email address and/or phone number
- Your address for shipping of your gift / product / contract use
- Your nationality, gender, marital status, sexual orientation
4. How long will we process your personal information?
· We will retain and process this personal information: for a period of 2 years. After 2 years, we will conduct a review of the information we hold about you. Where possible, we will retain, reduce and/ or redact your personal information.
5. How long will we process your personal information?
5.1 Mostly, we will be collecting the information about you and we do not employ a third party to collect data generally
5.2 The personal information we expect to collect about you may be:
5.2.1 provided directly to us by you or
5.2.2 provided by a third party such as, for example, by an employer giving us a reference about you, or by another staff member, customer, client, supplier, or referrer.
5.3 We do not share your information with outside organisations other than for the purposes set out above and will not sell or provide information about you to any organisation for direct marketing purposes without your consent.
5.4 We may share information with a third party where it is envisaged that the business, or part of the business in which you work, may be better handled or distributed directly through the third party. In such cases we will ensure that appropriate safeguards are in place in accordance with any relevant guidance from the Information Commissioner.
5.5 No Marketing Unless Specifically Requested
Unless you specifically authorise us to do so, we will NOT use any of your data for marketing purposes – it will only be used in the course of processing your contract or gift with us, e.g., to send your contract confirmation emails, to contact you by phone with any queries regarding your contract or gift and to be able to delivery your gift to your chosen location.
5.6 We take data protection very seriously. As well as providing privacy notices for our staff regarding their own personal data, we have a Data Protection Policy which outlines data protection law and how we handle all personal data, including the personal data of our clients, customers, suppliers and contacts, and how we expect our staff to handle personal data in the course of their work with us.
6. On what grounds do we process your personal information?
6.1 We rely on a number of lawful reasons for processing the information set out above. These are that:
6.1.1 It is necessary for our legitimate interests, both in conducting our business, and ensuring that we are able to manage our clients throughout the duration of their relationship with us and beyond, and in establishing/defending legal claims where necessary; and/or
6.1.2 Where none of the other lawful reasons apply but it is necessary to protect your life or the life of someone else.
6.2 The information we hold about you will be used for the purposes for which it is collected unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
6.3 We have IT protections and other procedures in place to protect the data we hold.
6.4 We have set out some of the situations in which we may use your personal information and our lawful reason(s) for doing so in Schedule 1. Some of the reasons will overlap and there may be several grounds which justify our use of your personal information.
7. What will be the effect on you?
7.1 Protecting the data that we hold about you and all our staff is important to us. We will always try to ensure that the information we hold about you is accurate, up to date, limited to what is necessary and is kept secure. We will always be transparent with you about how we deal with your personal information.
8. Your rights
8.1 Under data protection rules, you have rights in relation to your information. You have the right to request from us access to your own personal information.
8.2 Additionally, you have the right to request from us:
8.2.1 that any inaccurate information we hold about you is corrected
8.2.2 that information about you is deleted in certain circumstances;
8.2.3 that we stop using your personal information for certain purposes;
8.2.4 that your information is provided to you or to a third party in a portable format;
8.3 Due to the nature of our relationship with you and our reasons for processing your personal information, in many cases we may not be able to comply with your request in relation to the rights listed above, which are limited to certain defined circumstances. However, we will tell you if that is the case and explain why.
8.4 If you make a request, we will respond to you within one month, unless an extension applies. An extension can apply if your request is complex or we have received a number of requests from you (such an extension may be up to two further months), or if we have asked for further clarification (in which case the time limit starts to run again once we have received the further clarification requested). We will not charge you a fee for dealing with your request (unless your request is manifestly unfounded or excessive, such as where you make repeated requests). Please refer to the Data Protection Policy for more details. If you wish to exercise any of your rights, please contact hello@thirty8london.com
8.5 We have appointed the Directors to oversee compliance with this Privacy Notice, who may be contacted at hello@thirty8london.com
8.6 If you are unhappy with how we are using your personal information or if you wish to complain about our use of information, please contact the directors at hello@thirty8london.com If we cannot resolve your complaint, you have the right to complain to the Information Commissioner’s Office, which is the statutory regulator for data protection matters. The Information Commissioner can be contacted at https://ico.org.uk/concerns/.
If you have any questions about this Privacy Notice, would like any further information or wish to discuss any of the above further, please do not hesitate to contact hello@thirty8london.com