Privacy Notice1. Introduction
This Privacy Notice explains the types of personal data that The Flag and Bunting Store (referred to as "we" "our" or "us" in the Notice) may collect about you when you interact with us. It also explains how we store and handle that data.
This Privacy Notice was last updated on 23rd May 2018 and it is likely that we will need to update it from time to time. 2. The legal bases we rely on
There are different reasons for which a company may collect and process your personal data, including:Contract
Sometimes we will need your personal data to comply with our contractual obligations. For example, if you order from us we will need your delivery address and contact details to deliver your purchase, answer any queries, and provide information to our courier or Royal Mail. Legal compliance
If the law requires us to, we may need to collect and process your data. For example, we can pass on details of fraud to law enforcement .Legitimate interests
In certain situations, we need your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business.
For example, we will use your data to reduce the chance of us incurring losses through credit card fraud, and to invite you to give feedback so we can improve our service. 3. When we collect your personal data
4. What sort of personal data we collect
- When you place an order.
- When you contact us with queries or complaints.
- When you visit our website, engage with us on social media
- When you comment on, or review our products and services, via our Feedback Management Company (currently Feefo).
5. How and why we use your personal data
- Your name, gender, billing address, email address, telephone number, recipient & delivery details (if different), computer IP address, and details of your orders (both completed and partially-completed).
- Details of your interactions with us online or by telephone. For example, we may make notes of our conversations with you, and keep details of any complaints or comments you make, and details of orders you make.
- Details of your visits to our website, items added to your basket, promotional offer codes you use, and which site you came from to ours.
- Payment method used, payment details, and card information if you use one.
- Your comments and product reviews.
- Technical information about your internet browser, for example the country where your computer is, the pages you visit on our website, the advertisements you clicked on, and any search terms you entered.
- Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
6. How you can stop the use of your personal data for email direct marketing
- To process any orders that you make, and to comply with our legal obligations. For example, your details may need to be passed to a third party such as a courier or Royal Mail to deliver the product that you ordered (who may in turn contact you by email, telephone or SMS with delivery updates), and we will need to keep your details for a reasonable period afterwards in order to fulfil any contractual, legal, or regulatory obligations we may have.
- To respond to your queries, refund requests and complaints. Handling the information you sent enables us to respond. We may also keep a record of these communications. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with good service and improving our service in future.
- To process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate interests in reducing the risk of credit/debit card fraud. This also helps to protect our customers from fraud.
- If you are an existing customer (who has ordered from us before), we'll use your data to send you communications by email about similar products that we sell (for example new designs) including special offers. We'll do this on the basis of our legitimate interests in updating customers with information on our latest products. You are free to opt out of receiving our direct marketing emails either when you order or at any time (see next section 'How you can stop the use of your personal data for email direct marketing').
- To send you communications required by law or which are necessary to comply with our legal obligations. These service messages will not include any promotional content.
- To display the most interesting content to you on our website, we'll use data. We do so on the basis of your consent for our website to place cookies on your device. For example, we might display a list of items you've recently looked at, or offer you recommendations.
- To comply with our contractual or legal obligations to share data with law enforcement. For example, when a court order is submitted to share data with law enforcement agencies or a court of law.
- To send you feedback requests to help improve our services. These messages will not include any promotional content and do not require prior consent when sent by email or text message. We have legitimate interests to do so as this helps make our products or services more relevant to you.
- Sometimes, we'll need to share your details with a third party who is providing a service such as delivery couriers or an order fulfilment company. We do so to fulfil our contract or agreement with you. Without sharing your personal data, we'd be unable to fulfil your order.
There are several ways you can stop direct marketing emails from us:
- Click the 'unsubscribe' link in any email communication that we send you.
- Email us at: email@example.com
- Write to us at Customer Services, The Flag and Bunting Store, Unit 2, House 2, Lynderswood Farm, Lynderswood Lane, Braintree CM77 8JT
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.7. How we protect your personal data
We treat your data with the utmost care and take all appropriate steps to protect it.
We secure access to all areas of our website using 'https' technology.
Our order processing computer systems are password-protected and the data held by them is secured by encryption.
Any paper records we keep are stored in key-controlled areas accessible only to authorised members of staff who require such access.
We monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.8. How long we keep your personal data
Whenever we collect or process your personal data, we'll only keep it for as long as is necessary for the purpose for which it was collected. At the end of the retention period, your data will be deleted.
When you place an order, we keep the personal data you give us for seven years so we can comply with our legal and contractual obligations such as VAT accounting.
We keep data that you give us when you make general enquiries for 12 months following the final interaction from you so we can re-open the enquiry if you need us to. 9. Who we share your personal data with
For example, delivery couriers, payment service providers, order fulfilment companies, fraud management organisations, feedback management companies, email marketing agencies and so on.
We only share your personal data with trusted third parties, and only provide them with the information necessary to perform their specific services.
Examples of the kind of third parties we work with are:
- Operational organisations such as order fulfilment companies, and delivery couriers such as DPD.
- Payment service providers who manage the secure processing of your payment when you pay by card, such as First Data Merchant Services.
- Companies who support our website and other business systems. For example fraud prevention organisations such as DataCash, and feedback management companies such as Feefo.
- Direct marketing companies who help us manage our email communications with you, such as Mailing Manager.
We do not share your data with any other organisation for their own marketing purposes.
For fraud management, we may share information about fraudulent or potentially fraudulent activity, including data about individuals, with law enforcement bodies.
We may be required to disclose your personal data to the police or other enforcement, regulatory or Government body, if told to do so.
We may, in the future, sell or merge The Flag and Bunting Store and this may involve the transfer of part of or the whole business to new owners. If this happens, your personal data may be transferred to the new owner or controlling party.10. Where your personal data may be processed
Sometimes we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA). For example, if you place an order for delivery outside of the EEA (eg to Australia) this would be required in order to deliver the order.
Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice. 11. Your rights over your personal data
You have the right to request:
- A copy of any information about you that we hold, usually free of charge, and also to have that information corrected if it is inaccurate. To ask for your information, please contact our Customer Services team.
- That we stop using your personal data for email direct marketing.
If we choose not to action your request we will explain to you the reasons for our refusal.
In cases where we are processing your personal data on the basis of our legitimate interests, you can ask us to stop for reasons connected to your individual situation. We will do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
To protect the confidentiality of your information, we will need you to verify your identity to our full satisfaction before proceeding with any request you make under this Privacy Notice. 12. Contacting the Regulator
Cookies are tiny text files that websites place on users' computers to make the website faster and easier for you; they allow us to make your shopping basket work properly, and they help you move from one part of the flagandbuntingstore.co.uk website to another easily.
Cookies do not contain any personal or private information, and they can't read information saved on your drive. They are not computer programmes so they cannot harm your computer, or be used to spread viruses, or to get a user's email address or private information.
Without using cookies our website will not function properly and you will not be able to order online.Managing Cookies
You can turn off cookies within your browser by going to 'Tools | Internet Options | Privacy' and selecting to block cookies. If you turn off cookies, you will be unable to place an online order with The Flag and Bunting Store and will need to 'phone us to order. Please note that cookies are computer specific, so if you log on to a site from a different computer, the cookie settings on that computer will apply.
For further information about managing and disabling cookies on your computer see www.allaboutcookies.org/manage-cookies.What Our Cookies Do
The cookies we use fall into 3 groups:Functionality Cookies
enable you to buy products on our website. They allow you to browse, order, pay for items, and make the check-out process easy. For example we have a cookie that saves your shopping basket for 2 hours - if you leave the ordering process and return to finish it an hour later, the cookie will ensure the contents of your basket are still there to save you having to re-enter them.Analytics Cookies
measure and analyse how customers use our website. They track visitor numbers and things like the number of pages visited and the order visited, and time spent. We use this information to improve the experience for all customers.
Marketing Cookies identify how you find and/or reach our website. This helps us gauge the relevance and effectiveness of our marketing.
If you're especially curious, you can look in the table below to see the specific names of the different cookies we use.
|Cookie Name||Cookie Use||Provider||Duration
|ACTINIC_BUSINESS||Product Purchase||Flag and Bunting Store||Session Only
|ACTINIC_CART||Controls the shopping basket||Flag and Bunting Store||2 Hours
|CART_CONTENT|| Stores the basket value and item count for the shopping cart summary ||Flag and Bunting Store||2 Hours
| LAST_SECTION_URL || Used by 'Back' link to return the visitor to the correct Section Page. Allows you to move smoothly around the site ||Flag and Bunting Store||Session Only
| ACTINIC_REFERRER || Product Purchase||Flag and Bunting Store||Session Only
| __utma || A cookie for Google Analytics which identifies each user's amount of visits, as well as the time of the first, previous and current visit.||Google||2 Years
| _ga, __gat || A random unique number or string of letters and numbers to identify your browser, the times and dates that you interacted with the site and the marketing materials or referring pages that led you to the site.||Google||2 Years, 10 minutes
| SID, SAPISID, APISID, SSID, HSID, DSID || Various unique identifiers, which stores your options such as preferred zoom level.||Google||2 hours
| Datr, c_user, fr ||Facebook tracking cookies.||Facebook||2 years, 1 month, 3 months