The Corporate Christmas Tree Company Limited (trading as [dzd.co.uk]) understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits this website, [www.dzd.co.uk] (the “ Site”) and will only collect, use and process personal data in ways that are described here, and in a manner that is consistent with Our obligations and your rights under the law.
“Cookie” means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site;
“personal data” means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to Us via Our Site. This definition shall, where applicable, incorporate the definitions provided in the UK GDPR”); and
“UK GDPR” means the UK General Data Protection Regulation and the Data Protection Act 2018.
“We/Us/Our” means The Corporate Christmas Tree Company Limited, a limited company registered in Scotland under company number SC183535, whose registered address is Unit 4 Ruthvenfield Avenue, Inveralmond Industrial Estate, Perth, Scotland, PH1 3WB
2 INFORMATION ABOUT US
2.1 The Site is owned and operated by Us and We are the controller and entity responsible for your personal data. This means that We decide why and how your personal data is processed.
2.2 Our VAT number is 717370242.
2.4 You have the right to make a complaint at any time to the Information Commissioner’s Office (the “ICO”), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.Helpline number: 0303 123 1113.
3 WHAT DOES THIS POLICY COVER?
4 YOUR RIGHTS
4.1.2 the right of access to the personal data We hold about you (see section 13);
4.1.3 the right to rectification if any personal data We hold about you is inaccurate or incomplete (please contact Us using the details in section 15);
4.1.4 the right to be forgotten – i.e. the right to ask Us to delete any personal data We hold about you;
4.1.5 the right to restrict (i.e. prevent) the processing of your personal data;
4.1.6 the right to data portability (i.e. obtaining a copy of your personal data to re-use with another service or organisation); and
4.1.7 the right to object to Us using your personal data for particular purposes.
4.2 If you wish to exercise any of the rights set out above, please contact Us using the details provided in section 15 and We will do Our best to solve the problem for you.
4.3 For further information about your rights, please contact the ICO or your local Citizens Advice Bureau.
5 WHAT DATA DO WE COLLECT?
5.1 We may collect, use, store and transfer different kinds of personal data about you which we have grouped together, as follows:
5.1.1 Identity Data includes first name, last name, username or similar identifier, marital status, title, date of birth and gender.
5.1.2 Contact Data includes billing address, delivery address, email address and telephone numbers.
5.1.3 Financial Data includes bank account and payment card details.
5.1.4 Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
5.1.5 Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
5.1.6 Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
5.1.7 Usage Data includes information about how you use our website, products and services.
5.1.8 Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
5.2 We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
6 HOW DO WE COLLECT AND USE YOUR DATA?
6.1 We use different methods to collect data from and about you including through:
6.1.1 Direct interactions: You may give Us your Identity, Contact and Financial Data by filling in forms or by corresponding with Us by post, phone, email or otherwise. This includes personal data you provide when you:
a) apply for our products or services;
b) create an account on our website;
c) subscribe to our service or publications;
d) request marketing to be sent to you;
e) enter a competition, promotion or survey; or
f) give us feedback or contact us.
6.1.2 Automated technologies or interactions: As you interact with Our website, We will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see section 14
for further details.
6.2 All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with Our obligations and safeguard your rights under the UK GDPR at all times. For more details on security see section 8, below.
6.3 Our use of your personal data will always have a lawful basis Most commonly, we will use your personal data in the following circumstances:
6.3.1 it is necessary for Our performance of a contract with you (i.e. to be able to fulfil our contract to supply products to you)
6.3.2 because you have consented to Our use of your personal data;
6.3.3 because it is in Our legitimate interests and your interests and fundamental rights do not override those interests; or
6.3.4 where we need to comply with a legal obligation.
6.4 If we are relying on consent as a lawful basis, you may subsequently withdraw your consent at any time by contacting us on the details provided in section 15. The withdrawal of your consent will not impact the lawfulness of any processing carried out before the withdrawal.
6.5 Specifically, We may use your data for the following purposes and on the basis of the legal bases identified in the table below. Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|Providing and managing your account||
||Performance of a contract with you|
|Providing and managing your access to Our Site||
||Performance of a contract with you|
|Personalising and tailoring your experience on Our Site||
||Necessary for our legitimate interests (to provide customers with the best experience of using Our Site)|
|Supplying Our products and services to you (please note that We require your personal data in order to enter into a contract with you).||
||Performance of a contract with you|
|Personalising and tailoring Our products and services for you.||
||Necessary for our legitimate interests (to develop our products/services and grow our business).|
|Replying to emails from you.||
||Necessary for our legitimate interests (for running our business and providing a good customer service).|
|Supplying you with emails that you have opted into (you may unsubscribe or opt-out at any time by clicking the unsubscribe link at the bottom of the marketing emails).||
|Analysing your use of Our Site and gathering feedback||
||Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).|
6.6 With your permission and/or where permitted by law, We may also use your data for marketing purposes which may include contacting you by email with information, news and offers on Our products and services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the UK GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003. You can ask us to stop sending you marketing messages at any by contacting us at any time using the details in section 15.
6.7 Third parties whose content appears on Our Site may use third party Cookies, as detailed below in section 14. Please refer to section 14 for more information on controlling Cookies. Please note that We do not control the activities of such third parties, nor the data they collect and use and advise you to check the privacy policies of any such third parties.
7 HOW LONG WE KEEP YOUR DATA
7.1 We do not keep your personal data for any longer than is reasonably necessary in light of the reason(s) for which it was first collected. To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
7.2 We may need your personal information to establish, bring or defend legal claims. For this purpose, we may retain your personal information for 10 years after the date it is no longer needed by us for any of the purposes listed above. The only exceptions to this are where:
7.2.1 the law requires us to hold your personal information for a longer period, or delete it sooner;
7.2.2 you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law; or
in limited cases, the law permits us to keep your personal information indefinitely provided we put certain protections in place.
8 HOW AND WHERE DO WE STORE YOUR DATA?
8.1 Your data will only be stored within the European Economic Area (the “EEA”) and/or the United Kingdom.
8.2 If at any time we transfer your personal information to, or store it in, countries located outside of the UK and EEA (for example, in the USA) or our hosting services provider changes we will ensure that appropriate safeguards are in place for that transfer and storage as required by applicable law. This is because some countries outside of the UK and EEA do not have adequate data protection laws equivalent to those in the UK and EEA.
8.3 Data security is very important to Us, and to protect your data We have taken appropriate measures to safeguard and secure data collected through Our Site.
9 DO WE SHARE YOUR DATA?
9.1 We may share your data with other companies in Our group for marketing and analytics.
9.2 We may sometimes contract with third parties (e.g. Inforgen) to supply products and services to you on Our behalf. These may include payment processing, delivery of goods, search engine facilities, advertising, and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, We will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law.
9.3 We may compile statistics about the use of Our Site including data on traffic, usage patterns, user numbers, sales, and other information. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you. We may from time to time share such data with third parties such as prospective investors, affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.
9.4 We may sometimes use third party data processors that are located outside of the EEA and/or the UK. Where We transfer any personal data outside the EEA and/or the UK, We will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and under the UK GDPR.
9.5 In certain circumstances, We may be legally required to share certain data held by Us, which may include your personal data, for example, where We are involved in legal proceedings, where We are complying with legal requirements, a court order, or a governmental authority.
10 WHAT HAPPENS IF OUR BUSINESS CHANGES HANDS?
11 HOW CAN YOU CONTROL YOUR DATA?
11.1 In addition to your rights under the UK GDPR, set out in section 4, when you submit personal data via Our Site, you may be given options to restrict Our use of your data. In particular, We aim to give you strong controls on Our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails and at the point of providing your details.
11.2 You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.
12 YOUR RIGHT TO WITHOLD INFORMATION
12.1 You may access certain areas of Our Site without providing any data at all. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.
13 HOW CAN YOU ACCESS YOUR DATA?
13.1 You have the right to ask for a copy of any of your personal data held by Us (where such data is held). Under the UK GDPR, no fee is payable and We will provide any and all information in response to your request free of charge unless your request is clearly unfounded, repetitive or excessive in which case we may charge a reasonable fee. Alternatively, we could refuse to comply with your request in these circumstances.
13.2 –We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
13.3 You will be required to provide evidence of your identity in order to receive your personal data or have your personal data removed. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
15 CONTACTING US