The term ‘personal data’ refers to both your business and personal information and means any information relating to an identified or identifiable natural person (also known as a ‘data subject’). An identifiable natural person is one who can be recognised, whether directly or indirectly, by a certain identifier such as their name, identification number, or location data, or, alternatively, by an online identifier. Identifiable factors can be specific to any number of physical, physiological, genetic, mental, economic, cultural or social identities.
By agreeing to provide your information, we commit to your data being:
Processed lawfully, fairly and in a transparent manner.
Collected for specified, explicit and legitimate purposes and not processed beyond those.
Adequate, relevant and limited to what is strictly necessary for our processing purposes.
Accurate and, where necessary, kept up-to-date.
Kept in a manner which permits identification of data subjects for no longer than is strictly necessary.
Processed in a manner that ensures the appropriate security of your personal data.
This policy is updated from time to time and the latest version is published on this page.
If you have any questions about this policy, please email info@whisperingsmith.
We gather and use certain information about individuals in order to provide products and services and to enable certain functions within our website.
We also collect information to better understand how visitors use our website and to present timely, relevant and personalised information to them.
What Does Providing Your Consent Mean?
Giving consent will be confirmed through a double opt-in process, whereby once you have confirmed that you agree to opt-in for marketing communications, you will receive an email to confirm that your consent has been freely and knowingly given. This affirmative act establishes that you are the subject of the personal data and that you agree to the processing of said data by Whispering Smith and relevant third parties (such as Magento and Dotmailer), through a clearly written marketing opt-in statement.
How Do We Collect Your Information?
We only collect personal information through either our website or via our email service provider; where you can either register or update your account online. Here, your data is stored via our e-commerce platform on a private server which can only be accessed internally from within the company and by a few select third party companies who we work with. These third parties can access your data but they are not able to disclose or use your data in any way. All of the databases that we use are password protected to prevent any prohibited access.
What Data Will We Gather?
We may collect the following information:
- First Name
- Last Name
- Email Address
- Company Name
- Trading Name
- Business Type
- Tax/VAT number
- Company Registration
- Landline Number
- Mobile Number
- Business Address
- Trading Type
- Website Address
- Order Information
- Invoice History
- Payment Methods
- Consent Status
- Website Usage Data
- Other Information
- Relevant to Client
- Other Information
- Pertaining to Special
- Offers and Surveys
How Will We Use This Data?
Collecting this data helps us to understand what you are looking from our company, enabling us to deliver improved products and services.
Specifically, we may use data:
- For our own internal records.
- To improve the products and services we provide.
- To contact you in response to a specific enquiry.
- To customise our website to your needs.
- To send you promotional emails about products, services, offers and other things that we think might be relevant to you.
- To send you promotional mailings or to call you about products, services or offers that we think might be relevant to you.
- To contact you via email, telephone or direct mail for market research purposes.
Controlling Your Information
Your rights as an individual are as follows:
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- Rights in relation to automated decision-making and profiling.
When you fill in a form or submit your details to our website, you will see one or more tick boxes allowing you to:
- Opt-in to receive marketing communications from us by email, telephone, text message or post.
- Opt-in to receive marketing communications from our third party partners by email, telephone, text message or post.
If you have agreed that we can use your information for marketing purposes, you can change your mind easily by:
- Signing in to our website and changing your opt-in settings in your account dashboard.
Sending an email to us at email@example.com.
Writing to us at:
61 Great Ducie Street
We will never lease, distribute or sell your personal information to third parties unless we have your explicit permission or the law requires us to.
Any personal information that we hold about you is stored and processed under our data protection policy, in line with the UK Data Protection Act (1998).
Data is held and used for marketing where there is legitimate interest, or you have opted-in for marketing communications, for a minimum of 10 years. If there is no evidence of engagement after 10 years, your data will be permanently removed from our database.
We will always hold your information securely.
To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security safeguards.
We also follow stringent procedures to ensure that we use all personal data in line with the UK Data Protection Act (1998).
In the unlikely event of a data breach, you will be made aware if it is classed as a ‘high risk breach’ (with high risk meaning that we need to notify you so that you can take action for damage limitation, or that it will have a direct impact on you going forward). The notification will detail the nature of the breach and what you can do to mitigate its potential impact. The mitigation factors will be communicated to you ‘as soon as reasonably feasible’, in co-operation with the supervisory authority and any other potential authorities, such as law enforcement.
We may analyse your personal information to create a profile of your interests and preferences, so that we can contact you with relevant information. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use your personal information to detect and reduce fraud and credit risk; please note, however, that we will never keep your card details on file.
16 or Under
We are concerned with protecting the privacy of children aged 16 or under. If you are aged 16 or under‚ please always seek the permission of your parent or guardian before providing us with any personal information.
Transferring Your Information Outside of Europe
As part of the services offered to you through our website, the information that you provide to us may be transferred to countries outside the European Union (EU). By way of example, this may happen if any of our servers are, from time to time, located in a country outside of the EU. These non-EU countries may not have similar data protection laws to the UK. By submitting your personal data, you are therefore agreeing to this transfer, storage and processing.
If we transfer your information outside of the EU in this way, we will take steps to ensure that the appropriate security measures are taken, with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. If you use our services when you are outside of the EU, your information may be transferred internationally in order to provide you with those services.
Links to Other Websites
Ruler Analytics is one of our third party partners & their cookies may be set when you visit our website. We use the information gathered to analyse and understand how people interact with our website.
For opt-out information please Contact firstname.lastname@example.org or visit https://www.ruleranalytics.com
Overview Document – Explaining GDPR in relation to you and Ruler
Revised Terms & Conditions
Revised Privacy Notice
The author of this article is Anna Marianna White