If you have created an account, we will retain information provided indefinitely, so that you (the customer) can access information about your order history or communications with us, regarding those orders. However, we will anonymise your account details after 7 years. If you wish to close your account please contact us.
We will also retain records for the purposes of satisfying any legal, accounting or reporting requirements as governed by law and in the interest of preventing crime and fraud.
In compliance with GDPR you have the following rights under data protection laws in relation to your personal data:
- The right to be informed
- Request access to your personal data
- Request correction of your personal data
- Request erasure of your personal data
- Object to processing of your personal data
- Request restriction of processing your personal data
- Request transfer of your personal data
- Right not to be subject to automated decision making and profiling
You can see more about these rights at:
Data Access Requests
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We may have to share your personal data with the parties set out below for the purposes described in this document:
- Service providers who provide IT and system administration services
- Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, credit scoring, banking, legal, fraud protection, insurance and accounting services
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances
- Third parties to whom we sell, transfer, or merge parts of our business or our assets
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.