At Sports and Model Shop, we’re committed to protecting the privacy and security of all our customers and website users. If you’d like to know more about how we protect your privacy, please get in touch with us at email@example.com. For the purposes of our digital content and services, the data controller is Downie Leisure Ltd., and we act as the company responsible for your privacy.
When do we collect your personal information?
We collect personal data when you visit the Sports and Model Shop website, place an order, and contact us via email or any other channel.
What kind of personal data do we collect, and why do we collect it?
The data we collect may include your name, email address, address, phone number, social media usernames (if you interact with us this way) and your email preferences. Web usage data we collect (while you’re using our website) may also include your IP address, geographical information, browser and operating system and details of your visit to our website (including the pages you visited). We may also collect information about your visit using cookies in your web browser.
We collect your personal data in order to provide you with products you’ve purchased online, support our digital services and improve your customer experience, and we’ll try our best to provide you with information we think will be of interest or relevance. We won’t send you any marketing messages, and will only email you in connection with your order or respond to queries.
We collect technical information about your visit to our website in order to give our users the best experience we can, by analysing user behaviour and making improvements to our online services. We also use this information to help protect our website and allow us to meet our legal obligations in taking care of your data.
How do we share your personal data?
We’ll never sell any of the personal information you provide us to any 3rd parties (including your name, email address, address, phone number, or anything else you tell us).
We may share your data with trusted 3rd party companies where this is necessary or beneficial in order to provide you with services. We will only provide the information required in order for companies to perform their specific services. These companies include:
- Payment gateway providers (SagePay), who process payments for orders on our behalf.
- Couriers and delivery partners, who deliver orders for us.
- Companies providing us with professional services, including marketing, email campaign providers and website hosts.
- Companies explicitly approved by you, such as social media platforms (for example, Facebook and Twitter).
- Analytics providers (Google Analytics), in order to see how users interact with our website and ensure we’re bringing you the best possible experience.
- We may share information about fraudulent or potentially fraudulent activity where this is required – for example, sharing data about individuals with law enforcement bodies.
For more information, please contact us at firstname.lastname@example.org.
How is your personal data secured?
We treat information security as a matter of utmost importance, and it’s vital to us that your data is properly taken care of. All payments are taken via secure connections, using trusted 3rd party payment providers who conform to all necessary PCI and DSS security standards, and no payment details are retained or held by us. When you subscribe to our mailing lists, your information is taken securely over a ‘https’ secure connection, and access to any of your personal data is password protected and restricted solely to individuals who require it. Our website is hosted on servers using security and encryption best practices, with restricted access.
How do we contact you with marketing messages?
We won’t contact you with any marketing messages.
How long do we retain your information?
We won’t keep your data any longer than is necessary. If you’ve given us any personal information, we’ll retain this for as long as we need it to continue providing you with a service, or as required for our record keeping.
Web usage information (sent to Google Analytics to analyse traffic and user behaviour) is retained for a period of 26 months, and may include data like IP address, geographical information, browser usage and operating system. Any personal data older than this is automatically deleted / anonymised.
Where is your data processed?
Your data may be transferred to 3rd party data processors outside the EEA (European Economic Area). If we do this, we ensure data is granted the same protection that it would if it were processed within the EEA, and that any 3rd party data processors are fully GDPR compliant.
You have many rights pertaining to your personal data and how we use it, including:
- The right to access to the personal data we hold about you
- The right to access information about how your personal data is used
- The right to request correction of inaccurate, out of date or incomplete information
- The right to request deletion of your data, or that we stop processing or collecting it
- The right to opt-out of marketing messages if you withdraw consent
- The right to request transfer of your personal data to another service provider
- The right to submit a complaint to the ICO (Information Commissioner’s Office)
If you want to exercise any of these rights, you can email us at email@example.com.
Questions, complaints and contact
If you have any questions or feedback about this privacy notice, or would like to exercise any of your rights pertaining to our use of your personal information, you can contact us via the following channels:
- Email – firstname.lastname@example.org
- Phone – 01349 862 346
- 66 High Street, Dingwall, Ross-shire, Scotland, IV15 9RY