All data is processed lawfully, fairly, transparently and in accordance with data protection legislation. We think this privacy notice is written in clear and transparent language, but if you disagree or have any questions, you can contact us.
We act as data controller for any data that you, our customer or potential customer, provide us with via the forms on our website or via any other means of contacting us.
Your relationship with us is managed online via the email address that you supply to us. You can view and update your settings at any time by requesting an access link.
We collect and use the information you explicitly give us for the following purposes:
1) To provide you with information about the items we advertise for sale
2) To provide you with the ability to purchase the items
3) To provide support for purchases you have made through our service
We collect statistical data about visits to our website. Some of this is personal data such as IP address that is logged for the purpose of crime prevention and detection.
We may use your personal data as necessary for the protection and assertion of our legitimate interests, our legal rights, your legal rights and the legal rights of others or to comply with a legal obligation.
We will ask you to provide your personal data directly to payment processors in order to complete payments to us.
As many companies must do we contract other companies to provide a part of our service. In these cases some of your personal information may be required to provide the specific part of the service we have contracted. It is only supplied on condition that the information is solely used to fulfil the service. We only use companies that comply with the GDPR. These are the situations where we do this:
We use postal services and we must supply a postal address to postal services when sending ground mail
We use service providers for web hosting and for email
We process data that you give us for the purpose that we state at the time you give us your data.
We store information under the following legal bases:
a. by your consent when you ask to be kept informed of product updates
b. by contract where you purchase something from us
c. by legitimate interest. We collect information about visitors to our website which we use to prevent cyber attacks on our services and for this we collect and share details of suspected attackers.
The state of any processing we do with your data and consent you have given and contracts you are bound to are available at any time by emailing us your name, email address and mobile phone number.
Please contact Nick Sugden, firstname.lastname@example.org for anything related to data protection or the GDPR or if you wish to raise a complaint on how we have handled your personal data. Also if you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner's Office https://ico.org.uk/
All our services are hosted solely on cloud platforms provided by our trusted suppliers. All web hosting services we provide are based in Europe with a cloud service provider who is compliant with ISO/IEC 27001:2013. Other servers reside in the UK, European Union, Canada and the USA. Canada is recognised by the EU as having privacy laws that are compatible with the GDPR and US companies that are Privacy Shield Certified are also recognised as having adequate legal protection. All USA companies we use are Privacy Shield certified. All our suppliers comply with the GDPR. All disks that hold customer or business information of any kind whether connected to servers or desktops are either in Enterprise-Grade secure facilities or encrypted at rest or both. Procedures are in place for ensuring the destruction of data on decommissioned equipment.
1) Our website contains items for sale from a number of carefully selected vendors. If you make an enquiry about an item on our site then your details are passed to the vendor of that item. All our vendors have signed a declaration that they process your data in compliance with legal data protection requirements.
2) If you fill in the form to notify you when items become available then this information is not passed to any of our vendors - we notify you when vendors make items available for sale that match your interests and information is only passed to the vendor if you specifically enquire about an item.
3) Owing to the nature of the internet aspects of your personal information will be used to complete normal day-to-day activities such as the sending of email (which passes about your email address) and the serving of web pages (which passes around your IP address).
4) Your account details are stored online by Just Say Net Ltd and they ensure your account data is protected and only accessed appropriately by everyone involved in supplying the service to you.
Emailing us your name, email address and your mobile phone number will email details of how you can securely access the information we hold on you.
You can exercise your right to redact from the login we send you with your subject access request.
If we provide you with a service we are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed.
Your information we use for marketing purposes will be kept until you tell us that you no longer wish to receive marketing information.