As part of running our business, Sew Devine sometimes needs to collect, maintain and use personal data about you. That will normally be if you are current, past or prospective customer, a supplier, or an individual that’s contacted us and needs a response.
Just so you know, the legal basis that we have to process your data falls into one or more of the following areas: Firstly, if you have a contract with us – for example if you are an existing customer or supplier. Secondly, if you’ve provided consent – for example, if you’ve consented to receive a newsletter from us. Thirdly, if we have a legitimate reason – for example, you have asked us for a quote.
Any personal information you give us, either on this website (for example, via a contact form or shop order), via email or direct mail, phone contact or direct contact with the company in person will never be sold, rented or made public without your consent.
We take your privacy seriously. We’ll only use your information for the legal basis with which we hold it. Sometimes, to do that we might need to pass information on to a third party (for example your email into a newsletter sending system). When we do, we’ll use safe, reliable, GDPR compliant services who won’t pass your personal details anywhere else.
Information we collect
1. Company and contact information
We hold company and contact information on the individuals and companies that we do business with, employ, and/or market to. Whenever we hold such information we only hold that which is necessary for purposes we need. To find out more about what we hold for individual purposes please contact us using the methods described below.
2. Site visits tracking
We occasionally collect visitor behaviour on our website. This tells us which pages are visited, the sorts of searches that are used to find us and what people do on the site when they are there. It doesn’t tell us anything personal about the people visiting the site, just what they do.
If you want to know more about cookies visit www.aboutcookies.org or www.allaboutcookies.org.
We use the data to make changes on our website based on what we see visitors are doing.
3. Orders taken on our website
If you place an order with us, we’ll retain your contact details, delivery details and the details of your order. Those details will be kept in a database on our website which can only be accessed via us. We’ll also get an email copy of the order to notify us it has been placed.
We do not take payments on the site and use a secure third party (currently PayPal) to look after the transactions for us.
4. Contact by form, email link and telephone
If you email us, either using a website contact form or by sending a direct email, we’ll get that information in an email. That data isn’t stored on our website.
If you phone us and we need to store your details for any of the legal bases explained we’ll store it safely on company computers that are regularly maintained and safely kept (in alarmed premises where possible). We might also add your information to our CRM if it is right for processing your reason for contact.
We may keep a record of contacts (such as emails that have been sent and received), but again we won’t use the details for anything other than the relevant legal reasons stated.
On occasion, we may send marketing and information emails. We’ll only send these emails if you fall into one of the two following categories:
- You’re an existing customer or supplier who we do current business with.
- You’ve asked to get emails via a newsletter signup form / documented social media request.
If you’ve asked to get our marketing, you may opt out any time. There’ll be an unsubscribe link in each newsletter or you can contact us (see below).
Under 16? Legally you must obtain parental consent before joining email newsletters.
If you visit our premises you may be recorded on our external CCTV cameras. These cameras are used purely for the purposes of crime prevention. In the event of a break in, we would share any CCTV that provides evidence to the police. Our CCTV system records over previous recordings so data is only kept for a short time.
What we do with information collected
Where appropriate, we’ll use the information we keep about you to:
- send you information on products or services that you’ve asked for.
- send you information on products or services, which we think will interest you.
- carry out our obligations arising from any contracts entered into between you and us.
- notify you about changes to our services or products.
- inform business partners, suppliers and sub-contractors for the performance of any contract we enter into with you.
- to fulfil any orders placed on our website.
Access to your information and correction
You have a number of rights including the right to request a copy of the information that is held about you. If you’d to know what information is held, please contact us, using the form below on this website and we'll reply to you by email. Legally that’s within one working month, but we’ll aim to reply as soon as we can. We want to make sure that your personal information is accurate and up to date. So, once you have any information, you can ask us to correct or remove anything you think is wrong. For a full list of your rights, have a look at the ICO Website.
We’ll normally be happy to help at no charge, however where requests are manifestly unfounded, excessive, or repetitive after an initial, responded to, request, we’ll potentially charge an admin fee to cover the time taken to fulfil the request.
Designated Data Controller
As a smaller company, we do not require a dedicated data controller. To contact us about your data, you should email us at firstname.lastname@example.org.
Third Party Processors
We use some third parties to process personal data for us. These third parties have been carefully chosen and, to the best of our knowledge, all of them comply with current legislation where applicable for their country. We may need to share your information with them in order to process products or services. This may be within the UK or outside including the United States and countries outside of Europe.
We will report any unlawful data breaches of data held by us to the ICO as required (https://ico.org.uk/for-organisations/report-a-breach/personal-data-breach/) within 72 hours of becoming aware of a breach taking place if it is apparent that personal data stored in an identifiable manner has been stolen.