Ecomodo Limited Privacy Policy

Introduction:

Data protection affects us all, and Ecomodo Limited takes its obligation to protect the data you share with us extremely seriously.

This document will detail in a clear and understandable way the lawful reasons for using your data, who we might share it with, and the way we do so.

 

Definition of Terms:

Term: Definition:
GDPR

General Data Protection Regulation.

This is the new data protection law, coming into effect from the 25th of May.

Personal Data Quite simply this is any data that relates identifiably to you. It can include things like: your name, address, telephone number, email address, photo ID, biometric information, IP address and other identifying information.
Data Subject The data subject is you, and everyone we hold any of the personal data for, as defined above.
Data Controller This is us! We decide what to do with the data, once we’ve received it. For example, we elect to send on your address to the couriers, so they can deliver you order.
Data Users This is anyone in our business who handles that data. For example, one of our Customer Account Managers may take a telephone number to call you back on.
Data Processor These are individuals or companies who process data on our behalf. As before, this would include a courier company, who would use your address in the way we’ve asked them to.
Processing Is the act of using any personal data, for any purpose.
Sensitive Personal Data Sensitive Personal Data is data such as: political opinions, religion, mental or physical health etc. Ecomodo Limited does not collect this data in any way from its customers.

 

The Core Principals of the GDPR:


1.      All data must be fairly and lawfully processed.

This means we have to have a lawful reason to process your data.

 

2.      Personal data shall be obtained only for one or more specified and lawful purposes, and will not be processed in any manner incompatible with those purposes.

This means we only collect what we need to fulfil orders, and run our business. Once we’ve collected your data, we only then use it for lawful purposes.

 

3.      Personal data shall be adequate, relevant and not excessive in relation to the purpose for which it is processed.

Similarly to above, we will only record the data we really need, and nothing more.

 

4.      Personal data shall be accurate, and up to date.

It is our duty under the law to make sure the information we have recorded is accurate, please let us know if it’s not!

 

5.      Personal data will not be processed for any purpose or purposes and shall not be kept for longer than is necessary for that purpose or purposes.

We have requirements under the law to retain data for certain reasons, and for certain times. However, once these times are elapsed we will delete your data. This means we will never have personal data in our systems or on our premises a moment longer than necessary.

 

6.      Personal data shall be processed in accordance with the rights of data subjects under this act.

Please see below for a full list of your rights as a data subject.

 

7.      Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data, and against accidental loss, destruction or damage to your personal data.

We have set in place safeguards and systems that mean every single piece of information is shared only with those we have a lawful basis to do so, even within the company.

 

8.      Personal data will not be transferred to a country outside of the European Economic Area unless it ensures a sufficient level of data protection for data subjects.

Ecomodo does not send any of your data outside of the EEA.

 

Data Protection Officer:

The business has appointed Mr Olimpio Romanella, Director as its Data Protection Officer.

He may be contacted by email on [email protected].

 

The GDPR outlines six legitimate reasons for processing personal data:

Consent: You have given permission for your data to be used. For example, if you opt in to receive marketing information.

Contractual: To be able to fulfil the agreement between the customer, and the business. For example, we will need to use your address to send you your goods.

Legal obligation: We must process data to comply with law. For example, retention of some information for the financial obligations of the business.

Vital interests: To safeguard the vital interests of a data subject via the processing of that data. Usually this is to save someone’s life! For example, the administering of a vital medicine in a hospital.  We do not process data in this way.

Public task: To process data to enact and enforce other law. This is mainly for the police, and other enforcement agencies. We do not process data in this way.

Legitimate interests: To use personal data to pursue a legitimate interest of the business. This might be things like calling to let you know the status of an order, or calling to make sure you are satisfied with your products, and our services.

 

Data we process, and the lawful reasons for doing so:

Data Lawful reason for processing. Third Parties
A customer’s full name.

Processed for:

  • Delivery notes.
  • Internal order management.
  • Complaints handling and procedures.

Our suppliers and couriers for contractual fulfilment.

 

Our payment provider Sage, who manages your payment securely.

A customer’s postal address.

Processed for:

  • Fulfilling the contract made between Ecomodo Ltd and the customer by delivering such items as purchased.
  • Delivery notes.

Our suppliers and couriers for contractual fulfilment.

 

Our payment provider Sage, who manages your payment securely.

A customer’s email address.

Processed for:

  • Account creation within the customer relationship management system.
  • Email updates on an order’s status.
  • Email marketing campaigns, if the customer has agreed to allow us to do so.
  • To answer queries.

Mailchimp email systems, if the customer has consented to being on our email list.

 

Our payment provider Sage, who manages your payment securely.

A customer’s telephone number.

Processed for:

  • Phone updates on order status.
  • To answer queries.
  • To call the customer about new products or offers if the customer has agreed to allow us to do so.
Our payment provider Sage, who manages your payment securely.
Anonymised aggregate statistics through Google and Bing Analytics:

Processed for:

  • To more effectively market our products and services.
  • To measure the success of our marketing efforts.
Google Analytics and Bing Analytics.

 

Data Retention:

If a customer has made a purchase, their full name and postal address are retained for six years for financial record keeping. Their order details including email address and telephone number is retained for the length of the longest warranty of the items, to allow us to easily process warranty claims. This will vary per product, please see the product pages for the length of warranties.

All customer quotes, samples, saved carts or other forms of contact that do not result in a sale will be retained for six months, to allow the customer to consider their purchasing options. After six months quotes will expire, and the customer removed from the Customer Account Management System.

 

You have a number of rights under the GDPR, which are detailed below:

Access request: This allows you to request copies of all the personal data that the company holds on you. We will respond to these within one month of receipt, unless your request is particularly complex. You can exercise this right by contacting Mr Olimpio Romanella on [email protected] who will administer the request.

Rectification of personal data: If you think we’ve got the wrong address, or name, or anything else detailed above just let us know and we’ll change it. Feel free to call us on 01825 765041 or email us on [email protected]

Erasure of personal data: If you want to wipe your personal data from our systems completely, just say, we will remove everything unless legally obligated not to. We will also pass this request on to our suppliers and third parties. Please do be aware, this is not the same as removing yourself from an email list, you can easily do that at the bottom of any of our emails! This will remove you entirely from our systems. If you go ahead and do this, please do retain your receipts if you’ve made an order, as we won’t be able to find your details in the event of a warranty claim. This request will be completed within one month.

Restriction of data processing: This right allows a Data Subject to stop the processing action of any of your personal data. We won’t use it for any reason, but we won’t delete it either, unless requested as above. Similarly to above, there are certain processing actions that we may be legally obligated to make.

Objections to personal data processing: This is where you can object to a specific use of your data. For example, if you agreed to be on our email lists, but have now changed your mind, we will simply stop processing your data in this fashion, at your request. You can find opt outs for our emails at the end of any message, alternatively please contact [email protected]

The right to be informed: This requires us to be up front and transparent. We hope this document will explain fully what will happen to your data, and why. If you’ve any questions about how we process data, or your rights as a data subject or indeed if any of the above is unclear, please contact us on [email protected]

 

Revisions and ongoing action:
We will always work hard to protect your data, and will regularly review this and other policies and safeguards.

If you’ve any questions about how we process data, or your rights as a data subject or indeed if any of the above is unclear, please contact us on [email protected]

This policy will take effect from the 25th of May, 2018. This is the fifth revision of this document, and will be updated to be compliant with the law.