Privacy Policy
1. Who are we ?
All data submitted to this website is collected, process and stored by Majestic Towels Limited. We are the “data controller,” meaning we determine what data is collected by this website and what it is used for.
Our registered company number is 1235595 and our registered office address is as follows:
Britannia House, Mole Street Sparkbrook, Birmingham, West Midlands, B11 1XA
2. Data Protection Principles and Regulations
Your privacy is important to us. To better protect your privacy we provide this notice explaining our online information practices and the choices you can make about the way your information is collected and used. To make this notice easy to find, we make it available throughout the website and at every point where personally identifiable information may be requested.
All of our data collection, processing and storage systems – as well as this website – are designed to comply with the following data protection and privacy regulations:
- UK Data Protection Act 1988 (DPA)
- EU General Data Protect Regulation 2018 (GDPR)
As part of the above regulations, we process your personal data in according to the following six data protection principles. Data must be:
- Processed fairly, lawfully and transparently.
- Collected and processed only for specified, explicit and legitimate purposes.
- Adequate, relevant and limited to what is necessary for the purposes for which it is processed.
- Accurate and kept up to date to the best of our knowledge; any inaccurate data will be rectified or deleted without delay.
- Only kept for as long as is necessary for the purposes for which it is processed.
- Processed securely.
As “data controller” we are accountable for any non-compliance with the above principles and regulations.
3. What Information Do We Collect, How Do We Collect It and Why ?
Site Visitation Tracking
To help improve the quality of our online services, we track how people interact with our website so we can identify what is working well and what isn’t for our users.
Although these services record data such as your geographical location, device, internet browser and operation system, this data cannot be used to identify you. These services do also track your device’s IP address – the unique number that identifies your device online – however, none of the services we use provide us access to this data; meaning that you stay completely anonymous.
These services make use of cookies to track your use of our website. If you wish to opt out of site visitation tracking you can do so by disabling cookies in your browser options menu.
For further information on how to manage your cookies using a specific browser or device, please click the appropriate link below:
The above data may also be accessed by our third party marketing provider, Creative Insight. We use Creative Insight to undertake some of our marketing activities, including the analysis of our site visitation tracking data. Creative Insight is only provided access to data required to undertake their role as our marketing services provider.
We use the following site visitation tracking services:
- Google Analytics (View Their Privacy Policy)
We currently hold all tracking data for a period of 26 months, after which it is deleted.
Contact Forms
If you decide to contact us via one of the contact forms found on our website, such as the one found on our contact page, any data entered into such forms will be collected into an email and sent to us using the Simple Mail Transfer Protocol (SMTP) as well as being saved onto our servers for archival purposes.
Data sent and collected by our contact forms are protected by SSL encryption, meaning your data is encrypted during communication and storage.
The above data may also be accessed by our third party marketing provider, Creative Insight. We use Creative Insight to undertake some of our design and management activities, including the design and management of our website and blog. Creative Insight is only provided access to data required to undertake their role as our marketing services provider and are not permitted to access your data for any other reason.
Once you send us an e-mail, the message and associated personal data will be in our possession until we decide that we no longer require the information. Should you wish to have the data associated with your e-mail removed from our database please contact A Vawda – using the contact details in section 10 – and provide the e-mail address you used to send your communication.
We will not use this information to contact you for marketing purposes.
Mailing List
If you choose to join our mailing list (we will only add you to our mailing list if you consent to us doing so) then your e-mail address will be stored on our MailChimp account which is our third-party e-mail marketing service provider. The data you provide will not be stored on our servers, in our database or on any of our internal computer systems.
We may also pass your e-mail data on to our third party marketing provider, CWC Marketing & PR. We use CWC Marketing & PR to undertake some of our marketing activities, including designing, management and sending our marketing e-mails. CWC Marketing & PR is only provided access to data required to undertake their role as our marketing services provider and are not permitted to access your data for any other reason.
Your data will remain with MailChimp for as long as we continue to use their services or until you request removal from the list. You can remove yourself from the list by using the unsubscribe link contained in all of our marketing emails, or by requesting removal via an e-mail sent to A Vawda using the contact details in section 10. Please ensure that you include the e-mail you used to sign-up to our mailing list in the first place. You can also change your marketing consent settings in the “My Details” section of your user account.
If you are under the age of 16 you MUST obtain parental permission prior to joining our mailing list.
We will not add you to any lists that you have not actively signed up for.
Invoices and Purchases
If you choose to make a purchase with us then the personal details associated with your order, such as name, address and the contents and value of your purchase, will be stored on our servers. We will not, however, store any of your payment details – such as your credit or debit card number – as this information is processed by SagePay, our third party payment processor.
This data will remain with us for the period required by HM Revenue and Customs (HMRC) in line with their Records Management and Retention and Disposal Policy. This period currently stands at six years after the end of the current year (six years + one year). After this time, should you wish to have the data associated with your purchase removed from our database, please contact A Vawda – using the contact details in section 10 – and provide any information that could be used to identify your invoice(s) or purchase(s).
We will pass on your details to our third party logistics partners to enable delivery of your order to ensure completion of our contract with you. This data will not be used for any other purpose and will not be further processed by our logistics partners.
If you are under the age of 16 you MUST obtain parental permission prior to making a purchase on our website.
We will not use this information to contact you for marketing purposes.
User Accounts
If you choose to make a user account on our website, the details of your account will be stored on our servers. Should you wish to have the data associated with your account removed from our database, please contact A Vawda using the contact details in section 10 and provide any information that could be used to identify your account.
If the data within your user account, is retained in order to generate purchasing invoices, we may be unable to remove the account until the HM Revenue and Customs (HMRC) records retention period (currently six years after the end of the current year) has passed. We can, however, limit any additional processing between the time of your request and the expiry of the retention period.
If you are under the age of 16 you MUST obtain parental permission prior to creating a user account on our website.
We will not use this information to contact you for marketing purposes.
4. How Do We Protect and Store Your Data ?
We are fully committed to ensuring your information and privacy are protected in accordance with your rights under Data Protect Act and General Data Protection Regulation.
We are committed to protecting the data we hold about you and ensuring it is secure, private and confidential. We have put in place robust technical, physical and managerial controls to protect the confidentiality, integrity and availability of information we hold about you.
We use computer safeguards such as firewalls and data encryption and, where possible, physical barriers to keep your personal data safe.
We do not ordinarily encrypt emails sent out in the course of our work. We do, however, always consider what information is being sent by email and, as part of our approach to data protection, consider any additional protection that may be required to keep your data safe.
We will not transfer any of your information outside the European Economic Area without ensuring the information is given an adequate level of protection under the DPA and GDPR.
We cannot guarantee the privacy of personal information you transmit over the web or that may be collectable in transit by others, including third-parties who provide services to us, we do, however, consider data protection requirements when choosing our third-party suppliers.
We use Creative Insight to host our website. Apart from our SSL certificate that encrypts data sent to and from the website, the hosting service provided by Creative Insight offers further security measures to protect our data:
- A dedicated firewall installed on the server that blocks attacks (Eg. DDOS, Flood).
- Monitoring tools to detect and shut down suspicious activity.
- Data cannot be accessed from external IP addresses.
- Databases are protected by complex passwords.
- All sensitive data stored in databases are encrypted – “one-way encryption” is used in all web applications and websites to generate the encrypted passwords.
- Websites, applications and systems installed on the server have a mechanism that counts failed login attempts. The IP address is then blocked.
5. Third-Party Data Processors
To provide the best possible service, we use a number of third-party companies to process personal data on our behalf. These companies have been carefully selected to ensure that they meet both our own stringent data protect values as well as the regulations laid out in section 2. We will not provide data to companies who do not meet the GDPR standards, nor will we ever sell your data to a third party.
Our third-party data processors are as follows:
- Google Analytics (View Their Privacy Policy)
- SagePay (View Their Privacy Policy)
- Mail Chimp (View Their Privacy Policy)
- Creative Insight (View Their Privacy Policy)
6. What Are Your Rights ?
You have the following rights in relation to your personal data:
- The right to be told what data we are collecting and what it is being used for.
- This is what we’re doing here!
- The right to access any of the personal data we hold about you.
- Please address any such requests to A Vawda – using the contact details in section 10 – along with two pieces of approved identification – such as a passport, driving license or addressed bill (these will be deleted after your identity has been confirmed). Please provide as much information as possible as to your relationship with us to help us find your information. We will respond to your query within one month and will not charge for this service unless the request is unfounded or excessive.
- The right to modify any data we hold about you that is inaccurate.
- Please address any such requests to A Vawda using the contact details in section 10. We will respond to your query within one month and will not charge for this service unless the request is unfounded or excessive.
- The right to request that we delete any of your personal data that we have collected and currently store and process.
- Please address any such requests to A Vawda using the contact details in section 10, along with why you wish your data to be deleted. For data to be deleted you must be able to explain why we no longer need to hold the data, to withdraw the consent on which our processing is based or show that the data is being processed unlawfully.
- The right to be given a copy of the data we hold about you so that you can transfer it to another organisation.
- Please address any such requests to A Vawda using the contact details in section 10 and we will provide you with an open format copy of your data that can be easily used by other companies.
- The right to object to certain types of data processing – such as direct marketing.
- The right to object to automated data processing – such as data profiling.
- Complain to the UK’s data protection authority (the Information Commissioner’s Office) if you feel that we have not properly protected your data or adhered to your data rights as defined above.
7. Complaints about Use of Personal Data
If you want to make a complaint regarding our collection, processing and storage of your personal content, you can contact A Vawda using the contact details in section 10.
If you are not satisfied with our response to your complaints, or believe that we are processing your data in an unlawful way, you are within your rights to escalate the issue to the UK’s data protection authority – the Information Commissioner’s Office (ICO).
8. Data Breaches
If an unlawful data breach of this website’s database or the database(s), or any of our third-party processors, does occur and it is apparent that identifiable personal data stored has been stolen, we will inform all relevant persons and authorities within 72 hours of the breach.
9. Changes to This Privacy Notice
This privacy policy may change without notice to ensure it complies with changes to legalisation or industry developments. We will not directly contact you regarding these updates. Instead, we recommend that you check this page regularly to keep up to date on our data protection and privacy information.
10. How to Contact Us
If you have any questions or requests related to the contents of this privacy policy, please do not hesitate to get in touch with our data protection contact:
A Vawda
info@majestictowels.co.uk
Majestic Towels
Britannia House
Mole Street
Sparkbrook
Birmingham
West Midlands
United Kingdom
B11 1XA