Effective: May 2018
SCOPE OF THIS NOTICE
The Stapling Company (referred to as ÔÇ£Company,ÔÇØ ÔÇ£we,ÔÇØ or ÔÇ£usÔÇØ) respect your privacy. This Privacy Notice describes the ways we collect information from and about you, and what we do with the information, so that you may decide whether to provide information to us. By accessing our website, or purchasing our products or services you agree to this Privacy Statement in addition to any other agreements we might have with you.
This Notice covers both our online and offline data collection activities, including Personal Data that We collect through our website.
If you do not provide necessary Personal Data, we may not be able to provide you with our goods and/or services.
- SOURCES OF PERSONAL DATA
This Notice applies to Personal Data that We collect from or about you, through the methods described below, from the following sources:
The Stapling Company Website We operate under our own domains/URLs and mini-sites that We run on third party social networks such as Facebook (ÔÇ£WebsitesÔÇØ).
E-mail, text and other electronic message. Interactions with electronic communications between you and The Stapling Company.
Offline Data Collection Printed or digital registration and similar forms that We collect in store, telephone information requests and orders
Data We create. During our interactions with you, we may create Personal Data about you (e.g. records of your purchases from us).
- PERSONAL DATA THAT WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
Depending on how you interact with The Stapling Company (online, offline, over the phone, etc.), We collect various types of information from you, as described below.
Personal contact information. This includes any information you provide to Us that would allow Us to contact you, such as your name, postal address, e-mail address, social network details, or phone number.
Market research & customer feedback. Any information that you voluntarily share with Us about your experience of using our products and services.
Payment and Financial information. Any information that We need to fulfil an order, or that you use to make a purchase, such as your debit or credit card details (cardholder name, card number, expiration date, etc.) or other forms of payment (if such are made available). In any case, we or our payment processing provider(s) handle payment and financial information in a manner compliant with applicable laws, regulations and security standards.
Sensitive Personal Data. We do not seek to collect or otherwise process sensitive personal data in the ordinary course of our business. Where it becomes necessary to process your sensitive personal data for any reason, we rely on your prior express consent for any processing which is voluntary (e.g. for marketing purposes). If we process your sensitive personal data for other purposes, we rely on the following legal bases: (i) detection and prevention of crime (including the prevention of fraud); and (ii) compliance with applicable law (e.g. to comply with our diversity reporting).
- USES MADE OF YOUR PERSONAL DATA
The following paragraphs describe the various purposes for which We collect and use your Personal Data, and the different types of Personal Data that are collected for each purpose. Please note that not all of the uses below will be relevant to every individual.
|What We use your Personal Data for||Our reasons||Our legitimate interests|
|Customer service. We use your Personal Data for customer service purposes, including responding to your enquiries. This typically requires the use of certain personal contact information and information regarding the reason for your enquiry (e.g. order status, technical issue, product question/complaint, general question, etc.).||– Fulfilling contractual obligations
– Legal obligations
– Our legitimate interests
|– Providing new products and services
– Being more efficient
|Order fulfilment. We use your Personal Data to process and ship your orders, inform you about the status of your orders, correct addresses and conduct identity verification and other fraud detection activities. This involves the use of certain Personal Data and payment information.
Other general purposes (e.g. internal or market research, analytic, security). In accordance with applicable laws, we use your Personal Data for other general business purposes, such as maintaining your account, conducting internal or market research and measuring the effectiveness of advertising campaigns.
|– Fulfilling contractual obligations
– With your consent (where required)
– Legal obligations
– Our legitimate interests
|– Improving and developing new products and services
– Being more efficient
– Protect our systems, networks and staff
– Compliance with legal obligations
- DISCLOSURE OF YOUR PERSONAL DATA
We share your Personal Data with the following types of third party organisations:
Service providers. These are external companies that We use to help Us run our business (e.g. order fulfilment, payment processing, fraud detection and identity verification, website operation, market research companies, support services, promotions, website development, data analysis, CRC, etc.). Service providers, and their selected staff, are only allowed to access and use your Personal Data on Our behalf for the specific tasks that they have been requested to carry out, based on our instructions, and are required to keep your Personal Data confidential and secure. Where required by applicable law, you can obtain a list of the providers processing your Personal Data (see Section 12 to contact Us).
Credit reporting agencies/debt collectors. To the extent permitted by applicable law, credit reporting agencies and debt collectors are external companies that We use to help Us to verify your creditworthiness (for orders with invoice) or to collect outstanding invoices.
Third party recipients using Personal Data for legal reasons or due to merger/acquisition. We will disclose your Personal Data to third parties for legal reasons or in the context of an acquisition or a merger (see Section 5 for details).
- RETENTION OF YOUR PERSONAL DATA
The Stapling Company takes every reasonable step to ensure that your personal data are only processed for the minimum period necessary for the purposes set out in this Privacy Notice. The criteria for determining the retention period for your Personal Data are:
- The Stapling Company will retain copies of your Personal Data in a form that allows for identification only for as long as:
- We maintain an ongoing relationship with you (e.g. where you are included in our mailing list and have not unsubscribed);
- Your Personal Data are necessary in connection with the purposes set out in this Privacy Notice and we have a valid legal basis,
- The duration of:
- any applicable limitation period (i.e. any period during which a person could bring a legal claim against us), and
- an additional 2 months following the end of the applicable limitation period (so we can identify any personal data of a person who may bring a claim at the end of the applicable period),
- In addition, if any relevant legal claims are brought, we may continue to process your Personal Data for such additional time necessary in connection with that claim.
During the periods noted in paragraphs b (i) and b (ii) above, we will restrict our processing of your Personal Data to storage or, and maintaining the security of, those data, except to the extent the data need to be reviewed in connection with any claim, or any obligation under applicable law.
Once the periods in paragraphs (a), (b) and (c) above, each to the extent applicable, have concluded, we will either
- permanently delete or destroy the relevant Personal Data or
- anonymise the relevant Personal Data.
- DISCLOSURE, STORAGE AND/OR TRANSFER OF YOUR PERSONAL DATA
We use appropriate measures (described below) to keep your Personal Data confidential and secure. Please note, however, that these protections do not apply to information you choose to share in public areas such as third party social networks.
People who can access your Personal Data. Your Personal Data will be processed by our authorised staff, on a need to know basis, depending on the specific purposes for which your Personal Data have been collected (e.g. our staff in charge of sales, administration, servicing, aftersales and delivery matters will have access to your Customer record).
Measures taken in operating environments. We store your Personal Data in operating environments that use reasonable security measures to prevent unauthorised access. We follow reasonable standards to protect Personal Data. The transmission of information via the Internet is, unfortunately, not completely secure and although we will do our best to protect your Personal Data, we cannot guarantee the security of the data during transmission through our Websites/apps.
Measures We expect you to take. It is important that you also play a role in keeping your Personal Data safe and secure. When signing up for an online account, please be sure to choose an account password that would be difficult for others to guess and never reveal your password to anyone else.
You are responsible for keeping this password confidential and for any use of your account. If you use a shared or public computer, never choose to have your login ID/email address or password remembered and make sure to log out of your account every time you leave the computer. You should also make use of any privacy settings or controls We provide you in our Website/app.
- YOUR RIGHTS
Access to Personal Data. You have the right to access, review and request a physical or electronic copy of information held about you. You also have the right to request information on the source of your Personal Data.
These rights can be exercised by sending Us an e-mail to email@example.com or writing to us at The Stapling Company, Unit 2 Riverside Business Centre, Victoria Street, High Wycombe HP11 2LT attaching a copy of your ID or equivalent details (where requested by Us and permitted by law). If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected. Please note that any identification information provided to Us will only be processed in accordance with, and to the extent permitted by applicable laws.
Additional rights (e.g. modification, deletion of Personal Data). Where provided by law, you can (i) request deletion, the portability, correction or revision of your Personal Data; (ii) limit the use and disclosure of your Personal Data; and (iii) revoke consent to any of our data processing activities.
Subject to applicable law, you may also have the following additional rights regarding the use of your Relevant Personal Data:
- the right to object, on grounds relating to your situation, to the use of your Relevant Personal Data by us, or on our behalf; and
- the right to object to the Processing of your Relevant Personal Data by us, or on our behalf, for direct marketing purposes.
Please note that, in certain circumstances, we will not be able to delete your Personal Data without also deleting your user account. We may be required to retain some of your Personal Data after you have requested deletion, to satisfy our legal or contractual obligations. We may also be permitted by applicable laws to retain some of your Personal Data to satisfy our business needs.
We hope that We can satisfy queries you may have about the way we process your Personal Data. However, if you have unresolved concerns you also have the right to complain to competent data protection authorities.
- CHANGES TO THIS NOTICE
If We change the way We handle your Personal Data, we will update this Notice. We reserve the right to make changes to our practices and this Notice at any time, please check back frequently to see any updates or changes to our Notice.
- CONTACT INFORMATION
To ask questions or make comments on this Notice and our privacy practices or to make a complaint about our compliance with applicable privacy laws, please contact Us at: firstname.lastname@example.org
We will acknowledge and investigate any complaint about the way We manage Personal Data (including a complaint that We have breached your rights under applicable privacy laws).