Privacy Notice

Gilt Edged Promotions is located at Gilt Edged Promotions, 9-11 Deer Park Road, Moulton Park, Northampton, NN3 6RX.
Company registration no. 2076133

ICO Registration:  ZA443721

Our Data Protection representative can be contacted by email on: sales@giltedged.co.uk

This privacy notice describes how we collect, use and store personal information about you during and after your business relationship with us, in accordance with the Data Protection Act 2018 (DPA 2018) and the UK General Data Protection Regulation (UK GDPR).

Gilt Edged Limited is a data controller. This means that we are responsible for deciding how we hold and use and store personal information about you. We are required under the DPA 2018 / UK GDPR to notify you of the information contained in this privacy notice.

We may update this notice at any time. If relevant (and feasible), we will notify you.

It is important that you read this notice, together with any other privacy notices we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using your personal information.

 

DATA PROTECTION PRINCIPLES

We will comply with all relevant data protection law (including the DPA 2018 / UK GDPR). This requires that the personal information we hold about you must be:

1. Used lawfully, fairly and in a transparent way.

2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

3. Relevant to the purposes we have told you about and limited only to those purposes.

4. Accurate and kept up to date.

5. Kept only as long as necessary for the purposes we have told you about.

6. Kept securely.

 

THE KIND OF INFORMATION WE collect and HOLD ABOUT YOU

Personal data, or personal information, means any information about an individual from which that person can be identified, whether directly or indirectly. It does not include data where an individual cannot be identified (anonymous data).

If you engage with us as a corporate buyer, we will collect personal data from you in the following ways:

·         Your name, billing address, company number, telephone number and email address and delivery address.

If you engage with us as a buyer for branded clothing in the educational, charity or private sector, we will collect personal data from you in the following ways:

·         For schools: Parent name, child name and age, class and school, home address of the parent.

·         For universities & charities: name and email address / telephone number of recipients, address for delivery of order.

·         For businesses in the private sector: name and email address / telephone number of recipients, address for delivery of order. Credit card details for payments.

This personal data is collected:

·         When you visit our websites and submit an order, or place orders via manual order forms.

·         When you contact us by email or telephone.

 

Personal data is shared with external organisations who support our business operation. These organisations include:

• Promo Office – CRM System

• External IT Support

• Twinfield – for invoicing & credit control

• Sage – for invoicing, credit control & payroll

• Respective websites – hosted by Clear design & TGN hosting

• Opayo – credit card payments

• Barclaycard EPDQ – credit card payments

• Amazon – for orders taken on their platform

• Mailchimp – our email broadcast platform

• Survey Money – for any customer surveys undertaken

• Reviews – for customer reviews submitted

• Network of supplier partners for brochure & order fulfilment.  A small number maybe outside the EEA.

 

• Couriers – DPD, UPS, Freightroute, Royal Mail & BRG

 

Personal data is in the processing of being migrated to our Microsoft Office server. Access to personal data on this is permission-based and is stored in the UK and EU, therefore is covered by the existing adequacy agreement.

 HOW WE WILL USE INFORMATION ABOUT YOU

We need all the categories of personal data detailed above to allow us to conduct our business operation. 

·         We will need your personal data to populate our Terms of Business and to carry out our services which could include the fulfilment of your order.

·         We have legal and regulatory obligations to use and retain your personal data in relation to our dealings with you, including HMRC.

 

·         Business management and planning, including accounting and auditing. In these instances, we will share your personal data with our accountants and associated reporting platforms.

·         We may ask to use your personal data in a marketing campaign – you may decline if you so wish.

·         Dealing with legal disputes involving you, or any disputes that may arise under the contract that we have with you or the way in which we provide our products and services to you.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

 

Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for:

·         We will retain details of prospective buyers for a period of 10 years. If you ask us to remove your data from this, we will do so immediately.

 We will retain details of completed orders for a period of 10 years after date of fulfillment, or last year of custom due to HMRC obligations.

·         We will retain information relating to invoicing and billing for a period of 7 years, including the current accounting year to satisfy HMRC requirements.

 

 

rIGHTS OF ACCESS, CORRECTION, ERASURE & RESTRICTION

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Your Rights:

Subject Access Request – this enables you to receive a copy of the personal information we hold about you. To action this request, please email the data protection contact: XXX email address.

We require a suitable form of identification and under normal circumstances, we will supply this to you within one calendar month of your request and of identification being received.
No fee is usually payable; however, we may apply an appropriate fee if the request is deemed to be excessive, or repetitive.

Request Correction – this enables you to have any incomplete or inaccurate information we hold about you corrected.

Request Erasure – this enables you to delete or remove personal information when there is no good reason for us to continue processing it.

Object to Processing – in certain circumstances, you have the right to request we suspend the processing of your data.  Please contact us if you require more information on this.

Request the Transfer – you have the right to request the transfer of your personal data to a third party. Please contact us if you require more information on this.

Right to Withdraw Consent – where we rely on consent to process your data, you have the right to withdraw this at any time, without giving reason. To withdraw your consent, please contact the data protection officer. Once received, we will not process your data for the reasons you have agreed to, unless we have another legal basis for doing so.

Right to complain – you have the right to complain at any time to the Information Commissioners’ Office (ICO) regarding data protection issues - https://ico.org.uk

 

We reserve the right to update this privacy notice at any time. If you have any questions about it, please contact us at sales@giltedged.co.uk

Last updated: May 2021.