Privacy and Data Protection Policy
v.1 (last updated September 2019)
A78 LTD, a company incorporated in England and Wales with company number 11219030 and with registered address 85 France Street, Parkgate, Rotherham, United Kingdom, S62 6BL and its affiliates (collectively referred to as “we”, “our” or “us”) respects your privacy and is committed to protecting your personal data.
Our privacy policy will inform you as to how we collect and use personal data only as it might be needed for us to deliver to you our products, services and websites (our “Services”) and tell you about your privacy rights and how the law protects you.
Your personal data will be collected and processed within the European Union. The legislation known as General Data Protection Regulations (also known as GDPR), gives everyone within the European Union, European Economic Area and European Free Trade Area the right to know what we do with your data, why and how you can withdraw your consent for us to do that, plus details of who we are and how you can contact us.
1. The data that we collect about you
As part of you registering for or using our Services, we will collect personal data or information meaning any information about an individual from which that individual can be identified (“Personal Data”). The Personal Data we collect can fall into several types as below:
• first name; last name; username or similar identifier (“Identity Data”)
• billing address; delivery address; email address; telephone numbers (“Contact Data”)
• bank account; payment card details (“Financial Data”)
• details about payments to and from you; details of the Services you have purchased from us; payment information such as your credit or debit card number and other card information, other account and authentication information, and billing, delivery and contact details (“Transaction Data”)
• internet protocol (IP) address; your login data and the time and date the Services were used; browser type and version; time zone setting and location; browser plug-in types and versions; operating system and platform and other technology on the devices you use to access the Services; error data (“Technical Data”)
• your username and password; purchases or orders made by you; your interests; preferences; feedback and survey responses (“Profile Data”)
• information about how you use our Services including how you interact with our products; we receive and analyse content, communications and information that you provide when you use our Services (“Usage Data”)
• your preferences in receiving marketing from us and our third parties and your communication preferences (“Marketing and Communications Data”)
Personal Data will be collected by your direct interactions with us by post, phone, e-mail or online or by automated technologies like cookies, server logs, analytics providers, advertising networks, search information providers and other similar technologies.
When you connect with services offered by third-parties, such as by “Liking” us on Facebook or following us on Twitter, or when you link to certain of our Services, this may include your Personal Data being transferred, and you hereby permit such transfers. The data we receive is dependent upon your privacy settings with the third-party. You should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to any Service we offer.
We will not collect any data about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, health or genetic or biometric data, or any criminal convictions or offences.
Where we need to collect your Personal Data by law, or under the terms of a contract we have with you with respect to our Services, and you fail to provide that Personal Data when requested, we may not be able to provide you with the Services and may have to cancel some or all of the Services you use but we will notify you if this is the case at the time.
Our Services are available only for those over the age of 18 or between the ages of 7 and 18 with the consent of a parent or guardian. Our Services are not targeted to, intended to be consumed by, or designed to entice individuals under the age of 7. If you know of or have reason to believe anyone under the age of 7 has provided us with any Personal Data, please contact us.
2. How we use your Personal Data
We have set out below a description of all the ways we plan to use your Personal Data and which legal basis we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your Personal Data for more than one lawful ground depending on the specific purpose for which we are using your Personal Data.
Purpose |
Data Type |
Lawful basis for processing including basis of legitimate interest |
Registering you as a new user |
(1) Identity Data (2) Contact Data |
Performance of our obligations to you under a contract. |
Processing and delivering your order of any Service including managing payments, fees and charges and collecting amounts owed to us |
(1) Identity Data (2) Contact Data (3) Financial Data (4) Transaction Data (5) Marketing and Communications Data |
Performance of our obligations to you under a contract; necessary for our legitimate interests to collect a debt owed to us. |
Managing our relationship with you |
(1) Identity Data (2) Contact Data (3) Profile Data (4) Marketing and Communications Data |
Performance of our obligations to you under a contract; necessary for our legitimate interests to keep our records updated. |
Ads and other sponsored content |
(1) Identity Data (2) Contact Data (3) Financial Data (4) Transaction Data (5) Marketing and Communications Data |
Necessary for our legitimate interests in running our business and in offering the Services. |
To administer our Services including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data |
(1) Identity Data (2) Contact Data (3) Technical Data |
Performance of our obligations to you under a contract; necessary for our legitimate interests in running our business and in offering the Services. |
Using data analytics |
(1) Technical Data (2) Usage Data |
Necessary for our legitimate interests in running our business and in offering the Services. |
If you have given us your express opt-in consent, we may offer you certain marketing services through analysis of your Identity Data, Profile Data, Technical Data and Usage Data. You have the right to withdraw consent to marketing at any time by contacting us.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
3. Disclosures of your Personal Data
We may work with third-party partners who help us provide and improve our Services. We don’t sell any of your Personal Data to anyone and we never will. We also impose strict restrictions on how our partners can use and disclose the Personal Data we provide.
We may provide aggregated statistics and insights that help people and businesses understand how people are engaging with our Services.
When you buy something from one of our Services, we will need to share Personal Data including shipping and contact details.
We may provide information and content to vendors and service providers who support our business, such as by providing technical infrastructure services, analysing how our Services are used, providing customer service, facilitating payments or conducting surveys.
We may disclose your Personal Data to our external service providers acting as processors who provide IT and system administration services and also to our professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers, as the case may be, who provide consultancy, banking, legal, insurance and accounting services, as the case may be.
We may also disclose your Personal Data to HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
We may also disclose your Personal Data to external third parties who provide electronic / computing services, as listed below:
Name |
Service Type |
Data Processed |
Stripe |
Payment gateway and processor |
Name, physical address and e-mail address |
PayPal |
Payment gateway and processor |
Name, physical address and e-mail address |
We require all third parties to respect the security of your Personal Data and to treat it in accordance with all relevant laws. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
We may also disclose your Personal Data to third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets but only provided that the new owners use your Personal Data in substantially the same way as set out in this Privacy Policy.
Your Personal Data will be located in datacenters located inside the European Economic Area (EEA) and which treat your Personal Data in accordance with all relevant EEA laws. If we do transfer any of your Personal Data outside of the EEA we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
• Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
• Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
Please note that we may process your Personal Data without your knowledge or consent where this is required or permitted by law.
4. Retention of your Personal Data
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we must keep basic information about our customers (including Contact Data, Identity Data, Financial Data and Transaction Data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your Personal Data (see “Your rights in respect of your Personal Data” below).
5. Your rights in respect of your Personal Data
Under the GDPR you have the following rights:
The right to be informed: We have set out in this Privacy Policy details on the Personal Data we collect from you and what we do with it and set out your rights in respect of such Personal Data.
The right of access: You have the right to request access to your Personal Data which enables you to receive a copy of your Personal Data, so you can check that it is accurate and that we are lawfully processing it. We will do this within one month unless the request is complex, or we have too many requests to deal with, in which case we will inform you within one month that we will be using the extension of time we are allowed under such circumstances.
The right of rectification: You have the right to request correction of your Personal Data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new Personal Data you provide to us. We will correct the information we store, then inform any third parties that we may have provided that information to requesting that they rectify the information they hold too. We will do this within one month unless the request is complex, or we have too many requests to deal with, in which case we will inform you within one month that we will be using the extension of time we are allowed under such circumstances.
The right to erasure: You have the right to request erasure of your Personal Data (also known as the right to be forgotten). This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your Personal Data unlawfully or where we are required to erase your Personal Data to comply with respective laws. We will do this within one month unless the request is complex, or we have too many requests to deal with, in which case we will inform you within one month that we will be using the extension of time we are allowed under such circumstances.
The right to restrict processing: You have the right to object to the processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. We will consider these requests and take appropriate action within one month of the request (including where appropriate informing any third parties of this restriction) unless the request is complex, or we have too many requests to deal with, in which case we will inform you within one month that we may need an extension of time.
The right to data portability: You have the right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format (such as in Excel or Word format). Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. We will provide this free of charge within one month of the request unless the request is complex, or we have too many requests to deal with, in which case we will inform you within one month that we will be using the extension of time we are allowed under such circumstances.
The right to object: You have the right to request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (a) if you want us to establish your Personal Data’s accuracy; (b) where our use of your Personal Data is unlawful but you do not want us to erase it; (c) where you need us to hold the Personal Data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your Personal Data but we need to verify whether we have overriding legitimate grounds to use it. If we agree with your written objection then we will not use the data in the way to which you are objecting within one month, unless the request is complex, or we have too many requests to deal with, in which case, we will inform you within one month that we may need an extension of time.
Rights of automated decision making and profiling: We may make automated decisions (via a computer algorithm) on certain aspects of the marketing materials that we send to you. We do not make any other automated decisions on your information. We do not make any decision on what the GDPR regulations suggest is a ‘special category’ of Personal Data nor make any decisions based on ethnicity, race, sex, gender or disability. If you object to the automated data processing that we perform on your Personal Data, then you may ask us not to do this. Since this decision making is integral to how we send marketing materials, then we will simply remove any marketing consent that you have given to us, which will result in your data not being processed in this way. We will do this free of charge within one month, unless the request is complex, or we have too many requests to deal with, in which case we will inform you within one month that we may need an extension of time.
The right to withdraw consent: You have the right to withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide some or all of the Services to you. We will advise you if this is the case at the time you withdraw your consent.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights), however, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
6. Cookies
We use cookies when offering our Services. A cookie consists of information sent by a web server to a web browser and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser. We may send you cookies which may be stored on by your browser on your computer’s hard drive. We may use the information we obtain from the cookies in the administration of our Services, to improve our Services’ usability and for marketing purposes. We may also use that information to recognise your computer when you use our Services and to personalise our Services for you. Most browsers allow you to refuse to accept cookies, however this will have a negative impact upon the usability of many websites, including our Services. To learn more about cookies and related technologies, you may wish to visit http://www.allaboutcookies.org.
We use Google Analytics to analyse the use of our Services. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our Services is used to create reports about the use of our Services. Google will store this information. Google’s privacy policy is available at: https://policies.google.com/privacy.
7. Data Security
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your Personal Data. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. We will store all your Personal Data on our secure servers, however, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. You are responsible for keeping your password and user details confidential for accessing any of our Services. We will never ask you for your password. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and to notify you and any applicable regulator if the security, integrity or confidentiality of your Personal Data has been compromised, in accordance with any applicable laws and regulations.
8. Amendments to our Privacy and Data Protection Policy
We reserve the right to change our Privacy and Data Protection Policy at any time by posting revisions to https://www.heattransfervinyl.co.uk/privacy-policy/ and we encourage you to read our Privacy Policy periodically to ensure that you are at all times fully aware of it. Any changes are effective immediately upon posting to https://www.heattransfervinyl.co.uk/privacy-policy/.
9. Contact us
If you have any inquiries or requests in respect of your Personal Data or our Privacy and Data Protection Policy, you may contact us at:
Privacy Officer
A78 LTD
85 France Street, Parkgate, Rotherham, United Kingdom, S62 6BL
+44 7471598378
info@a78.co.uk