2 Why This Policy Exists
3 Data Protection Law
5 Individual’s Rights
6 Data Use
7 Data Security
1 – INTRODUCTION
littlecarpetcompany.com understands the value of your privacy, and will therefore only use the information you give us to process your order and provide a quick and convenient service to you in the future (in accordance with the Data Protection Act 1998 and General Data Protection Regulation 2018).
2 – WHY THIS POLICY EXISTS
This data protection policy ensures Little Carpet Company Ltd;
• complies with data protection law and follows good practice
• protects the rights of all individuals’ data
• is open about how it stores and processes individuals’ data in line with individuals’ rights
• protects itself from the risks of a data breach
3 – DATA PROTECTION LAW
The General Data Protection Regulations describe how organisations – including Little Carpet Company Ltd must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically or otherwise.
To comply with the law, personal information must be;
• processed lawfully, fairly and in a transparent manner in relation to individuals;
• collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
• adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
• accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
• kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
• processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
4 – RESPONSIBILITIES
Little Carpet Company Ltd acts as a data Controller and data Processor. All staff are responsible for ensuring that the highest data standards and best practices are met on a continual basis. Although a Data Protection Officer (DPO) has not been appointed as Little Carpet Company Ltd does not fall within the scope, the Directors and Owners of the Business are accountable and responsible for compliance with GDPR and will take on the tasks appointed to them as if they were a DPO.
In order to be in line with GDPR we will take the following responsive action, should a data breach occur:
• We will notify you via email
• Within 1 business day
• Inform the ICO of the data breach within 72 hours
5 – INDIVIDUAL’S RIGHTS
Under the GDPR your rights are as follows. You can read more about your rights in details here;
• the right to be informed;
• the right of access;
• the right to rectification;
• the right to erasure;
• the right to restrict processing;
• the right to data portability;
• the right to object; and
• the right not to be subject to automated decision-making including profiling.
• You also have the right to complain if you feel there is a problem with the way we are handling your data.
6 – DATA USAGE
What information do we need to process an order?
For us to process your appointment, quote or order, we will need to obtain:
• E-mail Address
• Phone Number
Use of personal information
We use the information you provide for the following purposes:
• To send status of your quote, appointment, order or enquiry
• To improve the design and content of the website
We collect your data when;
• You create an order through our website, this data is used to fulfil your orders with us. The data collected during this process is outlined above. This information is stored on our database for as long as necessary to fulfil your order.
• You create an appointment with us through telephone, walk in appointment or email.
When you register at Little Carpet Company, you will be submitting information giving us the consent to collect and use this information to process your order and any other legitimate interests requested.
7 – DATA SECURITY
How are your personal details kept secure?
When you type in credit card information onto the littlecarpetcompany.com website our secure PAYMENT SERVICE PROVIDERS Stripe (https://stripe.com/gb) ensures all details are encrypted at your browser before they are sent to us. While your order is being processed we store your personal details on our website server.
• Website is secured via SSL Certificate
• Website uses malware and virus protection and is scanned regularly
• All Data is password protected with strong passwords
• Data should never be saved directly to laptops or other mobile devices like tablets or smart phones;
8 – COMPLAINTS
It is made clear that data subjects who wish to complain about how their personal data has been processed can raise this with Little Carpet Company Ltd complaints procedure by using the details provided below. If the data subject is still not happy, then the complaint can be referred to the Information Commissioners Office.
Unit 14B Woodside Industrial Estate
Tel: +44 (0)1992 577 771