Customer Privacy Notice
What this Notice covers
Northern Spa’s Outlet Ltd are committed to protecting the privacy and security of your personal information.
This Privacy Notice describes how we collect and use personal information about you.
This notice does not form part of any agreement or contract and may be updated at any time.
Identity of the data controller
We are a data controller for any personal information that you provide to us. This means that we are responsible for determining how information relating to you is used, stored and shared.
Categories of personal data we process
We will collect, store, and use the following categories of personal information about you:
- Your full name
- Your address
- Your contact details such as phone numbers and email addresses
- Your employment status, salary and homeowner status
Sources of personal data
We collect personal information relating to you directly from you.
Our lawful bases for processing your data
We will use your personal information in the following circumstances:
- Where we need to perform the contract we have entered into with you
- Where it is necessary for our legitimate interests or those of a third party and your interests and fundamental rights do not override those interests
- To comply with relevant legislation and regulations
Our purposes for processing your data
- Performing the contract that we have entered in to with you by providing you with the products and services that you have ordered
- To provide you with a quote and the details of all available payment methods when you have shown an interest in our products and services
- To issue marketing material to you about the products and services we offer
- To process a finance application for you
Sensitive Personal Data
There may be instances where it is necessary for you to share information with us containing special categories of personal information or ‘sensitive personal data’. This relates to things such as details of medical conditions which you may need to share with us so we are able to meet your specific requirements when providing our goods and services.
Due to the sensitive nature of this information, we will only take it from you if you have given us your explicit consent and it is necessary for us to do so. We will also inform you of what we will do with this information and who we will share it with.
Cookies are stored on your computer’s hard drive and cannot be used to identify you personally as they contain no personal information.
Who has access to your data
We may share your personal information with third parties where required by law, where it is necessary to administer the contract we have entered in to you with you, or where we have another legitimate interest in doing so.
Recipients of your data may include third-party service providers, other related business entities, a regulator, or to otherwise comply with the law.
If you choose to fund your purchase with us using one of the finance products we offer to our customers as a credit broker on behalf of lenders, we will share your data with the relevant lender so they are able to process your finance application.
Where we do so, we will require third parties to respect the security of your data and to treat it in accordance with the law.
Security of your data
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How we decide how long to retain your data
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or contractual requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and any applicable legal or contractual requirements.
You have the right to:
- Request access to, and a copy of, your personal information that we hold.
- Request correction of the personal information that we hold about you if you believe it is incomplete or inaccurate
- Request erasure of your personal information in specific circumstances, such as; if our processing of your personal information is based upon legitimate interests and you believe it is no longer necessary; or if you believe we have processed your personal data unlawfully or not for the purposes which it was intended.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
- Request to restrict the processing of your personal information in specific circumstances, such as; you have requested that your personal information is corrected and want to restrict processing whilst we correct it; where you believe our processing is unlawful but do not want us to erase your personal information; where we no longer need to store your personal information but you require us to do so to enable you to exercise or defend a legal claim.
- Data Portability in particular circumstances meaning that you can request for your personal information to be securely moved, copied or transferred from our IT environment to another. This only applies if our lawful basis for processing your data is consent or performance of a contract, and we are processing your data by automated means.
If you believe we have not complied with your rights, you can complain to the Information Commissioner by visiting their website https://ico.org.uk/.
Automated decision-making & Profiling
We do not conduct any automated decision-making or profiling activities whilst processing your personal information.
Changes to this Privacy Notice
The Company reserves the right to update this privacy notice at any time. You can request the most up to date version from us at any time by contacting us on the contact details below.
Please do not hesitate to contact us regarding any matter relating to this Privacy notice via email to firstname.lastname@example.org or in writing to Northern Spa’s Outlet Limited, Dobbies Garden Centre, Bentham’s Way, Southport, PR8 4HX.