This Privacy Notice explains the types of personal data we may collect about you when you interact with us. It also explains how we store and handle that data and keep it safe.
Who we are and what we do
Our website address is: https://honeybourneonline.co.uk. We provide an online directory of all the local businesses in and around the village of Honeybourne. We have an online store where we list items from local businesses, making them available to all site visitors. We can be contacted by emailing email@example.com.
The first point of contact for data protection queries
We can be contacted by emailing firstname.lastname@example.org.
What personal data we collect and why we collect it
We communicate and sell directly to customers through our website, phone or email.
If you are one of our listed businesses then we process your data and finance details as part of our ongoing working relationship.
Legal bases for processing your data including any explanation of legitimate interests
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data. Some of these reasons, set out below, are the bases we have for processing your personal data:
In specific situations, we can collect and process your data with your consent. For example, when you opt in to join our newsletter you’ll receive information from local businesses, competitions, offers, discount vouchers and sometimes a freebie!
When collecting your personal data, we always make it clear to you which data is necessary in connection with a particular service.
In certain circumstances, we need your personal data to comply with our contractual obligations.
We need to collect and retain your contact details, so we can, for example:
- Deliver products to you directly or forward the orders onto the fulfilling supplier,
- Supply you with our goods (both for customers and stockists); or
- Enter into a contract with you to supply us with goods or services
If the law requires us to, we may need to collect and process your data.
For example, we are obliged to retain certain information for HMRC tax and accounting purposes or to comply with other legislative provisions.
In particular circumstances, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
For example, we retain customer and supplier information for six years beyond the contract period, in order to maintain a good working relationship with these individuals.
If you are a customer, stockist or supplier we may also use your address details to send you direct marketing information by post or email, telling you about our latest products and offers that we think might interest you, based on our previous dealings.
When we collect data
Via our website
When you order via our website, you either need to create an account with us or login if you are a returning customer. When you create an account, your name, addresses and phone number are collected to enable us to deliver your order to your address. You’ll also need to choose a password for your account and decide whether you wish to subscribe to our newsletter.
Phone or email
If you make an enquiry or order over the phone or by email, we will use the details you give us to process your payment and confirm the details of your order so that we can deliver the items to you: (your name, addresses, phone number and payment details).
What data we collect
Contact information including: name, address, phone number and email address
We collect your payment details when you place an order with us via our website or over the phone
New online customers need to create an account when you first order from us
If you are one of our suppliers or one of our stockists then we also collect your data as part of our ongoing contract and to process invoices and payments.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
How we use your personal data
We process data to enable us to process customer orders and deliver these to the correct addresses. We do this through a variety of delivery companies to ensure you get the best possible service for your order.
Customer bank details will only be used when placing and processing an order.
We hold your telephone number and addresses so that we can contact you via phone, post or email regarding the products and offers that we think you might be interested in, based on our dealings with you.
How long we keep your personal data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Whenever we collect or process your personal data, we only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will be deleted completely. Some examples of our data retention periods:
Purchases and Services
When you place an order, we keep the personal data you give us for 6 years so that we can retain a good relationship with you should you place any more orders or have any queries about an order.
If you subscribe to our newsletter, then we keep your email address securely on our system until you unsubscribe.
Suppliers and Stockists
For companies supplying us, or who stock our products, we retain your personal information for a period of 6 years so that we can, if necessary, contact you again and continue our business relationship with you.
We also need to comply with our legal contractual obligations and therefore we need to retain certain transactional information from the order for 7 years to satisfy accounting rules.
How we keep your data safe
We are aware of the need to maintain the correct and highest-level security when processing your personal information. We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way.
We take the following steps to maintain the security of your personal information:
- We keep all your information in systems that are secure, using Windows, Secure Database Servers, Xero Accounting and Mailchimp
- Access to customer information is limited to those who need access for the performance of their job, for instance sales staff.
- We maintain firewalls and anti-virus software
- Our systems are password protected and we have a password policy to offer maximum security
- Any data which is accessed off site or on a mobile device is kept locked when not in use and never left unattended
- All documentation retained in paper form is kept locked in our offices.
- We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Who we share your data with
We sometimes share your personal data with trusted third parties which act only on our instruction (known as “data processors”).
Data processors might be, for example, 3rd party accounting apps or subcontractors or delivery companies or those companies who store data for us:
Where we share information with these companies or individuals we make sure that they also keep your data secure and that they also protect your rights. To this end, we make sure that:
- We provide only the information they need to perform their specific services.
- They may only use your data for the exact purposes we specify in our contract with them or where their terms and conditions of processing contain the correct data processor clauses under GDPR
- If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
We sometimes also share your data with third parties for their own purposes (“joint controllers”) e.g. HMRC, accountants, legal advisors.
We will only do this in very specific circumstances, for example:
- With your consent
- Where we have a data sharing agreement in place with the other party
- Where we are obliged to share the information for legal reasons
Where your data is processed
We do not transfer data outside of the EEA.
From time to time we may pass personal data such as your name and email address to other services that we use to send out communications (both electronic and print).
However, your personal data will remain in the EU or countries considered by the EU to have equivalent policies such as Jersey, Guernsey, Switzerland, New Zealand and Canada. Companies based in the USA that have certified with the EU-US Privacy Shield programme are also considered to be permitted destinations by the EU (this includes popular US products like Gmail, DropBox and MailChimp).
Your rights and who to contact
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
You have the following rights, which you can exercise free of charge:
- Access – The right to be provided with a copy of your personal data
- Rectification – The right to require us to correct any mistakes in your personal data
- To be forgotten – The right to require us to delete your personal data, in certain situations
- Restriction of processing – The right to require us to restrict processing of your personal data, in certain circumstances e.g. if you contest the accuracy of the data
- Data portability – The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party, in certain situations
- To object – The right to object:
at any time to your personal data being processed for direct marketing (including profiling);
in certain other situations to our continued processing of your personal data,
- e.g. processing carried out for the purpose of our legitimate interests.
- Not to be subject to automated individual decision-making
- The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
If you would like to exercise any of those rights, please contact us at email@example.com
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. You can do this by contacting firstname.lastname@example.org.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
We will then stop processing your information unless we believe we have a legitimate overriding reason to continue processing.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We will always comply with your request. To ask us to stop direct marketing please email us at honeybourneonline.co.uk
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.
For us to check your identity, please:
- Let us have enough information to identify you (e.g. your full name, address and customer/supplier number or order number, if applicable);
- Let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- Let us know what right you want to exercise and the information to which your request relates.
- If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act on your behalf.
If we choose not to action your request, we will explain to you the reasons for our refusal.
Your right to contact the ICO
We would hope that you will always raise any issues with us first, and that we will be able to resolve them to your satisfaction. However, if this isn’t possible then you always have a right to complain directly to the Information Commissioner’s Office (ICO) If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data.
You can contact them by calling 0303 123 1113 (local rate) or go online to www.ico.org.uk/concerns (this opens in a new window; please note we can’t be responsible for the content of external websites).
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
You also have the right to take to seek a judicial remedy.
Updates to this privacy notice
From time to time we will make changes to this Privacy Notice, for example, as the result of government regulation, new technologies, or other developments in data protection laws or privacy generally. You should check our website periodically to view the most up-to-date Privacy Notice.
This privacy notice was last updated on 20th January 2021.