WHO ARE WE?
DRAYTON and DRAYTON PRESS are trading names for DRAYTON GIFTS LTD (Co.No. 02084551) and UXBRIDGE PRESS LTD (Co.No. 00704257). For the purpose of the General Data Protection Regulations (the “Regulations”) we will refer to DRAYTON as the “Company” which is responsible for the overall use of data for all entities listed above.
We operate a number of additional websites that also fall under the Company umbrella, including:-
www.brandedmatchboxes.co.uk www.anythingspossible.co.uk www.hamperideas.co.uk
www.brandmycandle.co.uk www.christmasgiftstore.co.uk www.CompleteOfficeSuppliesTeam.co.uk
www.luxurymerchandise.co.uk www.brandmybaubles.co.uk www.memorablemerch.co.uk
At DRAYTON, we believe that privacy is a fundamental human right and that respect for an individual’s privacy should apply in all walks of life including business. This privacy notice will help you understand how we collect, make use and protect your business and personal information. If you have any queries about this Privacy Notice or how we process your personal information, please contact the Data Protection Officer by email: firstname.lastname@example.org or by post: Data Protection Officer, DRAYTON, 472 Basingstoke Road, Reading, Berkshire RG2 0QN
In order to operate our business, we do need to collect some personal data. We only ever collect what is necessary and we do not store the data for any longer than we need to.
What type of data do we store?
If you choose to place an order with us, we’ll hold some or all of the following types of information in relation to your order.
· Your name.
· Your company/employer’s name.
· Your email address.
· Your telephone number, which may include direct dial or mobile numbers.
· Your business/work address.
· Your IP address.
· Website cookies.
We rely upon a number of different legal bases for processing personal information – these include processing personal information where it is in our legitimate interests to do so and where this is necessary for the fulfilment of a contract. Where we rely on our legitimate interests, this means that we use personal information to run our business and to provide the services we have been asked to provide. We only collect information that has been supplied voluntarily; you do not have to provide us with personal information. However, if you do not provide us with information we need by law or require to do work, we may not be able to offer certain products and services.
You have several important rights in relation to your data:
· The right to be informed – We’ll always try to be as transparent as possible about how your data is being stored and processed by us.
· The right to access – If you’d like to know what information we store about you, you can exercise your right to access, often known as a “subject access request”. We usually prefer to get these in writing and sometimes we may need to ask for additional proof of identity. We will respond to all access requests within one calendar month but if we do need to ask you for ID, that one month period won’t start until we’ve received it.
· The right to rectification – If you believe that we hold some incorrect information about you, then you have the right to request that we amend your personal information across all of our systems. We’ll try and complete any such requests as quickly as possible but you should allow us up to one calendar month.
· The right to erasure – You can ask us at any time to remove your personal data from our systems. In some cases, for example if required to do so by HMRC, we might need to keep a few records even after you’ve asked us to delete your information. We’ll let you know about this when you request removal, as well as telling you how long we’ll be keeping the data for.
· The right to restrict processing – You can ask us not to use your data in particular ways. This is different than the right to erasure because it lets you specify that you’re happy for us continue using your data in other ways.
· The right to data portability – You can ask us to export your personal information in a commonly-understood file format, such as CSV. This is particularly useful if you wanted to give the data to someone else to process. The same one-month period and need for identification applies to these requests as it does to a subject access request.
· The right to object – You can raise an objection at any time to the way in which we’re using your data. For example, you might want to remain a trade customer but opt out of receiving marketing communications. You have the right to do so without it affecting your legal status with us.
Who has access to your data?
We only allow our staff access to customer data when it’s absolutely necessary for them to do their jobs.
In regards to electronic communication, our email services are provided by Microsoft 365 which provides a very secure email platform. Some Microsoft employees may have access to our email system. This is only to provide technical support and they don’t perform any processing or collection on emails coming through our system.
If you visit our websites, then your activities on the site are anonymised and sent to Google Analytics with a tracking cookie. This data lets us know how well our websites are working and which parts still need improvement. If you’d prefer not to take part in this anonymous usage tracking, then you should set your browser to “do not track” mode.
What do we do with your data?
Apart from using your data to process and despatch orders, we’ll also use it to keep in touch about our latest developments and services. We often run reports on our sales orders so that we can spot purchasing trends. Identifying trends helps us ensure that our prices and product range are competitive. You can opt out of any specific types of data processing if you wish to.
When visiting our websites, cookies will be created and stored on your computer. These cookies provide important functionality like allowing you to log in and access trade prices.
Where do we store your data?
Your personal data may be stored in physical files located on our premises in Reading. Any files that contain personally identifiable information are stored securely, under lock and key. Access to those files is only available to staff members who require it to complete their assigned duties. Physical files are only kept as long as necessary by law and are then destroyed.
Electronic storage of your personal data is mostly situated on our in-house servers which is firewalled and encrypted and that access to the systems is highly restricted.
Since we run a few websites, we may also have some of your personal information stored off-site in a data centre.
A data breach will be deemed to have occurred whenever an unauthorised party gains access to ours records or systems. Should a breach occur, a thorough investigation will take place. We will assess the severity of the breach. Where the breach may have allowed the unauthorised third party to gain access to personal information relating to our customers, we will notify affected customers and explain what data may have been accessed and what steps they may need to take (e.g. resetting passwords).