ReferencePrivacyP1
Issue No1
Issue Date25/09/2019

1 Scope

ÉCH Apparel Limited (“We”) operate as a system integration and data analytics consultancy registered in England and Wales with the company number 12050025, registered offices at Flat 2, 14 Randall Road, BS8 4TP  remain fully committed to the protection of your privacy of personal data at all times. This privacy policy has been published to inform you of how the personally identifiable and sensitive personal information you provide us or we collect from you will be used. It is recommended that you read our privacy policy carefully in order to fully understand how we treat your personal information.

  1. 1.1  All data subjects whose personal data is collected, is in line with the requirements of the GDPR.
  2. 1.2  Our website is owned and operated by ÉCH Apparel limited. We remain the ‘Data Controller’ in the relationship with our website developer company and have policies in place to maintain your personal information is treated securely.
  3. 1.3  In accordance with the General Data protection regulation (2018), it is our obligation as a ‘Data controller’ to inform you of your rights as a data subject.
  4. 1.4  ÉCH Apparel is committed to abiding by GDPR and PECR regulations when it comes to protecting your privacy and personal information. As a controller of your data, our responsibilities are clearly set out by the GDPR and assigns ÉCH Apparel with responsibility to decide what your personal information is used for, and the ways in which it is processed.

GDPR – (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/)

PECR – https://ico.org.uk/for-organisations/guide-to-pecr/what-are-pecr

1.5 ÉCH Apparel GDPR Owner and data protection representative can be contracted here:

Claudia Hesleden – contact@echapparel.com

2 Personal Information we may obtain from you

We may collect, obtain and use the following Personal Information about you:

2.1 Any personal information supplied to us when you fill in forms, complete surveys or register for events.

Personal information when you contact us to make requests for follow up actions. Personal information collected through the contact form or order form: including First name, Last name, Email, Telephone, address, payment information. 

2.2 Information provided from your visit to our site, which includes without limitation, location and traffic data, weblogs, resources you access and other communication data, navigation information and browser type. We may obtain other information about your computer, which includes your IP address, browser type and operating system. This data is accumulated to assist the system administrator as to the activity of the site. This data does not provide any personally identifiable information about you.

We collect the data mentioned above to ensure that we provide a responsive service to existing and prospective employees, clients and partners. We will ask for your consent before using the information for a purpose other than those set out in this privacy policy.

3 How and why your information is collected

  1. 3.1  Personal information is collected when you choose to buy a product from us, or contact us through our contact page. By completing the contact form or placing an order, you are providing us with consent under legitimate interest, to use the data to provide you with more information on the services that we offer.
  2. 3.2  We also collect data, using cookies and other tracking technology, to understand how our visitors navigate through our site so that we can adjust the site to enhance the experience.
  3. 3.3  Your personal information is being collected so that we can respond to your order or information request and provide you with a service.
  4. 3.4  Other information is collected to understand the traffic through our website. This is not personally identifiable information about you.

4 How we use your information

The information that we collect about you may be used in the following ways:

  1. 4.1  Primarily used for the purpose of keeping in touch with you and understanding your existing and future requirements for purchases and to fulfill your order.
  2. 4.2  To send emails when you sign up to user groups, events or subscribe or unsubscribe from our email marketing lists.
  3. 4.3  To provide you with notification about changes to our services.
  4. 4.4  The personal information that you provide will only be used for keeping in touch and responding to requests you make via the contact form.

It is your right to reject such communication regarding our services, and we will therefore give you the options to opt-in to the ways in which you would like us to process your information. If you wish to reject such communications you may do so at any time by simply opting back out, details of which can be found on the website. An opt out option can also be found in the signature of any emails which you may have received.

5 Our policy towards children

We do not knowingly solicit personal information from children or send them requests for personal information.

5.1 Although visitors of all ages may navigate through our website, we do not intentionally collect personal information from those under the age of sixteen. If, following a notification by a parent or guardian, or discovery by other means, a child under sixteen has been improperly registered on this site by false information, we will remove the child’s data from our records.

6 Cookies and IP Addresses

We may obtain information about your computer, which includes your IP address, browser type and operating system. This data is accumulated to assist the system administrator as to the activity of the site. This data does not provide any personal identifiable information about you.

  1. 6.1  We may also collection information regarding your browser activity and interest through the use of cookies. This cookie file is stored on the hard drive of your computer, and contains information that is transferred to your computer’s hard drive. For more information about cookies you can
    visit www.allaboutcookies.org and you can disable cookies by changing your browser settings. We use the collection of this Personal Information to help us improve the experience of the users to our site, to provide a more personalised service.
  2. 6.2  Our site uses the following categories of cookies:
    1. 6.2.1  Strictly necessary cookies – to enable our site to operate.
    2. 6.2.2  Analytics cookies – to enable Google Analytics site measurement and
  3. SmartLook to monitor how visitors move around our site.

6.2.3 Functionality cookies – used to recognise returning visitors and personalise content.

6.3 The collection of this Personal Information allows us to:

6.3.1 Store Personal Information indicative of your preferences, so We can appeal to your interests.

  1. 6.3.2  Estimate the size and usage patterns of our audience.
  2. 6.3.3  Increase the speed of searches
  3. 6.3.4  Identify users upon their return to the site.

6.4 You have a right to refuse cookies by adjusting your browse settings accordingly. Doing so however may restrict your access to certain areas within our site. Unless you adjust your browser settings to refuse cookies, our system will issues cookies when you log onto the site.

Our website uses the following third party cookies to generate analytics:

IssuerFurther Information
Googlehttps://policies.google.com/privacy?hl=en-US
Mailchimphttps://mailchimp.com/legal/privacy/
Stripehttps://stripe.com/gb/privacy


6.5

7 Where we store your information

  1. 7.1  When you contact us to make requests for follow up actions, this correspondence will be recorded on our email service mail chimp. 
  2. 7.2  The information that we obtain from you may be moved to and stored at a destination with the European Economic Area (EEA). Staff members operation within the EEA who work for or on behalf of us may process this information. When submitting your personal information, you are agreeing to such processing, transfer or storage as outline above. We as the ‘data controller’ will ensure that at all times all reasonable steps are taken to maintain the security of your Personal Information in accordance with this privacy policy.
  3. 7.3  We take all reasonable steps to ensure the security of your information. Unfortunately, the transmission of information via the internet is not completely secure. We cannot guarantee the security of the information you provide when it is transmitted and therefore you do so at your own risk. Once we have received your information however, we use strict internal procedures and security measures to prevent the unauthorised access and or use.

8 Consent

When completing and order or filling out our contact form  you are consenting under legitimate interest for us to contact you regarding your request.

By consenting to this privacy notice at the point of sending your contact information you are giving us permission to process your personal data specifically for the purposes identified.

The legal basis for processing the personally identifiable information is through legitimate interest. A legitimate interest assessment has been completed.

9 Disclosing your information

By agreeing to our terms and condition of data collection you are agreeing to permit your data to be processed by our approved third party partners. These parties will receive your personal data for the following purpose as part of the processing activities:

9.1  When you contact us to make requests for follow up actions, this correspondence will be recorded in our email service, the privacy policy can be found at https://www.google.com/intl/en/policies/privacy

9.2  With an organisation, we are running a joint event with, where you have opted in to register for the event.

9.3  With an organisation we need to process your order, including primarily stripe.

9.4  With any actual or prospective buyer of our business or assets.

9.5  As required by law or order of the court, to fulfil legal obligations, to enforce terms and conditions, or to protect the property, rights of the safety of ÉCH Apparel limited users, our services or others.

We may share non-personally identifiable information publicly and with our partners, like publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our services.

10 Your rights and access to your information

Under the new GDPR regulation you have the right as a data subject to access the information we hold on you. You may therefore contact us to review your Personal Information we hold about you by processing a data subject access request. This will be dealt with by our data security team who will process your request.

A request sent by email is as valid as one sent in hard copy. Requests may also be validly made by means of social media (Twitter, LinkedIn or Instagram); please refer to the Subject access code of practice (pdf) for guidance on this. We will respond to your subject access request within one month of receiving the request. The request can be extended by up to 2 months for complex or numerous requests, but you shall be informed within 1 month with the reasons for extension. We will ask you to verify your identity upon receiving your subject access request, by asking for 2 forms of identification. The subject access request form can be found on our webpage, where it’ll ask you to specific how we communicate with you currently.

As the data subject, you have the right to withdraw consent at any time, and the right to lodge a complaint with a supervisory authority if you believe your data is being processed unlawfully or unfairly. For more information visit the ico.org.uk website.

11 Changes to your personally identifiable data

As a data subject you have the right to rectification of your data, this applies if your personal data is inaccurate or incomplete. Please therefore let us know if the personal information that we hold about you needs to be corrected or amended. We may contact you periodically to ask you to confirm that the information that we hold on you is correct. You can contact us at contact@echapparel.com at any time with the subject heading: Please update my record.

12 Incident notifications

ÉCH Apparel limited will provide notification of any personal data related incidents or breaches, where we feel rights of the data subject may be exploited. We will continue to promptly inform you of the incident terms and follow up procedures as we see necessary.

13 Data Retention and deletion

ÉCH Apparel Limited retains personal data for as long as necessary to provide our services, further support and fulfil the individual’s needs, or for other essential purposes such as complying with our legal obligations, and resolving disputes and enforcing our agreements. Because these needs can vary for different data types in the context of different Products or Services, actual retention periods can vary significantly. You can find out about our data retention policies from us directly.

For marketing activities however, we will keep your data for up to two years, including email and telephone numbers.

14 Compliance and co-operation with regulatory authorities

We regularly review our compliance with our Privacy policy, we also adhere to several self-regulatory frameworks including GDPR. We work with the appropriate regulatory authorities, including local data protection authorities to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.

15 Changes to this policy

If at any time we make a change to our privacy policy, we will update this page to reflect such changes. Where we feel it is appropriate we will contact you and recommend that you review this page, you should however revisit this page periodically to ensure you continue to agree with our current privacy policy.

16 How to contact us

If you have any questions about the use of your personal information, please send us an email to contact@echapparel.com

Unless otherwise stated, ÉCH Apparel limited in this purpose is a data controller for your personal data we collect through the website subject to this statement.

17 Document Owner and Control

The Information Security Manager is the owner of this document and is responsible for ensuring that this procedure is reviewed in line with the review requirements of the GDPR.

A current version of this document is available to all members of staff on the shared drive and is published on www.echapparel.com for all public members to see;. 

Signature:Claudia HesledenDate:25/09/2018