- 1.1 All data subjects whose personal data is collected, is in line with the requirements of the GDPR.
- 1.2 Our website is owned and operated by ÉCH Apparel limited. We remain the ‘Data Controller’ in the relationship with our website developer company and have policies in place to maintain your personal information is treated securely.
- 1.3 In accordance with the General Data protection regulation (2018), it is our obligation as a ‘Data controller’ to inform you of your rights as a data subject.
- 1.4 ÉCH Apparel is committed to abiding by GDPR and PECR regulations when it comes to protecting your privacy and personal information. As a controller of your data, our responsibilities are clearly set out by the GDPR and assigns ÉCH Apparel with responsibility to decide what your personal information is used for, and the ways in which it is processed.
GDPR – (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/)
PECR – https://ico.org.uk/for-organisations/guide-to-pecr/what-are-pecr
1.5 ÉCH Apparel GDPR Owner and data protection representative can be contracted here:
Claudia Hesleden – email@example.com
2 Personal Information we may obtain from you
We may collect, obtain and use the following Personal Information about you:
2.1 Any personal information supplied to us when you fill in forms, complete surveys or register for events.
Personal information when you contact us to make requests for follow up actions. Personal information collected through the contact form or order form: including First name, Last name, Email, Telephone, address, payment information.
2.2 Information provided from your visit to our site, which includes without limitation, location and traffic data, weblogs, resources you access and other communication data, navigation information and browser type. We may obtain other information about your computer, which includes your IP address, browser type and operating system. This data is accumulated to assist the system administrator as to the activity of the site. This data does not provide any personally identifiable information about you.
3 How and why your information is collected
- 3.1 Personal information is collected when you choose to buy a product from us, or contact us through our contact page. By completing the contact form or placing an order, you are providing us with consent under legitimate interest, to use the data to provide you with more information on the services that we offer.
- 3.2 We also collect data, using cookies and other tracking technology, to understand how our visitors navigate through our site so that we can adjust the site to enhance the experience.
- 3.3 Your personal information is being collected so that we can respond to your order or information request and provide you with a service.
- 3.4 Other information is collected to understand the traffic through our website. This is not personally identifiable information about you.
4 How we use your information
The information that we collect about you may be used in the following ways:
- 4.1 Primarily used for the purpose of keeping in touch with you and understanding your existing and future requirements for purchases and to fulfill your order.
- 4.2 To send emails when you sign up to user groups, events or subscribe or unsubscribe from our email marketing lists.
- 4.3 To provide you with notification about changes to our services.
- 4.4 The personal information that you provide will only be used for keeping in touch and responding to requests you make via the contact form.
It is your right to reject such communication regarding our services, and we will therefore give you the options to opt-in to the ways in which you would like us to process your information. If you wish to reject such communications you may do so at any time by simply opting back out, details of which can be found on the website. An opt out option can also be found in the signature of any emails which you may have received.
5 Our policy towards children
We do not knowingly solicit personal information from children or send them requests for personal information.
5.1 Although visitors of all ages may navigate through our website, we do not intentionally collect personal information from those under the age of sixteen. If, following a notification by a parent or guardian, or discovery by other means, a child under sixteen has been improperly registered on this site by false information, we will remove the child’s data from our records.
6 Cookies and IP Addresses
We may obtain information about your computer, which includes your IP address, browser type and operating system. This data is accumulated to assist the system administrator as to the activity of the site. This data does not provide any personal identifiable information about you.
visit www.allaboutcookies.org and you can disable cookies by changing your browser settings. We use the collection of this Personal Information to help us improve the experience of the users to our site, to provide a more personalised service.
- 6.2 Our site uses the following categories of cookies:
- 6.2.1 Strictly necessary cookies – to enable our site to operate.
- 6.2.2 Analytics cookies – to enable Google Analytics site measurement and
- SmartLook to monitor how visitors move around our site.
6.2.3 Functionality cookies – used to recognise returning visitors and personalise content.
6.3 The collection of this Personal Information allows us to:
6.3.1 Store Personal Information indicative of your preferences, so We can appeal to your interests.
- 6.3.2 Estimate the size and usage patterns of our audience.
- 6.3.3 Increase the speed of searches
- 6.3.4 Identify users upon their return to the site.
Our website uses the following third party cookies to generate analytics:
7 Where we store your information
- 7.1 When you contact us to make requests for follow up actions, this correspondence will be recorded on our email service mail chimp.
- 7.3 We take all reasonable steps to ensure the security of your information. Unfortunately, the transmission of information via the internet is not completely secure. We cannot guarantee the security of the information you provide when it is transmitted and therefore you do so at your own risk. Once we have received your information however, we use strict internal procedures and security measures to prevent the unauthorised access and or use.
When completing and order or filling out our contact form you are consenting under legitimate interest for us to contact you regarding your request.
By consenting to this privacy notice at the point of sending your contact information you are giving us permission to process your personal data specifically for the purposes identified.
The legal basis for processing the personally identifiable information is through legitimate interest. A legitimate interest assessment has been completed.
9 Disclosing your information
By agreeing to our terms and condition of data collection you are agreeing to permit your data to be processed by our approved third party partners. These parties will receive your personal data for the following purpose as part of the processing activities:
9.2 With an organisation, we are running a joint event with, where you have opted in to register for the event.
9.3 With an organisation we need to process your order, including primarily stripe.
9.4 With any actual or prospective buyer of our business or assets.
9.5 As required by law or order of the court, to fulfil legal obligations, to enforce terms and conditions, or to protect the property, rights of the safety of ÉCH Apparel limited users, our services or others.
We may share non-personally identifiable information publicly and with our partners, like publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our services.
10 Your rights and access to your information
Under the new GDPR regulation you have the right as a data subject to access the information we hold on you. You may therefore contact us to review your Personal Information we hold about you by processing a data subject access request. This will be dealt with by our data security team who will process your request.
A request sent by email is as valid as one sent in hard copy. Requests may also be validly made by means of social media (Twitter, LinkedIn or Instagram); please refer to the Subject access code of practice (pdf) for guidance on this. We will respond to your subject access request within one month of receiving the request. The request can be extended by up to 2 months for complex or numerous requests, but you shall be informed within 1 month with the reasons for extension. We will ask you to verify your identity upon receiving your subject access request, by asking for 2 forms of identification. The subject access request form can be found on our webpage, where it’ll ask you to specific how we communicate with you currently.
As the data subject, you have the right to withdraw consent at any time, and the right to lodge a complaint with a supervisory authority if you believe your data is being processed unlawfully or unfairly. For more information visit the ico.org.uk website.
11 Changes to your personally identifiable data
As a data subject you have the right to rectification of your data, this applies if your personal data is inaccurate or incomplete. Please therefore let us know if the personal information that we hold about you needs to be corrected or amended. We may contact you periodically to ask you to confirm that the information that we hold on you is correct. You can contact us at firstname.lastname@example.org at any time with the subject heading: Please update my record.
12 Incident notifications
ÉCH Apparel limited will provide notification of any personal data related incidents or breaches, where we feel rights of the data subject may be exploited. We will continue to promptly inform you of the incident terms and follow up procedures as we see necessary.
13 Data Retention and deletion
ÉCH Apparel Limited retains personal data for as long as necessary to provide our services, further support and fulfil the individual’s needs, or for other essential purposes such as complying with our legal obligations, and resolving disputes and enforcing our agreements. Because these needs can vary for different data types in the context of different Products or Services, actual retention periods can vary significantly. You can find out about our data retention policies from us directly.
For marketing activities however, we will keep your data for up to two years, including email and telephone numbers.
14 Compliance and co-operation with regulatory authorities
15 Changes to this policy
16 How to contact us
If you have any questions about the use of your personal information, please send us an email to email@example.com
Unless otherwise stated, ÉCH Apparel limited in this purpose is a data controller for your personal data we collect through the website subject to this statement.
17 Document Owner and Control
The Information Security Manager is the owner of this document and is responsible for ensuring that this procedure is reviewed in line with the review requirements of the GDPR.
A current version of this document is available to all members of staff on the shared drive and is published on www.echapparel.com for all public members to see;.