WHAT WE COLLECT
We may collect the following information:
- Contact information including email address, postal address and phone number
demographic information such as postcode, preferences and interests
- Other information relevant to customer surveys and/or offers
- For the exhaustive list of cookies we collect see the List of cookies we collect section.
WHAT WE DO WITH THE INFORMATION WE GATHER
We require this information to understand your needs and provide you with a better service, and in particular to help us:
- Process your online orders including sending order confirmation and delivery information via email or text message, or to process payments due to us;
- Contact you about your order or account where required;
- Enhance your Plus Pets experience by delivering personally tailored retail offers;
- Send you marketing and promotional offers and to manage your marketing preferences, if you elect to receive marketing and promotional offers from us;
- Speed up your form filling processes;
- Respond to any issues or queries via our Customer Services team;
- Conduct analytics to understand how our services are used and to improve your customer experience;
- Notify you about changes to our service;
- Deliver safe and secure shopping by helping to prevent and detect fraud – to do this, we may need to disclose information to credit reference agencies;
- For internal record keeping.
STORAGE & SECURITY
We are committed to ensuring that your information is secure. We securely store your data on our hosting provider’s servers. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
We use the industry leading internet payment company Sage Pay to protect your card details and protect us from fraud. The following security systems are used:
- Transaction security. All transaction information passed between merchant sites and the Sage Pay VSP Systems is encrypted using 128-bit SSL certificates. No cardholder information is ever passed unencrypted and any messages sent to your servers from Sage Pay are signed using MD5 hashing to prevent tampering. You can be completely secure in the knowledge that nothing you pass to the Sage Pay servers can be examined, used or modified by any third parties attempting to gain access to sensitive information.
- Encryption and Data Storage. All sensitive data is secured on Sage Pay using the same internationally recognised 256-bit encryption standards used by, among others, the US Government. The encryption keys are held on state-of-the-art, tamper proof systems in the same family as those used to secure VeriSign's Global Root certificate, making them all but impossible to extract. The data we hold is extremely secure and we are regularly audited by the banks and banking authorities to ensure it remains so.
- Links to banks. Sage Pay has multiple private links into the banking network that are completely separate from the Internet and which do not cross any publicly accessible networks. Any cardholder information sent to the banks and any authorisation message coming back is secure and cannot be tampered with.
- Employee access. No individuals within our company or Sage Pay are able to decrypt transaction information or cardholder data. Our systems only allow access to our most senior staff and only in extenuating circumstances (such as investigations of Card Fraud by the Police). Your transaction information and customer card information is secure even form our own employees because our systems never display the full card numbers, even on administration screens.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
LINKS TO OTHER WEBSITES
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Under the terms of this policy and in accordance with the GDPR legislation you have the following rights as regards your personal data:
- Right of access- you have the right to know what personal data we have collected and what we intend to do with the data. The ways we may use your data are listed above in the section entitled ‘How We Use This Information’. If you wish to request details of the personal data we hold about you please email firstname.lastname@example.org.
- Right to withdraw consent to marketing or any data processing - you have the right to withdraw your consent to Plus Pets using your data in all or specific ways. You can opt out of marketing communications at any time by emailing us at email@example.com. There is also an ‘unsubscribe’ link contained at the end of every email communication. If you choose to withdraw all consent to any processing or usage of personal data then please be aware that we will be unable to fulfil your orders. We require your consent to process and dispatch your order and specifically request this consent through a check box at the point of order placement.
- Right to rectification- if you believe that the information we hold about you may be incorrect then you have the right to request that is updated and amended. Please use your customer account to complete any changes or contact firstname.lastname@example.org
- Right of erasure- you can choose what personal data you wish us to hold and have the right to remove this data in full or in part at any time. You can update your customer account data directly or you can contact us at email@example.com for assistance.
- Right to be forgotten- you have the right to request that any personal data that could be used to identify you and that is held by Plus Pets is permanently erased. This is an intractable request and once it has been made there is no way to reverse it. If you wish to have your data permanently deleted then please contact us at firstname.lastname@example.org for assistance. Please be aware that Plus Pets is legally obliged to retain documents/records for a period specified by law, please see retention section below. If you make a request to have your data deleted we will inform you of any documentation we are legally obliged to retain and explain the timeline. After this has expired we commit to deleting this data too. We will action all requests for data deletion as quickly as possible but please allow a period of 30 days for the request to take full effect.
- Right to object to automated decision making- Plus Pets uses automation for some order processing for example; fraud checking of orders. If you wish to object to automation of this data processing then please be aware that we may not be able to process your order.
- Consent- Plus Pets will specifically request your consent to use your personal data in the following ways:
- When placing an order we will request your acceptance of our terms and conditions and consent to use the data you have provided to fulfil your order. In line with the core GDPR principle of Minimisation, Plus Pets will only collect the data required to support and fulfil your order, if you choose not to give your consent then we will not be able to process your order.
- When creating a customer account and placing an order we will offer you the opportunity to opt in to our marketing offers & emails. You may opt out of marketing communications at the point of account creation or at any subsequent time by selecting/deselecting the boxes in your customer account/email preferences. If you need assistance please contact email@example.com.
RETENTION OF DATA
One of the core principles of GDPR is storage/retention of data and the regulation states to keep data only for as long as reasonably required. The regulation also states if there is a legal or statutory obligation to retain data, this supersedes GDPR for the period of legal/statutory obligation.
Plus Pets has reviewed all of its legal obligations and determines the following pieces of statute are applicable to data retention: Companies Act 2006; HMRC Record Keeping Requirements
Based on this review, adequate financial records will need to be kept for six complete financial years. To maintain adequate financial records, details of customer orders and supporting information will need to be kept.
After these periods, all Personally Identifiable Information will be removed.
LIST OF COOKIES WE COLLECT
The table below lists the cookies we collect and what information they store.
|Cookie Name||Cookie Description|
|NOP.ANTIFORGERY||Used to store information to secure the website|
|NOP.AUTHENTICATION||Your session ID on the server.|
|NOP.RECENTLYVIEWEDPRODUCTS||Recently viewed products|
|NOP.SESSION||Your session information|
|NOP.TEMPDATA||Temporary data for site functionality|
|NEWSLETTERSUBSCRIBEPLUGINCOOKIE||Indicates whether to show newsletter popup|
HOW TO CONTACT US
If you have any questions or concerns about our use of your personal information, please contact our Data Protection Officer at the following address Dataprotection@pluspets.uk