INTRODUCTION
This Privacy Policy sets out the basis on which we will process any Personal Data that we may collect about you as a visitor to our website at www.sjstationery.co.uk or our customers or potential customers, or other business partners or in any other cases where we specifically state that this policy will apply. This policy further sets out how we protect your privacy and your rights in respect of our use of your Personal Data.
WHO IS THE DATA CONTROLLER?
A “data controller” is a person or organisation who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. In this sense, SJ Stationery, London, Greater London, UK, (“SJ Stationery”, “we”, “us”, “our”) is the data controller. If you have any questions about cookies or about data protection at SJ Stationery in general, you can reach us by email using [email protected].
WHAT IS PERSONAL DATA?
Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute Personal Data.
WHY DO WE HAVE A PRIVACY POLICY?
The UK’s Data Protection Act (“DPA”) and the EU's General Data Protection Regulation (“GDPR”) control how your Personal Data is used by us.
WHAT ARE THE LEGAL BASES FOR PROCESSING PERSONAL DATA
All Personal Data that we obtain from you via our website will only be processed for the purposes described in more detail below. This is done within the framework of the DPA and the GDPR and only if at least one of the following applies: a) you have given your consent, b) the data is necessary for the fulfilment of a contract / pre-contractual measures, c) the data is necessary for the fulfilment of a legal obligation, or d) the data is necessary to protect the legitimate interests of our company, provided that your interests are not overridden.
WHAT PERSONAL DATA DO WE COLLECT FROM YOU?
We may collect and process the following Personal Data about you:
a) Personal Data that you give us:
This is information about you that you give to us by filling in forms on our website (or other forms that we ask you to complete), or when you place orders, or correspond with us. It may include, for example, your name, address, email address and telephone number; information about your business relationship with us; and information about your requirements and interests.
We also process your first name, last name, e-mail address, billing and shipping address for the delivery of your order to handle the contractual relationship. Where any Personal Data relates to a third party, you represent and warrant that the Personal Data is up-to-date, complete, and accurate and that you have obtained the third party’s prior consent for our collection, use and disclosure of their Personal Data for the Purposes.
Payment Data will be processed via Wix Payment (Wix.com). Payment will solely be processed through Wix and we do not directly collect or store payment data.
When you leave comments in our blog, you may display certain Personal Data, share certain details, engage with others, exchange knowledge and insights, post and view relevant content. In order to make a comment you must first create an account and your email and password. Alternatively, you may use Third-party Connect features such as Facebook Connect and Google. When registering via connect functions of third-party providers, you agree to the respective terms and conditions and also consent to certain data from your profile being transferred to us.
b) Personal Data that our website and other systems collect about you:
If you visit our website it will automatically collect some information about you and your visit, including the Internet protocol (IP) address used to connect your device to the Internet and some other information such as the pages on our site that you visit. This is used to monitor the performance of the website and improve the experience of visitors to the website.
We use so-called cookies on our website. Cookies are pieces of information that are transmitted from our web server or third-party web servers to your web browser and stored there for later retrieval. Cookies may be small files or other types of information storage. As set out in the DPA and the EU`s Privacy and Electronic Communications Directive (“PECD”), we need to obtain consent for the use of Non-essential Cookies. For further information on the cookies we use, please refer to our Cookie Policy.
We also work together with advertising partners who help us to make our internet offer more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). In terms of advertising we adhere to the Digital Advertising Alliance’s AdChoices program principles. For further details and opt-out options, please refer to our Cookie Policy.
Our website uses a cookie consent tool to obtain your consent to the storage of cookies and to document this consent. When you enter our website, the following Personal Data is transferred to us: i) Your consent(s) or revocation of your consent(s); ii) Your IP address; iii) Information about your browser; iv) Information about your device; v) Time of your visit to our website.
c) Other information:
We may also process aggregated data such as statistical or demographic data for any purpose including improving our website and services. Aggregated data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.
DATA PROCESSING THROUGH THIRD-PARTY SERVICES
We use content or service offers of third-party providers on the basis of our legitimate interests in order to integrate their content and services ("content"). This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content.
The following provides an overview of third-party providers and their content, together with links to their privacy policies, which contain further information on the processing of data and so-called opt-out measures, if any: a) Hosting and Content Management System: Wix.com Ltd; b) Analytics: Google Analytics by Google; c) Spam Protection: Google reCAPTCHA;
HOW WILL WE USE YOUR PERSONAL DATA?
We may collect, store and use your Personal Data for the following purposes:
● to operate, manage, develop and promote our business and, in particular, our relationship with you and related transactions including, for example:
○ marketing purposes (when we have either gathered prior opt-in consent and/or have a legitimate interest to send you communications which we believe to be relevant and of use to you);
○ accounting and billing / payment purposes;
○ to operate, administer and improve our website and shop and other aspects of the way in which we conduct our business and operations;
○ to offer you our services and products;
○ to provide you with services and products or information that you may have requested; and
○ to keep you informed and updated on relevant or services you may be interested in.
● to protect our business from fraud, money-laundering, breach of confidence, theft of proprietary materials and other financial or business crimes;
● to comply with our legal and regulatory obligations and bring and defend legal claims and assert legal rights; and
● if the purpose is directly connected with an assigned purpose previously made known to you.
We will only process your Personal Data as necessary so that we can pursue the purposes described above and where we have a legal basis for such processing. Where our lawful basis for processing is that such processing is necessary to pursue our legitimate interests, we will only process your Personal Data where we have concluded that our processing does not prejudice you or your privacy in a way that would override our legitimate interest. In exceptional circumstances we may also be required by law to disclose or otherwise process your Personal Data.
CHANGE OF PURPOSE
We will only use your Personal Data for the purposes for which we collected it as detailed above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
DISCLOSURES OF YOUR PERSONAL DATA
Your Personal Data will be shared internally to ensure the efficient operation of our business (for instance, by sourcing our shared services in the most cost-effective way) and to provide the highest quality of client services.
Where required, we will (subject to applicable laws, our professional obligations and any terms of business which we may enter into with you) disclose your Personal Data to:
● any person or entity to whom we are required or requested to make such disclosure by any court of competent jurisdiction or by any governmental, taxation or other regulatory authority, law enforcement agency or similar body;
● provide our website and service;
● use marketing services and to advertise our services online;
● our professional advisers or consultants, including lawyers, bankers, auditors, accountants and insurers providing consultancy, legal, banking, audit, accounting or insurance services to us;
● any financial institutions providing finance to us;
● service providers who provide delivery services, information technology and system administration services to us; and
● any external auditors who may carry out independent checks of your files.
We require any person or entity to whom we disclose Personal Data to respect the confidentiality and security of your Personal Data and to treat it in accordance with applicable laws and regulations. We do not allow such recipients of your Personal Data to use it for their own purposes, and we only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
International transfers
We may transfer your Personal Data to other companies as necessary for the purposes described in this Privacy Policy. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organisational measures to protect the Personal Data we transfer.
MARKETING
Insofar as you have given us your consent to process your Personal Data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.
You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission, or sometimes your consent is implied from your interactions or contractual relationship. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving marketing communication based on your interactions or contractual relationship with us.
Our Marketing generally takes the form of email using the services of MailChimp but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent by us or on our behalf will include a means by which you may unsubscribe or opt out.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We will delete your Personal Data when we no longer need such Personal Data, for instance where:
● it is no longer necessary for us to retain your Personal Data to fulfil the purposes for which we had collected it;
● we believe that your Personal Data that we hold is inaccurate; or
● in certain cases where you have informed us that you no longer consent to our processing of your Personal Data.
Sometimes, however there are legal or regulatory requirements which may require us to retain your Personal Data for a specified period, and in such cases we will retain your Personal Data for such specified period; and we may need to retain your Personal Data for certain longer periods in relation to legal disputes, and in such cases we will retain it for such longer periods to the extent required.
HOW WE SECURE YOUR PERSONAL DATA
We take appropriate organisational, technical, and physical measures to help safeguard against accidental or unlawful destruction, loss, alteration, and unauthorised disclosure of, or access to, the Personal Data we collect and process. However, no method of collection, storage, or transmission is 100% secure. You are solely responsible for protecting your password, limiting access to your devices, and signing out of websites after your sessions.
LINKED SITES
For your convenience, there may be hyperlinks on our website that link to other websites. We are not responsible for, and this Privacy Policy does not apply to the privacy practices of any linked websites or of any companies that we do not own or control. The website links may collect information in addition to the information we collect.
We do not endorse any of these linked websites, their products, services, or any of the content on their websites. We encourage you to seek and read the Privacy Policy of each linked website that you visit to understand how the information that is collected about you is used and protected.
YOUR RIGHTS AND PRIVILEGES
a) Privacy rights
You can exercise the following rights:
● The right to access;
● The right to rectification;
● The right to erasure;
● The right to restrict processing;
● The right to object to processing;
● The right to data portability;
b) Updating your information and withdrawing your consent
If you believe that the information we hold about you is inaccurate or request its rectification, deletion, or object to legitimate interest processing, please do so by contacting us.
c) Access Request
In the event you want to make a Data Subject Access Request, please contact us. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.
d) Complaint to a supervisory authority
The supervisory authority in the UK is the Information Commissioner's Office (ICO) (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO or any other supervisory authority.
e) What we do not do
● We do not request Personal Data from minors and children;
● We do not process special category data without obtaining prior specific consent; and
● We do not use Automated decision-making including profiling.
HELP AND COMPLAINTS
If you have any questions about this policy or the information we hold about you please contact us by email using [email protected].
CHANGES
The first version of this policy was issued on Wednesday 10th of July 2024 and is the current version. Any prior versions are invalid and if we make changes to this policy, we will revise the effective date.
Reviews
There are no reviews yet.