This is privacy notice of the Battersea Pen Home
We respect your privacy and are determined to protect your personal data. The purpose of this privacy notice is to let you know how we look after your personal data when you visit our website.
We are committed to safeguarding your privacy while providing the best possible quality of service. By using our website or any of our services, or providing us with any personal data, you agree to your personal data being used and disclosed in the manner set out in this policy. We only use the information we collect about you lawfully and we observe the conditions of UK Data Protection as laid down in the General Data Protection Regulation 2018 (GDPR). We are registered under the Data Protection Act 1998. Our Data Protection Registration Number is ZA428687.
What is the purpose of this privacy notice?
This privacy notice aims to give you information on how we collect and process your personal data through your use of this website, including any data you provide through this website when you, for example, sign up to our newsletter or purchase an item.
This website is not intended for children and we do not knowingly collect data relating to children.
You must read this privacy notice so that you are fully aware of how and why we are using your data. We may need to update this notice in the future and we will notify you of this on our home page
- Data controller
The Battersea Pen Home is the data controller and responsible for your personal data (collectively referred to as ["COMPANY"], "we", "us" or "our" in this privacy notice). Our address is PO Box 6128, Epping CM16 4RA. Our email is firstname.lastname@example.org. Our phone number is 01992-578885. For all data matters contact Simon Gray on email@example.com
The Battersea Pen Home is the controller and responsible for this website.
- The Data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. You can find out more about personal data from the Information Commissioners Office.
When you complete an online form, register with us or shop with us, we may collect, use and store different types of data such as your name, gender, billing/delivery address, username, email address, phone number, product choices; password (encrypted); Credit/Debit card details when ordering by phone (which we keep on paper and destroy when the order has been processed). We may also collect and hold information about your interactions with us both online and by phone in order to process your transactions and deal with future queries.
- How do we collect your personal data?
We collect information when you visit our website or use your account; make an order online or by phone; create an account on our website; sign up for our newsletter; contact us by any means or when you leave product or website feedback. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this information using cookies and other technologies.
- How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Performance of Contract which means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
- Legitimate Interest which means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
- Comply with a legal or regulatory obligation this means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
- We will use your information only for the following purposes:
- To process your orders and enquiries including dealing with payments
- To register you as a customer
- To assist with any of your enquiries
- For statistical or survey purposes to improve this website
- To make suggestions to you about goods or services which might be of interest to you
- Marketing and Opting out
You can ask us or third parties to stop sending you marketing messages at any time by checking the ‘unsubscribe’ box at the foot of our emails; by replying to our email with the word ‘remove’ as the email subject, by phoning us on 01992-578885 or by emailing us at firstname.lastname@example.org. If you opt out of receiving these marketing messages, this will not affect personal data provided to us as a result of a purchase of a product or service.
- Who we share your personal data with
We will never sell or disclose your personal information to a third party or use your information for purposes other than described in this policy. We may give your personal information to our trusted service partners in order to process payment and delivery of your order.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
By using our website, you (the visitor) agree to allow third parties to process your IP address, in order to determine your location for the purpose of currency conversion. You also agree to have that currency stored in a session cookie in your browser (a temporary cookie which gets automatically removed when you close your browser). We do this in order for the selected currency to remain selected and consistent when browsing our website so that the prices can convert to your (the visitor) local currency.
- International Transfers
We do not transfer your data outside the European Economic Are (EEA). Our website host and payment processor, Shopify, does transfer your data outside of the EEA and has the following protections in place to protect your data:
- Adherence to domestic laws that have been deemed adequate by the European Commission
- Negotiated agreements (such as the EU-U.S. Privacy Shield)
- Contractual protections
- Approved sets of internal policies (Binding Corporate Rules)
- Approved codes of conduct or certifications
Shopify has protections for personal data in every step of its data flow, as described below.
Within the EEA personal data is received and initially processed by Shopify's Irish entity, Shopify International Ltd.
Data is exported from the EEA to Shopify’s Canadian parent entity, Shopify Inc. This export takes place within Shopify’s corporate structure. Data within Shopify Inc. is protected under PIPEDA, Canada’s private sector privacy legislation, which is considered adequate under the GDPR.
Shopify Inc. uses a combination of data centers and cloud service providers to store this personal data in the United States and Canada. When personal data is transferred to the United States, it is either done so through the EU-U.S. and Swiss-U.S. Privacy Shield, for Shopify’s own storage, or through contractual data protection addenda (DPAs) with third-party service providers. The EU-U.S. and Swiss-U.S. Privacy Shields are also considered adequate under the GDPR. Shopify’s Privacy Shieldcertification statement can be found on PrivacyShield.gov
Additionally, Shopify is in the process of applying for approval of Binding Corporate Rules (BCRs) by the Irish Data Protection Commissioner. After they are approved, Shopify will rely on these BCRs to protect the personal data that is transferred between Shopify’s corporate entities worldwide.
- Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
- You have the following rights:
Unless subject to an exemption under the data protection laws, you have the following rights with respect to your personal data:
- to request what personal data we hold about you
- to access the data we hold on you
- to have your data corrected
- to request your personal data is erased
- to restrict the processing of your data
- to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller (known as the right to data portability
If you wish to exercise any of the rights set out above, contact Simon Gray at email@example.com
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable admin fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
- Queries and requests
To exercise all relevant rights, queries or complaints in relation to this policy or any other data protection matter between you and us, please in the first instance contact Simon Gray on 01992-578885
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 0303-1231113 or via email https://ico.org.uk/global/contact-us/email/or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England, UK.