Privacy Policy

Purpose of this Privacy Policy

Wordcraft International is committed to protecting the privacy and security of your personal data by complying with all data protection laws applicable to the United Kingdom.

We greatly respect your privacy and will do our utmost to keep the information you provide to us secure. This includes information that you submit to us via our website, in-store, by telephone or any related applications and services.

The purpose of this privacy policy is to clearly explain the information we collect, how we use and share it, how to manage your marketing preferences and a confirmation of your rights. It is important that you read this privacy policy when we are collecting or processing personal information about you so that you are aware of how and why we are using your personal information.

Please also read our Terms & Conditions of sale.

It is likely that we will need to update this privacy policy from time to time so please return to this page periodically in order to keep up-to-date with any changes. When we make significant changes to the policy we will also notify you accordingly where we have accurate contact details and where you would expect to receive communications from us.

If you have any questions regarding our privacy policy or you object to any changes made in the future, please contact the Data Protection Officer at Wordcraft International using the contact details at the end of this policy.

For brevity throughout this policy, ‘we’, ‘us’ and ‘Wordcraft’ are used to refer to Wordcraft International Limited.

Who we are

Wordcraft International is registered as Wordcraft International Limited in England and Wales, number 02043431.

For all our services, the data controller responsible for the privacy of your data is Wordcraft International Limited.

Why we collect personal data

So that we, as a retailer, may provide a service and fulfill any obligations to you (as a visitor, user or our customer) it is necessary for us to collect and process personal data. The EU General Data Protection Regulation (Regulation EU 2016/679), (GDPR) sets out in law a number of different reasons why a company may collect and process your personal data. We use the following lawful basis for processing your personal information:

Consent

We may process your information in situations where we have gained your explicit consent. For example, when you place an order.

Generally we do not rely on consent as a legal basis and you have the right to withdraw your consent to marketing at any time by contacting us using the contact details at the end of this policy.

Contractual obligations

We process personal data routinely to comply with contractual obligations we are about to enter into or have entered into with you. For example, we need to collect your delivery address details and pass to our couriers in order to deliver your purchase to you.

Legitimate interest

We require your data to pursue our legitimate interests in a way which might reasonably be expected and which does not impact your interests, freedoms and fundamental rights. For example, we can use your order history to send you personalised offers and your address details to send you direct marketing information by mail. We can also combine the shopping history of many customers to identify trends to better understand their needs.

Legal compliance

In certain situations the law requires us to collect and process your data to comply with our legal or regulatory obligation. For example, we can pass details of fraudulent transactions or other criminal activity affecting our business to law enforcement.

Information we may collect about you

Personal data means any information which relates to an individual and can be used for the purposes of identification, either directly or indirectly, typically through the use of an identifier. It does not include data where the identity has been removed.

The different kinds of personal information we may collect is shown below:

Special Category (Sensitive) and Criminal Offence Data

We do not collect any Special Category Data or Sensitive Personal Data about you (such as your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any Criminal Offence Data about criminal convictions and offences.

The only exception to the above is for those attending a course at the Wordcraft offices. When registering to attend we will ask you to voluntarily disclose any pre-existing medical conditions or allergies we should be aware of so that we can best prepare for and ensure the safety of your visit.

If you fail to provide personal information

Where we need to collect personal information, either by law or under the terms of a contract we have with you, and you fail to provide the information upon request, we may not be able to fulfil the contract we have or are trying to enter into with you. For example, to deliver an order to you. This may lead to the cancellation of the contract between us. However, if this is the case we will notify you accordingly.

Personal identification documents

Where the law requires or we deem it necessary to prevent fraudulent activity we may ask you to provide proof of age or identity (including your passport and driver’s licence). For example, when purchasing an age restricted item or applying for a credit facility with us. This will include details of your full name, address, date of birth and facial image. A passport will also include your place of birth, gender and nationality. All data provided in this way will be treated as personal data and used in accordance with this Privacy Policy.

How we collect your data

We collect different information about you in a number of ways:

Information you give us

When you create an account, make a purchase, register for an event, request marketing materials or give us feedback, we will store the personal information you give us such as your name, email address, postal address, telephone number and card details (encrypted in the form of an authorisation token). We will also keep a record of your purchases and any communications you have with us.

Automated technologies or interactions

We do not collect data when you interact with our website

Information from third parties

We do not seek to obtain, have never and will never purchase personal information about you from third parties.

How we may use your information

We have set out below all the ways in which we use your personal information. We will only use your information when the law allows us to. In some instances, depending on the specific purpose for which we are using your data, there may be more than one lawful ground for processing your information.

Marketing communications

We aim to communicate with you about the products and services we provide in a way that you find relevant, timely, respectful and never excessive. To do this we use data we have collected and stored about you as a result of our contractual obligations in conjunction with any contact preferences you have told us about.

We only send marketing based communications by email where you have given us explicit consent; for example, by ticking the box to opt in during registration or guest checkout on our website. We use legitimate interest as the legal basis for communications by mail. In both instances you have the right to opt out of receiving these at any time either by contacting us or by updating your direct marketing preferences.

As part of our service to you, we may contact you by email or telephone to provide essential information related to your purchase or visit.

How is my personal data shared?

We do not and will not share or sell any of your personal data to any third party for any purpose.

How we protect your personal data

We understand how important data security is to you and therefore take all appropriate steps to safeguard the collection, transmission and storage of the data we collect.

All areas of our website are protected with secure connections over “https” technology. Access to your personal data is password protected and we use secure server technology that implements Transport Layer Security (TLS) encryption to protect your sensitive data.

If you use your credit or debit card to purchase from us, we will ensure that this is carried out securely. We give the option for you to store your card details safely online for future transactions. We do this by generating an authorisation token in a way that means none of our staff members can see your full card number.

We also generate authorisation tokens when you place an order with us using a credit or debit card. Only we can use the authorisation token generated and since we only charge your card on dispatch, it is necessary in instances where part shipment of items is required e.g. to fulfil backorders. We never store your card details or security code in plain text.

Our systems are monitored for possible vulnerabilities and attacks, and we are continually looking to identify ways to further strengthen security in line with new technological advances and best practices.

Where your personal data may be processed

We store your data on secure servers in the European Economic Area (EEA). However, sometimes we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA); for example, when placing an international order we’ll need to transfer your personal data between countries to enable us to supply the goods or services you’ve requested. If we do this, our contracts stipulate the standards they must follow at all times and we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA.

International Orders

By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf within the UK. You have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.

Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Policy.

Your rights over your personal data

If you choose to share personal data with Wordcraft International you have rights relating to your personal information. You have the right to request:

Checking your identity

We may need to request specific information from you as a security measure. This is to confirm your identity and prevent personal information being disclosed to any person who has no right to receive it.

Time limit to respond

We aim to respond to all legitimate requests within one month. Occasionally it may take us longer if your particular request is complex or you have made a number of requests.

Deleting information and deactivation of accounts

You may request that your account is deleted by contacting us. Once deleted, your data, including previous order history, cannot be reinstated.

Retention of information

When we collect or process your personal information we will only keep it for as long as it is necessary to provide our services to you and to comply with our legal and contractual obligations.

At the end of that retention period, your data will be either deleted or anonymised. In the latter scenario the data will be used in a non-identifiable way for statistical and business planning purposes.

Example retention periods

For purposes such as tax, accounting and warranty we will keep a record of all orders placed with us for the legally required duration of seven years.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Policy. You should exercise caution and look at the privacy statement applicable to the website in question.

Contacting the regulator

If you wish to make a complaint about the way we handle your personal data, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you may contact the Information Commissioner’s Office by calling 0303 1231113 or contacting them via their website: www.ico.org.uk

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.

Contact us

If you have any questions about this Privacy Policy, please contact our Data Protection Officer who will be pleased to help you.

Email us:

dataprotection@wordcraft.com

Write to us:

Wordcraft International
Heritage Business Centre
Derby Road
Belper
DE56 1SW
United Kingdom

Last updated: 26th October, 2019