Wordcraft International is committed to protecting the privacy and security of your personal data by complying with all data protection laws applicable to the United Kingdom.
We greatly respect your privacy and will do our utmost to keep the information you provide to us secure. This includes information that you submit to us via our website, in-store, by telephone or any related applications and services.
Please also read our Terms & Conditions of sale.
For brevity throughout this policy, ‘we’, ‘us’ and ‘Wordcraft’ are used to refer to Wordcraft International Limited.
Who we are
Wordcraft International is registered as Wordcraft International Limited in England and Wales, number 02043431.
For all our services, the data controller responsible for the privacy of your data is Wordcraft International Limited.
Why we collect personal data
So that we, as a retailer, may provide a service and fulfill any obligations to you (as a visitor, user or our customer) it is necessary for us to collect and process personal data. The EU General Data Protection Regulation (Regulation EU 2016/679), (GDPR) sets out in law a number of different reasons why a company may collect and process your personal data. We use the following lawful basis for processing your personal information:
We may process your information in situations where we have gained your explicit consent. For example, when you place an order.
Generally we do not rely on consent as a legal basis and you have the right to withdraw your consent to marketing at any time by contacting us using the contact details at the end of this policy.
We process personal data routinely to comply with contractual obligations we are about to enter into or have entered into with you. For example, we need to collect your delivery address details and pass to our couriers in order to deliver your purchase to you.
We require your data to pursue our legitimate interests in a way which might reasonably be expected and which does not impact your interests, freedoms and fundamental rights. For example, we can use your order history to send you personalised offers and your address details to send you direct marketing information by mail. We can also combine the shopping history of many customers to identify trends to better understand their needs.
In certain situations the law requires us to collect and process your data to comply with our legal or regulatory obligation. For example, we can pass details of fraudulent transactions or other criminal activity affecting our business to law enforcement.
Information we may collect about you
Personal data means any information which relates to an individual and can be used for the purposes of identification, either directly or indirectly, typically through the use of an identifier. It does not include data where the identity has been removed.
The different kinds of personal information we may collect is shown below:
- Title, first name, last name.
- Billing address, delivery address, email address and telephone numbers.
- Payment transaction details to and from you (order receipts, refunds etc) and other details of products and services you have purchased from us.
Special Category (Sensitive) and Criminal Offence Data
We do not collect any Special Category Data or Sensitive Personal Data about you (such as your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any Criminal Offence Data about criminal convictions and offences.
The only exception to the above is for those attending a course at the Wordcraft offices. When registering to attend we will ask you to voluntarily disclose any pre-existing medical conditions or allergies we should be aware of so that we can best prepare for and ensure the safety of your visit.
If you fail to provide personal information
Where we need to collect personal information, either by law or under the terms of a contract we have with you, and you fail to provide the information upon request, we may not be able to fulfil the contract we have or are trying to enter into with you. For example, to deliver an order to you. This may lead to the cancellation of the contract between us. However, if this is the case we will notify you accordingly.
Personal identification documents
How we collect your data
We collect different information about you in a number of ways:
Information you give us
When you create an account, make a purchase, register for an event, request marketing materials or give us feedback, we will store the personal information you give us such as your name, email address, postal address, telephone number and card details (encrypted in the form of an authorisation token). We will also keep a record of your purchases and any communications you have with us.
Automated technologies or interactions
We do not collect data when you interact with our website
Information from third parties
We do not seek to obtain, have never and will never purchase personal information about you from third parties.
How we may use your information
We have set out below all the ways in which we use your personal information. We will only use your information when the law allows us to. In some instances, depending on the specific purpose for which we are using your data, there may be more than one lawful ground for processing your information.
We aim to communicate with you about the products and services we provide in a way that you find relevant, timely, respectful and never excessive. To do this we use data we have collected and stored about you as a result of our contractual obligations in conjunction with any contact preferences you have told us about.
We only send marketing based communications by email where you have given us explicit consent; for example, by ticking the box to opt in during registration or guest checkout on our website. We use legitimate interest as the legal basis for communications by mail. In both instances you have the right to opt out of receiving these at any time either by contacting us or by updating your direct marketing preferences.
As part of our service to you, we may contact you by email or telephone to provide essential information related to your purchase or visit.
How is my personal data shared?
We do not and will not share or sell any of your personal data to any third party for any purpose.
How we protect your personal data
We understand how important data security is to you and therefore take all appropriate steps to safeguard the collection, transmission and storage of the data we collect.
All areas of our website are protected with secure connections over “https” technology. Access to your personal data is password protected and we use secure server technology that implements Transport Layer Security (TLS) encryption to protect your sensitive data.
If you use your credit or debit card to purchase from us, we will ensure that this is carried out securely. We give the option for you to store your card details safely online for future transactions. We do this by generating an authorisation token in a way that means none of our staff members can see your full card number.
We also generate authorisation tokens when you place an order with us using a credit or debit card. Only we can use the authorisation token generated and since we only charge your card on dispatch, it is necessary in instances where part shipment of items is required e.g. to fulfil backorders. We never store your card details or security code in plain text.
Our systems are monitored for possible vulnerabilities and attacks, and we are continually looking to identify ways to further strengthen security in line with new technological advances and best practices.
Where your personal data may be processed
We store your data on secure servers in the European Economic Area (EEA). However, sometimes we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA); for example, when placing an international order we’ll need to transfer your personal data between countries to enable us to supply the goods or services you’ve requested. If we do this, our contracts stipulate the standards they must follow at all times and we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA.
By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf within the UK. You have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.
Your rights over your personal data
If you choose to share personal data with Wordcraft International you have rights relating to your personal information. You have the right to request:
- Access to the personal data we hold about you, free of charge, in most cases.
- The correction of inaccurate, out of date or incomplete personal data held about you.
- Your personal information to be erased, not processed or collected where there is no good reason for us to continue processing it. Otherwise known as `the right to be forgotten`.
- We stop using your personal data for direct marketing (either through select or all channels).
- We stop any content based processing of your personal data after you have withdrawn your consent.
- We transfer or port elements of your data either to you or another service provider.
- A review of any decision made based solely on automatic processing of your data.
- Complain to the data protection regulator (see contacting the regulator).
- If we choose not to action your request we will explain to you our reasons for refusal.
Checking your identity
We may need to request specific information from you as a security measure. This is to confirm your identity and prevent personal information being disclosed to any person who has no right to receive it.
Time limit to respond
We aim to respond to all legitimate requests within one month. Occasionally it may take us longer if your particular request is complex or you have made a number of requests.
Deleting information and deactivation of accounts
You may request that your account is deleted by contacting us. Once deleted, your data, including previous order history, cannot be reinstated.
Retention of information
When we collect or process your personal information we will only keep it for as long as it is necessary to provide our services to you and to comply with our legal and contractual obligations.
At the end of that retention period, your data will be either deleted or anonymised. In the latter scenario the data will be used in a non-identifiable way for statistical and business planning purposes.
Example retention periods
For purposes such as tax, accounting and warranty we will keep a record of all orders placed with us for the legally required duration of seven years.
Links to other websites
Contacting the regulator
If you wish to make a complaint about the way we handle your personal data, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you may contact the Information Commissioner’s Office by calling 0303 1231113 or contacting them via their website: www.ico.org.uk
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
Write to us:
Heritage Business Centre
Last updated: 26th October, 2019