Rally Design Limited: Website Privacy Policy Rally Design Limited is a company registered in England and Wales (hereinafter referred to as "We", "Our" or "Us"). OVERVIEW We are required by law (in particular by the General Data Protection Regulation 2018) to comply with data protection requirements in the way in which we use any personal information collected from you in your use of this Website and in relation to any services provided to you by us. We therefore take very seriously our obligations in relation to the way in which we use your personal information. This notice, which including without limitation applies when using the Website rallydesign.co.uk, provides you with information about: - How we use your data,
- What personal data we collect,
- Who we share your data with,
- How we ensure your privacy is maintained; and
- Your rights relating to your personal data.
By providing us with your personal data you consent to our processing your personal data, including your sensitive personal data, for the purposes set out in these Terms. For the purpose of the General Data Protection Regulation (EU Regulation 2016/679, the “GDPR”), and the EU Data Protection Directive (Directive 95/46/EC), the data controller is Rally Design Limited of Unit 4 St. Augustine's Business Park, Estuary Way, Swalecliffe, Kent, CT5 2QJ. INFORMATION WE MAY COLLECT FROM YOU AND OTHER SOURCES Although the precise details of the personal information collected will vary according to the specific purpose for which we are collecting the information, we may collect and process the following data about you: - Information that you provide by filling in forms on our social media pages or on our Website. This includes information provided at the time of registering to use our Website, subscribing to our service, purchasing goods, posting material or requesting further services. We may also ask you for information when you report a problem with our Website.
- If you contact us by phone, email or otherwise and is provided voluntarily, we may keep a record of that correspondence.
- We reserve the right to record and monitor telephone conversations that we have with you on occasion. The sole purpose of any recording is for training and quality control purposes. Under the GDPR any personal or confidential information disclosed shall not be made available to any third party (unless required by law to do so) or used for marketing purposes. Recorded conversations are deleted within reasonable period after the recording was made.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of transactions you carry out through our Website and of the fulfilment of your orders.
- Details of your visits to our Website including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
- We also collect behavioural and browsing data from you for the purposes of offering you a tailored or personalised online shopping experience.
- We may collect information about your computer or other devices, including where available your IP address, operating system and browser type, for system administration and to report aggregate information. This is statistical data about our users' browsing actions and patterns, and does not identify any individual. We collect some of this information using Cookies, see below and our cookies policy. We may also collect any personal information which you allow to be shared that is part of your public profile on a third party social network.
- We obtain certain personal information about you from sources outside our business which may include our group of companies (further defined below). We may receive your personal information from other sources, such as: public databases, our retail and supplier partners, joint marketing partners; social media platforms; from people with whom you are friends or otherwise connected on social media platforms, as well as from other third parties. For example, this other personal data helps us to:
- Provide the relevant services in an accurate manner,
- Review and improve the accuracy of the data we hold; and
- Improve and measure the effectiveness of our marketing communications, including online advertising.
USES MADE OF THE INFORMATION We use information held about you in the following ways: - To ensure that content from our Website is presented in the most effective manner for you and for your computer or other devices.
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- To carry out our obligations arising from any contracts entered into between you and us. For example, we pass your contact details to our courier company who may contact you via SMS to confirm delivery of your order. We may notify our suppliers of your details for any warranty purposes.
- To allow you to participate in interactive features of our service, when you choose to do so.
- To enhance your experience whilst using our Website.
- To notify you about changes to our service.
- If you are an existing customer, we will only contact you by electronic means with information about goods and services that we offer.
- If you are a new customer, we will contact you by electronic means if you have consented to this.
- We may use your personal information to contact you if there are any urgent safety or product recall notices to communicate to you where we otherwise reasonably believe that the processing of your personal information will prevent or reduce any personal harm to you. It is in your vital interests for us to use your personal information in this way.
THIRD-PARTY LINKS Our Website may include links to third-party Websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party Websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy notice of every Website you visit. FACEBOOK PLUGINS This Website uses social plugins (“Plugins”) provided by the social network https://facebook.com, operated by Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA (“Facebook”). The plugins are identifiable by a Facebook logo (white letter “f” on blue background or a “thumbs up” icon) or the notice “Facebook Social Plugin”. When you visit a page on our Website that contains a social plugin, your browser establishes a direct connection to Facebook servers. Thus, Facebook receives the information about you having accessed with your IP-address the respective page of our Website. If you interact with the plugins, for example by clicking “Like” while you are logged into Facebook, you may link the contents of our Website to your Facebook account. Facebook can ascribe your visit to our Website to your Facebook account. Please note that we as the operator of the Website have no information on the scope of data collection and procession by Facebook. For further information please visit Facebook’s Privacy Policy. If you are a Facebook member and do not want Facebook to connect the data concerning your visit to our Website with your member data already stored by Facebook, please log off Facebook before visiting our Website. GOOGLE ANALYTICS This Website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the Website analyse how users use the site. The information generated by the cookie about your use of the Website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Using a method known as IP masking, Website owners that use Google Analytics have the option to tell Google Analytics to shorten the IP-address inside of member states of the European Union or other member states of the Agreement on the European Economic Area and to only use this portion of the IP address, rather than the entire IP address. Only in exceptional cases the full IP-address will be transmitted to a Google server located in the United States and shortened there. Google will use this information for evaluating your use of the Website, compiling reports on Website activity, for Website operators and providing other services relating to Website activity, and Internet usage. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this Website. In addition you may prevent Google from obtaining information generated by the cookie and related data about your use of the Website (including your IP-address) as well as the processing of this data by Google by downloading and installing a browser-plugin https://tools.google.com/dlpage/gaoptout. TWITTER This Website uses services from Twitter. Twitter is operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. By using Twitter and the retweet function the Websites you’ve visited will be associated with your twitter account and published to other users. By doing so data will be transmitted to Twitter. Please note that we as the operator of the Website have no information on the scope of data collection and procession by Twitter. For further information please visit Twitter’s Privacy Policy. You may amend your Twitter privacy policy options within your account details on https://twitter.com/account/settings. COOKIES The Website uses cookies to track use of the web and to assist functionality. A cookie is a small file of text which is downloaded onto your computer (or other devices) when you access our Website and it allows us to recognise you when you log in. We use cookies for the purpose of allowing us to understand who is accessing our Website and helping us to gather information on trends etc. They help us to improve our Website and to deliver a better and more personalised service. They enable us: - To estimate our audience size and usage pattern,
- To store information about your preferences, and so allow us to customise our Website according to your individual interests,
- To speed up your searches; and
- To recognise you when you return to our Website.
If you object to cookies or want to delete any cookies that are already stored on your device, we recommend that you follow the instructions for deleting existing cookies and disabling future cookies on your file management software. Further information on deleting or controlling cookies is available at https://www.aboutcookies.org. Please note that by deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our Website or may have to re-enter information that may otherwise be held electronically on your device within the cookie. Our Website saves the contents of your basket when you haven’t completed a transaction. If you quit our Website without placing an order the system will remember the items you added to your basket and may send you an email with a reminder. We do this to make sure your shopping experience is as hassle free as possible. If you do not want to receive these emails in the future, please click on the unsubscribe link at the bottom of the email you have received. DISCLOSURE OF YOUR INFORMATION In order to make certain services available to you, we may need to share your personal data with third parties. - We may disclose your personal information to:
- Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006,
- Our trusted service providers acting on our behalf who provide services such as web hosting, web analytics and integration, order fulfilment, data analysis including data personalisation, infrastructure provision, email marketing data, review sites of our services, auditing services and other services to enable them to provide services,
- Our delivery agents who deliver your orders; and
- Third party suppliers who manage our secure payment platform and credit card processing.
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Rally Design Limited substantially sell all of its assets or are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms and conditions of supply and other agreements; or to protect the rights, property, or safety of Rally Design Limited, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
INTERNATIONAL TRANSFERS It is sometimes necessary for us to share your data outside of the European Economic Area (EEA). This generally occurs when our service providers are located outside of the EEA or you are based outside of the EEA. If this happens, we will ensure that the transfer will be compliant with the relevant data protections laws including the GDPR. Our standard practice is to use standard contractual clauses which have been approved by the European Commission for such transfers. Those clauses can be accessed at https://ec.europa.eu/info/law/law-topic/data-protection_en. Where standard contractual clauses are not used and your data is transferred to the United States, we will ensure that the service providers have signed up to the EU-US Privacy Shield which is a framework designed to protect the fundamental rights of anyone in the EU whose personal data is transferred to the United States for commercial purposes. HOW DO WE PROTECT YOUR DATA We are committed to keeping your personal data safe and secure and employ a number of security measures such as: - We ensure our Website and data is supported with TLS1.2 technology using RSA 2048 bit security standard,
- Monitoring and auditing our service providers to ensure they have an adequate level of protection as required under the PCI DSS,
- All credit and debit card payment transactions are initiated on our Website via our online shopping basket; and
- All information you provide to us is stored on our secure servers. For registered users, where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
We use reasonable, organisational, technical and administrative measures to protect personal information under our control. Although we will do our best to protect your personal data, any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. During your online transactions your personal data, including credit card and payment details, will be transmitted encrypted at all times. SSL technology enables automatic encryption (scrambling) of all data processed via our Website. Your browser shows the security of a Website by displaying the “padlock” or “key” icon in the browser window. This shows you that your data will be secure and protected on our Website. LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA The personal data that you provide to us in order to purchase goods and other personal data generated for transactional agreements is processed as it is necessary for the performance of a contract with you. All other personal data is processed for our legitimate interests (as set out below) and to comply with our legal obligations. In general, we only rely on consent: - To send direct marketing communications to customers via email or text message; and
- To contact new customers by electronic means. You have the right to withdraw your consent at any time.
OUR LEGITIMATE INTERESTS The normal legal basis for processing customer data, is that it is necessary for our legitimate interests including, but not limited to: - Selling and supplying goods and services to our customers,
- Protecting customers, employees and other individuals and maintaining their safety, health and welfare,
- Promoting, marketing and advertising our products and services,
- Sending promotional communications which are relevant and tailored to individual customers,
- Understanding our customers’ behaviour, activities, preferences, and needs,
- Complying with our legal and regulatory obligations,
- Preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies,
- Handling customer contacts, queries, complaints or disputes,
- Protecting us and our employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to us,
- Effectively handling any legal claims or regulatory enforcement actions taken against us; and
- Fulfilling our duties to our customers, colleagues, shareholders and other stakeholders.
YOUR RIGHTS At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights: - Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
- Right to judicial review - in the event that we refuse your request under rights of access, we will provide you with a reason as to why.
All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data. You can also exercise the right at any time by contacting us at Rally Design Limited by any of the means outlined below. Our Website may, from time to time, contain links to and from the Websites of our partner networks, advertisers and affiliates. If you follow a link to any of these Websites, please note that these Websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these Websites. HOW LONG DO WE KEEP YOUR DATA? We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. - Our procedures to manage data retention is to retain customer data for 2 years.
Any email marketing unsubscribe function will remove your details from marketing lists and confirmation of your removal will be sent to your email address. - Data back-ups can take up to 14 days to remove specific data from the system.
We will take reasonable steps under Article 17 of the GDPR to meet data subject requests. CHANGES TO OUR PRIVACY NOTICE Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. CONTACT If you have any questions about how we use your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact us by any of the following means: - Email us on: sales@rallydesign.co.uk
- Write to us at: Rally Design Limited, Unit 4 St. Augustine's Business Park, Estuary Way, Swalecliffe, Kent, CT5 2QJ.
You have the right to make a complaint at any time to the local data protection supervisory authority which, for the UK, is the Information Commissioner's Office (ICO) at https://ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. DISCLAIMER Headings in this document are used for convenience and shall not affect the construction or interpretation. If you are reading a translation of this document in a language other than English, you acknowledge and agree that: - The English version is the official version,
- The non-English version is provided for your convenience only and the translation will not be valid as an agreement,
- In the event of any inconsistency between the English and a non-English version of any document, the English version will prevail and govern; and
- In the event of a dispute, it will always be the definitive master documents written in the English Language that takes precedent.
This document shall be governed by and construed in accordance with English law and you irrevocably agree that the Courts of England shall have exclusive jurisdiction to settle any dispute which may arise.
|