Privacy Policy
Privacy Notice
This privacy notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data and keep it safe. We want to make sure you’re fully informed about your rights and how Autochair uses your data.
Contacting us
If you have any questions about this notice or how your data is being used please direct your communication through our Data Controller as follows:
Data Controller
Autochair Limited
Meadow Lane Industrial Estate
Alfreton
Derbyshire
DE55 7JR
Email: datacontroller@autochair.co.uk
Collecting your personal data
Autochair collects your personal information only as necessary to respond to your enquiries, to improve its website, supply you with requested information on Autochair products and to provide you with information that may be of interest to you.
This data could be collected from you through any of the following methods:
· When you fill in an enquiry form on our website
· When you speak to us at an event
· When you contact us by telephone
· When you engage with us on social media
· When you contact us by any means with queries or complaints etc.
· When you enter our prize draws or competitions
· When you complete any surveys we send you
· When you’ve given a third party permission to share with us information they hold about you
· When you interact with our website, we may automatically collect technical data such as details of the type of device you’re using, browsing actions, patterns and IP address. We collect this personal data by using cookies. Please see our cookie policy for further details
We may collect, use, store and transfer different kinds of personal data about you including:
· Data that identifies you including title, first name, surname, address, email address and telephone number. We will also collect your social media username, if you interact with us through those channels.
· Transaction data including payment details and product purchase history
· Technical data including internet protocol (IP) address, browser type and version, time zone setting and location, browser type and versions, operating system and platform.
· Data about your purchases or enquiries made by you, your interests, preferences, feedback and survey responses
· In certain circumstances we may be required to collect and process information about your health
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter with you. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Using your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Contractual obligations
Where we need to perform the contract, we are about to enter into or have entered into with you. For example we collect your address details in order to carry out an assessment and fit the products you wish to buy from us
Legal compliance
In some cases the law requires us to collect and pass on your data, for example we will pass on details of people involved in fraud or other criminal activity affecting us to law enforcement
Legitimate interest
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example we will your purchase history to send you marketing information about products and services that are available and we believe are of interest to you
Examples of how we use information held about you include:
To process any orders that you make
If we don’t collect your personal data, we won’t be able to process and deliver your order and comply with legal obligations. For example, your details may need to be passed to a third party to supply or deliver the product you ordered, and we may keep your details for a reasonable period afterwards in order to fulfil any contractual obligations such as guarantees or product recall notices.
To respond to your queries
Handling the information you send us enables us to respond to you. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
To provide you with the goods and services which you have requested from us
We need your personal data to comply with our contractual obligations so that we can manage your customer account and provide you with the goods and services you want to buy, including sending any necessary documentation and communications regarding the product or service and help you with any orders and refunds you may ask for.
Due to the nature of our products in certain circumstances we may be required to collect and process information about your health in order to comply with our legal obligations that you can use the products safely.
Sometimes we may need to pass on your enquiry to a third party agent to fulfil your request and order. If this is the case you will always be informed beforehand that we are doing so. We do this to be able to fulfil our contract with you.
To contact and interact with you
We want to serve you better as a customer so we use personal data to provide clarification or assistance in response to communications you have sent to use, including social media posts that you have directed at us as part our legitimate interests to interact with our customers and improve their experience.
To improve our service and products
To enhance your use of our products and to test and improve our website we will use your online browsing behaviour as well as previous purchase history to help us better understand you as a customer and provide you with personalised communication and other services as part of our legitimate interests. To find out more about how we do this please read our cookie policy.
We have a legitimate interest to improve our product range and ensure that it is tailored to our customers’ needs. We do this by carrying out market research relating to our product range and internal research and development, and may need to process your personal data to do so.
As a business we have a legitimate interest to improve our service levels to you and to develop our staff. To do this we may listen to recorded telephone conversations for internal staff training.
Promoting and advertising our products
We may use your e-mail address to mail you information we feel may be relevant to you. Your email address will not be shared with any other organisation without your permission. You can opt-out of any of our marketing communications at any time by contacting us or unsubscribe from e-mails by clicking on the unsubscribe link in the footer of the email. We’ll do this on the basis of our legitimate business interest.
To administer any of our prize draws or competitions that you may enter
If you choose to take part in a promotion or competition, including those we run with any third parties, we need to process your personal data with your consent so that we can manage the promotion or competition.
To comply with our legal obligations
In some cases we will need to process your personal data to comply with our legal obligations. For example we sometimes need you to verify your identity before responding to your requests.
To send you communications as required by law, or which are needed to inform you about changes to the products you have from us. For example product recall notices or information we are legally required to communicate to you regarding your order. These message will not include any marketing content.
To comply with any legal obligations to share data with law enforcement, for example if a court order is submitted to us requiring that we share your personal data.
Third parties
Authorised third parties may be used by Autochair to collect, track and process information supplied by you. Autochair will not sell, rent or give away your personal information to any unrelated company, organisation or individual without your permission.
Examples of the kinds of third parties we work with are:
· IT companies who support our website and other business systems
· Operational companies such as delivery couriers
· Marketing companies such as Google, Hotjar and Facebook to show you products that might interest you while you’re browsing the internet. We’ll also use your data to identify other internet users who share similar interests. This is based on your acceptance of cookies on our website. For more information about cookies please see our cookie policy.
· We may also share your email address with third parties such as Facebook for the purposes of targeted online advertising. To opt out of this please email datacontroller@autochair.co.uk
· Data insight companies to ensure your details are up to date and accurate
· Finance companies such as Experian for fraud prevention purposes
· We may share certain limited information with companies who assist us with other services, for example, in analysing our customer data in order to better understand, profile and monitor customer patterns so we can consistently improve our services and understand what may be of interest to you and other companies. To opt out of this please email datacontroller@autochair.co.uk
· Autochair work with third party agents to deliver some of our services and products to some areas of the country. If we need to share your data with one of these agents we will always inform you of this beforehand
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. In order to protect your privacy we will only provide the information necessary to perform their specific services
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
International transfers
We will only transfer your data outside of the EEA in compliance with data protection laws and provided appropriate or suitable safeguards are in place to protect your data, these being either standard contractual clauses, binding corporate rules or in the case of transfers to the USA, a Privacy Shield Certification
How we protect your data
We take the security of your data very seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, missued or disclosed, and is not accessed except by it’s employees in the performance of their duty.
We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify further ways to strengthen security.
Where we engage with third parties to process personal data on our behalf, we do so the written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
How long will we keep your data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. For example, if you have placed a order with us we will be required to keep your data indefinitely to comply with any product recall notices.
At the end of any retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
What are your rights over your personal data?
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
You have the right to:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
If you wish to exercise any of the rights set out above, to have your information amended or to opt out of marketing by email, post or telephone please contact us in writing to:
Data Controller
Autochair Limited
Meadow Lane Industrial Estate
Alfreton
Derbyshire
DE55 7JR
Email: datacontroller@autochair.co.uk
You can also opt out from email marketing by clicking on the unsubscribe link featured at the bottom of each marketing email we send.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
If you have any complaints, you can contact us and we’ll do our utmost to get to the bottom of things. If, after contacting our data controller you feel your complaint has not been dealt with satisfactorily you have a right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk)