The Direct Clothing Company UK Limited takes the privacy of all of its customers, suppliers, partners and employees seriously and takes great care to protect their personal information.
Privacy notice Introduction
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) replaces the Data Protection Regulation (Directive 95/46/EC) from 25 May 2018. The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate. Even though the UK has expressed its intention to leave the EU in March 2019, the GDPR will be applicable in the UK from 25th May 2018.
Your new rights under the GDPR are set out in this notice but will only apply once the GDPR becomes law on 25th May 2018.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Who controls your personal data?
• The Data Controller is The Direct Clothing Company UK Limited, a company registered in the UK: Company Number 5166545
- Registered office: The Granary Hones Yard, 1 Waverley Lane, Farnham, Surrey, GU9 8BB
- The Data Controller’s data protection representative is the Data Manager
• You can contact them at firstname.lastname@example.org
• You can call them on +44 (0) 1344 872299
What is personal data?
Personal data is data that can identify you as a living individual. There is general personal data such as name, address, National Insurance number and online identifiers/location data. There is also sensitive personal data which includes information on physical and mental health, sexual orientation, race or ethnic origin, religious beliefs, trade union membership and criminal records. Sensitive personal data must be protected to a higher level.
Who we are, what we do and how we obtain your data
The Direct Clothing Company UK Limited is a school uniform and clothing supplier.
We collect the personal data from the following types of people to allow us to undertake our business;
- Existing customers
• Supplier contacts to support our services
• Employees and consultants.
You may have contacted us directly or we may have your details from our research / information already in the public domain. We are able to process your data if we have a legal basis for doing so. There are six legal bases for processing data but we will rely on (1) that the processing is necessary for the performance of a contract with you, (2) compliance with legal obligations, (3) that we have a legitimate business interest in processing your personal data or (4) your consent to send direct marketing messages about products and services. We use information about you to carry out our core business and ancillary activities.
The data we collect and how we use it
This section applies to individuals wishing to use or using our products and services such as an individual or business (customer), a marketing prospect with whom we have dealings or may have in the future, and third party (supplier/contractor) including the transfer of data to other jurisdictions.
The personal data we collect or receive may include the following as applicable:
• Email address
• Telephone and mobile numbers
• Job Title
• Employer, organisation or company name
• Your clothes size
• Your marketing preferences
We may obtain your personal data from the following sources (please note that this list is not exhaustive):
• You (e.g; via enquiry forms or orders)
• Our research
• The public domain
• At interview
• Conversations on the telephone, email or video conferencing (which may be recorded)
• Notes following a conversation or meeting
• Our websites and software applications e.g. enquiry form
Where we have obtained your personal data from a third party such as the public domain or third party, it is our policy to advise you of the source when we first communicate with you.
How we will use your personal data:
The processing of your personal information may include:
- Collecting and storing your personal data, whether in manual or electronic files
• Notifying you of potential new products, services and offers
• Providing information to regulatory authorities or statutory bodies, and our legal or other professional advisers including insurers
• To market our products and services
• Retaining a record of our dealings
• Establishing quality, training and compliance with our obligations and best practice
• For the purposes of backing up information on our computer systems
Why we process your personal data and our legal justification for doing so:
Our legal basis for the processing of personal data is our legitimate business interests, described in more detail below, although we will also rely on contract, legal obligation and consent for specific uses of data.
We will rely on contract if we are negotiating or have entered into an agreement with you or your organisation or any other contract to provide services to you or receive services from you or your organisation.
We will rely on legal obligation if we are legally required to hold information on to you to fulfil our legal obligations.
We will in some circumstances rely on consent for particular uses of your data and you will be asked for your express consent, if legally required.
- Entering into and performing a contract with you:
In order to provide our products and services, we may enter into a contract with you and/or a third party. In order to enter into a contract, we will need certain information, for example your name and address. A contract will also contain obligations on both your part and our part and we shall process your data as is necessary for the purpose of those in order to process your order on your behalf.
- Compliance with legal obligations (regulatory and statutory obligations):
We must comply with a number of statutory provisions when providing our products and services, which necessitate the processing of personal data., which amongst other things requires us to:
- Verify your business details
- Maintain records for specific periods
Where we engage in a contract with a business or person to supply our products or services, there are other statutory obligations that must be complied with including tax, HMRC reporting requirements, and any other law or regulation.
We are also required to comply with statutory and regulatory obligations relating to business generally, for example complying with tax, bribery, fraud/crime prevention and data protection legislation, and co-operating with regulatory authorities such as HMRC or the Information Commissioner’s Office.
- Our legitimate interests (carrying on the commercial activity of the provision of products and services):
- In providing our products and services, we will carry out some processing of personal data which is necessary for the purpose of our legitimate interests, which include:
Retaining records of our dealings and transactions and where applicable, use such records for the purposes of
o establishing compliance with contractual obligations with customers or suppliers
o addressing any query or dispute that may arise including establishing, exercising or defending any legal claims
o protecting our reputation
o maintaining a backup of our system, solely for the purpose of being able to restore the system to a particular point in the event of a system failure or security breach
o evaluating quality and compliance including compliance with this Privacy Notice
o determining staff training and system requirements
- Using your personal data to:
o assess suitability and contact you regarding our products and services
o collate market information or trends on products and services source potential products and services as part of our overall services
o personalise your experience and our offering, whether via our website or otherwise
This means that for our commercial viability and to pursue these legitimate interests, we may continue to process your personal data.
- Consent to our processing of your data:
We may process your personal data on the basis that you have consented to us doing so for a specific purpose, for example, if you have purchased from us previously you may have consented to our processing of the data that has been provided for the purpose of informing you of new products, services or offers considering your suitability either by previous choice of products purchased or by business type. In other cases, you may have provided your written or verbal consent to the use of your data for a specific reason such as receiving marketing updates on some of our additional services.
You may withdraw your consent to our processing of your personal information for a particular purpose at any stage. However, please note that we may continue to retain, or otherwise use your personal information thereafter where we have a legitimate interest or a legal or contractual obligation to do so. Our processing in that respect will be limited to what is necessary in furtherance of those interests or obligations. Withdrawal of consent will not have any effect on the lawfulness of any processing based on consent before its withdrawal.
What if we obtain your personal data from a third party?
Part of our business activity involves researching information relating to individuals and businesses for the purposes of creating new prospective business contacts. This may include obtaining personal data from online sources already available in the public domain, some information being publicly available but others being from sites or providers to which we subscribe. From time to time we may also receive personal information about you from exhibitions, trade shows and events, universities and colleges, publications (print & online), colleagues and employers, or from persons for whom you have provided services or been otherwise engaged. This list is not exhaustive.
Where information from third party sources is of no use to us, or where you have notified us that you do not want us to provide you with services, we shall discard it. However, we may maintain a limited record in order to avoid the duplication of process. Where we consider that information may be of use to us in pursuance of the provision of our services, any processing will be in accordance with this Privacy Notice. You do have the right to object to processing, please see Section 2 ‘Your rights’.
Sensitive Personal Data (SPD)
- Sensitive personal data is information which is intensely personal to you Examples of SPD include information which reveals your name, age, gender, race or ethnic origin, clothing size, credit/debit card details, and bank details.
Regardless of the basis for your dealings with us, we request that you do not provide us with any sensitive personal data unless absolutely necessary. However, to the extent that you do provide us with any sensitive personal data, such as data which you choose to share with us in conversation, we shall only use that data for the purposes of our relationship with you or for the provision of our product and services. This will be for one or more of the following reasons:
You have explicitly consented to the processing
- Where processing is necessary for the purpose of obligations to complete your order requirement
- To maintain records of our dealings to address any later dispute, including but not limited to the establishment, exercise or defence of any legal claims
Who we share personal data with:
- We shall not share your personal information unless we are entitled to do so. The categories of persons with whom we may share your personal information include:
Individuals, and other third parties, necessary for the provision of our manufacturing/embroidery services
- Any regulatory authority or statutory body pursuant to a request for information or any legal obligation which applies to us
- Parties who process data on our behalf include:
o IT support
o storage service providers including cloud
- Legal and professional advisers Insurers
Transfer of data to other jurisdictions
In the course of the provision of our products and services we may transfer data to countries or international organisations outside of the European Economic Area (EEA). This may, for example, be to suppliers, manufacturers, or third parties who provide support services to us. Where information is to be so transferred, it may be to a country in respect of which there is an adequacy decision from the EU Commission. However, if this is not the case, it is our policy to take steps to identify risks and in so far as is reasonably practicable, ensure that appropriate safeguards are in place.
If you do not wish to provide us with necessary data
There may be circumstances where we require you to provide data which is necessary for us to meet statutory or contractual obligations, or perform our services. If you do not wish to provide us with information we request then please notify us. However, please be aware that as a result we may be unable to provide you, or the party you represent, with a service, and in some cases, this may result in a breach of the contract we have with you or a third party you represent.
Data Security and Confidentiality
It is our policy to ensure, in so far as is reasonably practicable, that our systems and records are secure and not accessible to unauthorised third parties in line with contemporary practice.
A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit a website, which enables the website to tailor its offerings to your preferences when you visit it.
- Make our website work as you’d expect
- Remember your settings during and between visits
- Improve the speed/security and effectiveness of the website
- Monitor user traffic patterns
- Understand how our visitors use our website
- Make our marketing more efficient
What all of this means is that you get the best possible user experience and the most relevant information based on your needs. Cookies enable us to constantly evolve, develop and improve functionality to provide you with the best possible user experience.
The cookies we use
- Strictly necessary
Just as it says, these are the essential cookies to enable you to use the site effectively i.e. Placing an order for uniform and/or embroidery services. Accepting these cookies is a condition of using the site
These cookies help our site remember the choices you made, for example, username, and also help make the most of our enhanced features, such as providing news or updates relevant to you.
These cookies help us monitor the performance of our site, providing us with the information to constantly optimise and develop our site to get the best user experience for you, for example site visits or source of visitors.
We use personalisation or targeting cookies to make sure we advertise the products that we think may be of interest to you, making your user experience a personalised one.
- Third party
As you use our site, you will notice that we may have content from other sites. We may also facilitate the opportunity to engage with us further through social media channels, for example Twitter and Facebook. We use third party cookies to help deliver relevant information to you and integrate content with social networks.
- Google Analytics
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
If the settings on your browser that you are using to view our website are adjusted to accept cookies, we take this, and your continued use of our website, to mean that you are happy to have cookies enabled.
Turning cookies off
Please be aware that by not accepting cookies you may not be able to use some of the key functions of the www.thedirectclothing.co.uk website.
If you don’t want us to store a cookie on your PC to make your journey on our website the best it can be, you can switch cookies off by adjusting your browser settings to stop it from accepting cookies. Each browser acts differently so remember to check your browsers ‘help’ settings.
In most circumstances your data will not be retained for longer than 7 years from the last point at which we provided any services or otherwise engaged with you and it is our policy to only store your personal data for as long as is reasonably necessary for us to comply with our legal obligations and for our legitimate business interests. The following sets out the lengths of time we are required by law to retain your data or certain elements of your data:
Data retention period
Customer/Supplier – 7 years
Client / Marketing Prospect – 7years
Employee – Term of employment plus 7 years
However, we may retain data for longer than the period stated where we have a legal or contractual obligation to do so, or we form the view that there is otherwise a continued basis to do so, for example where your personal information identifies specialist skill sets which may remain in demand, or we are subject to a legal obligation which applies for a longer period.
If however you believe that we should delete your personal data at an earlier date, please inform us in writing of your reasons. Please see Section 2 ‘Your Rights’ below.
Changes to this Privacy Notice
This Privacy Notice is regularly reviewed and may be updated from time to time to reflect changes in our business, or legal or commercial practice. Where an update is relevant to our processing of your data, we shall notify you of the same.
We take the protection of your personal data very seriously and it is important that you know your rights within that context, which include rights to:
- Request a copy of the personal data that we hold about you. If you would like to make a request for information, please contact email@example.com
- Object to our processing of your data where that processing is based upon legitimate interest and there are no compelling grounds for the continued processing of that data
- Request that we restrict processing of your data in certain circumstances
- Request that data is erased where the continued use of that data cannot be justified. Object to any decision, which significantly affects you, being taken solely by a computer or via another automated process
- Withdraw your consent to our processing of your personal data for a particular purpose at any stage. However, please note that we may continue to retain, or otherwise use your personal information thereafter where we have a legitimate interest or a legal or contractual obligation to do so. Our processing in that respect will be limited to what is necessary in furtherance of those interests or obligations
- Request inaccurate or incomplete data is rectified. We will respond to such a request within 1 month.
- Request that data provided directly by you and processed by automated means is transferred to you or another controller; this right only being applicable where our processing of your data is based either on your consent or in performance of a contract
- Make a complaint to the Information Commissioner’s Office https://ico.org.uk
- Request that direct marketing by us to you is stopped:
Please note that should you exercise your right to request that we erase data or cease any processing activity, we may retain a record of this request and the action taken to both evidence our compliance, and to take steps to minimise the prospect of any data being processed in the future should it be received again from a third-party source.
If you have any questions concerning your rights or should you wish to exercise any of these rights please contact: firstname.lastname@example.org
If you are dissatisfied about any aspect of the way in which your data is processed you may, in the first instance refer the matter to: email@example.com. This does not affect your right to make a complaint to the Information Commissioner’s Office: https://ico.org.uk/
If you have any enquires you can contact us at: firstname.lastname@example.org or by writing to us at:
The Direct Clothing UK Limited,17 Rise Road, Sunningdale SL5 0BH