It is important that you read this policy together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them. If you are using our Site, your acceptance of this policy is deemed to occur upon your first use of the Site and you will be required to read and accept this policy when submitting any personal data to us when booking a service or requesting a quote.
1. Who is the data controller?
Under data protection laws, the data controller (which is us where we determine the purposes and means of the processing of your personal data) is responsible for ensuring that your data is held securely, that you are given accurate information about how your data is used, and that your rights regarding your data are respected.
Our Site is owned and operated by The Restory Ltd, a limited company registered in England and Wales under 09780970, whose registered office and trading address is at JD Bregman & Co. 1st Floor Spittlefield House, Stirling Way, Herts, WD6 2FX, UK (referred to here as “we”, “our”, “us”). Our VAT number is 236 6434 03
Our Data Protection Officer is Vanessa Jacobs and they are responsible for overseeing questions in relation to this policy. If you have any questions about this policy, including any requests to exercise your legal rights, please contact the DPO at email@example.com.
Should you have any queries about this policy or our use of your personal data, please email : firstname.lastname@example.org. Please ensure that your query is clear, particularly if it is a request for information about the data, we hold about you (as under section 8 below).
1.1 What this policy covers
- Personal data, or personal information, means any information about a living individual from which that person can be identified (directly or indirectly). This definition shall, where applicable, incorporate the definitions provided in EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”). Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers. It does not include data where the identity has been removed (anonymous data).
1.2 What personal data do we collect?
- Depending upon your use of our Site and/or our services, we may collect, use, store and transfer different kinds of personal data about you which include the following:
- Identity and contact data required to collect, undertake services, deliver and transport your items, including but not limited to your name, password, billing address, collection address, delivery address, payment details (held in Stripe), mobile number, telephone number, email address, country, and photograph (if you choose to upload a photograph of your items from which you are identifiable when placing an order or requesting a quote).
- Profile Data including your interests, preferences, feedback and any survey responses.
- Account data including any information you provide when you register an account with us.
- Enquiry, booking and correspondence data including information contained in any enquiry or booking you submit to us or contained in or relating to any communication that you send to us regarding our Site or services.
- Transaction and financial data, including details about payments made and other details of orders you have placed with us and services you have ordered from us.
- Data relating to what services you have requested and also which you may have declined.
- We collect and process technical data about your use of and browsing on our Site including the pages you visit and how you interact with these pages, your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access our Site. If you have registered for an account, we collect browsing data about your access to the dedicated areas of the website.
- We also collect marketing and communications data including your preferences in receiving marketing from us and our third parties and your communication preferences
- If you are a customer and have purchased services from us, or if you have given us your consent, we collect and process your personal data for direct marketing activities.
- If you provide us with someone else’s data – for example, a house keeper, personal assistant, or provide us with someone’s data as part of our refer-a-friend scheme – we will collect and process the personal data required to complete the transaction such as the name, delivery address and other contact details for your friend. If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on their behalf and has agreed that you can give consent on his/her behalf to the processing of their data and receive on their behalf any data protection notice. You must respect the privacy of others at all times and you should not disclose any personal details about other people without their express prior consent.
- We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
- Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services).
2. How Is Your Personal Data Collected?
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your identity and contact data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you create an account on our Site, place an order, sign up to our newsletters or request other marketing or offers to be sent to you, give us feedback, enter into surveys or competitions, or otherwise contact us.
- Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
- analytics providers such as Google;
- advertising networks such as Google; and
- search information providers such as Facebook and Instagram.
3. How do we use the personal data we collect?
- We may collect and process your personal data for the following purposes:
- To register you as a new customer and manage your account (on the basis of performance of a contract with you).
- To fulfil and process your order. This includes but is not limited to determining the appropriate services for your item, responding to queries, making you aware of relevant updates, sending you confirmation details of orders you make, contacting you if there are any problems with your order, processing payments, carrying out fraud detection and credit checks, and organising collection and return of your items (on the basis of performance of a contract with you and it being necessary for our legitimate interests).
- To personalise and tailor your experience on our Site including providing you with relevant information about our products and services via our marketing communications and advertising (being necessary to comply with a legal obligation and for our legitimate interests (to study how customers use our services, to develop them, to grow our business and to inform our marketing strategy)).
- To provide and manage your access to our Site, use data analytics to improve our Site, services, marketing, customer relationships and experiences, and help you take full advantage of our Site including improving its performance and providing you with the most relevant content to you (being necessary for our legitimate interests (to define types of customers for our services, to keep our Site updated and relevant, to develop our business and to inform our marketing strategy)).
- To manage our relationship with you, including sending you updates to important information such as changes to our Terms & Conditions (on the basis of performance of a contract with you, complying with our legal obligations, and it being necessary for our legitimate interests)).
- To administer and protect our business and this Site, including enforcing our contracts and policies, investigating complaints and preventing illegal activity (being necessary to comply with a legal obligation and for our legitimate interests (for example for running our business, providing administration and IT services and network security).
4. What is our legal basis for processing your personal data?
Under the Law we must have a valid reason for using your personal data and we may not collect, store or use data about you that is not compatible with that reason. We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Most of the data we collect from you is necessary to allow us to fulfil our contract with you or to enter into a contract so that we can supply our services, process your items and the payment and send you quote, confirmations and so forth.
- In certain circumstances we will expressly ask for your permission or consent to use your personal data e.g. if we would like to send you marketing information about items and services we believe may be of interest to you via email. If you have given your consent to our use of your personal data, you are entitled to withdraw this consent at any time by contacting us or by opting out of links on any marketing message sent to you.
- We may also have a legitimate interest in using your personal data e.g. to ensure that the content of our website is presented to you and your device as effectively as possible, or to ensure that our marketing communications are relevant to your interests. If this is our reason for using your data, we must make sure that our interests do not override your interests and fundamental rights.
- Lastly, we may be required to use your data to meet a legal obligation or to protect your interests e.g. we may exchange information with other specialist organisations for the purposes of fraud detection and credit risk reduction and we will retain financial data for as long as necessary to meet our statutory obligations.
- Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in this policy.
- Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
- We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which content, products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving that marketing. We will get your express opt-in consent before we share your personal data with any third party for marketing purposes. You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service experience or other transactions (i.e. service emails).
- We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
5. Who will process your data?
- Your personal data may be transmitted to third parties that we use to provide our services; these parties have been rigorously assessed and offer a guarantee of compliance with the legislation on the processing of personal data, as further described in section 6 below.
- The third parties in question may belong to the following categories: banking operators, internet providers, companies specialising in IT and telematics services; couriers; service providers such as shoe repairers, companies that carry out marketing activities, including social media organisations; companies specialising in market research and data processing; companies offering contact centre services; companies providing publishing and distribution services.
- Under some limited circumstances we may be legally required to disclose or share your data without your consent, for example if we are required by the police, the courts, a government authority, or for other legal reasons (including as part of legal proceedings or complying with our legal obligations). Your data may be transmitted to the police, judicial and administrative authorities, in accordance with the law, for the investigation and prosecution of crimes, the prevention of and protection from threats to public security, to allow us to ascertain, exercise or defend a right in court, as well as for other reasons related to the protection of the rights and freedoms of others, where legally required.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions and the law.
6. Data transfer outside the European Union
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see the European Commission: EU-US Privacy Shield.
- Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
7. How long do we keep your data?
We only keep your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, and/or for as long as we have your permission to keep it. The specific retention period will vary according to the reason for processing your personal data (see further below). After this period, your data will be permanently erased or otherwise irreversibly rendered anonymous. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. In any event, we will conduct regular reviews to ascertain whether we need to keep your data. We may retain your personal data for a longer period where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person, or in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
- Your personal data are retained in accordance with the following criteria:
- When you have requested a quote or a service to be undertaken by us we will retain the billing data until the end of the relevant accounting period, normally seven years from the billing date;
- When you make a payment, we will retain your payment details (in Stripe) up to the certification of the payment and the completion of the relevant administrative-accounting formalities regarding your right of withdrawal and the terms applied for the disputing of the payment;
- When you provide us with personal data in order to use our services and/or receive our marketing communications, we will keep your data for this purpose until the termination of the service or until you opt-out of marketing;
- When you give us your consent to send you marketing communications, you can withdraw your consent at any time. We will consider your consent to be current for five years from your last interaction with any email that we send you. In any case, we will reduce the number of marketing contacts after eighteen months if you don’t interact with us;
- When we use your personal data and browsing history to analyse your behaviour in order to customise the Site and to show you personalised offers.
- When we use personal data for market research and satisfaction surveys, we will keep the data for five years.
- When you contact our Client Service team, we will keep any additional personal data you provide that is specific to your enquiry for as long as you remain an active customer of ours.
8. Your rights
- You have the right to request a copy of the data that we hold about you (commonly known as a “data subject access request”).
- If you would like a copy of some or all of your personal data, please email or write to us using the contact details in this policy.
- If we do hold data about you we will:
- give you a description of it
- tell you why we are holding it
- tell you who it could be shared with
- tell you how long we will keep the data
- if the data was not provided by you, we will give you any available information such as the source of the data
- tell you if the data has been used for automated decision making
- tell you if the data is stored outside of the European Economic Area, and if so what safeguards are in place to protect your personal data
- let you have a concise and clear copy of the data upon request
- You have the right to ask us to correct any inaccuracies in the personal data we hold about you and to stop us using your data until it has been corrected. We want to make sure that your personal data is accurate and up to date and we will be happy to correct or remove data you think is inaccurate.
- You have the right to withdraw your consent at any time where we are relying on consent to process your personal data, by calling our Client Services team at email@example.com, clicking “unsubscribe” on a marketing email or replying STOP to a text message. Where the consent relates to marketing, you may receive a small number of further communications immediately after unsubscribing but we will implement your request as quickly as possible. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
- You have the right at any time to oppose our processing of your personal data where we are doing so on the basis of a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. You will need to explain the reasons behind your request and allow us to consider your request and respond. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- You have the right to request the deletion of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see above), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. After receiving and reviewing your request, if legitimate it will be our responsibility to cease processing promptly and to delete your personal data. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- You have the right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: a) If you want us to establish the data’s accuracy; b) Where our use of the data is unlawful but you do not want us to erase it; c) Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or d) You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- You have the right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- You have rights with respect to automated decision making and profiling. (We do not use your personal data in this way
- You have the right to receive a copy of your data that we process based on your consent or on the basis of a contract with you in a standard format. If you wish, where technically possible, we can transfer your data directly to a third party indicated by you.
- To exercise any of these rights, contact our Client services team at firstname.lastname@example.org. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
- We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
- We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We protect your personal data with specific and suitable technical and organisational security measures aimed at preventing your personal data from being used illegitimately or fraudulently, being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
In particular, we use security measures that guarantee: pseudonymisation or encryption of your data; the confidentiality, integrity, and availability of your data as well as the resilience of the systems and services that process them; the ability to restore data in the event of a data breach.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting data to us.
Please note that our terms and conditions and our policies will not apply to other websites that you get to via a link from our Site. We have no control over how your data is collected, stored or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
If you believe that we are processing your personal data in contravention of the law, please contact us using the details provided in section 10 and we will do our best to solve the problem for you. If we are unable to help, you can file a complaint with the supervisory authority responsible for compliance with the rules on personal data protection.
In the UK, the complaint can be presented to the ICO. More information on how to complain is available on the ICO’s website at https://ico.org.uk/. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
11. Changes to this notice
12. Additional information