Stacktheme is registered with the ICO under the Data Protection Register, our registration number is: 02535003.
The purpose of this policy is to explain to you how we control, process, handle and protect your personal information while browsing or using this website, and to explain your rights under current laws and regulations.
What is Personal information and what do we collect?
Personal information is information that does or may identify you.
You do not have to share your personal information with us, but if you choose not to, we may not be able to provide you with our products and services, or answer any questions you may ask us.
We may collect your personal information from a variety of sources. These include:
- The information you provide when you place an order
- Personal information contained within any enquiry
Some of the personal information we collect may be sensitive information. This might include information about your race or health. We will only collect this information with your explicit consent. See more about sensitive information below.
When we collect or use Sensitive Information
Sensitive information falls into a special category of personal information. This includes information relating to your health, race, sexuality or ethnicity.
We only collect sensitive information in limited circumstances such as when you raise a specific enquiry through our customer services team.
We do not directly market to children. Our websites are designed and intended for use by adults.
How we use your personal information
We only collect, process and disclose your personal information for specific and limited purposes. These include:
- To administer any order you have placed with us;
- To answer any enquiry you may send to us;
- To authenticate that we are talking to the right person should we need to get in touch with you.
Where required, we will obtain your consent to process your personal information. Where you have given consent, you may withdraw your consent at any time. Please see more about withdrawing consent below.
In some cases, we rely on legitimate interest for processing your personal information. A legitimate interest could exist when we use the personal data collected to assist us in fulfilling a contractual obligation. We will only rely on legitimate interest where there is no less intrusive way to process your personal data.
How we share your personal information
We do not sell your personal information to any third party.
We share your personal information internally within Stacktheme and with selected third parties in the following circumstances:
- To courier and logistics providers who ship products you may have ordered;
- With payment processors who administer secure payment options;
- With parties who host and process personal information on our behalf in accordance always with applicable laws and regulations.
We share your personal information when we are legally required to disclose it. This includes:
- To comply with a legal obligation;
- When we believe in good faith that an applicable law requires it;
- At the request of governmental authorities conducting an investigation;
- To verify or enforce any other policy relating to this website;
- To detect and protect against fraud, or any technical or security vulnerabilities;
- To respond to an emergency situation.
International data transfers
We will only send personal information collected within the EEA to foreign countries:
- To follow your instructions;
- To comply with a legal duty;
- To work with any agent or adviser who we use to help run our business and services.
If we do transfer personal information outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We will use one of the following safeguards:
- Transfer to a non-EEA country whose privacy legislation ensures an adequate level of protection of personal data to the EEA one;
- Put in place a contract with the foreign third party that means they must protect personal information to the same standards as the EEA;
- Transfer personal data to organisations that are part of specific agreements on cross-border data transfers with the European Union (e.g., Privacy Shield, a framework that set privacy standards for data sent between the United States and the European countries).
How we protect your personal data
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirements.
We take the security of your personal information very seriously. We make every effort to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure.
Access to your personal information is only permitted among our employees and agents on a need-to-know basis and subject to strict contractual confidentiality obligations when processed by third parties.
How long do we keep your personal information for?
We will keep your personal information for as long as we need it for the purpose it is being processed for. For example, where you have purchased one of our products online, we will keep your personal information related to the purchase so we can perform the specific contract you have entered. After which, we will keep the personal information for a period which enables us to handle or respond to any complaints, queries or concerns relating to the purchase.
Your personal information may also be retained so that we can continue to improve your experience with us.
We will actively review the personal information we hold and delete it securely, or in some cases pseudonymise or anonymise it, when there is no longer a legal, business or consumer need for it to be retained.
Your rights as a data subject
This is a summary of your rights relating to the personal information we hold about you.
The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your personal information and your rights. Therefore, we are providing you with the information in this policy.
The right to access and rectification. You have the right to access, correct or update your personal information at any time. We understand the importance of this and should you want to exercise your rights, please contact us as set out below.
We handle subject access requests in accordance with the GDPR.
The right to data portability. The personal information you have provided us with is portable. This means it can be moved, copied or transmitted electronically under certain circumstances.
The right to be forgotten. Under certain circumstances, you have the right to request that we delete your personal information. If you wish to delete the personal information we hold about you, please let us know and we will take reasonable steps to respond to your request in accordance with legal requirements. If the personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will do what we can to delete, destroy or permanently de-identify it.
The right to restrict processing. Under certain circumstances, you have the right to object to certain types of processing, including processing for direct marketing (i.e. receiving emails from us notifying you or being contacted with varying potential opportunities).
The right to lodge a complaint with a supervisory authority. You have the right to lodge a complaint directly with any local Supervisory Authority about how we process our personal information. You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
The right to withdraw consent. If you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time by contacting the details below.
Rights related to automated decision-making. You have the right not to be subject to any decision which is based solely on automated processing in certain circumstances.
If you wish to contact us about your personal information, including where you wish to withdraw consent or restrict certain processing activities, please email email@example.com.