The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive email newsletters.
In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you order an item from us for home delivery, we will collect your address details to deliver your purchase and then pass them on to our courier.
If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity affecting the company to law enforcement.
In specific situations, we require your data to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and doesn’t materially impact your rights, freedom or interests. For example, we may use your purchase history to send you personalised offers.
Data privacy laws allow this as part of our legitimate interest in understanding our customers and providing the highest levels of service. Of course, if you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below.
Remember, if you choose not to share your personal data with us, or refuse particular contact permissions, we may not be able to provide certain services.
We know how much data security matters to all of our customers. With this in mind, we will treat your data with the utmost care and take all appropriate steps to protect it.
We secure access to all transactional areas of our websites using ‘https’ technology. Access to your personal data is password-protected, and sensitive data (such as payment card information) is secured using SSL encryption.
Our local networks are protected using strong encryption mechanisms.
Firewalls are implemented at each internet connection and the internal company network.
We regularly monitor our systems for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.
We sometimes share your personal data with trusted third parties like delivery couriers, sub contracted tradesmen and independent quality inspectors and financial ombudsman.
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
Examples of the kind of third parties we work with are:
We will only share your data with third parties for their own purposes in very specific circumstances, for example:
To help personalise your journey on our websites, we currently use the following companies to process your personal data as part of their contracts with us:
Protecting your data outside the EEA
Any transfer of personal data will follow the applicable laws and we will treat the information under the guiding principles of this privacy notice.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity through all channels, and we must always comply with your request.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this privacy notice.
If you have authorised a third party to submit a request on your behalf, we will ask them to prove that they have your permission.
There are several ways you can stop direct marketing communications from us:
Please note that you may continue to receive communications for a short period after changing your preferences while our systems update.
You have the right to request:
You can contact us to request to exercise these rights at any time. To ask for your information, you can contact us by post using the following address:
The Data Protection Officer,
Forty Winks Bed Company,
25-27 Camp Road,
Or you can email us at firstname.lastname@example.org
To ask for your information to be amended, please contact us on 01252 543000. If we choose not to action your request, we will explain to you the reasons for our refusal.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. The timescale for completing an internal review, will be no longer than one calendar month.
With effect from 25th May 2018