This policy explains the types of personal data we (Camera Centre Cardiff Ltd.) may collect about you when you interact with us. We collect and process data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679. We do not disclose data to any third parties unless disclosure is necessary for the fulfilment of a service; you have specifically given consent for a particular service; or we have a legitimate interest in disclosing data. Instances in which we do disclose data to third parties are outlined below. If you have any questions not answered by this policy, please contact us.
Under the General Data Protection Regulations we rely on the following legal bases for processing your data:
Consent – we will ask your consent for marketing to you via email or post. If you consent we can collect and process your data for this purpose.
Contract – we sometimes need to collect and process your personal data in order to fulfil a contract with you, for example an order. We will also collect and process your data on this basis if you’ve asked us to provide a quote.
Legal – we are obliged to process some personal data to comply with the law. If you place an order with us we must retain some personal data for at least six years to comply with the Sale of Goods Act 1982, Consumer Rights Act of 2015 and HMRC guidance.
Legitimate interests – we collect and process some personal data to pursue our legitimate interests in a way you would reasonably expect as part of running our business. Specifically, we analyse information on our customers and their orders in order to provide new products or services. This is the only legitimate interest we rely on.
Depending on your interaction with us, we may collect and process all or some of the following information.
When you visit our website:
- - Computer IP address
When you order from us on our website or in stores:
- - Name
- - Address details
- - Phone number
- - Email address
- - Gender (eg Mr/Ms)
- - Marketing preferences
- - Order history
If we have to perform credit checks (for finance applications) or fraud checks:
- - Age
- - Birthplace
- - Credit history
- - Employment status
- - Copies of ID (Physical or Digital)
The Camera Centre UK website's checkout process is held on a secure server using a verified SSL (secure socket layer) system for transferring data. If you click on the small padlock symbol at the top of your browser’s screen, next to the web address, you will be taken to the site’s security certificate. If you have any concerns regarding the security of this site, please contact us.
Sometimes we need to share your personal data with trusted third parties. In these instances, your data will only be used for the exact purpose we specify, will be transferred and stored securely, and will be deleted or rendered anonymous if we stop working with that third party.
Examples of the third parties with whom we share data are:
- - Payment-processing services (including Barclaycard, PayPal)
- - Finance providers (including V12 Retail Finance)
- - Delivery couriers and postal services (including Royal Mail, DHL)
- - Email marketing service providers (including Mailchimp)
- - Product-review companies (including Trustpilot)
- - Product manufacturers, if you return an item for repair we will share proof of purchase with them
- - Camera repair companies or their agents if we arrange a repair on your behalf
This list is not exhaustive and may change from time-to-time in line with our business processes. Please be assured that we will only ever share your information with trusted parties who adhere to GDPR and the correct standards of security.
We will only keep your data for as long as it’s needed. After that, we’ll either delete it completely or render it anonymous (removing personal data but keeping information such as order amount for business analysis).
If you contact us for a quote and you don’t consent to marketing, we’ll keep your data for a year in case you wish to proceed with the quote.
If you order from us, we’ll keep your data for six years in order to comply with legal obligations. You can request that certain elements are removed or changed sooner – see below.
After six years we will remove your data unless you have consented to our marketing.
You have the right to:
- - Access your personal data, free of charge
- - Have your personal data rectified if out of date or incorrect
- - Have personal data erased, unless that would conflict with our legal obligations
- - Withdraw consent for us to use personal data, if you have previously given consent
- - Object to us processing your personal data and/or stop us using data for direct marketing
If you would like to exercise any of these rights, you should contact us.
You can opt out of our email mailing list at any time in the following ways:
- - Click the the ‘unsubscribe from this list’ or 'update your preferences' link at the bottom of any marketing email we send
- - Contact us directly with your request at firstname.lastname@example.org
If you are unhappy with our use of personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
The ICO’s contact details can be found on the ICO’s website here.