Under applicable law, we are permitted to use your Personal Data where we have a legitimate reason for doing this, as long as that legitimate reason is fairly balanced with your rights. A key legitimate reason for the actual processing of Personal Data is where such processing enables us to perform our contractual obligations. However, where we want to process your Personal Data but do not have a legitimate reason, then we will need to obtain your further consent.
The types of Personal Data that can be processed
The actual Personal Data that we may collect and process is as follows:
- Website usage Personal Data – this is information about your use of our website, including the full Uniform Resource Locators (URL) clickstream relating to our website, website page response times, length of visits to website pages, page interaction information, the types of products you viewed or searched and browsing generally;
- Collected Personal Data - we may automatically collect certain information when you visit our website. It could be quite technical stuff like the Internet protocol (IP) address used, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- Provided Personal Data – all Personal Data about you provided through our website, or correspondence (including phone, surveys or e-mails). This includes, without limitation, information you provide when you register to use our website or subscribe for any service, search for a product or place an order on our site. The information you give us may include your name, address, email address, phone number, credit card information, delivery details, payment details, personal description and if we are really lucky(!), a photograph; and
- Personal Data from third party sources – there are limited circumstances where we may receive Personal Data from our involvement with third parties (including advertising networks, analytics providers and search information providers).
After the processing comes the potential use of Personal Data
There are different ways that we may use your Personal Data which are set out below. The use of your Personal Data always loops back to the reasons for doing this, namely, for us to improve our offering for all customers and also for you, specifically.
We’ll look at each of the ways below where we might use the Personal Data obtained above.
- Website usage Personal Data – we will use this Personal Data for a broad range of matters, some of which are also captured under (c) below but using this Personal Data will enable us to better understand how to interact with you in a better and more effective manner;
- Personal Data from third party sources – It is possible that we may combine this information with provided and collected information and use any of this information for the purposes set out below in (c) and (d);
- Collected Personal Data – in order to (i) ensure our website is presented to you in the most effective and relevant manner; (ii) assess the relevancy of advertising and tailor this more effectively; (iii) provide recommendations or proposals that may be of interest; and (iv) better improve administration functions such as, for example, data analysis, troubleshooting, testing, research and surveys;
- Provided Personal Data – this will be used by us to:
- implement our contractual obligations to supply requested information or goods;
- contact you with marketing and promotions (if consented);
- provide, or permit selected third parties to provide, information about goods or services we believe may of interest. For an existing customer, we will only contact you by e-mail or possibly text message with information about goods and services that we believe would be of interest. For any new customer, contact by us or any permitted third party can only occur, following your consent. This consent can be withheld by ticking the relevant box in the form used to collect your Personal Data;
- notify you about changes to our service; and
- ensure that everything set on our website is calibrated to your needs and requirements as much as possible.
Our storage of your Personal Data
Please note that the Personal Data that we collect from you may be transferred to and stored at some destination outside the European Economic Area (“EEA”), or even processed outside the EEA by our agents, or on behalf of our suppliers. Any of these persons could be processing your information simply to fulfill your order, to process your payment details or just provide support services.
All Personal Data provided to us is stored on our secure servers. However, there are always risks associated with the transmission or storage of any information, including Personal Data over the internet.
In the event that any password is used on our website, you of course are solely responsible for keeping this password confidential.
It is clearly important that Personal Data which is stored is as accurate and current as possible. We can’t be held responsible for using Personal Data that hasn’t been updated so we would need your help to ensure that you keep us updated with changes in your Personal Data at all times.
Disclosure of Personal Data
Payment transactions will always be encrypted and will not be subject to any form of disclosure except the inherent processes used to implement these.
There are certain circumstances where SUST may wish or need to share your Personal Data with identified third parties including designers, business partners or other suppliers and sub-contractors to perform and fulfill a contract.
In terms of the areas that tend to cause most people concern, although some Personal Data is always used to ensure that advertising is relevant to you, no Personal Data is provided that allows our advertisers to identify individuals.
Instead, we only provide “aggregate information” about our users to help advertisers reach their intended target audience. For example, we might inform them of the number of people who viewed their advert and their general location. This is the manner in which we would use collected Personal Data for advertisers. In a similar vein, we may also share Personal Data with analytics and search engine providers used to improve and optimise our webssite.
If credit scores are applicable, then we may need to disclose Personal Data to credit reference agencies for the purpose of assessing your credit score, if contractually permitted.
Although unlikely, if we actually do sell any part of our business or assets, then we may need to disclose some Personal Data to the potential buyer (or even transfer this as part of the sale), although we will always ensure that they are bound by strict confidentiality obligations.
Finally, there are always instances where there may be:
- a legal requirement to share Personal Data;
- to protect the rights or property of SUST, our customers, or any other person connected to SUST (such as exchanging information with other entities for the purposes of fraud protection or to reduce credit risk); and
- to enforce our own terms and conditions.
Your rights regarding your Personal Data
Even though we only intend to use your Personal Data to make our website and the shopping experience better for you, if you still don’t feel comfortable with this, you have the right to ask us not to process your Personal Data for any marketing purpose. As indicated above, we will usually inform you if we intend to use your Personal Data, or disclose it to third parties, for marketing purposes. Under all circumstances, you can always exercise your right to prevent such processing by indicating this, where relevant, on the forms used to collect Personal Data. It’s never too late to make this request as you can exercise this right at any time by contacting us.
Although our intention is to ensure that all promotional emails or direct mail to you is of interest and relevant, you can always unsubscribe from receiving these by sending an email to firstname.lastname@example.org by inserting “Unsubscribe” as the subject, or following the specific instructions set out on how to do this. We will though need your email address, full name and postal address to ensure that we can do this properly. In all other circumstances, you may contact us at any time to stop all forms of marketing to you, which we shall endeavor to implement as promptly as possible. The last thing we want to do is to annoy our customers!
Finally, you have the right to access Personal Data held about you at any time, in accordance with and under applicable law. However, we reserve the right to charge a nominal fee to pay for own costs to satisfy any access request.
Other websites use of Personal Data
As you will know from navigating through our website, there may be links to and from the websites of third parties such as partner networks, advertisers and affiliates. Naturally, if you actually follow these links to these websites, we can not of course accept any responsibility or liability due to their use of your Personal Data, or the extent and applicability of their own privacy policies. We would encourage you to obtain your own level of comfort before you submit any Personal Data to these websites.