When you purchase from www.posturebrace.co.uk, we process specific personally identifiable data to help us function firstly as an online e-commerce business, and secondly in order to inform, improve and create the best possible experience we can for our users.
As some of this data is of a personal nature i.e. name, email address, physical address, telephone number, as well as past purchase transaction history, we want to highlight below how this information is obtained, processed and used with regards, of course, to consent given by the individual.
As an organisation, we respect all individual rights to have their personally identifiable data erased, forgotten, rectified, moved and accessed at their request in accordance with the General Data Protection Regulation (here); you can also read our section on GDPR compliance below.
What information do we collect
There are several scenarios in which personal data is collected and used by www.posturebrace.co.uk.
Firstly, for the purpose of notifying individuals on the processing, completion and sending of orders and transactions; recording order history within our CMS platform, which would include name, email, address information and telephone numbers. Such order histories include total number of orders made, their recipients and subsequent address information. Therefore, this information is pursuant to the function and running of www.posturebrace.co.uk as well as general website administration.
Secondly, personal data may be collected, though only on the basis of voluntary permission from the individual, for the purpose of informing individuals about offers, promotions and updates. This is primarily for marketing purposes. Individuals may choose not to receive this information by logging into their accounts and unsubscribing from this material, or selecting which material they would like to receive. If an individual would like to receive sales and promotional material at the registration or newsletter sign up stage, the relevant boxes must be ticked.
Thirdly, we use third party software, such as Pixel Tags, for the purpose of paid marketing advertising, monitoring website usage, as well as looking at traffic patterns in order to improve the website experience. *See section on cookies below. Such third party pixel tags include Google Analytics, AdWords, Bings Ads and Facebook. Sometimes, you may notice ads that are relevant to websites you have visited previously. These are known as “remarketing ads”. These ads are triggered from anonymous cookies and are controlled by third party platforms such as Google AdWords. Should you not want to be tracked via Google Analytics, use the official Google Analytics “opt-out” browser plugin, which can be found here.
How your data is handled, processed and held
Your personally identifiable data is held digitally within three key locations: firstly, the website CMS, which uses a secure cloud-based server and is accessible only to authorised individuals with the organisation; secondly, a USA-based EU-certified ESP (email service provider) system which uses Privacy Shield-level protection, and thirdly our ERP system.
With regards to marketing purposes, and aside from information required to send products to recipients, personally identifiable information will only be used based on the double-opt-in consent of an individual wishing to receive offers, promotions and any other sales-related information i.e. via email marketing. This is done by selecting the appropriate options either at the newsletter sign up stage, the checkout stage, or within an account created by the individual, agreeing with terms and conditions, and then receiving an email to confirm submission to the marketing mailing list.
Personal data opted-in to receive marketing material is passed on to our fully compliant and secure third party email service provider (ESP). This U.S-based software is certified to EU-U.S. Privacy Shield Framework, allowing data to securely be transferred to MailChimp in the U.S.
This software contains personal data with regards location, name, address, products purchased and order history. Any individual wishing to erase completely their information from our email service provider can do so by contacting us via email@example.com. Records of consent are kept and can be requested at any time by contacting us using the following email address: firstname.lastname@example.org. Any request to portability (see below) of their details can request a copy of their order histories in a readable format.
We would to note that your personal information is treated with the utmost regard and is never sold, traded or rented to any third party companies or organisations.
Your rights under GDPR
You have the right to access, change or alter any of the personal data we hold on you. Should you want access to this information, please send a request to our Head Office using the following email address email@example.com, quoting “Security and Privacy Enquiry” or use the address at the bottom of this statement. Your full data rights under GDPR are explained below.
Your rights and control over personal data
In accordance with GDPR best practice, you have the following rights concerning your personal data:
Your right to be forgotten
Should you wish to request deletion of all your data from our systems, please do so by contacting us by sending an email to firstname.lastname@example.org and state if you want to remove all and / or the following information:
1. Transaction data in terms of your address and order information
2. Your personal information regarding email marketing material
3. All of the above
Your right to object
Should you object at any time with regards to the processing of your personal i.e. marketing purposes which would, for instance, target based on product preferences, (the primary reason for processing), we will respect your requirement to do so.
Your right to rectification
Should you notice any inaccuracies with your data, you have the right to rectify or change your data, update your preferences and erase (see point 1 above), if necessary. This can either be done in your account, or you can contact us to make the necessary changes for you.
Your rights of access
Should you require access to your personal data, this can provided within a period of one month form the initial request, as per GDPR law, and in a common readable format. Any excessive or repeated requests for data will be charged at £5 per request.
Your rights of portability
Should you wish to request a copy of your order and account history, please contact us via email@example.com. We will provide this in a standard, easy-to-read format for ease of portability.
Is your data shared?
How are cookies used on your website?
Should you wish to turn of these cookies, you can do so by clicking on the cookie banner and / or changing the following browser settings:
Go to Tools > Options > Privacy > Cookie > adjust cookie settings
Go to Tools > Internet Options > adjust cookie settings
Go to Tools > Settings > Privacy and Security > Content Settings > Cookies > adjust cookie settings
Should you have any queries regarding the data we have, how we process it and / or a copy of your personal data, please contact us at the following address:
Unit 6, Oakfield Trading Estate
Or send an email to firstname.lastname@example.org