Privacy Policy
Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
When we use personal data we are regulated by the Information Commissioner under the General Data Protection Regulation EU 2016/679 as it forms part of the laws of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018, including as further amended or modified by the laws of the United Kingdom or a part of the United Kingdom from time to time (UK GDPR) and the Data Protection Act 2018 (together, Data Protection Legislation). We are accountable as Controller of that personal data for the purposes of Data Protection legislation.
KEY TERMS
It would be helpful to start by explaining some key terms used in this policy:
We, us, our
Indigo and Otis, a limited company incorporated in England and Wales under registered number 15194373 with registered office at 44b Hackwood Road, Taxassist Accountants, Basingstoke, Basingstoke RG21 3AE
Personal data
Any information relating to an identified or identifiable natural person.
PERSONAL DATA WE COLLECT
In the course of your interaction with us and your use of our services as an on line retailer of homeware either as a consumer or as a supplier or merchant, we will collect from you the following personal data :
- If you contact us via our website to order merchandise or join our mailing list, the email address which you provide when registering on our website, your name, your address, your credit or debit card details;
- If you use our website as a supplier or vendor of merchandise, your name, your email address, certain company and bank information if you are a sole trader or freelance worker.
This personal data is required to enable us to provide our services or to perform our contract with you. If we are not provided with the personal data we ask for, it may delay or prevent us from providing the services which you are requesting or performing our contractual obligations towards you.
HOW PERSONAL DATA IS COLLECTED
We collect your personal data directly when you interact with us via our website, during the order process or mail sign-up, or during the sign-up process for vendors.
HOW AND WHY WE USE PERSONAL DATA
Under Data Protection legislation, we can only use personal data if we have a legal basis for doing so. These are mandated by the legislation and include:
- your consent;
- for the performance of our contract with you or to take steps before entering into a contract;
- to comply with our legal and regulatory obligations; or
- for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use personal data, so long as this is not overridden by the data subject’s own rights and freedoms.
The table below explains what we use (process) personal data for (our purpose) and our legal basis for doing so:
Our legal basis
To enable us to engage with our customers and provide the services they require including shipping goods ordered, taking payment, and delivering updates/ marketing our services.
For the performance of our contract with you or to take steps before entering into a contract with you and for our legitimate interest.
To enable us to pay suppliers or brands for merchandise ordered, to pay suppliers of other services.
For the performance of our contract with you or to take steps before entering into a contract with you.
Operational reasons, such as maintaining the operational effectiveness of our Website.
For our legitimate interests or those of a third party, e.g. to identify and remedy problems with our Website usage.
Ensuring the confidentiality of personal data.
For our legitimate interests or those of a third party, e.g. to prevent data breaches.
To comply with our legal and regulatory obligations.
The above list does not apply to special category personal data, which we do not anticipate that we will process. Should this situation change, we will update this Privacy Notice.
PROMOTIONAL COMMUNICATIONS
We will always treat your personal data with the utmost respect and never sell it to other organisations for marketing purposes.
WHO WE SHARE PERSONAL DATA WITH
We only share personal data with our retained external third party service providers, such as our accountants and organisations which provide related services to us or on our behalf, including Flowdesk, Microsoft 365, Shopify, Quick Books.
We only allow our external third parties to handle personal data if we are satisfied they take all appropriate measures to protect all personal data and only on our written instructions.
We may very occasionally disclose and exchange information with regulatory bodies to comply with our legal and regulatory obligations.
WHERE PERSONAL DATA IS HELD
Personal data is kept securely in a password protected environment. Where we engage cloud-based service providers, it is on the basis of a written Data Processing Agreement and we conduct due diligence on the location of the servers on which our data is stored.
Many of our suppliers store data on servers which may be located outside the United Kingdom. For more information, including on how we safeguard personal data if it is transferred outside the UK, see below: ‘Transferring personal data out of the UK.
KEEPING PERSONAL DATA SECURE
The privacy and the security of personal data is our utmost priority, and we recognise our obligation to keep it secure and private.
We have put in place industry-standard security practices to prevent personal data from being accidentally lost or used or accessed unlawfully including password protection, multi factor authentication of users and access restriction or control. We limit access to any personal data to our employees and contractors with a genuine business need to access it and subject them to strict obligations of confidence.
HOW LONG PERSONAL DATA WILL BE KEPT
We will retain billing and order information of customers for the duration of our contractual relationship with those customers and then a period of 6 years.
We will retain other personal data of customers for only so long as they use our services or until consent is withdrawn.
We will retain billing information of vendors, suppliers and brands for 6 years from the end of the contractual relationship.
When it is no longer necessary to retain personal data, we will delete it.
RIGHTS
All data subjects have the following rights, which can be exercised free of charge:
Access
The right to be provided with a copy of personal data held on a data subject
Rectification
The right to require us to correct any mistakes in a data subject’s personal data
To be forgotten
The right to require us to delete personal data—in certain situations
Restriction of processing
The right to require us to restrict processing of certain personal data—in certain circumstances, e.g. if the accuracy of the data is contested
Data portability
The right to receive the personal data provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
To object
The right to object:
- at any time to personal data being processed for direct marketing (including profiling);
- in certain other situations to our continued processing of personal data, e.g. processing carried out for the purpose of our legitimate interests.
Not to be subject to automated individual decision-making
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning a data subject
To withdraw consent
The right to withdraw consent as a legal basis for processing, at any time
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
To exercise any of those rights, please contact us —see below: ‘How to contact us’.
HOW TO COMPLAIN
We hope that we can resolve any query or concern raised about our use of personal information.
The General Data Protection Regulation also gives the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.
CHANGES TO THIS PRIVACY POLICY
We may change this privacy policy from time to time, when we do we will inform data subjects via our website.
HOW TO CONTACT US
We can be contacted by email or post.
For all data subject rights, please contact clare@indigoandotis.com
Our contact details:
Indigo and Otis Limited a limited company with the registered number 15194373
Registered Address: 44b Hackwood Road, Taxassistant Accountants, Basingstoke RG21 3AE.