Camskill (UK) Limited - User Privacy Policy

Camskill is committed to protecting our customer privacy and takes its responsibility regarding the use and security of customer information very seriously.

We will be clear and transparent about the information we are collecting and what we will do with that information. It is our aim to build a strong relationship based on trust.

We have tried to write this policy in plain terms and be open and transparent. There is a lot of information but we have tried to break this down into easily navigable sections.

When reading this policy the following terms apply.

We, us, our, the company, Camskill - we mean Camskill (UK) Ltd.

You, your, user, visitor, the customer, an individual - we mean a Customer acting on their own behalf or for a business.

Individuals have greater rights than companies therefore we treat every customer as if they are an individual, as sole traders and partnerships are classed as individuals under GDPR.

Camskill (UK) Ltd
Registered Office: Unit 1, Pottery Road, Whitehaven, Cumbria. CA28 9BZ. United Kingdom.
Registered Limited Company in England & Wales: 05111619
Registered as a Data Controller with the Information Commissioners Office (ICO): Z2420455

Complying to:
UK Data Protection Act (1998) (DPA)
European General Data Protection Regulations (GDPR)
Privacy Electronic Communications Regulations (2013) (PECR)
We will comply with the UK Data Protection Bill, which will replace the DPA, when it comes into law and will incorporate the GDPR and the PECR.

Version 1.0 - 25/05/2018

What information of yours do we collect and where and when do we collect it

This section sets out what personal data we collect from you and where and when we collect it.

During your interaction with our website we will highlight when we are collecting data from you to make you aware that it is happening.

Children/Minors:

This website is not intended to be used by minors; which under UK law are those persons under 18 years old. We do not knowingly collect personal information from minors. As such we do not take special account of their needs. It is our intention that minors do not interact with the website, other than to view it, and hence we collect no personal information from them. If we are made aware that use has taken place by someone under 18 years old we will remove their data from our systems at the earliest opportunity.

We collect information from you in these places

When you place an order on the website: We collect your name, company name(if applicable), email address, telephone number and alternative telephone number (if offered), postal address, postcode and identifiers assigned to your computer or other internet connected device including your IP address.
Where you have selected to enter an alternative delivery address these additional fields are collected: name, company name(if applicable), postal address, postcode and delivery telephone number.

Please Note: If you enter another individuals information into the Alternate Delivery Address section you need to make sure that you have their permission to do so.

We use this information to process your order including sending you order updates usually by email/text but we may also telephone you.
We pass this information (excluding ip address) to:
Our parcel delivery partners in order to deliver your ordered goods and provide you with delivery schedule updates by email/text. They may phone you in order to fulfil delivery.
To our suppliers but only where the supplier is directly delivering all/some of your ordered goods. They will pass your details to their delivery partners in order to facilitate delivery.
Our delivery partners and our suppliers and their delivery partners only retain your data in order to fulfil their contractual and legal obligations. The period of retention will vary depending on requirements. They may also use your anonymised address information in their analysis of their business operations in order to improve them.

Our lawful basis for holding this data is – Contractual ie. In order to fulfil and complete the contract between us.
When you make a card payment on the website.: If you select to pay by debit/card card then at the end of the checkout process you are transferred to our trusted contracted Payment Service Provider’s (PSP) payment page in order to enter further information including your payment card details. This takes place on their system and not ours. They process your payment to the Payment Card Industry (PCI) security standards (https://www.pcisecuritystandards.org/).

Our current PSPs (we may update this list from time to time):

Secure Hosting (Monek Ltd) (https://www.securehosting.com).

Here is a link to their GDPR Confirmation of Compliance Checklist (https://www.securehosting.com/download/GDPR_checklist.pdf)

Our lawful basis for holding this data is – Contractual ie. In order to fulfil and complete the contract between us.
When you apply for finance on the website.: If you select to pay by finance then at the end of the checkout process you are transferred to our trusted contracted finance providers website in order to enter further information. This takes place on their system and not ours. They are a data controller in their own right with regards to the information you give them.
Our current finance provider(s) (we may update this list from time to time):

V12 Finance (Secure Trust Bank PLC) (https://www.v12retailfinance.com).

Here is a link to their Privacy Statement ( https://www.v12retailfinance.com/privacy-policy/ )

Our lawful basis for holding this data is – Contractual ie. In order to fulfil and complete the contract between us.
When you opt-in to receive Marketing Communications at Checkout.: The only current or historic interaction on our website that will result in you receiving any marketing communications from us is when you tick the box on the checkout page of the website to positively opt-in to receive marketing communications from us.

This records your name and email address and the date you opted-in.

If you subsequently place another order and do not opt-in at the checkout then you will be removed from our active marketing list.

If you choose to opt-in again then the consent date will be updated.

If you are opted-in and you wish to opt-out i.e. be removed from the current active marketing list, before you place another order then please Contact Us supplying the email address you used and we will promptly remove you. You will then not receive any marketing communications from us.

If at the time of your next order you wish to not receive any marketing communications then when you pass through the checkout do not tick the marketing tick-box and you will be automatically removed.

If at the time of your next order you wish to keep receiving marketing from us then each time you place an order you need to opt-in each time to confirm that you still want to be on our list – we will not assume it.

Please Note:

Although the positive opt-in at checkout has been a feature of our website for many years all opt-ins prior to 17th October, 2016 have been deleted as they did not record the date of the opt-in. So although you may have placed an order and opted-in prior to this date your details will not be in our marketing list and from this respect there is no data to be removed.
As of the introduction of the new GDPR on 25th May, 2018 we have never sent a single marketing communication to anyone.
In the future you may receive marketing communications from us if we have an up-to-date opt-in consent from you. In every marketing communication there will be the ability to permanently remove yourself from the list ie. opt-out.

Our lawful basis for holding this data is – Consent ie. You have asked us to do this and can remove your consent at any time.
When you fill out a Stock Alert Request: We collect only your email address. You will receive an email almost immediately requesting you confirm this request. Please check your spam folder as sometimes our email may be put in there. Only if you confirm the request will you be sent an email when the product comes back into stock. If you do not confirm within 48 hours, your stock alert request will be deleted automatically. This is entirely an automated system within the website. The system holds your confirmed request until either the product comes back into stock and you are sent a stock alert request email after which it is automatically deleted or 52 weeks has elapsed after which it is automatically deleted.
If you wish for an outstanding confirmed stock alert request to be deleted from our system please contact us (link needed) providing the email address used and the product, unless you wish for all outstanding requests to be deleted in which case only the email address is required.
If alerts have been submitted by different people using the same email address eg. Different employees of the same company, then a request to delete all will remove all requests for that email address, so best to check with your colleagues before submitting the request.
We may use the data collected to assess demand for out of stock products. Email addresses will only be used to remove duplicates in the data and then deleted from any data before being used for analysis.

Our lawful basis for holding this data is – Consent ie. You have asked us to do this and can remove your consent at any time.
Website contact form: We collect your email address (required) and if optionally provided your name and/or telephone number.

The information you submit in the form is not stored on our website but is held in our email system. It is only used to provide you with a reply to your query and fulfil any request.

We may contact you by email or telephone (if provided) or other method that you have stated in the ‘Message’ section. Unless you have a preference – if so you need to state this in the ‘Message’ section.
If you wish for us to remove details of your request then please contact us (link needed) and we will delete it from our email system, unless we need to retain it as part of an ongoing query or an investigation where it will be retained it for as long as we deem necessary to fulfil contractual, legal or legitimate interests. Please note you must provide the email address you used in the contact form submission as this is the only accurate method to locate your contact form email submission. We may ask for proof id in order to positively identify you.

Our lawful basis for holding this data is – Consent ie. You have asked us to do this and can remove your consent at any time.

We will only process data provided in order to monitor that we have offered you a high standard of service and to improve our service to you.

Our lawful basis for holding this data for this reason – Legitimate Interest ie. We have a valid business reason to do this and we feel it will not have a detrimental impact on you.
When you email us directly: The information you submit in the email is not stored on our website but is held in our email system. It is only used to provide you with a reply to your query and fulfil your request. We may contact you by email or telephone (if provided) or other method that you have stated in email. Unless you have a preference – if so you need to state this in the email.
If you wish for us to remove details of your email then please Contact Us and we will delete it from our email system, unless we need to retain it as part of an ongoing query or an investigation where will be retain it for as long as we deem necessary to fulfil contractual, legal or legitimate interests. Please note you must provide the email address you used as this is the only accurate method to locate your contact form email. We may ask for proof of id in order to positively identify you.

Our lawful basis for holding this data is – Consent ie. You have asked us to do this and can remove your consent at any time.

We will only process data provided in order to monitor that we have offered you a high standard of service and to improve our service to you.
Monitoring: We monitor communications with us, including call recordings, for training purposes and to enhance or review the service we provide.

If you visit our premises you may be viewed and/or recorded on CCTV.

Our lawful basis for holding this data is – Legitimate Interest ie. We have valid business reason for this and we feel it will not have a detrimental affect on you.

The internet web servers which host our website capture your public IP address and store it as part of the web access logs for our site.

We do not currently collect information from you in any other way. However we will update this policy if we alter this.

How we use your information

If you are ordering from us:
- We will use your information to process your order, carry out fraud screening and deliver goods to you.
- Some of your details may be shared with trusted third parties, for example a payment processor and a delivery agent.
If you are using our contact form or any other form of enquiry form on the website or if you email us directly., eg Product Enquiry on product pages, or similar:
- Your information will only be used to answer your enquiry

Third-Party processing of your information

Monek (Secure Hosting) are our trusted payment services provider. https://www.securehosting.com/company/. We transfer you to Monek to make payment when you order from us and select our secure checkout. We do not have access to your full payment card information. Payment card information is at no point stored or transferred to/from this website.

How we store and how long we retain your information

Our website has automated features which ensure that no personally identifiable information is retained for any longer than is necessary.

All personally identifiable information stored on our web servers is stored in an encrypted format.

Completed Orders : 366 weeks

If you have placed a successful order with us then after the retention period the personal information element of the order data is automatically deleted.

Your order data is also stored in our internal financial system within VAT invoices to comply with financial record legal requirements. This is retained for the same retention period after which it is completely destroyed.

Incomplete Finance Orders : 8 weeks

If you apply for finance through our website, but the transaction does not complete for whatever reason, your personal information is automatically removed from the order record after the retention period.

Incomplete Non Finance Orders : 4 weeks

If you commence but do not fully complete an order, some of your information may have been captured, however your personal information is automatically removed from the abandoned order record after the retention period.

Stock Alert Requests - Confirmed : 52 weeks UnConfirmed : 48 hours

If you have requested a stock alert from our website, your information (email address only stored) is retained until the item comes back into stock, or the retention period, whichever is the soonest. You are required to confirm all stock alert requests, with unconfirmed requests automatically removed after the retention period.

If you wish for us to remove your Stock Alert Request (email address only stored) before is auto expires then please request us to remove it - see Contact section.

Customer Rewards Account :Until requested to remove

If you have a customer rewards account, it will remain active unless you request us to remove it - see Contact section. If you decide to have your account removed, any points balance will be lost.

Customer Product Review :Until requested to remove

If you leave a product review, it will remain active unless you request us to remove it - see Contact section.

Emails submitted directly or via website contact form: Varies

When you send us an email either directly or via the website contact form this is sent via our web servers to our Gmail based email system where it is stored. We only look to retain customer emails as long as is necessary but due to the varying nature of these emails the retention period will vary. Google's Gmail system stores the email data securely and although can be stored around the world it is stored in compliance with EU GDPR standards.

3rd Party Providers: Varies

These include, but not limited to our parcel delivery companies (name, delivery address information, telephone number and/or email address only), our suppliers who ship direct to our customers (name, delivery address information, telephone number and/or email address only), our payment services and finance product partners and our technology partners eg. but not limited to: email systems, web hosting, security/anti-fraud systems, data storage. The retention period of the data varies due to the varying requirements but retention periods are set to only retain for as long as is required to complete the necessary task/processing.

Web Access Logs: Up to Indefinitely

Web logs are purged after a retention period of between 8-16 weeks depending upon site traffic levels. Data is analysed to create the website stats which are retained indefinitely.

The server does not correlate IP addresses against any other form of personally identifiable information. Logs can be used to detect patterns in visitor behaviour and investigate malicious activity

International Transfers i.e. Outside the EEA

Third parties with whom we share your personal information, for example our service providers, may be located in the UK, other countries in the European Economic Area or elsewhere in the world. Different privacy laws may apply in these countries and you understand and unambiguously agree to the transfer of personal information to these countries and parties.
Whenever we or our service providers transfer your personal information outside of the European Economic Area, we or they impose the standard contractual obligations approved by the European Commission on the recipients of that information to protect your personal information to the standard required in the European Economic Area or require the recipient to subscribe to 'international frameworks'. More details on the standard contractual obligations and the international frameworks are available on the ICO's website (https://www.ico.org.uk).

Crime and Fraud Prevention

We use your information to screen for fraudulent activity in order to protect ourselves against crime and loss to the company.

We may be asked to provide the information you provided to us to a government crime prevention/law enforcement agency or to the financial companies directly related to your payment transaction.

Fraud prevention agencies hold your personal information for up to two years, and if you are considered to pose a fraud or money laundering risk, your information is held for up to six years.

Security

Your connection to this website utilises Secure Socket Layer (SSL) (https) technology which encrypts all communications between your browser/device and the site. We use Comodo to provide SSL encryption to the highest standard (https://ssl.comodo.com/)

Once any personally identifiable information you share with us is received, any data we store within the website is stored in an encrypted format which can only be accessed by Camskill (UK) Limited.

Whilst we cannot 100% guarantee the security of data, we take all reasonable and practical precautions to keep your information safe.

Our website is hosted on servers located in the UK. Our payment service provider and finance provider are UK based companies.

Cookies

We use Cookies (and other technology) on our website to collect information about visitor habits in order to improve our website and the services we offer. For full information please view our Cookie Policy

We use tracking software to monitor customer traffic patterns and site usage to help us develop the design and layout of the website. This software does not enable us to capture any personal visitor information.

Links to Other Websites

This website may contain links to third party websites. We are not responsible, nor have control of the privacy policies or practices of third party websites. No information provided through this website will be passed to a third party website except where specifically stated above.

Your Data Protection Rights

Under certain circumstances, by law you have the right to:

Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it.
Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal information or profiling of you.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to "data portability"). This enables you to take your data from us in an electronically usable format and to be able to transfer your data to another party in an electronically usable format.
Withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

If you want to exercise any of these rights, then please contact our Data Protection Office - see Contact Section below.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights).

However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

We have 1 month to reply in full to your request from the time we receive adequate proof of identification (if requested) but we hope to reply sooner. In complex or numerous cases we make take longer but we will inform you if this is the case.

Changes to Privacy Policy

Periodically, and as circumstances change, we will review our Privacy Policy. If this results in any material changes to our policy we will update our policy and show what changes have occurred in the change log below. In addition we will communicate the changes to you by a notice on our website and/or by email prior to the change becoming effective.

Version 1.0 - Issued 25/05/2018 - New GDPR Privacy Policy

Contact Details & Complaints

If you are unhappy about how your personal information has been used, please contact our Data Protection Office using the details set out below.

You also have a right to complain to the Information Commissioner's Office (https://www.ico.org.uk), which is the lead data protection supervisory authority for the UK.

Our Data Protection Office can be contacted in writing, by email or by telephone.

Data Protection Office
Camskill (UK) Ltd.
Pottery Road
Whitehaven
Cumbria
CA28 9BZ
United Kingdom

Email: privacy@camskill.co.uk

Tel. 01946-518200 (+44-1946-518200) - Ask for Data Protection Office

Office Hours: 09:30 to 17:00 Monday to Friday excluding Public/Bank Holidays

Your Cart