CHANGES TO DATA PROTECTION LAWS:
1) WHO ARE WE AND HOW CAN YOU GET IN TOUCH?
We are Oppo Brothers Limited and you can find our registered office at Unit 3.05 The Food Exchange, New Covent Garden Market, London SW8 5EL. You can get in touch with us on firstname.lastname@example.org.
Our data protection officer and point of contact for queries relating to this policy is Trinity Hoyle. In this document when we refer to our website this is https://www.oppobrothers.com
2) WHERE WE COLLECT YOUR PERSONAL INFORMATION FROM:
We may collect data from you in the following ways:
Data you give to us:
- When you sign up to our website
- When you sign up to our newsletter
- In emails or letters to us
- When you enter our competitions
- When you leave us feedback
- When you visit us at one of our events
Data we collect when you use our services:
- Payment and transaction data
- Profile and usage data – data we collect from devices you use to connect to our services such as
- computers and mobile phones,
- using cookies.
- Data from third parties we work with:
- Social networks such as Instagram, Facebook and Twitter. Please visit these sites individually for information on their privacy policies.
3) DATA WE COLLECT ABOUT YOU:
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity data – name
- Contact data –address, email address or telephone numbers
- Financial data – bank account and payment card details (through izettle payments at events and shopify on our website)
- Transaction data – details about payments to and from you and other details if you have purchased from us
- Technical data - internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website
- Marketing and communications data – your preferences in receiving marketing from us and our third parties and your communication preferences
4) HOW WE USE YOUR PERSONAL INFORMATION
We are only allowed to use personal information about you if we have a legal basis to do so, and we are required to tell you what that legal basis is. Please see below for the different types of information we collect from you, how we use it, and the legal ground that we use as a basis when we use the information. For more information about the types of data please see point 3) above.
|Where is it collected from?||What type of data?||Why do we do it?||What is our legitimate interest?|
|To manage payments or collect and recover money owed to us||Identity
|Performance of a contract with you. Legitimate interests.||To recover any debts owed/ to take payment for sales|
|To manage our relationship with you by keeping you updated on changes to our policies and terms||Identity
|Performance of a contract with you. Necessary to comply with a legal obligation Legitimate interests.||To keep our records up to date|
|To enable you to take part in our competitions, answer any surveys or any prize draws||Identity
|Performance of a contract with you. Legitimate interests.||To study customers use of our platforms and develop our business accordingly|
|To deliver relevant website content and advertisements to you and to measure the effectiveness of this.||Identity
Marketing & Communications
|Legitimate Interests||To study customers use of our platforms and develop our business and marketing strategy accordingly|
|To use data analytics to improve our website, products / services, marketing, customer relationships and experiences||Identity
Marketing & Communications
|Legitimate Interests||To keep our website relevant, and to develop our business and marketing strategy|
5) WHO DO WE SHARE YOUR INFORMATION WITH?
We may share your information with the following organisations, for the purposes of providing the goods/services you have requested from us:
- Virgin Red (for voucher send outs)
You can find details on how these third parties use your personal information by looking at their privacy policies, and these should be available on request. Please note that we require all organisations that we share your personal data with to process it in a legal and a secure way. We do not allow any of the organisations to use your data for their own purposes and the data will only be used for specified purposes in accordance to our instructions.
6) FAILING TO PROVIDE YOUR OWN PERSONAL DATA:
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
7) THIRD PARTY LINKS:
Our website may include links to third party websites, plug-ins and applications (for example when you are signing up to our newsletter or requesting a money off voucher through a pop up). Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice or policy of every website you visit.
8) TRANSFERRING YOUR DATA OUTSIDE OF THE EEA (EUROPEAN ECONOMIC AREA):
We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the GDPR legislation set out above. These third parties are based in the USA and are EU-U.S Privacy Shield compliant.
- Shopify.com (https://www.shopify.com/legal/privacy/customers/)
- Mailchimp.com (https://mailchimp.com/legal/)
- iZettle.com (https://www.izettle.com/gb/privacy-policy/)
9) DATA SECURITY:
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (including the ICO) of a breach where we are legally required to do so.
10) MARKETING COMMUNICATIONS:
We may use your personal information to tell you about relevant goods and any upcoming offers. We can only use your personal information to send you marketing messages if we have either your consent or a legitimate interest to do so. You can ask us to stop sending you marketing messages at any time – you just need to contact us, or use the opt-out links on any marketing message sent to you.
11) YOUR RIGHTS UNDER THE GDPR LAWS:
You have certain rights which are set out in the new GDPR laws relating to your personal information. The most important rights are:
- The right to see what information we hold – you can request this from us on email@example.com and this is known as a data subject access request.
- Not to have to pay a fee to access your personal data.
- The right to tell us that the information we are holding is incorrect. If you think this is the case, please send an email to firstname.lastname@example.org and we will check its accuracy and correct where necessary.
- Withdraw consent to using your information. If you would like to do this then please contact us on email@example.com. You have the right to object to our use of your information, to ask us to delete your information and to request the restriction of how we process your data. We will aim to respond to all legitimate requests within one month, on occasions where it may take us longer we will notify you and keep you updated through the process.
12) MAKING A COMPLAINT:
If you are unhappy with how we are using your personal data then please contact us on firstname.lastname@example.org. We are registered to process data with the Information Commissioner’s Office and you have the right to make a complaint with them also, however we would be grateful for the chance to deal with your concerns in the first instance.