Privacy Information Notice

Last updated May 2018

This Privacy Information Notice describes your rights under the General Data Protection Regulation 2018 and sets out how we will use and protect your personal information.

We publish the current version of our Privacy Information Notice on our website and we will update this from time to time. We will contact you (by email or letter) to notify you of these updates where:

  • We are making substantial changes
  • Where we are doing something with your personal information, which you might not expect based on what we have told you in this Privacy Information Notice.

Otherwise, any updates to this Privacy Information Notice will be notified on our website and through our other communications with you.

This Privacy Information Notice is effective from 25th May 2018.

Who are we?

Your information will be held by David Boland Trading as DBoland Ecommerce Solutions (DBES).

More information on the DBES can be found in our About US section

Contact Information

If you have a question on this Privacy Information Notice or how we use your personal information, please email info@dboland.co.uk or write to us at DBES, 82 Cardigan Road, Bridlington, East Yorkshire, YO15 3JT

You have the right to lodge a complaint with our Data Protection Officer at dataprotection@dboland.co.uk if you believe that your personal information is not being processed in line with this Privacy Information Notice.

If you are not satisfied with the response, you have the right to lodge a complaint with the Information Commissioner’s Office. Find out on their website how to report a concern at ico.org.uk/concerns/.

What is Personal Information?

Personal information can cover a wide range of areas, but in general, it includes: information you tell us about you and your preferences; information we learn from your custom; information we learn about you from our agents, contractors and industry; and information we obtain about you from public sources – please see section Data from third parties.

Personal information can include things that can allow someone to identify you either directly, through your name or national insurance number, or indirectly, through your address, phone number, date of birth, bank details or email address.

Personal information can also include other things such as, location data on mobile phones. Some of your personal information is treated as being sensitive under data protection legislation and therefore needs additional controls.

Where we collect your Personal Information from

In order to provide you with our services we need to collect and use your personal information. DBES collects your personal information from a number of different sources, including:

Data you give to us:

  • When you enquire about our products and services
  • When you talk to us on the phone
  • When you use our websites, mobile device apps, or web chat services
  • In emails and letters
  • In customer surveys
  • If you take part in our competitions or promotions

Data we collect when you use our services. This includes the amount, frequency, type, location, sales route and recipients:

  • Online profile and usage data. This includes the profile you create to identify yourself with us when you connect to our internet, mobile and telephone services, e.g. through our mobile app. It also includes other data about how you use those services.

Data from third parties:

  • Credit Reference and Fraud Prevention Agencies
  • Government and local councils
  • Law enforcement agencies
  • Public information sources such as Companies House, and social networks
  • Companies that introduce you to us
  • Agents and contractors working on our behalf

Who we share your Personal Information with

In order to provide our services to you, DBES may share your personal information with other companies and agents and contractors working on DBES’s behalf. This includes companies in the following categories:

  • Customer Service
  • Customer Research
  • Legal firms
  • Print and Design
  • Technology and IT
  • Digital and social media
  • Data analytics
  • Sales and Marketing
  • Payment processing
  • Debt collection companies

We may also need to provide your personal information to other companies and agencies external to DBES or its agents and contractors in connection with the provision of our services and to provide you with the product and service you have chosen. These companies include:

  • HM Revenue & Customs, and other authorities
  • Credit Reference and Fraud Prevention Agencies
  • Information Commissioner
  • People whom you have authorised us to share your personal information
  • Joint venture companies
  • Prepayment processing firms
  • Audit firms
  • The Principal insurer(s) of our products

We never share your personal details with external companies for the purposes of their marketing.

We may need to share your personal information with other organisations to provide you with the product or service you have chosen, including:

  • If you have a debit, credit or charge card that you use with us we will share transaction details with companies which help us to provide this service (such as Stripe, Visa and Mastercard).
  • If you pay us by direct debit we will share your data with the Direct Debit Scheme.
  • If you make an insurance claim, information you give to us or the insurer may be put on a register of claims. This will be shared with other insurers.

How we use your Personal Information

As well as this Privacy Information Notice, your privacy is protected by law. DBES is allowed to use personal information only if we have a proper reason to do so.

There are the main ways that DBES is permitted to use your personal information:

  • To manage your account and to fulfil our contractual commitments to you.
  • To meet our legal obligations.
  • To perform a task in the public interest.
  • When you consent to us using your personal information for a purpose.
  • When it is in DBES’s legitimate interests.

The majority of these uses are mandatory – in other words, where we need to use your personal information to meet our contractual obligations to you, to meet our legal obligations and to protect your vital interests. This also includes where you have provided us with your consent to use your personal information.

Fraud Prevention Agencies

We may need to confirm your identity before we provide products or services to you or your business. Once you have become a customer of ours, we will also share your personal information as needed to help detect fraud and money-laundering risks. We use Fraud Prevention Agencies (FPAs) to help us with this.

If you give us false or inaccurate information and/or we suspect fraud on your account, we will record this and may also pass this information to FPAs and other organisations involved in the prevention of crime, fraud and/or money laundering.

FPAs may send personal information to countries outside the European Economic Area (‘EEA’). When they do, there will be a contract in place to make sure the recipient protects the data to the same standard as the EEA. This may include following international frameworks for making data sharing secure.

Sending data outside of the EEA (by us)

Your personal information will occasionally be transferred to third party organisations, some of whom may be located outside of the EEA, as part of the services that we offer to you. For example, this could happen if any of our servers that store your personal information are located in a country outside of the EEA, or when one of our service providers is located in a country outside of the EEA, such as India and Australia. Different countries have different data protection and security laws and some of these do not offer the same level of protection as you enjoy under UK data protection legislation.

The agreements that we have with these third party organisations are such that they will not use your personal information for any other purposes other than what we have agreed with them. We explicitly request that any third party organisations with whom we share personal information implement adequate levels of protection to safeguard your personal information, in accordance with the GDPR and any other applicable data protection legislation. For example, we may put in place special contracts (which are approved by the European Commission and are known as “standard contractual clauses”) with those services providers, or alternatively will ensure they have signed up to, and comply with, other approved mechanisms such as the EU-US Privacy Shield.

If you choose not to give Personal Information

We may need to collect personal information by law, or under the terms of a contract we have with you. If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services needed to run your account. It could mean that we cancel a product or service you have with us.

Marketing

We believe it is important for DBES, to communicate with you to let you know of products, services, and other important information in relation to our services. Communication with you allows us to understand your needs, so we can offer you the right products and services to help and support your personal circumstances.

We will contact you, or businesses associated with you, with marketing messages if you have consented to them. We may also contact you if you are a new or existing customer, or you are an existing customer and the marketing messages relate to similar products or services to those that you have currently (or have had in the past), and we have a legitimate interest in doing so.

We may also have regulatory or contractual reasons for sending you communications.

Our communications with you

Where you phone us to enquire about a new product, or you visit our website (or mobile app) to assess different products but do not complete a sale then we will record this. We will use this information to prioritise our communications with you and we may contact you to offer you the opportunity to assess whether other products are more suitable for you.

Where we rely on your consent, we may seek, or re-seek, your marketing consent any time there is a change in your relationship with us, including, where you investigate buying another product from us, where you have objected to marketing communications, where there is a change in law, where there is a structural change in our business, or where there are changes to ongoing charges or fees.

Where we do not hear from you we will contact you no more frequently than every 12 months to ensure your consent preferences remain accurate. Of course, you are free to change your preferences at any time either online or by contacting us.

If you decide to no longer use our services, we may contact you to allow us to market our products and services to you after you have left for up to two years.

We will always need to send you information on the products and services that you use. However, you can ask us to stop sending you marketing messages by contacting us at any time – see section Withdrawing your consent.

How long we keep your Personal Information

We will keep your personal information for as long as you are a customer of DBES. After you stop being a customer, unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:

  • For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations to allow us to respond to any questions or complaints you may have.
  • For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us.
  • For retention periods in line with legal and regulatory requirements or guidance to show that we treated you fairly.

Appropriate safeguards will be implemented to protect your data, including where technical limitations restrict our ability to remove your personal information from our systems.

Obtaining your Personal Information

You have the right to obtain a copy of the personal data we hold about you:

By emailing us: info@dboland.co.uk (subject heading: Subject Access Request – Your Name, your Account Number)

By writing to us: Data Protection Team, DBES, 82 Cardigan Road, Bridlington, East Yorkshire, YO15 3JT.

You also have the right to get your personal information from us in a format that can be easily re-used. You can also ask us to pass on your personal information in this format to other organisations if this is technically feasible.

Correcting your Personal Information

You have the right to question any information we have about you that you think is wrong or incomplete. Please contact us if you want to do this.

By emailing us: info@dboland.co.uk (subject heading: Right to Rectification – Your Name, your Account Number(if applicable))

By writing to us: Data Protection Team, DBES, 82 Cardigan Road, Bridlington, East Yorkshire, YO15 3JT.

Controlling your Personal Information

Data Protection law provides you with a number of rights in relation to how we can use your personal information.

  • Right to erasure (Right to be forgotten) – you have the right to request the deletion or removal of your personal information where there is no compelling reason for its continued processing by us.
  • Right to restrict processing – you have the right to request that we block or suppress processing of your personal information.
  • Right to object – you have the right to object to the processing of your personal information by us where the processing is based on our legitimate interests, is processed for direct marketing purposes (including profiling) or for the purposes of statistics. If you wish to object to our use of legitimate interest for marketing please see section Withdrawing your consent below, for contact details.
  • Rights related to automated decision making including profiling – you have the right not to be subject to automated decision making, including profiling. We can only carry out these activities where the decision is necessary for entry into the performance of a contract, authorised by European Union or Member state law to which we are subject or based on your explicit consent.

There may be legal or other reasons why we need to use your data in the way that we do, but please contact us if you think otherwise.

By emailing us: info@dboland.co.uk (subject heading: Right to Rectification – Your Name, your Account Number(if applicable))

By writing to us: Data Protection Team, DBES, 82 Cardigan Road, Bridlington, East Yorkshire, YO15 3JT.

Further information on your personal information rights is available on the Information Commissioner’s website at ico.org.uk.

Withdrawing your consent

Where we process personal information based on your consent, you have the right to withdraw this consent at any time. If you withdraw your consent, and we rely on it to use your personal information, we may not be able to provide certain products or services to you. Please contact us if you want to do this.

  • Through your online account or mobile app
  • Visit the Your Preferences section of your online account to change your consent preferences at any time.
  • By emailing us: contactus@dboland.co.uk
  • By writing to us: Customer Services, DBES, 82 Cardigan Road, Bridlington, East Yorkshire, YO15 3JT.

Cookies and online security

Security

As you’d expect, we do everything we can to protect your personal data. That’s why, whenever you input your details on this website, you do so via our secure servers. These use what’s known as Secure Socket Layer encryption (high-level 2048 bit) – a leading security standard in the e-commerce industry. The padlock symbol and depending on your browser the Extended Validation green bar is there for your peace of mind. You can also view this security certificate in the file/properties menu.

Most of this website isn’t encrypted, because there’s no need. However, the moment you submit any personal information as part of the quote and apply process or register to manage your account online, you’re directed to secure pages.

Don’t be surprised if you see a warning about non-secure pages while the secure pages are loading within the site. All of the information that’s sent back and to during secure processes goes via secure links – so it’s encrypted, keeping your personal details safe. Here are some of the other things we do to protect your personal data. When making a payment, your bank details are authorised in real time rather than being stored. For added security, the bank details that we do hold (for paying by direct debt) remain partially hidden when you access your online account. This way you can check which account you’re using without letting anyone else see your full bank details, in the unlikely event of unauthorised access to your account.

We also train our staff to protect your personal details and check your identity whenever you contact us. You can do your bit too, of course. Keep your password and account details secure. And always remember to log out of your account and close your browser window when you’ve finished. This helps to ensure that no one else can access your personal data.

Cookies

To offer you a truly customised web service we need to use cookies. These remind us who you are and enable us to access your account information quickly and easily, leading to a superior, more personalised service. Cookies also help us to gauge the size of our audience and level of repeat usage. How do cookies work? In a nutshell, cookies are files that we send to your computer, which assign it a unique identification. We can then access these files whenever you visit our website. The cookie is set whenever you register or “log in” and modified whenever you “log out”.

If you want to delete any cookies already on your computer, you will first need to find the file or directory that stores them – please refer to the instructions for your file management software. To stop cookies being stored on your computer in future, please refer to your internet browser’s instructions by clicking ‘Help’ in its menu. Deleting our cookies or disabling future cookies won’t stop our website from working, but it may mean that you won’t be able to access certain areas of our site.

Want to know more about deleting or controlling cookies? Go to http://www.aboutcookies.org.