Introduction | How we use your personal data | Providing your personal data to others | International transfers of your personal data | Retaining and deleting your personal data | Amendments | Your rights | Our details
In this section we have set out:
(a) the general categories of personal data that we may process;
(b) in the case of personal data that we did not obtain directly from you, the source and specific categories of that data;
(c) the purposes for which we may process personal data; and
(d) the legal bases of the processing.
We may process data about your use of our website and services ("usage data"). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.
We may process your account data ("account data"). The account data may include your name and email address. The source of the account data is the retailer you are working with or provided directly by you. The account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.
We may process information contained in any enquiry you submit to us regarding products and/or services ("enquiry data"). The enquiry data may be processed for the purposes of offering, marketing and selling relevant products and/or services to you. The legal basis for this processing is consent.
In addition to the specific purposes for which we may process your personal data set out in this Section 3, we may also process [any of your personal data] where such processing is necessary for compliance with a legal obligation to which we are subject.
Please do not supply any other person's personal data to us, unless we prompt you to do so.
We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this policy.
We may disclose Usage and Account Data to our suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this policy.
We may need to share your personal information and aggregated or de-identified information with third-party service providers that we engage, business intelligence, reporting analytics, web analytics providers and payment processors. These service providers are authorized to use your personal information only as necessary to provide these services to us.
Financial transactions relating to services are handled by our payment services provider Worldpay Group plc. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers' privacy policies and practices at https://www.worldpay.com/uk/worldpay-privacy-notice.
In addition to the specific disclosures of personal data set out in this section, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
In this section, we provide information about the circumstances in which your personal data may be transferred.
We share your personal information and service data within our group of Companies. By accessing or using our products and services or otherwise providing personal information or service data to us, you consent to the processing, transfer, and storage of your personal information or Service Data within the United States of America, the European Economic Area (EEA) and other countries where S4RB operates. Such transfer is subject to a group company agreement that is based on EU Commission’s Model Contractual Clauses.
This section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We will retain and delete your personal data as follows:
(a) Personal data will be retained for 10-years following the date it was created. Data which, when reviewed, is over 10 years old will be deleted from our systems.
(b) Account data will be retained for 10-years following the date it was created. Data which, when reviewed, is over 10 years old will be deleted from our systems.
(c) Data expiration will be reviewed on a quarterly basis
Notwithstanding the other provisions of this section, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
We may update this policy from time to time by publishing a new version on our website.
You should check this page occasionally to ensure you are happy with any changes to this policy.
We may notify you of changes to this policy by email or through the messaging system on our website
If you are in the European Economic Area (EEA), you have the following rights with respect to information that S4RB holds about you. S4RB undertakes to provide you the same rights no matter where you choose to live.
Right to access: You have the right to access (and obtain a copy of, if required) the categories of personal information that we hold about you, including the information's source, purpose and period of processing, and the persons to whom the information is shared
Right to rectification: You have the right to update the information we hold about you or to rectify any inaccuracies. Based on the purpose for which we use your information, you can instruct us to add supplemental information about you in our database.
Right to erasure: You have the right to request that we delete your personal information in certain circumstances, such as when it is no longer necessary for the purpose for which it was originally collected.
Right to restriction of processing: You may also have the right to request to restrict the use of your information in certain circumstances, such as when you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Right to data portability: You have the right to transfer your information to a third party in a structured, commonly used and machine-readable format, in circumstances where the information is processed with your consent or by automated means.
Right to object: You have the right to object to the use of your information in certain circumstances, such as the use of your personal information for direct marketing.
Right to complain: You have the right to complain to the appropriate supervisory authority if you have any grievance against the way we collect, use or share your information. This right may not be available to you if there is no supervisory authority dealing with data protection in your country.
Data subject requests
If you are from the European Economic Area and you believe that we store, use or process your information on behalf of one of our customers, please contact the customer if you would like to access, rectify, erase, restrict or object to processing, or export your personal data. We will extend our support to our customer in responding to your request within a reasonable timeframe.
Do Not Track (DNT) requests
Some internet browsers have enabled 'Do Not Track' (DNT) features, which send out a signal (called the DNT signal) to the websites that you visit indicating that you don't wish to be tracked. Currently, there is no standard that governs what websites can or should do when they receive these signals. For now, we do not take action in response to these signals.
External links on our websites
This website is owned and operated by SOLUTIONS FOR RETAIL LIMITED.
We are registered in England and Wales under registration number 07540540, and our registered office is at Sherwood House, 7 Gregory Boulevard, Nottingham, Nottinghamshire, NG7 6LB.
Our principal place of business is at 4, Karlsruhe House, 18 Queensbridge Rd, Nottingham NG2 1NB.
You can contact us:
(a) by post, using the postal address given above;
(b) using our website contact form;
(c) by telephone, on 0115 727 0150
(d) by email, using firstname.lastname@example.org