Date last revised: May 2018
CONDOR CYCLES LIMITED (we/us/our) are committed to respecting your privacy and protecting your personal data. We recognise that your personal data is your property and that you have loaned it to us for specific purposes.
Unless otherwise required by law, the Information Commissioner’s Office (ICO) guidance or best practice, or in order to perform our contract with you, we will only process your personal data in the way we tell you or in the way you ask us to, and we will give it back to you at any time.
1. THIS POLICY
1.1 This policy, together with our terms and conditions on our website at www.condorcycles.com (our Website) and any other documents we provide to you as part of your trading relationship with us, sets out how we will process your personal data.
1.2 This policy applies to our contract with you. You are therefore advised to read it carefully. Terms used within it shall have the meaning(s) given in the Data Protection Act 1998 (Act) and/or the General Data Protection Regulation (Regulation), as applicable.
1.3 By visiting our Website, or by providing your personal data to us, you understand, accept and consent to the practices described in this policy.
1.4 Any changes we make to this policy will be posted on this page. You are advised to check back frequently as, unless your consent is required, any changes will be binding on you when you continue to use the Website or work with us after the date of the relevant change.
1.5 For more information relating to your rights under this policy, please see section 9.
2. WHO WE ARE
2.1 For the purposes of the Act, the data controller is Condor Cycles Limited, a company registered in England & Wales (number 05351196) with our registered office on Floor 3, 66 Prescot Street, London E1 8NN.
2.2 We are registered with the ICO to process your personal data and our registration number is Z311159X.
2.3 Your personal data will be held and stored by us in our internal management information systems on servers located in the UK. All personal data is processed by UK based staff who are regulated by our internal staff data protection policy.
2.4 Our databases are backed up both on and off site and automatically encrypted on Cloud-based servers located in the USA. All data that is backed up is encrypted.
3. YOUR CONSENT
3.1 We do not ordinarily rely on your consent to process your personal data. We process your personal data primarily to perform our contract with, and sell our products to, you. We consider the personal data we obtain is reasonable and necessary for these purposes. However, we review this intermittently and remove any inaccurate or obsolete data.
3.2 By using our Website and/or buying our products, you expressly consent to:
3.2.1 the transfers of your personal data to those specifically listed third parties in this policy, for the reasons specified; and
3.2.2 us using your personal data for direct marketing purposes.
3.3 You may exercise your rights under section 9 at any time, which includes withdrawing your consent to our processing of your personal data. However, where this withdrawal prevents us from performing our contract with you, we may not be able to provide our goods and services to you.
4. WHAT WE COLLECT
4.1 We will only collect your name, address, telephone number and email address from you. This is to allow us to create your account in our internal system to monitor the progress of your order, and to contact you in relation to it.
4.2 Any bank or credit or debit card details you provide in order to make payment for your order, will be retained only by Shopify (defined at 5.4 below) or the relevant card processor, not by us (other than the expiry date and last 4 digits of the card used). This is in line with PCI DSS standards.
4.3 Where you are a current, potential or former employee, worker or other member of our staff, we may collect additional categories of your personal data for the purposes of providing you with the necessary benefits under our contract with you. In those circumstances, a separate privacy notice applies and a copy is available on request.
4.4 We use CCTV at some of our premises for the protection of our staff and property, and for the prevention and detection of crime, and we are registered with the ICO to process your data in this way. If you visit us at these premises, your biometric data will be taken during your time on site and this will be stored and retained by us in accordance with our internal data retention policy.
5. HOW IT IS COLLECTED
The categories of data in section 4 are collected in the following ways:
5.1 When you provide it to us
- Your personal data is primarily provided to us when you visit one of our stores to buy any of our products or services, or to collect a refund or make an exchange.
- When you correspond with us by phone or e-mail as part of our business with you, or if you use our live chat function on our Website, any of your personal data contained in that correspondence (including your IP address and location) will be retained by us.
- Where you buy any of our products from our Website, you will provide us with your personal data on checkout.
- Where you sign up for information, alerts and prompts relating to our stock updates, you will provide your email address to our appointed email distribution provider, currently http://backinstock.org/.
5.2 When we collect it from you
- When you use our Website, we will automatically collect technical information about the device you use to visit, including your IP address, browser type/version and related settings.
- We also monitor your use of our Website. This includes the full URLs, your clickstreams through our Website, the pages you view and how you interact with them and how you leave the Website.
5.3 When we receive it from others. On occasion, your personal data may have been stored on third party databases and passed to us by those third parties because they have determined some of our products may be of interest, or be relevant, to you. We do this on the terms of a written agreement with each third party. In those circumstances, the relevant third party confirms to us that you have expressly consented to them holding your data and transferring it specifically to us for the reasons we require it.
5.4 The following third parties provide your personal data to us, or we disclose it to them for the reasons listed:
- Google G Suite (by Google Cloud), is a storage solution hosted by Google LLC (Google) who are based in the USA (California). They host our email database;
- Known Pty Ltd (d/b/a Burst SMS), a company registered in Australia with its registered office in Suite 24 on Level 6 at 58 Pitt Street, Sydney, NSW 2000. We pass your name and mobile number to them to enable us to send reminders to you about any workshop appointments you may have with us in relation to a product we are making for you. Their servers are located in Australia.
- Websolute S.r.l., a company registered in Italy (tax code 02063520411) with its registered office in Pesaro, Italy, Strada della Campanara 15, PC 61122 operate the www.campagnolo.com website and they pass personal data to us when they think you may be interested in any of our products;
- Roger Wilco LLC host our Website’s live chat function through https://chatra.io and their servers capture any information your browser sends to them directly. Any customer requests they process will subsequently be passed to us; and
5.6 If you buy any of our products subject to any credit or interest-free finance products we offer, you will do so through our authorised partner, Divido Financial Services Limited. We will be required to pass your name, telephone number, email address and details of the sale to them to initiate the proposal they can offer to you. Any application you subsequently complete will be between you and them directly.
5.7 We will pass your name, address, email address and telephone number to our appointed external courier, so that they can deliver your products to you.
6. WHAT WE USE IT FOR
6.1 Your personal data is primarily required to enable us to supply you with the relevant goods, services and support you have requested from us, and to contact you in relation to any enquiries or requests you raise with us.
6.2 We also use your personal data to send you information by email about us, our products and our services that are similar to those you have already purchased or enquired about. We only do this where you have given us permission to do so, and you can opt-out at any time. Where you opt out, we will no longer contact you until you ask us to, and we will not prompt you to do so.
6.3 Technical information we collect about your visit to our Website is used to enable us to:
- personalise and improve its functionality and security (to keep it safe and secure);
- administer and monitor traffic and behaviours on our Website for analysis, testing, research, statistical and survey purposes; and
- ensure that we can offer you the most effective and efficient browsing experience, and make improvements where necessary.
6.4 Where we change our services, or any applicable terms and conditions, we will contact you.
6.5 Once collected, your personal data will be retained by us for as long as is necessary for us to provide you with the relevant goods and services (including any warranty you buy from us), to market our services to you (where requested) and to enable us to improve our Website. After this point, the data will be securely deleted and we will not contact you unless you ask us to.
7.1 All of our staff have access to customer personal data stored within our EPOS system. Only a limited number of our staff, and our web developers, can access your data that is held by Shopify.
7.2 Only our staff can gain physical access to our servers located in store. Our off-site backup servers are securely locked, permitting director and IT support company access only.
8. HOW AND WHY WE DISCLOSE YOUR DATA
8.1 Subject to the rest of section 8 of this policy, the only third parties with or to whom we disclose or receive your personal data are those listed in section 5.4, for the purposes listed in that section.
8.2 Any websites which are linked from the Website are outside of our control and not covered by this policy. If you access those websites using the links provided, the website operators may collect information from you which will be used by them in accordance with their own privacy policies (if any). These policies may differ from ours, and we cannot accept any responsibility or liability in respect of these.
9. YOUR RIGHTS
9.1 In relation to all of your personal data, you have the following rights (in addition to any rights you may have under the Act or the Regulation) to ask us:
9.1.1 not to process your personal data for marketing purposes;
9.1.2 to clarify what data we hold about you, how it was obtained, to whom it has been disclosed and for how long it will be stored;
9.1.3 to amend any inaccurate data we hold about you;
9.1.4 to delete any of your data (where you no longer think we need to hold it, or you think we have obtained or processed it without your consent at any time); and
9.1.5 to only process your personal data in limited circumstances, for limited purposes.
9.2 We have the capacity to extract your personal data from our databases and provide it to you in a structured, commonly-used way (typically by .csv file).
9.3 If you wish to exercise any of your rights at any time, please contact us on the details contained at the beginning of this policy in the first instance. We will require you to verify your identity to us before we provide any personal data, and reserve the right to ask you to specify the types of personal data to which your request relates.
9.4 Where you wish to exercise any of your rights, they may be subject to payment of a nominal administration fee (to cover our costs incurred in processing your request) and any clarification we may reasonably require in relation to your request. Such fees may be charged where we consider (acting reasonably) that your request is excessive, unfounded or repetitive.