WHO WE ARE?
We, Orsetto, operating under UK Platinum Ltd. are a Data Controller responsible for deciding how your personal information is collected, stored and used.
WHAT INFORMATION DO WE COLLECT AND HOW WE USE IT?
We collect the personal information that you provide when you:
Browse our website;
Create an account with us;
Purchase vouchers or redeem vouchers;
Comment on or review our products or services;
Contact us via the website or telephone
This is in order to fulfil the specific process that you have asked for. We will never collect more than is necessary in line with the Data Minimisation Principle of GDPR.
We will hold about you:
Your Address and Delivery Address if different;
A contact telephone number and e-mail address;
Your marketing preferences;
We use the above data to carry out your instructions to us i.e. when you buy something from us online, we use your information to take payment and deliver the items to you.
When you have an “Authorised Person” on your account, we will need to take the same personal information relating to them, so that they can access your account and go through the Identification and Verification Process. In your account, we also have a notes section in which we record details of conversations that we have with you; this is so that we have an audit trail and for dispute resolution.
HOW LONG DO WE KEEP YOUR INFORMATION?
We will keep your personal information in our active systems for six years in accordance with our Records Retention Policy. The personal information will then be moved to a secure deep archive where it will be stored for up to Ten years to satisfy legal obligations relating to product recalls and child personal injury claims. Where you have consented for us to contact you for marketing purposes we will store your personal information for up to three years before asking you to re-consent to our contacting you for marketing purposes.
WHAT IS OUR LEGAL BASIS FOR PROCESSING?
Our legal basis for processing your information is “for the performance of a contract”. This is applicable when you buy something from us or create an account or use or buy vouchers from us.
For Marketing we use the basis of Consent for processing. In limited circumstances we may also rely on legitimate interests instead of consent where we have used “Soft-Opt in”.
A legitimate Interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
When you book a Car Seat Fitting Appointment, Parent to be Event or a Personal Shop we use the legal basis of taking preliminary steps for a contract as our legal basis as this is at your request prior to you potentially purchasing goods from us.
For our mailing and marketing lists, we use the basis of consent for processing. This can be withdrawn at any time by using the unsubscribe link contained within each e-mail.
For meeting legal and compliance obligations, we rely on the basis for compliance with a legal obligation.
WHAT HAPPENS IF I DON’T PROVIDE MY INFORMATION?
We will not be able to process your order, as we will be unable to enter into a contract with you or respond to you or meet our obligations under it.
WILL WE USE YOUR PERSONAL INFORMATION FOR AUTOMATED DECISION-MAKING?We do not use your personal information to make automated decisions about you.
WHAT INFORMATION DO WE COLLECT FROM THIRD PARTIES?
We do not collect any information from Third Parties.
WILL WE CHANGE THE PURPOSE FOR USING YOUR INFORMATION?
We will only use your personal information for the purposes set out above.
WHO DO WE SHARE YOUR INFORMATION WITH?
We may share your personal information with trusted third parties from time to time. We will not, however, share your personal information with a third party for marketing purposes. We do not sell any personal information to any third party so that they can send you their marketing material.
We have set out below the third parties we may share your personal information with. We will put in place technical and organisational measures to protect your data and how your personal information may be used in accordance with data protection laws:
Card Payment Processor:
We work with trusted third party payment processing providers in order to securely take and manage payments. This is necessary for the performance of a contract.
We use third parties to provide us with our IT systems and support for them. They may access your personal information to the extent that they need to in order to provide their services.
We use third parties to deliver your order to you or to deliver it to store for collection.
Website Analysis and Profiling Companies:
We use third parties to analyse how our website is used such as analysis of browsing or customer traffic patterns to enable us to improve our website and your experience of it. They also help us to tailor the information and offers we send to you.
Legal and Regulatory Requirements:
We will share your personal information with entities, companies or individuals where this is necessary to comply with any law, rule, regulation, legal procedure.
We may also share your personal information with our professional advisors (including lawyers, insurers and/or insurance brokers) to take advice e.g. in connection with any complaint or claim which you make.
We will only disclose such personal information to any third party as is necessary to enable them to carry out the function or purpose for which it is disclosed. For example, we will only disclose such personal information to a carrier as is necessary to enable them to deliver or collect your product.
Our legal basis for sharing your personal information with the other organisation’s set out above is that it is in our legitimate interests to do this to run our business effectively and to provide the best customer experience to you.
HOW DO WE KEEP YOUR INFORMATION SECURE?
We have put in place technical and organisational measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties (see above) who have a business need-to-know. They are subject to a duty of confidentiality.
We have put procedures in place to deal with any suspected data security incident and will notify you and any applicable regulator of a suspected incident where we are legally required to do so.
Our security procedures mean that we may occasionally request proof of identity before we are able to disclose personal information to you.
DO WE TRANSFER INFORMATION OUTSIDE THE UK/EEA?
We may, from time to time, transfer information outside of the European Economic Area (EEA). When we do, we will ensure that the same level of protections are in place as if your data were processed within the EEA.
WHAT ARE YOUR RIGHTS?
You have a number of rights over your personal information, which are:
the right to ask us what personal information we have about you and to have a copy of your personal information from us;
the right to ask us to correct any errors in your personal information;
the right to object to our legitimate interests and our profiling activities where these are based on our legitimate interests;
the right to object to us sending you marketing communications;
the right to ask us to delete your personal information. In certain circumstances we may object to this right as it is not absolute. This could be where we need to retain the information in defence of any possible future claims and warranties. We will inform you in this is the case;
the right to ask us to restrict the use that we are making of your personal information;
the right to ask us to transfer your personal information in certain circumstances; and
where our use of your personal information is based on your consent, the right to withdraw your consent at any time by contacting us via email: firstname.lastname@example.org
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), (the UK regulator for data protection issues. See www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO and so, if you are happy to do so, please contact us in the first instance and we will try to resolve your issue
DOES THIS POLICY COVER OTHER WEBSITES?