Privacy Notice for our Customers

PenCarrie Limited ("We") are committed to protecting and respecting your privacy.
This Privacy Notice (together with our terms of use and any other documents referred to on it) explains how we process any personal data we collect from you, or that you provide to us.

Please read the following information carefully to understand our practices regarding personal data and how we’ll treat it. By using our website (www.pencarrie.com) you are accepting the content of this privacy notice.

For the purpose of the General Data Protection Regulation (GDPR), the data controller is:
PenCarrie Limited, PenCarrie House, South View Estate, Willand, Devon, EX15 2QW.

If you have any questions regarding our GDPR processes, please contact us at the above address or by email: gdpr@pencarrie.com and our GDPR Representative will get back to you.

What information we may hold about you

We may collect and process the following data about you:

Information you give to us collected by

• Filling in forms or pop-ups
• Posting your profile on our website or 'App' (our website)
• Corresponding with us by phone*, email, post or otherwise

When does this happen?

• When you register to use our website
• When you subscribe to our service
• When you open an account with us
• When you participate in discussion boards or other social media functions on our website, or other third party social media platforms
• When you enter a competition, promotion or survey
• When you report a problem with our website

What sort of information does this include?

• Your name, address, email address and phone number
• Your financial and payment card information
• Personal description, work history and photograph

Our lawful basis for processing this information is identified and recorded in our Information Asset Register.

*Calls are recorded for training and verification purposes (with the exception of those parts involved in payment card details, which, due to data protection, are excluded from recordings).

Information we collect from you

We may collect information about how you’re interacting with PenCarrie on each of your visits to our website. This helps us to improve your experience.

What sort of information may be collected?

• Technical information, including:

o The Internet Protocol (IP) address used to connect your computer to the Internet
o Your login information, browser type and version
o Time-zone setting
o Browser plug-in types and versions
o Operating system and platform

• Information about your visit, including:

o The full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time)
o Products you viewed or searched for
o Page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page
o Any phone number used to call our customer service number

Our lawful basis for processing this information is identified and recorded in our Information Asset Register.

Information we receive about you from other sources

We may receive information about you from other users of our website and from third parties such as our partners in our Subscriber Benefits Scheme.

We also work closely with other third parties, including, for example:

• Business partners
• Sub-contractors that provide technical, payment or delivery services
• Advertising networks
• Analytics providers
• Search information providers
• Credit reference agencies
• Digital catalogue display tools

We may therefore receive information about you from them.

Our lawful basis for processing this information is identified and recorded in our Information Asset Register.

‘Hotjar’ information

We use Hotjar analytics to optimise our online service and experience.

Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.)

This enables us to build and maintain our service with user feedback.

What information does Hotjar collect?

Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices.

The data it collects includes:

• Device IP address (captured and stored only in anonymized form),
• Device screen size
• Device type (unique device identifiers)
• Browser information
• Geographic location (country only)
• Preferred language (used to display our website)

What does Hotjar do with this information?

Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link.

You can opt-out of the creation of a user profile, Hotjar’s storing of data about your usage of our website and Hotjar’s use of tracking cookies on other websites by following this opt-out link.

Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good online experience and also allows us to improve our website.

For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy.

How will we use your information?

We use information held about you in the following ways:

Information you give to us

We’ll use this information to:

• Carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us
• Provide you with information about other services we offer that are similar to those that you have already purchased or enquired about
• Provide you or permit selected third parties* (please see ‘Who do we share your information with?' section below) to provide you information about goods or services we feel may interest you.
• Notify you about changes to our service or other service-related information
• Facilitate your access to and use of any of our Subscriber Benefits (whether provided by us or a third party)

*Where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this by selecting the appropriate option when giving us your information.

Information we collect about you

We will use this information to:

• Administer our website and for internal operations, data analysis, testing, research, statistical survey purposes and troubleshooting
• Improve our website to ensure that content is presented in the most effective manner for you and your devices
• Ensure that content from our website is presented in the most effective manner for you and your devices
• Allow you to participate in interactive features of our service when you choose to do so
• Help keep our website safe and secure
• Measure or understand the effectiveness of marketing communications we serve to you and others, and to deliver you relevant and better marketing communications
• Make suggestions and recommendations to you and other users of our website about goods or services that may interest you or them

Information we receive from other sources

We may combine this information with information you give to us and information we collect about you.

We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).

Who do we share your information with?

To keep your data safe and protect your privacy, we require our third party processors to be compliant with the relevant data protection regulations.
Need more information about any of the third parties we may share your data with? Just drop us a line.

Examples of the kind of third parties we work with are:

• Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you, to provide services, e.g. Credit Checks, Courier Services, Insurance, Accounting and Invoicing.

• Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in SW1). We may make use of the personal data we’ve collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience.

• Analytics and search engine providers that help us improve and optimise our website.

• Courier service providers for the purpose of fulfilling our service to you and sending your order(s). 

• Credit Checking companies for the purpose of protecting PenCarrie in the opening of credit accounts. 

• Insurance providers for the purpose of protecting PenCarrie against financial risks.

• In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.

• If PenCarrie Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.

• If we’re under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of PenCarrie Limited, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We also use live chat software on our website to help us answer customer queries. This is provided by Click4Assistance, a third-party, UK-based software company. Information regarding how they process and store data can be viewed here. 

When will we sell or lease your data?

We will never sell or lease your data to any third party for financial gain.

Where will we store your personal data?

Most of the information you provide to us will be stored on our secure servers, any Payment Card Information (PCI) is stored with a secure third party and any PCI information given over the telephone will be obfuscated in the phone call recordings.

What about password security?

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Is information secure over the Internet?

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website. Any transmission is therefore at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

What about data going outside the European Economic Area?

If the data that we collect from you is transferred to, and stored at, a destination outside the European Economic Area (EEA), then we will take all steps reasonably possible to confirm with any third party involved that they are processing the data to the same standards so as to be compliant with the GDPR.

How long will we keep your personal data?

All Personal Data is stored in accordance with our Retention Policy. This means we’ll only keep it for as long as is necessary for the purpose for which it was collected.

When the Personal Data reaches the end of its retention period, it will be removed/deleted from our systems.

Some Personal Data will be stored beyond its initial retention period if it’s needed for any legal proceedings.

What rights do you have?

1. The right to be informed
You have the right to be informed about what Personal Information we process and how we do so. This Privacy Notice is one way in which we convey this information. (https://www.pencarrie.com/public/privacypolicy)

2. The right of access
You have the right to know what and have access to your Personal Information that we hold and process, you can get this access by submitting a Subject Access Request to us.
A Subject Access Request (SAR) would need to be raised in writing (by post or email), please see the 'Contact' section for where to send your SAR to.
In some circumstances we are not obliged to fulfil a request, for example if it is excessive. We would however write to you first to confirm this.
In some circumstances we can make a charge for fulfilling the request, for example if we have to incur particularly high administration costs. We would however write to you first to confirm this.
In some circumstances we can reject a request, we would however write to you first to explain why, and you would have the right to complain to the Regulatory Authority about that decision if you felt it was unjust.

3. The right to rectification
You have the right to have inaccuracies in your Personal Information rectified, please get in touch with us to request this if you are not able to do it from your account page.

4. The right to erasure (deletion)
You have the right to have your Personal Information erased, if we are holding it after the end of its retention period and there is no legal requirement for retaining it.
Please get in touch with us in writing to make your request.
We can refuse to erase the PI if it is needed for the exercise or defence of legal claims.

5. The right to restrict processing
You have the right to restrict the processing of your Personal Information if:

• You contest the accuracy of the personal data and want to restrict the processing until accuracy of the personal data has been verified
• You object to the processing (where it was necessary for the purpose of legitimate interests), and thus consideration needs to be given to whether the organisation’s legitimate grounds override yours
• The processing is unlawful and you oppose erasure and request restriction instead.
• If the personal data is no longer needed but you require the data to establish, exercise or defend a legal claim. If this data has been disclosed to a third party, then they will be informed [if possible and reasonable] of the restriction. Upon lifting the restriction, you (the Data Subject) will be informed.

6. The right to data portability
You have a Right to Portability, but for your Personal Information held by PenCarrie, this is not applicable, as there is no processing carried out by automated means.

7. The right to object
You have the right to object to:

• Processing based on legitimate interests
• Direct marketing on grounds relating to your particular situation

If you object, then we will stop processing the Personal Information for that purpose, unless:

• Compelling legitimate grounds for the processing, which override your interests, rights and freedoms can be demonstrated; or
• The processing is for the establishment, exercise or defence of legal claims

PenCarrie does not process Personal Information for research purposes.
You can object by using the preferences in the Customer Account pages, or by writing to us using the contact information in the 'Contact' section.

8. Rights in relation to automated decision making and profiling
PenCarrie does not perform any solely-automatic decision making or profiling

How do you change or withdraw your consent?

We keep a record of what you’ve opted into or unsubscribed from. If you’ve unsubscribed, please allow up to 28 days for the request to be implemented.

As a customer, you can change your Consent preferences in your Account page.
You can also submit a request to withdraw consent, in writing using the information in the 'Contact' Section of this Privacy Notice.

The location of personal data

All personal data is stored on our servers or those of the third parties we’ve shared it with. We have this documented and have taken the necessary steps to ensure your information is stored in compliance with the GDPR.

How do we keep your data secure when making changes?

We have a Data Privacy Impact Assessment (DPIA) process. This documents any risks to data privacy as well as any mitigating actions that may be appropriate, before any changes to processes or tools that could affect your personal data, are made.

How do we register personal data breaches?

We have a breach reporting process that we will follow in the event of a personal data breach being identified. This would document the key information and show whether we need to report it to the ICO, and/or you as a data subject.

Complaints

If you are unhappy with the way your data is being handled, please get in touch with us ( see the 'Contact' section ) and we will be happy to rectify any issues.
You also have the right to make a complaint to the Supervisory Authority if you feel we have not handled your Personal Information in accordance with the regulations. You can find their contact information on their website: https://ico.org.uk/ (opens in a new window; please note we can't be responsible for the content of external websites).

Links to external websites

Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates.

If you follow a link to any of these websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Changes to our privacy notice

Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy notice.

Any questions?

We hope this Privacy Notice document has been helpful in setting out the way we handle your personal data and your rights to control it, if you have any questions, comments or requests regarding this then please contact us. We’d be happy to help.

• Email us at: gdpr@pencarrie.com
• Or write to us at: PenCarrie Ltd, PenCarrie House, South View Estate, Willand, Devon, EX15 2QW.

This notice was last updated: January 6th, 2020