information we may collect from you
We may collect and process the following data about you:
- · Information you give us: You may give us information about you by filling in forms on our site or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our site, subscribe to our service, search for a product, place an order on our site, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey and when you report a problem with our site. The information you give us may include, but is not limited to, your name, address, e-mail address and phone number, financial and credit card information, personal description and photograph.
- · Information we collect about you. With regard to each of your visits to our site we may automatically collect the following information:
- -Technical information, including the Internet Protocol (IP) address used to connect your computer or device to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
- -Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from out site (including date and time); products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction (such as scrolling, clicks and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
- · Information we receive from other sources. We may receive information about you if you use any of the other websites we operate, the other services we provide and/or any of our social media pages. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them. All third-party organisations that we work with are fully GDPR compliant.
Uses made of the information
We use information held about you in the following ways:
- · Information you give to us. We will use this information:
- - to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
- - to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
- - to pass on the appropriate personal information to any of the industry-leading payment providers that we use to process your payments. These include PayPal. These payment providers, in turn, also have to be, and are, GDPR compliant. Cambridgeshire Sugarcraft Supplies never store your credit or debit card information.
- - to pass on the appropriate personal information to our delivery partners who require it to deliver your order. Such partners include DPD, Royal Mail and other fulfilment and delivery partners we may use from time to time. These fulfillment and delivery partners, in turn, also have to be, and are, GDPR compliant.
- - to notify you about changes to our service;
- - to ensure that content from our site is presented in the most effective manner for you and for your device.
- · Information we collect from you. We will use this information:
- - to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- - to improve our site to ensure that content is presented in the most effective manner for you and for your device;
- - to allow you to participate in interactive features of our service, when you choose to do so;
- - as part of our efforts to keep our site safe and secure;
- - to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- - to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
- · Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Disclosure of your information
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may share information with selected third parties including;
- - In the event that we sell or buy any business or assets. in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- - If Cambridgeshire Sugarcraft Supplies Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
Where we store your personal data
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our very best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try and prevent unauthorised access.
Personally Identifiable Information
Personally identifiable information is defined as any personal information that could identify you such as your name, address, telephone number, billing and shipping information, credit card information or e-mail address. Generally, when you visit any Cambridgeshire Sugarcraft Supplies Ltd website, you are not required to disclose who you are or reveal any personally identifiable information. Since Cambridgeshire Sugarcraft Supplies Ltd takes your privacy seriously, no personally identifiable information will be collected unless it is voluntarily provided.
Access to information
Cambridgeshire Sugarcraft Supplies Ltd will not sell or provide any personal details in its possession to third party marketing companies. Only directors and authorised employees of Cambridgeshire Sugarcraft Supplies Ltd have access to customer information. Information may only be disclosed to third parties if consent is received, if we are compelled or authorised to do so by Law, or if there is a reasonable belief that there is a threat to someone's life or health.
Security and Storage of information collected
Cambridgeshire Sugarcraft Supplies Ltd is committed to maintaining the security of data collected and protecting it from loss, misuse or alteration. This applies to demographic information, client site usage information and personally identifiable information. Data collected is stored on secure Cambridgeshire Sugarcraft Supplies Ltd servers that can be accessed by The Company’s authorised personnel only. To safeguard all information collected, The Company and its employees follow the practices in this Policy. Access or use of information for any purpose other than those explained in this Policy will not be authorised.
You have the right to ask us not to process your personal data for marketing purposes. We will always inform you (before collecting your data) if we intend to use your data for such purposes. You can exercise your right to prevent such processing by not checking certain boxes on the forms we use to collect your data. You can also unsubscribe by clicking the unsubscribe button which is located at the bottom of every marketing email we send out.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Accessing your information
Under The Data Protection Act 1998, you have the right to access information held about you. Your right of access can be exercised in accordance with the 1998 Act.
If you would like to view, change or de-activate any personally identifiable information you have submitted to Cambridgeshire Sugarcraft Supplies Ltd, please send a Subject Access Request to us and, as soon as your request is received, we will provide, change or de-activate any information that could be used to identify you unless disclosure is required or authorised by Law. Once de-activated, your data will no longer be accessible.
You may correct, update or erase your personal information at any time by emailing us at firstname.lastname@example.org or by changing your profile on our website. Please include your name, address, date of birth and email address when you contact us as this helps us to ensure that we accept amendments only from the correct person. We encourage you to promptly update your personal information if it changes.
We will securely retain your information for as long as is reasonably necessary and in accordance with applicable law. If you wish to submit a request that your data be deleted, please write to us at the above address. You have the right to receive a copy of the personal information that we hold about you. Please write to us at the address above if you wish to exercise this right.
No Contract or Liability
Where to make a complaint
Information Commissioner's Office
You can also contact the Information Commissioner’s Office using their online form:
Data Processing Agreement 1&1 Internet Limited Preamble This Agreement specifies the data protection obligations of the contractual parties arising from the defined processing activities in which personal data belonging to Controller is processed by 1&1in compliance with the General Data Protection Regulations (“GDPR”). “Controller” shall have the same meaning as set out in article 4(7) of the GDPR. "Personal data" shall have the same meaning as set out in article 4(1) of the GDPR. “Processing” shall have the same meaning as set out in article 4(2) of the GDPR. “Processor” shall have the same meaning as set out in article 4(8) of the GDPR. 1. Duration of the Processing on Behalf of the Controller The term of this Agreement shall continue for the duration of the provision of the services. 2. Area of Application and Responsibility 2.1 In the provision of the services, Controller may choose to hold Controller’s customer personal data (“personal data”) at Controller’s own risk, on the platforms and data centres of 1&1. The only processing activities that may be performed by 1&1 are the storage of such personal data and any backups in order to provide continuity of service and disaster recovery. Such backups are merely for the aforementioned purpose and shall not be available to Controller. 2.2 Controller shall be solely responsible for compliance with the legal provisions of applicable data protection laws, in relation to such personal data, in particular the lawfulness of the data processing ("Controller" as defined under the GDPR). 3. Obligations of the Provider 3.1 To the extent that 1&1 shall be considered a processor of Controller’s customer personal data. 3.2 Any additional processing of personal data shall only be in accordance with instruction from Controller, unless an exception applies as defined in the GDPR. 1&1 shall promptly inform Controller May 2018 Page 2 of 4 if it believes that an instruction of Controller violates applicable laws. In such cases, 1&1 reserves the right to refuse Controller’s instructions. 3.3 1&1 shall implement technical and organisational measures to protect Controller’s customer data and to ensure the confidentiality, integrity, availability and capacity of the systems and services. 1&1 shall be obliged, in accordance with the GDPR, to implement a procedure for regularly reviewing the technical and organisational measures designed to ensure the security of the processing. 3.4 1&1 reserves the right to alter the agreed security measures, provided that any such amendment ensures that the agreed level of protection shall not be materially diminished. 3.5 1&1 agrees to reasonably assist Controller in respect of any requests and claims in accordance with the GDPR. 3.6 1&1 shall ensure that employees, subcontractors and affiliates who may be involved in the processing of Controller's data shall act in accordance with this Agreement. 3.7 1&1 shall inform Controller promptly if 1&1 becomes aware of any breaches which affect Controller's personal data. 3.8 1&1 shall, once notified in writing, inform Controller of any request for disclosure of personal data by authorities, unless expressly prohibited under applicable laws. 3.9 Controller may contact the Data Protection Officer by sending an email to: email@example.com. 3.10 At termination of services, all customer data, personal or otherwise, shall be deleted (including the pseudonymisation of data) within an appropriate time, in accordance with applicable laws. 3.11 In the event of a claim against Controller regarding any of the rights defined under the GDPR, 1&1 shall provide reasonable assistance to the Controller to avert any such claim. 4. Obligations of Controller 4.1 Controller shall inform 1&1 of any issues with respect to data protection laws promptly. 4.2 Controller acknowledges that 1&1 shall ensure reasonable security and organisational measures to protect their personal data. Controller shall also agree to undertake similar security measures to ensure the protection of their personal data hosted on the 1&1 platforms and data centres. 4.3 In the event of a claim against Controller regarding any of the rights defined under the GDPR, this Agreement shall apply accordingly. May 2018 Page 3 of 4 4.4 Controller acknowledges and agrees that 1&1 has no knowledge of the retained personal data or how such personal data shall be utilised and therefore, no awareness of how such personal data shall be processed, other than as stated in clause 2.1 above. 4.5 It is Controller’s duty to ensure that appropriate backups are retained in relation to the personal data described in this Agreement. 5. Requests from Data Subjects In the event 1&1 receives a request for correction, deletion or information, 1&1 shall refer such requests to Controller, provided that Controller may be identified. 1&1 shall provide reasonable assistance to Controller. 1&1 shall not be liable in the event the request not be answered at all, not be answered correctly or not answered promptly by Controller. 6. Subcontractors (Additional Processors) 6.1 1&1 may require subcontractors for maintenance, management of the data centre structure, telecommunication services and for provision of the services. 6.2 A list of the subcontractor companies currently in use, including place of business, shall be available to Controller in the control panel. 6.3 In the event 1&1 uses subcontractors, it is 1&1's responsibility to transfer its data protection obligations from this Agreement to the subcontractor. 1&1 retains full responsibility for the subcontractors in respect of this Agreement. 7. Notification Obligations, Amendments and Jurisdiction 7.1 In the event the personal data of Controller is located within the 1&1 data centres and suffers the risk of seizure by insolvency proceedings, law enforcement of any other such event, 1&1 shall notify Controller promptly, if permissible by law. 1&1 shall promptly inform all entities involved in the matter that the ownership and control of the data lies exclusively with Controller, as defined in the GDPR. 7.2 Changes or additions to this Agreement may be amended at any time. 7.3 Should any conflicts arise, the provisions of this Agreement shall take precedence over the provisions of any other agreement or terms. Should any clause of this Agreement be found invalid, this shall not affect the validity of the rest of this Agreement. May 2018 Page 4 of 4 7.4 The laws of England and Wales shall apply. 7.5 This Agreement supersedes all previous agreements or terms in relation to this subject. 8. Liability and Compensation for Damage Controller and 1&1 may be liable for claims in accordance with the provisions of the GDPR. 9. Miscellaneous This Agreement shall be in conjunction with 1&1’s general Terms and Conditions