1.1 The Pennyhill Lucan website (the "Website") is operated by [MAIN COMPANY] trading as Pennyhill Lucan ("Pennyhill Lucan", "our", “we” and “us”) with our main office at [OFFICE ADDRESS NEEDED] . At Pennyhill Lucan we respect your right to privacy and this Privacy Statement (the "Statement") sets out the basis on which we use, process, store or disclose any personal data detailed below ("Personal Data") that we collect from you or that you provide to us through the Website. The information provided by you will be held by us as a controller.
2. Overview of this statement
2.1 We collect and process your Personal Data when you use the Website (including to purchase our products) and when you engage us. Our processing operations are mainly necessary to enter into and perform our contract with you, necessary for the purposes of our legitimate interests, or based on you having given us consent. We store your Personal Data on servers located within the European Economic Area (the “EEA”). We share your Personal Data within the Pennyhill Lucan Group (as defined in Section 5 below) and with third parties. We may also share your Personal Data with law enforcement agencies or other bodies if we are required by law to do so.
3. The personal data we process
3.1 We will collect and process the following Personal Data when you use the Website:
3.2 You can choose to provide us with the following Personal Data:
- If you make a purchase using the Website, we will process your email address, your name, telephone number, company name (if you choose to provide it), your address (both for shipping and billing), your order information and, if applicable, any loyalty points you accrue.
- Please note that we do not process or store any card or payment information on our own servers as we engage with third parties for this. For more on card and payment information, please see Security, Storing and Transfers of Your Personal Data in Section 6.
Customer Account Registration Information
- If you choose to register a Customer Account with us you will have to provide us with information including your email address, a password of your choosing, your name, your phone number and your address. You may also choose to provide us with the name of your company.
- Where you choose to register a Customer Account with us, we will process your transactional information and purchase history.
- If you choose to subscribe to our marketing material, we will process your email address and phone number in order to send this to you, but also information about how you interact with the emails and SMS messages you receive from us, such as whether or not you open the communication, the links you click on, whether you purchase anything or whether you opt out of the communications.
- You may choose to give us information such as your name, email address, address, telephone number and other details when contacting us by submitting enquiries through the Website contact form or by emailing firstname.lastname@example.org.
- If you choose to provide us with this information, we will keep a record of this correspondence for as long as is necessary to deal with this query (for further information please see our section on How Long We Keep Your Personal Data For in Section 8).
4. How and why we use your perosnal data
4.1 The following table details the legal basis for (the "Legal Basis") and the reasons why ("Purposes") we process your Personal Data:
|Legal Basis||Purpose(s)||Personal Data Processed|
It is necessary to process these Personal Data to enter into and perform our contract with you in relation to:
|Access to the Website
To provide you with access to the Website and to allow you to use the Website.
Fulfilling your Orders and Requests
It is in our legitimate interests to collect and process your Personal Data for the purposes of improving and monitoring website efficiency, enhancing your use of the Website.
It is also necessary for the purposes of our legitimate interests to process your Personal Data to respond to any queries or requests submitted by you to us.
When we process your Personal Data based on our legitimate interests, we make sure to consider and balance any potential impact on you and your data protection rights. We will not process your Personal Data for activities where our interests are overridden by the impact on you.
Improving Website Functionality and Efficiency
We process your Personal Data for these purposes where we have your consent to do so.
Should you wish to withdraw your consent to our processing of your Personal Data for these purposes you may do so by contacting email@example.com. You will also be given an option to opt-out on each communication you receive. However, please note that any processing carried out before you withdraw your consent will remain valid.
|Promotional and Marketing Materials
Compliance with a Legal Obligation
We may process your Personal Data where it is necessary to comply with legal obligations to which we are subject to.
To Defend, Establish or be a Party to Legal Claims
We may process your Personal Data as necessary in order for us to establish, investigate, exercise or defend a legal claim to which you are a party
5. Who we share your personal data with
5.1 We may disclose your Personal Data to other members of our group which means our subsidiaries, our ultimate holding company and its subsidiaries, if applicable (the "Pennyhill Lucan Group").
5.2 We will disclose your personal information to third parties outside the Pennyhill Lucan Group including in the following circumstances:
|Third Party Service Providers
Regulatory Authorities, Law Enforcement Agencies, Public Bodies and Other Third-Party Companies
6. Security, storing and transfers of your personal data
6.1 We store and process your Personal Data on servers located within the European Economic Area (the "EEA"). However, we may transfer your Personal Data outside the EEA where we engage with third party services providers. We only transfer your personal data outside the EEA where the European Commission has decided that the third country in question ensures an adequate level of protection in line with EEA data protection standards or there are appropriate safeguards in place to protect your Personal Data. If you would like to find out more about the appropriate safeguards that we have in place to govern the transfer of your Personal Data you can contact us at firstname.lastname@example.org
6.2 Information you provide to us through the Website is protected by encryption. Unfortunately, the transmission of information via the internet is not completely secure. Although we will always do our best to protect your Personal Data, we cannot guarantee the security of any information you transmit to us. Any transmission is at your own risk. Once we have received your information, we use strictly maintained physical, electronic and procedural safeguards to prevent unauthorised access.
6.3 Pennyhill Lucan does not store or process any of your card or payment information. All payment information is processed by third party service providers engaged by us for this purpose, including Global Payments who are Level 1 PCI DSS v3.2 certified.
7.1 The Website contains links to other websites ("Linked Websites"). Pennyhill Lucan is not responsible for the privacy statements or practices on the Linked Websites. This Statement governs only information collected on the Website. When accessing Linked Websites, you should read the privacy statement published on the relevant Linked Website. The terms of our Statement do not apply to Linked Websites. Please check these statements before you submit any Personal Data to Linked Websites.
7.2 The Website contains links to other websites and resources provided by third parties for your convenience and information only. We accept no liability in connection with any Linked Website, or any contract entered into on or through a Linked Website. We have no control over the contents of those websites or resources, and accept no responsibility for them or for any loss or damage that may arise from your use of Linked Websites.
8. How long we keep your personal data for
8.1 We will keep your Personal Data no longer than is necessary for the purposes for which the data was provided.
8.2 Please note that in certain circumstances, we may hold your Personal Data for a longer period, for example, if we are processing an ongoing claim or believe in good faith that the law or a relevant regulator may reasonably in our view expect or require us to preserve your data.
9. Your rights and how to exercise them
9.1 The table below sets out the rights which you have to address any concerns or queries with us about our processing of your personal data:
|Right to be Informed||You have the right to know whether your Personal Data is being processed by us, how we use your Personal Data and your rights in relation to your Personal Data.|
|Right of Access||
You have the right to request a copy of the Personal Data held by us about you and to access the following information in relation to the processing of your Personal Data:
|Right to Rectification||You have the right to request that we amend any inaccurate Personal Data that we have about you.|
|Right to Erasure||
You have the right to ask us to erase your Personal Data where:
|Right to Restriction of Processing||
You have the right to ask us to restrict processing your Personal Data in the following situations:
We may not further process the data unless you consent or the processing is necessary in relation to a legal claim or to protect the rights of another person or legal person or for reasons of important public interest.
Please note that it be may necessary for us to process some of your Personal Data in order to provide the Website services and in certain instances where you ask us not to process your Personal Data you may not be able to use the Website.
We will inform you before the processing restriction is lifted.
|Right to Data Portability||
You may request us to provide you with your Personal Data which you have given us in a structured, commonly used and machine-readable format and you may request us to transmit your Personal Data directly to another data controller where this is technically feasible.
This right only arises where we process your Personal Data on the legal bases of your consent or where it is necessary to perform our contract with you.
|Right to Object||You have a right to object at any time to the processing of your Personal Data where we process your Personal Data on the legal basis of pursuing our legitimate interests.|
9.2 You can exercise any of these rights by submitting a request to email@example.com
9.3 We will provide you with information on any action taken upon your request in relation to any of these rights without undue delay and at the latest within one month of receiving your request. We may extend this up to 2 months if necessary however we will inform you if this arises.
9.4 You have the right to lodge a complaint with a data protection supervisory authority with regards to us processing your Personal Data.
10. Changes to this statement
10.1 If we amend this Statement, in whole or part, any changes will be posted on this page and, where appropriate, notified to you by email or when you use the Website. The new Statement may be displayed on-screen and you may be required to read and accept it to continue your use of the Website.
10.2 If at any time we decide to use your Personal Data in a manner significantly different from that stated in this Statement, or otherwise disclosed to you at the time it was collected, we will notify you by e-mail, and you will have a choice as to whether or not we use your Personal Data in the new manner.
11. Who to contact with queries
11.1 Questions, comments and requests regarding this Statement are welcomed and should be sent to firstname.lastname@example.org.