D&C Supplies Ltd is a company registered in Scotland (referred to as “D&C Supplies”, “we” or “us” in this policy).
Maintaining the security of your data is a priority at D&C Supplies, and we are committed to respecting your privacy rights. We pledge to handle your data fairly and legally at all times. D&C Supplies is also dedicated to being transparent about what data we collect about you and how we use it.
This policy, which applies when you go on line, visit us at retail and trade shows or place orders direct, provides you with information about:
- How we use your data;
- What personal data we collect;
- How we ensure your privacy is maintained; and
- Your legal rights relating to your personal data.
D&C Supplies Ltd (and trusted partners acting on our behalf) uses your personal data:
- to provide goods and services to you;
- to make a tailored website available to you;
- to manage any registered account(s) that you hold with us;
- to verify your identity;
- for crime and fraud prevention, detection and related purposes;
- with your agreement, to contact you electronically about promotional offers and products and services which we think may interest you;
- for market research purposes – to better understand your needs;
- to enable D&C Supplies to manage customer service interactions with you; and
- where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).
D&C Supplies uses your personal data for electronic marketing purposes (with your consent) and may send you postal mail to update you on the latest offers from D&C Supplies.
D&C Supplies aims to update you about products & services which are of interest and relevance to you as an individual.You have the right to opt out of receiving promotional communications at any time, by:
- Changing marketing preferences via you’re D&C Supplies account;
- Making use of the simple “unsubscribe” link in emails
- Contacting D&C Supplies via the contact channels set out in this Policy.
Web Banner Advertising
If you visit our websites, you may receive personalised banner advertisements whilst browsing other websites. Any banner advertisements you see will relate to products you have viewed whilst browsing our websites on your computer or other devices.
Sharing data with third parties
Our service providers and suppliers
In order to make certain services available to you, we may need to share your personal data with some of our service partners. These include IT, delivery and marketing service providers – including Mailchimp. D&C Supplies only allows its service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls.
Other third parties
Aside from our service providers, D&C Supplies will not disclose your personal data to any third party, except as set out below. We will never sell or rent our customer data to other organisations for marketing purposes.
We may share your data with:
- Governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so: –
- Our carefully selected credit reference agency – creditsafe where necessary for checking credit for setting up credit accounts.
- To comply with our legal obligations;
- To exercise our legal rights (for example in court cases);
- For the prevention, detection, investigation of crime or prosecution of offenders; and
- For the protection of our employees and customers.
How long do we keep your data?
We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 7 years.
WHAT PERSONAL DATA DO WE COLLECT?
D&C Supplies may collect the following information about you:
- Your name, gender your company name and your job title;
- Your contact details: postal address including billing and delivery addresses, telephone numbers (including mobile numbers) and e-mail address;
- Purchases and orders made by you;
- Your on-line browsing activities on the D&C Supplies website www.scottinness.com;
- Your password(s);
- Your communication and marketing preferences;
- Your interests, preferences, feedback and survey responses;
- Your location;
- Your correspondence and communications with D&C Supplies; and
- Other publicly available personal data, including any which you have shared via a public platform (such as a Twitter feed or public Facebook page).
Our websites are not intended for children and we do not knowingly collect data relating to children.
This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy. Some of the above personal data is collected directly, for example when you set up an on-line account on our website, or send an email to our customer services team. Other personal data is collected indirectly, for example your browsing or shopping activity.
D&C Supplies is committed to keeping your personal data safe and secure.
Our security measures include: –
- Encryption of data;
- Regular cyber security assessments of all service providers who may handle your personal data;
- Security controls which protect the entire D&C Supplies’s IT infrastructure from external attack and unauthorised access;
WHAT YOU CAN DO TO HELP PROTECT YOUR DATA
D&C Supplies will never ask you to confirm any bank account or credit card details via email. If you receive an email claiming to be from D&C Supplies asking you to do so, please ignore it and do not respond.
If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session.
In addition, we recommend that you take the following security measures to enhance your online safety both in relation to D&C Supplies and more generally: –
- Keep your account passwords private. Remember, anybody who knows your password may access your account.
- When creating a password, use at least 8 characters. A combination of letters and numbers is best. Do not use dictionary words, your name, email address, or other personal data that can be easily obtained. We also recommend that you frequently change your password. You can do this accessing your account, clicking ‘your account’, clicking ‘your data’ and selecting ‘change password’.
- Avoid using the same password for multiple online accounts.
You have the following rights:
- The right to ask for a copy of personal data that we hold about you (the right of access);
- The right (in certain circumstances) to request that we delete personal data held on you; where we no longer have any legal reason to retain it (the right of erasure or to be forgotten);
- The right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you (the right of rectification);
- The right to opt out of any marketing communications that we may send you and to object to us using / holding your personal data if we have no legitimate reasons to do so (the right to object);
- The right (in certain circumstances) to ask us to ‘restrict processing of data’; which means that we would need to secure and retain the data for your benefit but not otherwise use it (the right to restrict processing); and
- The right (in certain circumstances) to ask us to supply you with some of the personal data we hold about you in a structured machine-readable format and/or to provide a copy of the data in such a format to another organisation (the right to data portability).
If you wish to exercise any of the above rights, please contact us using the contact details set out below.
LEGAL BASIS FOR D&C SUPPLIES PROCESSING CUSTOMER PERSONAL DATA
D&C Supplies collects and uses customers’ personal data because is it necessary for:
- The pursuit of our legitimate interests (as set out below);
- The purposes of complying with our duties and exercising our rights under a contract for the sale of goods to a customer; or
- Complying with our legal obligations.
In general, we only rely on consent as a legal basis for processing personal data in relation to sending direct marketing communications to customers via email.
Customers have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.
OUR LEGITIMATE INTERESTS
The normal legal basis for processing customer data, is that it is necessary for the legitimate interests of D&C Supplies, including:-
- Selling and supplying goods and services to our customers;
- Promoting, marketing and advertising our products and services;
- Sending promotional communications which are relevant and tailored to individual customers
- Understanding our customers’ behaviour, activities, preferences, and needs;
- Improving existing products and services and developing new products and services;
- Complying with our legal and regulatory obligations;
- Preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;
- Handling customer contacts, queries, complaints or disputes;
- Protecting D&C Supplies, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to D&C Supplies;
- Effectively handling any legal claims or regulatory enforcement actions taken against D&C Supplies; and
- Fulfilling our duties to our customers and colleagues.
Information is only collected from you when you enter your personal details into our online forms. We use this information to track the way you move around the website and use the findings to process your order accurately and efficiently, to provide you with the best service possible and also for market research purposes.
We will never ask for more information than necessary in order to carry out the activities described above, or store your personal information for longer than is necessary to carry out the task for which it was collected. We will not contact you by email or any other means without your explicit consent.
Your details will not be disclosed to any third party other than those engaged in processing or storing data on our behalf. (Please note, we reserve the right to cooperate with law enforcement officials and have no legal liability for such disclosures).
If you wish to access and edit your personal information which you have submitted via this website, please login to the My Account page.
Our payment system uses encryption technology called Secure Sockets Layer (SSL) to ensure that only authorised parties can read the data you submit. Look out for the PADLOCK symbol IN FRONT OF WEBSITE URL whenever you are asked to submit any payment information and notice the address change from http:// to https://. These are both signs that this site is secure.
Registered Customers may be asked to submit additional information. This saves you re-entering information each time you make a purchase and enables us to offer you suitable offers and services.
For added peace of mind, please remember that in the event of unauthorised charges being made on a credit card, the cardholder is NOT held liable. Check with your credit card issuer for details of their particular insurance and liability policies.
SECURE PAYMENT SYSTEM
We use PayPal Secure Online Payment Processing System for accepting all payments. PayPal is one of the largest & most popular payment service providers used globally, and is fully approved by all the major UK acquiring banks. When you reach the payment process of purchasing products on our site, you will be redirected to PayPals secure server where you can pay using your own PayPal account (if you have one) or pay by credit or debit card without registering for a PayPal account. PayPal will collect your card details via a 128-bit SSL secured payment page. They will request your credit or debit card number, expiry dates, cardholder name and address and security code value. This information is then further encrypted to be held against the transaction details on their system before being sent to the UK acquiring banks for authorisation (over secure, offline channels). They will also ask for your email address to send you a confirmation email of your payment. PayPal do NOT store the security code. Please note that WE do NOT store your payment details on our website. Your information is transmitted in an encrypted format and at no time does our website ask you for, or see any of this information.
This policy was last updated in 30 September 2018
- References to Blaeberry Brae changed to D&C Supplies