Sandhills East Ltd a private limited company registered in England and Wales with registered address at 3rd Floor, 1 Ashley Road, Altrincham, Cheshire, WA14 2DT and company number 07768642 ("we", "us" or "our") is committed to protecting and respecting your privacy.
This Privacy Notice tells you about your privacy rights and sets out how we, as a controller, collect, use, process and disclose your personal data relating to your interactions with the Brands and Services and these corresponding websites (the Websites), which are owned and operated by the Sandhills Group Companies. This Privacy Notice should be read in conjunction with our Cookie Policy.
Our Privacy Notice is regularly reviewed to ensure that we continue to respect your privacy. This Website is not intended for children and we do not knowingly collect data relating to children.
1. WHAT INFORMATION DO WE COLLECT AND WHEN?
Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We only collect information that we will use for the purposes set out in this policy.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If you do not provide us with your personal data we may not be able to provide you with our services, products or respond to any questions or requests you submit to us via our Website. We will always let you know if providing us with personal data is a statutory or contractual requirement. (Please note: If you submit details to us of any other person (e.g. a friend), please make sure you have their permission before doing so and provide them with a copy of this Privacy Notice.)
2. HOW DO WE USE YOUR PERSONAL DATA AND WHAT IS OUR LEGAL BASIS FOR DOING SO?
We will only use your personal data for the purposes and legal bases set out in the table below.
Why we use your personal data
What our legal basis is for doing so
To provide you with the Website, which requires a certain amount of technical information to be collected in order to work properly.
The processing is necessary to support our legitimate interests in managing our business (to keep our records updated and to study how Website users use our products/services) provided such interests are not overridden by your interests and rights.
To power security measures and related services relating to your access to the Website for example to enable us to recognise your username and password and reset these if you forget them.
The processing is necessary to support our legitimate interests in managing our business (to keep our records updated and to study how Website users use our products/services) provided such interests are not overridden by your interests and rights.
To enable you to order products from us on the Website which again requires a certain amount of personal data to be collected, for example your payment card details so we can take payment and the products you buy so we can provide you with an invoice and receipt.
The processing is necessary to perform a contract or enter into a contract with you.
To enable us to run competitions and offers for which you have signed up, about which we need to be able to communicate with you.
Where you have given consent to the processing of your personal data for direct marketing – which you may withdraw at any time.
To gather feedback from you about the Website, our products, other services and activities from time to time. We may invite you to provide this feedback on occasion, for example by emailing you to ask if you would like to review a product you have bought. We may use independent research and feedback providers to do so on our behalf.
The processing is necessary to support our legitimate interests in managing our business (to define types of customers for our products and services, to keep our Site updated and relevant, to develop our business and to inform our marketing strategy) provided such interests are not overridden by your interests and rights.
To contact you from time to time about things you have told us you want to hear about, for example our products, news, offers, new competitions and sponsored events.
Where you have given consent to the processing of your personal data for direct marketing – which you may withdraw at any time.
To respond to any questions, suggestions, issues or complaints you have raised with us.
The processing is necessary to support our legitimate interests in managing our business (to keep our records updated and to review issues with our products/services) provided such interests are not overridden by your interests and rights.
The processing is necessary to perform a contract or enter into a contract with you.
To respond to any social media posts or other public comments you make where these are made to or about us, the Website, our products, services or other activities.
The processing is necessary to support our legitimate interests in managing our business (to keep our records updated and to review issues with our products/services) provided such interests are not overridden by your interests and rights.
To communicate with you about operational changes to the Website, our products, services, for example if we were to withdraw or change this privacy policy.
The processing is necessary to support our legitimate interests in managing our business (to keep our records updated and to review issues with our products/services) provided such interests are not overridden by your interests and rights.
The processing is necessary for us to comply with legal and regulatory obligations.
To perform any contract we have entered into with you but also to enforce a contract against you if you do not honour it, including seeking to collect any debts that you may owe us.
The processing is necessary for us to comply with legal and regulatory obligations.
The processing is necessary to support our legitimate interests in managing our business (to recover debts due to us) provided such interests are not overridden by your interests and rights.
The processing is necessary to perform a contract or enter into a contract with you.
To gather statistics about how you and other people use the Website, and what you think of our adverts, offers, news, product information, competitions, sponsored events, social media and other digital content. We then analyse these statistics to understand if these things meet most people’s needs, or if they should be improved, and if so, what design or other changes (for example, around the nature and timing of communications) would be most beneficial for our customers and our business.
The processing is necessary to support our legitimate interests in managing our business (to define types of customers for our products and services, to keep our Site updated and relevant, to develop our business and to inform our marketing strategy) provided such interests are not overridden by your interests and rights.
To check that you have or are likely to have the means to pay us for any products you have ordered from us on the Website.
The processing is necessary to support our legitimate interests in managing our business (to recover debts due to us) provided such interests are not overridden by your interests and rights.
The processing is necessary to perform a contract or enter into a contract with you.
To monitor use of the Website to see if it is being abused or threatened for example by people posting inappropriate comments in review areas or by potential hackers looking to undermine their security.
The processing is necessary to support our legitimate interests in managing our business (to keep our records updated and to review issues with our products/services) provided such interests are not overridden by your interests and rights.
The processing is necessary for us to comply with legal and regulatory obligations.
To protect you and our business against any other criminal behaviour, including identity theft and fraud.
The processing is necessary to support our legitimate interests in managing our business (to keep our records updated and to review issues with our products/services) provided such interests are not overridden by your interests and rights.
The processing is necessary for us to comply with legal and regulatory obligations.
To understand you better and, in particular, your habits, your location from time to time and your personal circumstances.
The processing is necessary to support our legitimate interests in managing our business (to define types of customers for our products and services, to keep our Site updated and relevant, to develop our business and to inform our marketing strategy) provided such interests are not overridden by your interests and rights.
To maintain administrative and legal records about our business to enable us to understand what we have sold, how, when, where and at what price and account to the Revenue Commissioners for the related taxes that we have to pay.
The processing is necessary to support our legitimate interests in managing our business (to keep our records updated) provided such interests are not overridden by your interests and rights.
The processing is necessary for us to comply with legal and regulatory obligations.
To enable us and our third party service providers to plan and manage our day-to-day business and related services as effectively as possible, for example in predicting likely sales volumes of each product, so we can try and make sure we have enough stock to meet likely demand.
The processing is necessary to support our legitimate interests in managing our business (to keep our records updated and to study how Website users use our products/services) provided such interests are not overridden by your interests and rights.
To enable us to understand what our customer and user base looks like across our business. We do this by combining your information with information about our other customers and users of the Website, so we can spot trends and common factors.
The processing is necessary to support our legitimate interests in managing our business (to keep our records updated and to study how Website users use our products/services) provided such interests are not overridden by your interests and rights.
To enable us to conduct focused market research based on trends that we identify, which we can then use to further improve our products and services for all our customers.
The processing is necessary to support our legitimate interests in managing our business (to study how customers use our products/services, to develop them and grow our business) provided such interests are not overridden by your interests and rights.
In the process of anonymising your information so that you are no longer identifiable to us.
The processing is necessary to support our legitimate interests in managing our business (to ensure data minimisation) provided such interests are not overridden by your interests and rights.
To test new systems and processes as we roll them out to make sure they work and will meet the high expectations we set for ourselves.
The processing is necessary to support our legitimate interests in managing our business (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) provided such interests are not overridden by your interests and rights.
To assist us in the development of new products and services over time, for example to gauge whether a new product is likely to appeal to a large proportion of our customer base.
The processing is necessary to support our legitimate interests in managing our business (to develop our products/services and grow our business) provided such interests are not overridden by your interests and rights.
To analyse whether the money we spend on advertising on trade publications and trade websites, online and in search engines represents good value.
Where you have given consent to the processing of your personal data for direct marketing – which you may withdraw at any time.
Where we rely on our legitimate business interests to allow us to process your personal data or we process your personal data for direct marketing, you have the right, at any time, to object.
3. WHO DO WE SHARE YOUR INFORMATION WITH?
We cannot run our business or provide many of our services and benefits without involving other people and businesses and sometimes we pass your personal data to these other people and businesses as set out below. We only share your personal data where we can do so in accordance with our legal data protection and privacy obligations. We share the personal data we collect with:
4. SOCIAL MEDIA, BLOGS, REVIEWS, AND SIMILAR SERVICES
Any posts or comments you make to us on social media will be shared under the terms of the relevant social media platform (for example, Facebook or Twitter) on which they are made and could be made public by that platform. These platforms are controlled by other people, not us, so we are not responsible for this sharing. You should review the terms and conditions and privacy policies of the social media platforms you use to ensure you understand how they will use your information, what information relating to you they will place in the public domain and how you can stop them from doing so if you are unhappy about it.
Any blog, review or other posts or comments you make about us, our products and services on any of our blog, review or user community services will be shared with all other members of that service and the public at large.
You should ensure that any comments you make on these services, and on social media in general, are fit to be read by the public, and in particular are not offensive or defamatory. You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.
5. SECURITY OF YOUR INFORMATION
Information provided through the Website is stored on our secure servers or those of any third party we engage to provide our IT platform, and is encrypted using standard technology, in accordance with Irish legislation and the GDPR.
Where we have given you, or you have chosen, a password which enables you to access your account or certain parts of the Website, you are responsible for keeping the password confidential and must not share it with anyone. You are responsible for any actions carried out using your password except where there has been fraud.
6. INTERNATIONAL TRANSFER OF YOUR PERSONAL DATA
Although we are based in the United Kingdom, we occasionally need to use international suppliers to help ensure you receive the very best products and services from us as well as coordinate with our international Sandhills Group Companies.
To allow us to run our business on this basis, the personal data we collect may be transferred to, stored and used at premises in countries outside the United Kingdom, including outside the European Economic Area, whose data protection laws may not be equivalent to those in the United Kingdom.
To the limited extent that it is necessary to transfer your personal data outside of the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data, including standard contractual clauses under Article 46.2 or adequacy decision under Article 45. Please Contact Us if you wish to obtain information concerning such safeguards.
7. HOW LONG DO WE KEEP YOUR INFORMATION FOR?
In accordance with our legal data protection and privacy obligations, we will only retain your information for as long as we need it to achieve the purpose(s) for which we obtained it in the first place; as required by law, and for the exercise or defence of legal claims. We will then either securely delete it or anonymise it so that it cannot be linked back to you (see paragraph 2 for full details of those purposes).
8. MANAGING YOUR INFORMATION
It is very important to us that all the information we hold about you remains accurate and up to date to reduce the risk of a misunderstanding. We need your help in doing so. If you have an online account with us, please ensure that the information (for example, contact information) you provide to us through that account remains accurate and up to date. Please review and update it regularly.
You have several rights in relation to your personal data under applicable privacy and data protection law, which may be subject to certain limitations and restrictions. We will respond to any valid requests within one month, unless it is particularly complicated or you have made repeated requests in which case we will respond, at the latest, within three months. We will inform you of any such extension within one month of receipt of your request, together with the reasons for the delay. You will not be charged a fee to exercise any of your rights unless your request is clearly unfounded, repetitive or excessive, in which case we will charge a reasonable fee in the circumstances or refuse to act on the request. Depending on your country of residence or domicile, you may have other legal rights over the information we collect from you and your devices. We will honour all such legal rights.
If you wish to exercise any of these rights, inquire about your rights, or if you would like to make a request for data deletion, please submit a request here. We may request proof of identification to verify your request.
Your Right
What this Means
Right to withdraw consent
If we are processing your personal data on the legal basis of consent, you are entitled to withdraw your consent at any time (see Contact Us). However, the withdrawal of your consent will not invalidate any processing we carried out prior to your withdrawal and based on your consent.
Right of Access
You can request a copy of the personal data we hold about you.
Right to Rectification
If you have reason to believe any of the information we collect on you may be inaccurate, and you cannot correct such inaccuracy yourself through your registered account with us, please contact us (see Contact Us).
Right to Erasure (‘Right to be Forgotten’)
You have the right to request that your personal data be deleted in certain circumstances including:
However, this right does not apply where, for example, the processing is necessary:
Right to Restriction of Processing
You can ask that we restrict your personal data (i.e., keep but not use) where:
We can continue to use your personal data:
Right to Data Portability
Where you have provided personal data to us, you have a right to receive such personal data back in a structured, commonly-used and machine-readable format, and to have those data transmitted to a third-party data controller without hindrance but in each case only where:
Right to Object
You have a right to object to the processing of your personal data in those cases where we are processing your personal data in reliance on our legitimate interests. In such a case we will stop processing your personal data unless we can demonstrate compelling legitimate interests which override your interests and you have a right to request information on the balancing test we have carried out.
You also have the right to object where we are processing your personal data for direct marketing purposes. We provide the means for you to stop all email and text (SMS or MMS) communications you receive from us – please see the "unsubscribe" link and "STOP" details we include in each email and text respectively. You can also contact us at any time using the details below and let us know what you would like us to change.
Automated Decision-Making
You have a right not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affects you other than where the decision is:
One common example is if we decline an order you place with us online for anti-fraud or credit check reasons. Please note that these decisions can come about due to policy decisions taken by banks, card and payment processing companies and credit reference agencies who independently hold information about you and to resolve them, you may have to speak to them directly. Where we base a decision solely on automated decision-making, you will always be entitled to have a person review the decision so that you can contest it and put your point of view and circumstances forward.
Right to Complain
You have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR.
9. THIRD PARTY LINKS
The Website may contain links to the websites of third parties. If you follow a link to any third party website, please note that these websites will have their own privacy policies and we do not accept any responsibility or liability in respect of the same.
10. CHANGES TO THIS PRIVACY NOTICE
We reserve the right to update this Privacy Notice from time to time. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Privacy Notice. However, if we make material changes to Privacy Notice we will notify you by means of a prominent notice on the Website prior to the change becoming effective. Please review the Privacy Notice whenever you access or use this Website.
11. CONTACT US - UPDATING YOUR PREFERENCES AND DETAILS
If you:
please let us know by Contacting Us.
Please help us to keep your records up to date by notifying us of any changes to your personal details.
Last updated February 2022
Copyright 2023 © Sandhills East Ltd