This page explains our procedures in managing and protecting your personal data, how we limit the risk of a data breach and how we comply with the new GDPR data protection laws. Data protection responsibilities lie with the website, the Data Controller and we can be contacted for any questions on Data Protection by emailing us at firstname.lastname@example.org.
We hold and update a record of data processing activities in accordance with GDPR.
This Site has security measures in place to protect the loss, misuse and alteration of the information under our control. We use 128-bit industry standard Secure Server Software (SSL) for your transactions with us. It encrypts all your personal information, including your credit card number, name and address, so that it cannot be read as the information travels over the Internet.
This website is not intended for persons under the age of 18 and we do not knowingly collect data relating to children.
We do not share your data with third parties nor contact customers for email for marketing purposes.
No data is transferred outside of the European Economic Area.
Where we are the processor of data we act only on the instructions of the Data Controller. Any data shared with us will only have been done so with your explicit consent to the original data collector.
We may collect, use, store and transfer for the purposes of processing an order and collecting payment for goods the following types of personal data about you as follows:
- Personal identifiable data including first name and surname
- Contact data including invoice address, delivery address, email address and telephone number
- Payment data including first name, surname, registered address, bank card number, expiry date and CCV security number
The site logs internet protocol (IP) addresses (for purpose of blocking unauthorised login attempts) location, browser and platform details used to access this website We do not collect aggregated data such as statistical or demographic data for any purpose.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) nor do we collect any information about criminal convictions and offences.
We implement the necessary processes as required by the law and by the applicable regulations, including the record of data processing activities.
Rights of data subjects
- The data subjects (i.e. you) have rights around personal data, which are:
- The right of access all data held
- The right to correct data (rectification)
- The right to be forgotten (erasure)
- The right to restrict processing
- The right to object to processing
- The right to withdraw their consent
- The right to transmit their data to another controller (portability)
- The right to complain to the Information Commissioner’s Office
Our Site’s contact forms and orders require you to give us contact information, so that we may process and deliver goods to a nominated designation, you must register on our site to order goods to complete payment you will be asked to provide financial information, so your order can be processed. You may retrieve and modify data saved to enable your use of the Site via your user account at any time.
Information is collected and used to authorise payment and bill you for products when you make a purchase on the Site, you provide your financial or personal information to GRS and accept that this data will be shared with those third parties necessary to process your transactions with us, such as credit card companies, banks and the companies that handle shipping on our behalf. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.
Except as stated above, we will not share financial information with third parties without your prior consent.
In order to be able to process personal data it is necessary to identify the associated lawful basis for processing, such as: Gaining consent of the data subject This is where you give your explicit consent for us to process your data, as detailed in the above sections.
Fulfilment of a contract to which the data subject is party. This is where you place an order with Compliance with any legal obligation, where we are required to comply with any legal obligations, e.g. fraud investigation.
We retain personal data for 7 years, unless you exercise your right to be forgotten (erasure). Data is retained for this period to ensure we can comply with any legal obligations to retain records for the purpose of accounting regularity
We have implemented controls to ensure that regulatory obligations regarding data protection are followed. In the event of a personal data breach, we will notify the competent supervisory authority within 72 hours. If the risk assessment is high risk for the data subjects, we will communicate the breach of personal data to the data subjects.
This Site may contain links to other websites, details of which are provided for information only. we have no responsibility for such sites and nor does it have responsibility for the privacy practices or the content of such websites or for the privacy policies and practices of other third parties. You should ensure to read those websites’ privacy policies independently.
We employ the following software solutions within the meaning of the above:
- Google Analytics
- WordPress (WooCommerce)
Google may use information from cookies to evaluate the use of the website in order to compile reports on the website activities and to provide other services related to the website usage and the Internet usage for the website operator.
The user can prevent the storage of the cookies by means of a corresponding setting of their browser software; in this case not all functions of this website may be fully utilised.
The user can also prevent Google from collecting the data (including IP address) generated by the cookie and its use of the website (including IP address) as well as the processing of this data by Google, by downloading the browser plug-in available under the following link and installed: GRS uses Google Analytics to evaluate data from double-click cookies and AdWords for statistical purposes. If the user does not want this, it can be disabled through Ad Manager.
Social network plugins: We have links to a social media presence i.e. Facebook, Instagram, YouTube, but we do not collect nor pass data to these platforms
For information about your rights under UK data protection laws, see the web site of the UK Data Protection Commissioner.