The Sheffield Cutlery Shop (“we”, “us” and “our”) are committed to protecting the privacy and security of the data you provide to us.
The Sheffield Cutlery Shop is a registered company and its registered office is at Jericho Works, Holme Lane, Sheffield S6 4JR.
How and what information do we collect about you?
In accordance with the GDPR we will seek to ensure that the following Data Protection Principles are followed and that the personal information we hold about you is:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with these purposes;
- Relevant to the purpose we have told you about and limited only to those purposes;
- Accurate and kept up to date;
- Kept only as long as necessary for the purposes we have told you about;
- Kept securely.
In connection with our provision of services we may receive information about you via third parties. The information we may collect or receive may include the following categories of personal information about you:
- Identity data (personal information) and contact data; including name, title, address, telephone number, personal email, address, date of birth;
- Cardholder/payment card details/bank account details and other financial information;
- Information about services you have received from us in the past or services in which you have expressed an interest;
- Marketing and communications data including your preferences in receiving marketing from us and our third parties and your communication preferences;
- Monitoring data; we may record phone calls and retain transcripts of dialogue either for our records or for training purposes.
- Information to verify your age such as passport or driving licence to satisfy regulatory requirements relating to the supply of age-restricted goods;
How will we use this information?
We will use this information to:
- Identify and communicate with you;
- Manage payments, fees and charges and recover monies due to us;
- Analyse your/our legal position and assist you in the management of queries, complaints or claims;
- Manage the delivery of services to you, keep records relating to our provision of services and provide information about services we can provide;
- Assist in the running of our business, website and manage and deliver projects for business improvement including accounting and auditing procedures;
- Comply with legal or regulatory requirements, including reporting of information to regulatory bodies;
- To verify the accuracy of data that we hold about you;
- To create a profile of you based on any data supplied to enable us to decide what products and services to offer you for marketing purposes;
- Enable you to partake in a prize draw, competition or complete a survey;
Why do we need this information?
The legal bases we rely on for processing your personal information are one or more of the following:
- Consent has been obtained;
- Processing is necessary for the fulfilment of a purchase from us;
- Processing is necessary for compliance with a legal obligation; or
- Processing is necessary for our legitimate interests.
If you fail to provide information when requested which is necessary for us to undertake compliance activities or provide services, we may have to cease our provision of services.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with one of the purposes listed above.
If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so or seek your consent.
Where you have provided consent
Where you have given us your consent, we will use and process your personal data to send you email communications about products which we refer to as “Centralised Communications” in the “Marketing and other Communications” section below.
Please note that your information may be used to send you details of our products or services that we have identified as likely to be of interest to you, based on the preferences you have indicated to us.
Sharing your information
We will not ordinarily share your information with anyone else. However, there are certain circumstances where we will be required to share your information with organisations as part of the services provided to you and our professional compliance. We will comply with the Data Protection Act 2018 when making this disclosure.
Where it is required or necessary we may share information with:
- Internal third parties;
- External third parties;
- Our regulator and professional bodies;
- Suppliers and service providers;
- Solicitors and Barristers;
- Expert witnesses;
- Police forces and/or Crown Prosecution Service or other prosecuting authorities;
- Courts and Tribunals;
- Official registries;
- Other parties to transactions or proceedings;
- Medical Professionals and other expert advisers ;
- Banks and other lending institutions and credit/debit card payment processors;
Other ways in which we may share your personal data
We may transfer your personal data to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal data if we are under a duty to disclose or share it in order to comply with any legal obligation, to detect or report a crime, or to protect your vital interests. However, we will always take steps to ensure that your privacy rights continue to be protected.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator in the circumstances of a suspected breach where we are legally required to do so.
How long do we keep information about you?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The length of time for which we retain it is determined by a number of factors, including the type of data, the purpose for which we use that data and our regulatory and legal obligations attached to that use.
After this period, we will securely destroy your personal information in accordance with our applicable policy. The only exceptions to this are where:
- The law requires us to hold your personal data for a longer period, or delete it sooner;
- You exercise your right to have the data erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law;
- In limited cases, the law permits us to keep your personal data indefinitely provided we have certain procedures in place.
How can you access and control your personal data?
You can find out if we hold any personal information about you by making a “data subject access request” under the GDPR. If we do hold information about you, we will:
- Give you a description of it;
- Tell you why we are holding it;
- Tell you who it has been disclosed to; and
- Let you have a copy of the information in an intelligible form.
You may also have the right for your personal information to be transmitted electronically to another organisation in certain circumstances.
You can request access to the information we hold about you at any time by contacting us (please see contact details in the section below). Please mark your request for the attention of our Data Protection Officer (see our “Contacting us” section below).
We may not provide you with a copy of your personal data if it concerns other individuals or we have another lawful reason to withhold that data. You will not normally have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in such circumstances.
The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website and any transmission is at your own risk. Once we have received your personal data, we have in place reasonable and appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration or unauthorised access.
If you believe that any of the personal information we hold about you is incorrect you have the right to ask us to rectify that information at any time.
You may also have the right, in certain circumstances, to request that we delete your personal information, to block any further processing of your personal information or to object to the processing of your personal information. There are some specific circumstances where these rights do not apply and we can refuse to deal with your request.
If we are processing your personal information based upon your consent (e.g. as part of our marketing or promotional activities), you have the right to withdraw your consent at any time.
If you require any further information about your right to rectification, erasure, restriction of or object to processing or you wish to withdraw your consent please contact us (please see “Contacting us” section below).
In the meantime, if you change your name or address/email address, please let us know by contacting us using the details set out at the end of this policy.
We take any complaints we receive about the collection and use of personal information very seriously. We would encourage you to bring it to our attention if you think that our collection or use of information is unfair, misleading or inappropriate. You can make a complaint at any time by contacting us (see “Contacting us” section below).
If you think our collection or use of personal information is unfair, misleading or inappropriate or if you have concerns about the security of your personal information, you also have the right to make a complaint to the Information Commissioner’s Office. You can contact the Information Commissioner’s Office at the following address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Marketing and other Communications
You will only receive Centralised Communications from us (including information about our products and services) if you indicate to us a preference (“opt-in”) to do so. You may be invited to complete a client consent/opt-in process by email as a result of any of the following:
- You making a purchase from us;
- You providing a business card directly to us at (for example) a trade or networking/business event;
- Your registering your brief contact details in order to obtain information from us;
We may contact you in response to an article or social media promotion that you have carried out. If you are a contact of ours, we may contact you personally to notify you of changes that might affect you or your business, or specific events/information that may benefit you or your business.
We will never share your information with other third parties for their own marketing uses, although we may use service providers to assist us with our own marketing.
If you would like to change your preferences at any point, or wish to withdraw your consent, please write to us at Jericho Works, Holme Lane, Sheffield S6 4JR.
If you have any queries about the processing of your data our Data Protection Officer can be contacted at Jericho Works, Holme Lane, Sheffield S6 4JR.