Privacy Statement
Privacy of data
MyToolShed.co.uk is a wholly owned subsidiary of Lee Industrial Limited, registered in England and Wales under company number 1275052, registered office at 78 Suez Road, Brimsdown, Enfield, Middlesex EN3 7PS.
For all our services, the data controller responsible for the privacy of your data is MyToolShed.
Lee Industrial Limited ("We") are committed to protecting and respecting your privacy.
This policy (together with our terms of use, Terms of Trade, Customer Help section and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of process your personal data The EU General Data Protection Regulation (Regulation EU 2016/679), (GDPR) sets out in law a number of different reasons why a company may collect and process your data. We use the following lawful basis for processing your personal information the data controller is MyToolShed of 78 Suez Road, Brimsdown, Enfield, Middlesex EN3 7PS.
Please contact the Data Protection Officer at MyToolShed using the contact details at the end of this policy.
Information We May Collect From You
We may collect and process the following data about you:
- Personal data means any information which relates to an individual and can be used for the purposes of identification, either directly or indirectly, typically through the use of an identifier. It does not include data where the identity has been removed.
- We have grouped the different kinds of personal information we may collect, use, share or otherwise process about you below
- Information that you provide by filling in forms on our site www.mytoolshed.co.uk (our site). This includes information provided at the time of registering to use our site, subscribing to our service, purchasing goods, posting material or requesting further services. We may also ask you for information when you enter a competition or promotion sponsored by MyToolShed.co.uk, and when you report a problem with our site.
- If you contact us, we may keep a record of that correspondence.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
Data classification
Types of information
Identity Data
- Data that can be used to identify you
- Title, first name, last name, username or social identifier, date of birth and gender.
- Your image may be recorded by CCTV if you visit our premises.
- In certain situations, we may also request you provide personal identification documents.
Contact Data
- Data that can be used to contact you
- Billing address, delivery address, email address and telephone numbers.
Financial Data
- Data relating to your finances
- Bank account and payment card details.
Transactional Data
- Data relating to your previous transactions
- Payment transaction details to and from you (order receipts, refunds etc) and other details of products and services you have purchased from us.
- Details of transactions you carry out through our site and of the fulfilment of your orders.
- Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
Technical Data
- Data about the device, browser, operating system and method used to access our website
- Internet protocol (IP) address, login data, browser type and version, internet connection type, time zone setting and location, browser plug-ins and versions, operating system and platform and other technology on the devices you use to access our website.
Profile Data
- Data that builds a user profile when specified
- Username and password, purchases or orders made by you, your interests, preferences, comments, reviews, social or marketplace identifier, feedback and survey responses
Usage Data
- Data about your usage of our website and related services
- Information about how you use our website, products and services including details of your visit and which site you came from to ours, the web pages viewed during your visit, any search terms you entered and the advertisements you clicked on.
Marketing and Communications Data
- Data that specifies your marketing preferences and/or any communications you have with us
- Your marketing preferences such as what information you would like to receive from us and by what method (by email, by mail etc).
- This includes general communications data such as us making a note of conversations we have had with you in person and/or communications you sent to us.
- This enables us to manage our relationship with you effectively and ensures you only receive communications from us that are relevant and timely.
Aggregated Data
- We may also collect, use and share some Aggregated Data about our customers' behaviour patterns and browsing actions. This data may be derived from your personal information but it does not identify you as an individual so is not considered personal data in law. For example, we may aggregate Usage Data to calculate the number of users visiting a specific website location. Should we combine Aggregated Data with your personal data so that it can identify you as an individual then we treat the combined data as personal data and subject to the provisions of this privacy policy.
Personal identification documents
- Where the law requires or we deem it necessary to prevent fraudulent activity we may ask you to provide proof of age or identity (including your passport and driver’s licence). For example, when purchasing an age restricted item or applying for a credit facility with us. This will include details of your full name, address, date of birth and facial image. A passport will also include your place of birth, gender and nationality. All data provided in this way will be treated as personal data and used in accordance with this Privacy Policy
IP Addresses And Cookies
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:
- To estimate our audience size and usage pattern.
- To store information about your preferences, and so allow us to customise our site according to your individual interests.
- To speed up your searches.
- To recognise you when you return to our site.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our site.
Please note that our advertisers may also use cookies, over which we have no control.
Where We Store and protect Your Personal Data
We understand how important data security is to you and therefore take all appropriate steps to safeguard the collection, transmission and storage of the data we collect.
All areas of our website are protected with secure connections over “https” technology. Access to your personal data is password protected and we use secure server technology that implements Transport Layer Security (TLS) encryption to protect your sensitive data. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology.
We give the option for you to store your card details safely using Sage Pays payment system for future transactions. We do this by generating an authorisation token number in a way that means none of our staff members can see your full card number. We never store your card details or security code.
Our systems are monitored constantly for possible vulnerabilities and attacks, and we are continually looking to identify ways to further strengthen security in line with new technological advances and best practices.
Where your personal data may be processed
We store your data on secure servers in the European Economic Area (EEA). However, sometimes we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA); for example, when placing an international order we’ll need to transfer your personal data between countries to enable us to supply the goods or services you’ve requested. If we do this, our contracts stipulate the standards they must follow at all times and we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA.
Uses Made Of Your Information
We have set out in the following table all the ways in which we use your personal information. We will only use your information when the law allows us to, and the legal bases on which we rely upon to do so are also included in the table. In some instances, depending on the specific purpose for which we are using your data, there may be more than one lawful ground for processing your information.
Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
---|---|---|
To register you as a new customer |
• Identity • Contact |
• Contractual obligation |
When you make an online purchase when logged in to your account |
• Identity • Contact • Financial • Transactional • Marketing and Communications |
• Contractual obligation • Legitimate interests |
When you make an online purchase, and check out as a guest |
• Identity • Contact • Financial • Transactional • Marketing and Communications |
• Contractual obligation • Legitimate interests |
When you make a purchase in store or by telephone |
• Identity • Contact • Financial • Transactional • Marketing and Communications |
• Contractual obligation • Legitimate interests |
When you contact us by any means with queries, Delivery Issues, complaints etc |
• Identity • Contact • Marketing and Communications |
• Contractual obligation • Legitimate interests |
When you ask us to email you about a product information |
• Identity • Contact |
• Contractual obligation |
When you live chat with us |
• Identity • Contact • Technical • Usage |
• Contractual obligation |
When you request to join our Email mailing list |
• Identity • Contact • Profile • Marketing and Communications |
• Consent |
When you engage with us on social media |
• Identity • Contact • Profile |
• Contractual obligation |
When you engage with us via our blog |
• Identity • Contact • Profile • Marketing and Communications |
• Contractual obligation • Legitimate interests |
When you enter prize draws or competitions |
• Identity • Contact • Profile • Usage • Marketing and Communications |
• Consent • Legitimate interests |
When you choose to complete any surveys, we send you to complete |
• Identity • Contact • Profile • Usage • Marketing and Communications |
• Consent • Legitimate interests |
When you comment on or review on our products, Item content or services |
• Identity • Contact • Profile |
• Consent |
When you Visit our shop, premises, we may record your image on CCTV systems operated for security. |
• Identity • Contact • Technical • Usage • Profile |
• Legitimate compliance • Legitimate interests |
When We make suggestions and recommendations to you about goods or services that may be of interest to you |
• Identity • Contact • Technical • Usage • Profile |
• Legitimate interests |
When you browse our website, we may record data analytics to improve our products/services and marketing/communications with you |
• Identity • Contact • Technical • Usage • Profile • Marketing and Communications |
• Legitimate interests |
To deliver relevant website content/advertisements and measure the effectiveness of the advertising we serve to you |
• Identity • Contact • Technical • Usage • Profile |
• Legitimate interests |
Administer and protect our business and our website (including troubleshooting, data analysis, logging, testing, maintenance, support, reporting and hosting of data) |
• Identity • Contact |
• Legitimate interests |
We may collect data from publicly accessible sources (such as government agencies) where you have given consent to share information or it is made public by law |
• Identity • Contact |
• Contractual obligation • Legitimate interests |
How is my personal data shared?
We do not and will not sell any of your personal data to any third party for any purpose.
However, we sometimes share your personal data with trusted third parties as an essential part of providing our services to you as set out in this statement.
Information we share with third parties
We share information with trusted third parties according to the following rules:
- We provide only the information they need
- They may only use your data for the exact purpose we specify
- We work closely with them to ensure your privacy is respected and protected
- If we stop using their services, any of your data held by them will either be deleted or rendered anonymous
Example third party companies we work with
Where necessary we share your data with the following example categories of companies:
- Companies that enable us to get your purchases to you, such as payment service providers, warehouses, order packers, drop ship providers and delivery companies.
- Professional service providers, such as marketing agencies, advertising partners, IT companies and website hosts who help us run our business.
- Credit reference agencies, law enforcement and fraud prevention agencies, so we can protect against fraud.
- Companies approved by you, such as social media sites (if you choose to link your accounts to us) or payment providers such as Sage Pay payment process Services, and PayPal where you choose to use their payment service.
- Advertising platforms such as Google and Facebook to show you products that might be of interest to you whilst browsing the internet.
- Direct marketing companies who help us manage our communications with you.
- Data insight companies to ensure your details are up-to-date and accurate.
- Professional advisors such as our auditors, regulators, external legal and financial advisors.
Sharing your data with third parties for their own purposes
In very specific circumstances we will share your information with third parties for their own purposes.
- Fraud management companies may use the information we provide them for analysis and risk profiling. We may also be required to share data about individuals with law enforcement bodies.
- Where required by law we may disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. Individual requests are assessed on a case-by-case basis.
- Where applicable we may opt your product purchase into a relevant warranty scheme in order to ensure your tools and machines are protected. In these instances, we use our legitimate interests as a legal basis and both the security and privacy of your personal data is our utmost priority. This does not include permission to send marketing communications.
To help personalise your experience on our website we currently use the following companies who in specific scenarios will process your personal data as part of their contract with us:
- Reviews.co.uk
- Live Chat
- UK-Mail
- DPD
- Royal Mail
- SagePay
You have the right to object to any of this processing at any time. If you wish to do this, please contact us.
Your Rights
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at MyToolShed 78 Suez Road, Brimsdown , Enfield, Middlesex EN3 7PS or Email sales@mytoolshed.co.uk.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Access to Your Personal Information
If you choose to share personal data with MyToolShed you have rights relating to your personal information. You have the right to request:
- Information about the collection and use of your personal data
- Access to the personal data we hold about you, free of charge, in most cases.
- The correction of inaccurate, out of date or incomplete personal data held about you.
- Your personal information to be erased, not processed or collected where there is no good reason for us to continue processing it. Otherwise known as 'the right to be forgotten'.
- We stop using your personal data for direct marketing
- We stop any content based processing of your personal data after you have withdrawn your consent.
- We transfer or port elements of your data either to you or another service provider.
- A review of any decision made based solely on automatic processing of your data.
If we choose not to action your request we will explain to you our reasons for refusal.
Time limit to respond
We aim to respond to all legitimate requests within one month. Occasionally it may take us longer if your particular request is complex or you have made a number of requests.
Retention of information
When we collect or process your personal information we will only keep it for as long as it is necessary to provide our services to you and to comply with our legal and contractual obligations.
At the end of that retention period, your data will be either deleted or anonymised. In the latter scenario the data will be used in a non-identifiable way for statistical and business planning purposes. For purposes such as tax, accounting and warranty we will keep a record of all orders placed with us for the legally required duration of seven years.
Changes To Our Privacy Policy
Any changes we may make to our privacy policy in the future will be posted on this page.
Contacting the Regulator
If you wish to make a complaint about the way we handle your personal data, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you may contact the Information Commissioner's Office by calling 0303 1231113 or contacting them via their website: www.ico.org.uk
Contact us
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to The Data Protection Officer MyToolShed.co.uk 78 Suez Road, Brimsdown, Enfield, Middlesex EN3 7PS OR sales@mytoolshed.co.uk.