Privacy

GDPR Privacy Notice

1. Background

This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you. It applies to all products and services, and instances where we collect your personal data.

This privacy notice applies to personal information processed by or on behalf of CAD Distribution Ltd.

Changes to this privacy notice:
We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices.

CAD Distribution Ltd and our Data Protection Officer:
We are CAD Distribution Ltd (also trading as Dodo Mat) of Unit 7 Tower Industrial Estate, Berinsfield , Oxfordshire OX10 7LN. We are a data controller of your personal data.
________________________________________

2. What kinds of personal information about you do we process?

Personal information that we’ll process in connection with all of our products and services, if relevant, includes:

• Personal and contact details, such as title, full name, contact details and contact details history
• Records of your contact with us such as if you get in touch with us online using our online services, details such as your device details, browser, location data, IP address.
• Products and services you purchased with us, as well as have been interested in and the associated payment methods used.

Our web store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.

Payment:
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).

________________________________________

3. What is the source of your personal information?

We’ll collect personal information from the following general sources:

• From you directly. Via telephone, email or websites.
• Information generated about you when you purchase our products and services
• From other sources such as Credit card processors, publicly available directories and information (for example, telephone directory, social media, internet, news articles)

________________________________________

4. What do we use your personal data for?

We use your personal data, including any of the personal data listed above, for the following purposes:

• Managing any aspect of the product, delivery or service
• To make decisions on whether to offer you a product or service, or the price, payment method, risk or terms of it
• To perform and/or test the performance of, our products, services and internal processes
• To improve the operation of our business and that of our business partners
• For management and auditing of our business operations including accounting
• To monitor and to keep records of our communications with you and our staff (see below)
• For direct marketing communications and related profiling to help us to offer you relevant products. We’ll send marketing to you by email, phone, post, social media and digital channels (for example, using Facebook Custom Audiences and Google Custom Match). Offers may relate to any of our products and services.
• To provide personalised content and services to you, such as tailoring our products and services, our digital customer experience and offerings, and deciding which offers or promotions to show you on our digital channels.
• To develop new products and services and to review and improve current products and services
• To comply with legal and regulatory obligations, requirements and guidance
• To share information, as needed, with financial services institutions, delivery agents, service providers or as part of providing and administering our products and services or operating our business

________________________________________

5. What are the legal grounds for our processing of your personal information (including when we share it with others)?

We rely on the following legal bases to use your personal data:

1. Where it is needed to provide you with our products or services, such as:

a) Assessing an application for a product or service you hold with us, including consider whether or not to offer you the product, the price, the payment methods available and the conditions to attach
b) Managing products and services you hold with us, or an application for one
c) Updating your records, tracing your whereabouts to contact you about your account and doing this for payment issues (where appropriate)
d) Sharing your personal information with business partners and services providers when you apply for a product to help deliver your product
e) For some of our decision making to decide whether to offer you a product and/or service, particular payment method and the price or terms of this.

2. Where it is in our legitimate interests to do so, such as:

a) Managing your products and services relating to that, updating your records, tracing your whereabouts to contact you about your account and doing this for recovering payment (where appropriate)
b) To perform and/or test the performance of, our products, services and internal processes
c) To follow guidance and recommended best practice of government and regulatory bodies
d) For management and audit of our business operations including accounting
e) To carry out monitoring and to keep records of our communications with you and our staff (see below)
f) For market research and analysis and developing statistics
g) For direct marketing communications and related profiling to help us to offer you relevant products and services. We will send marketing to you by email, phone, post and social media and digital channels (for example, using Facebook Custom Audiences and Google Custom Match
h) Subject to the appropriate controls, to provide insight and analysis of our customers to business partners either as part of providing products or services, helping us improve products or services, or to assess or to improve the operating of our businesses
i) Where we need to share your personal information with people or organisations in order to run our business or comply with any legal and/or regulatory obligations

3. To comply with our legal obligations

4. With your consent or explicit consent:

a) For some direct marketing communications
b) For some of our credit payment decision making

________________________________________

6. When do we share your personal information with other organisations?

We may share information with the following third parties for the purposes listed above:

• CAD Distribution Ltd trading companies and service providers
• Business partners or others who are a part of providing your products and services or operating our business
• Governmental and regulatory bodies such as HMRC and the Information Commissioner’s Office.
• Other organisations and businesses who provide services to us such as debt recovery agencies, back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions

Security:
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

________________________________________

7. How and when can you withdraw your consent?

Where we’re relying upon your consent to process personal data, you can withdraw this at any time by contacting us using the details below.

________________________________________

8. Is your personal information transferred outside the UK or the EEA?

We’re based in the UK but sometimes your personal information may be transferred outside the European Economic Area. If we do so we’ll make sure that suitable safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply.

________________________________________

9. What should you do if your personal information changes?

You should tell us so that we can update our records using the details in the Contact Us section of our website. We’ll then update your records if we can.

________________________________________

10. Do you have to provide your personal information to us?

We’re unable to provide you with our products or services if you do not provide certain information to us. In cases where providing some personal information is optional, we’ll make this clear.

________________________________________

11. Do we do any monitoring involving processing of your personal information?

In this section monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings and other communications.
We may monitor where permitted by law and we’ll do this where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This information may be shared for the purposes described above.

________________________________________

12. What about other automated decision making?

We sometimes make decisions about you using only technology, where none of our employees or any other individuals have been involved. For instance, we may do this to decide: whether to offer you a product or service, to determine the risk of doing so, the price we will offer or to assess what payment methods we can offer you.
We’ll do this where it is necessary for entering into or performing the relevant contract, is authorised by laws that apply to us, or is based on your explicit consent.

________________________________________

13. For how long is your personal information retained by us?

Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:

• For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
• For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us; and/or
• Retention periods in line with legal and regulatory requirements or guidance.

Cookies:
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.

_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).

_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits

_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.

cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional

storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.

PREF, persistent for a very short period, Set by Google and tracks who visits the store and from where

________________________________________

14. What are your rights under data protection laws?

Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not. The right of data portability is only relevant from May 2018.

• The right to be informed about the processing of your personal information
• The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
• The right to object to processing of your personal information
• The right to restrict processing of your personal information
• The right to have your personal information erased (the “right to be forgotten”)
• The right to request access to your personal information and to obtain information about how we process it
• The right to move, copy or transfer your personal information (“data portability”)
• Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you

You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/. You can contact us using the details below.

________________________________________

15. Your right to object

You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us by going to the Contact Us section of our website to exercise these rights.

________________________________________

16. What are your marketing preferences and what do they mean?

We may use your home address, phone numbers, email address and social media or digital channels (for example, Facebook, Google and message facilities in other platforms) to contact you according to your marketing preferences. You can stop our marketing at any time by contacting us using the details below or by following the instructions in the communication.

________________________________________

17. Contact Us

If you have any questions about this privacy notice, or if you wish to exercise your rights or contact the DPO, you can contact us by going to the Contact Us section of our website. Alternatively, you can write to CAD Distribution Ltd, Unit 7 Tower Industrial Estate, Berinsfield, Oxfordshire OX10 7LN.