Privacy and Personal Data Policy
This document explains the types of personal data we (Breakthrough Filters UK) might collect if you interact with us. We collect and process data in strict accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679. Data remains undisclosed to any third parties unless disclosure is necessary for the completion of a service; you have specifically given consent for a particular service; or we have a legitimate reason for disclosing data. Examples where we do disclose data to third parties are outlined below.
Legal Basis for Collection of Some Personal Data:
Under the General Data Protection Regulations we rely on the following legal bases for processing your data:
Consent – we will ask your consent for marketing to you via email or post. If you consent we can collect and process your data for this purpose.
Contract – we sometimes need to collect and process your personal data in order to fulfil a contract with you, for example an order. We will also collect and process your data on this basis if you’ve asked us to provide a quote.
Legal – we are obliged to process some personal data to comply with the law. If you place an order with us we must retain some personal data for at least six years to comply with the Sale of Goods Act 1982, Consumer Rights Act of 2015 and HMRC guidance.
Legitimate interests – we collect and process some personal data to pursue our legitimate interests in a way you would reasonably expect as part of running our business. Specifically, we analyse information on our customers and their orders in order to provide new products or services. We also record CCTV images for security in our stores, to protect our customers, colleagues, premises and assets from crime. This is the only legitimate interest we rely on.
What Personal Data Is Collected?
Depending on your interaction with us, we may collect and process all or some of the following information.
When you visit our website:
- Computer IP address
When you order from us on our website or in stores (including trade in)
- Address details
- Phone number
- Email address
- Gender (eg Mr/Ms)
- Marketing preferences
- Order history
If we have to perform fraud checks
- Credit history
- Employment status
- Copies of ID (Physical or Digital)
How Your Data is Protected
The entire checkout process for the Wex Photo Video website is held on a secure server using a verified SSL (secure socket layer) system for transferring data. If you click on the small padlock symbol at the top of your browser's screen, next to the web address, you will be taken to the site's security certificate.
Our company IT infrastructure has been independently audited and certified by Cyber Essentials Plus to verify that we follow good IT security practices. This means your data is kept secure. The Cyber Essentials Plus certification is government-backed and reassessed annually. See their website for more details.
With Whom is Your Data Shared With?
Sometimes we need to share your personal data with trusted third parties. In these instances, your data will only be used for the exact purpose we specify, will be transferred and stored securely, and will be deleted or rendered anonymous if we stop working with that third party.
Examples of the third parties with whom we share data are:
- Payment-processing services
- Delivery couriers and postal services
- Email marketing service providers
- Customer service management systems
- Product-review companies
- Manufacturers, if you request quotes for support, or return an item for repair by them we will share your address and purchase details with them
This list is not exhaustive and may change from time-to-time in line with our business processes. Please be assured that we will only ever share your information with trusted parties who adhere to GDPR and the correct standards of security.
How Long is Your Data Kept For?
We will only keep your data for as long as it’s needed. After that, we’ll either delete it completely or render it anonymous (removing personal data but keeping information such as order amount for business analysis).
If you contact us for a quote and you don’t consent to marketing, we’ll keep your data for a year in case you wish to proceed with the quote.
If you order from us, we’ll keep your data for six years in order to comply with legal obligations. You can request that some of this is removed sooner – see below.
After six years we will remove your data unless you have consented to our marketing.
Your Rights over Your Personal Data
You have the right to:
- Access your personal data, free of charge
- Have your personal data rectified if out of date or incorrect
- Have personal data erased, unless that would conflict with our legal obligations
- Withdraw consent for us to use personal data, if you have previously given consent
- Object to us processing your personal data and/or stop us using data for direct marketing
If you would like to exercise any of these rights, you should contact us.