We are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our processes and practices regarding your personal data and how we will treat it.
For the purpose of applicable data protection legislation, we, Xpres Craft, Oakridge Park, Trent Lane, Castle Donington, are the Data Controller.
- why we collect personal data;
- what personal data we collect;
- how we use your data;
- how we ensure that your privacy and personal data is maintained;
- your legal rights relating to your personal data.
Why we collect personal data
Charterhouse and its brands, Kustom Kit, Xpres, Xpres Craft and Vanilla, collect personal data according to the following lawful bases:
- Contract: The processing of personal data is necessary for us to fulfil our contractual obligations with you (e.g. you are purchasing products from us) or because you have asked us to do something before entering into a contract (e.g. you have asked us to prepare and send you a quote).
- Consent: Clear consent has been given for us to process your personal data for a specific purpose (e.g. you have given your clear consent for us to include your personal data to send you promotional and marketing communications).Note: We will always rely on formal consent being given as the basis for processing personal data for promotional and marketing communications by whatever media we use. Customers have the right to withdraw consent at any time. Where such consent has been given for a specific purpose (e.g. promotional and marketing communications), we will cease to process data after consent is withdrawn.
- Legal Obligation: We may need to process personal data to enable us to comply with UK law and regulatory requirements.
- Legitimate Interest: We need to process personal data to enable us to meet our commercially legitimate interests, for example:
- supplying goods and services to our customers;
- advertising our products and services;
- understanding our customers' commercial behaviour, activities, preferences and needs;
- improving existing and developing new products and services;
- preventing, investigating and detecting crime and fraud, including working with law enforcement agencies;
- protecting customers by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to Charterhouse Holdings plc and its two brands.
- handling customer contacts, queries, complaints or disputes.
- Important: If you do not wish to provide your personal data, we will be unable to provide you with those products and services that may be of interest to you.
What data do we collect?
Relevant to the legal bases that apply to us, Charterhouse and its brands may collect the following information:
- your name, age/date of birth and gender;
- your contact details: postal address, including billing and delivery addresses, telephone numbers (including mobile numbers) and e-mail address;
- purchases and orders made by you;
- your online browsing activities on the Charterhouse Holdings plc, Kustom Kit, Xpres, Xpres Craft and Vanilla websites that you may go on;
- your online account password(s);
- when you make an order or purchase with us, your payment card details;
- your elected communication and marketing preferences;
- your interests, preferences, feedback and survey responses;
- your location;
- your correspondence and communications with us;
- other publicly available personal data, including any which you have shared via a public platform (such as a Twitter feed or public Facebook page).
Our websites are not intended for children and we do not knowingly collect data relating to children nor do we collect any sensitive personal data of our customers. The above list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy. Some of the above personal data is collected directly, for example when you set up an on-line account on our websites, or send an email to our customer services team. Other personal data is collected indirectly, for example your browsing or shopping activity. We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources. We also receive personal data from our trusted partners who support us in providing services to our customers for marketing and financing/leasing arrangements.
How we use your data
Relevant to the legal bases that apply to us, Charterhouse, its brands and our trusted partners acting on our behalf use your personal data to:
- provide goods and services to you;
- make a tailored website available to you;
- verify your identity;
- manage any registered account(s) that you hold with us;
- deal with crime and fraud prevention, detection and related purposes;
- contact you electronically about promotional offers and products and services which we think may interest you, based on your elected consent (see below);
- better understand your needs through market research purposes;
- manage our customer services interactions with you;
- disclose information, where we have a legal right or duty to do so (for example, in relation to a legal dispute).
Promotional Communications, Marketing and Advertising
Charterhouse and its brands use your personal data for electronic marketing and direct mail purposes only with your consent. We aim to update you with such information that is considered to be of interest and relevant to you as an individual. We aim to update you with such information that is considered to be of interest and relevance to you as an individual. You have the right to opt out of receiving such communications at any time, by using any of the following methods:
- changing your marketing preferences via your online account;
- making use of the straightforward "unsubscribe" link in e-mails;
- contacting our customer services team as set out in the Contact section at the end of this Policy.
Sharing of personal data
So that we can make certain services available to you, we may need to share your personal data with some of our trusted service partners. These could include IT, delivery, finance/leasing and marketing service support providers. Charterhouse and its brands only allows service providers to handle your personal data when we have confirmed that they are registered with the Information Commissioners Office and that they apply appropriate data protection and security controls. We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your data to provide services to Charterhouse, its brands and to you, and for no other purposes. Charterhouse's trusted service partners are:
||ICO Registered Number
||GB Group plc
||Online address tool
||Online chat service
|Kennet Financial Services
||Kennet Financial Services
||Financing / leasing
|Tower Leasing Limited
||Tower Leasing Ltd
||Financing / leasing
||Cyber Source Ltd
||Credit card transactions
||Global Payments UK Ltd
||Credit card transactions
||Credit check services
||Global Freight Solutions Ltd
||DPD Group UK Ltd
Other third parties
Aside from our trusted service providers, Charterhouse and its brands will not disclose your personal data to any third party, except as set out below. We will never sell or rent our customer data to other organisations for marketing purposes. We may share your data with:
- government bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so;
- to comply with our legal obligations;
- to exercise our legal rights (for example in court cases);
- for the prevention, detection, investigation of crime or prosecution of offenders;
- for the protection of our employees and customers.
All our trusted service partners are located within the European Economic Area (EEA). We do not share any personal data outside of the EEA.
Automated decision making in the processing of personal data
Charterhouse, its brands and trusted partners do not use operations that involve automated decision making.
How long is your data kept for?
We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 6 years, unless you elect to use your right to erase your personal data.
How we protect your data
Charterhouse and its brands are committed to keeping your personal data safe and secure. Our security measures include:
- encryption of data;
- regular cyber security/risk analysis assessments of all service providers who may handle your personal data;
- regular risk analysis planning to ensure that we are ready to respond to cyber security attacks and data security breach incidents;
- regular systems penetration testing;
- security controls that protect the entire Charterhouse and brand infrastructures from external attack and unauthorised access;
- appropriate policies setting out our data protection approach and staff training.
How you can protect your data
Charterhouse and its brands will never ask you to confirm any bank account or credit card details via e-mail or text. If you receive an email or text claiming to be from Charterhouse, Kustom Kit, Xpres, Xpres Craft or Vanilla asking you to do so, please ignore it and do not respond. If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session. In addition, we recommend that you take the following security measures to enhance your online safety both in relation to Charterhouse and more generally:
- keep your account passwords private. Remember, anybody who knows your password may access your account;
- when creating a password, use at least 8 characters. A combination of letters and numbers is best. Do not use dictionary words, your name, email address, or other personal data that can be easily obtained. We also recommend that you frequently change your password. You can do this accessing your account, clicking 'your account', clicking 'your data' and selecting 'change password'.
- avoid using the same password for multiple online accounts.
How are cookies managed?
The cookies stored on your computer or other device when you access our websites are designed by:
- Charterhouse, or on behalf of Charterhouse, and are necessary to enable you to a make purchases on our website;
- third parties who participate with us in marketing programmes;
- third parties who broadcast online advertisements on behalf of Charterhouse and its brands.
What are cookies used for?
The main purposes for which cookies are used are:
- For technical purposes to ensure the effective operation of our websites;
- For marketing;
- To enable the collection of information about your browsing and shopping patterns;
- To meet contractual obligations.
Can cookies be disabled?
Yes, although, if you do disable cookies within your browser, you will be unable to place online orders and the website may not function fully. Please click here for more details on our cookies operation and instructions on how to disable cookies.
Right to be informed
Right of access
You have the right to obtain:
- confirmation that your personal data is being processed;
- access to that personal data (i.e. you can request a copy of the personal data that we hold about you, at any time). This is provided free of charge and must be supplied to you within one month of receipt of your request.
Right to rectification
You have the right to request that we correct any inaccurate or incomplete personal data that we hold about you.
Right to erasure
You have the right to have your personal data erased and to prevent processing in a range of specified circumstances. This can only normally be refused based on public interest requirements and where we have to ensure compliance with legal and auditory regulations. We would not be able to erase personal data whilst we are still providing our services to you. This can only be done once you cancel the service or once the service is completed.
Right to restrict processing
You have the right to block or supress processing of your personal data. When such processing is blocked or restricted, personal data can still be stored but not processed.
Right to data portability
You have the right to obtain a copy of your personal information in a legible and compatible format that is suitable for you to use for your own purposes.
Right to object
You have the right to object to the collection and use of your personal information at any time, for example:
- processing based on legitimate interests;
- direct marketing;
- processing for purposes of statistics i.e. scientific/historical research.
Right related to automated decision making and profiling
This right safeguards you against the risk of a potentially damaging automated decision being taken without human intervention. Charterhouse, its brands and trusted partners do not have operations that involve automated decision making.
Right to complain
You have the right to complain to us directly by contacting us using the information in the contact section below. You have the right to complain directly to the Information Commissioner's Office (ICO), which is the regulatory authority that deals with personal data and who makes sure that personal data is used in a lawful way by public sector bodies, commercial businesses and organisations that process personal data. You can register a complaint with the ICO by using the link below: https://ico.org.uk/concerns/ or calling the ICO on 0303 123 1113.
If you have any questions about how Charterhouse, its brands and its trusted partners use your personal data that is not provided in this Policy, or if you want to exercise any of your rights, please contact us using any of the following methods: Telephone: 01332 855050 E-mail: [email protected] Written: Charterhouse Holdings plc, Oakridge Park, Trent Lane, Castle Donington, Derby DE74 2PY