The Stickleback Fish Company Ltd understands and is committed to respecting privacy and protecting information provided and obtained during the course of managing its business relationships.
All personal information processing is in accordance with the Data Protection Act 20 I 8 (the ’20 I 8 Act’) and the EU General Data Protection Regulation (‘GDPR’).
For the purpose of these Regulations the data controller is The Stickleback Fish Co Ltd, a company registered in England and Wales under company number 5476544 whose registered office is at Unit 4 Apex Point, Travellers Lane, Welham Green, Hertfordshire. AL9 7HB.
Data protection principles
Personal data must be processed in accordance with six ‘Data Protection Principles.’ It must:
- be processed fairly, lawfully and transparently;
- be collected and processed only for specified, explicit and legitimate purposes;
- be adequate, relevant and limited to what is necessary for the purposes for which it is processed;
- be accurate and kept up to date. Any inaccurate data must be deleted or rectified without delay;
- not be kept for longer than is necessary for the purposes for which it is processed; and
- be processed securely
We are accountable for these principles and must be able to show that we are compliant.
What information do we collect about you?
When we provide you with products or services we may collect and store any personal information that you provide to us. This may include:
- delivery address
- email address
- telephone numbers – work and personal if provided to us as best form of contact
- we may also hold information relating to dietary needs and physical needs if appropriate which we have collected for you to attend one of our events. This will be to ensure your comfort and safety
- photographs of you attending an event that you have consented to being used for promotional purposes
At the time of this policy being written we do not offer a direct debit facility so do not hold any form of payment details for your account If this changes in the future you will be informed and explicit consent will need to be given to process payments in this way.
We currently use NetPay to receive payment by card and this information is not stored or held by us following the transaction.
Use of information
In addition to business and personal information we have collected or has been provided by you we may also process other types of personal information. This can include that which is obtained from other organisations in the course of our business relationship, such as; Companies House, credit reference agencies and trade referees.
In broad terms, we use your data for the following purposes:
- to provide products and services you request or have expressed an interest in;
- to communicate with you regarding availability of products or services you have requested and suggest alternatives;
- to carry out market research so that we can improve the products and services we offer;
- to track your activity on our websites and company social media so we can improve your customer experience
- to create an individual profile for you so that we can understand and respect your preferences
- to communicate directly with you
- for profiling purposes to enable us to personalise and/or tailor any marketing communications that you may consent to receive from us;
- the recording of answerphone messages and phone calls to ensure accuracy and for training purposes
- for record keeping and
- in order to prevent fraud
Legal basis for processing customer personal data
The Stickleback Fish Co collects and uses customers’ business and sometimes personal data because is it necessary for:
- providing of our services to you
- the pursuit of our legitimate interests (as set out below);
- the purposes of complying with our duties and exercising our rights under a contract for the sale of goods to a customer; and
- complying with our legal obligations
The normal legal basis for processing customer data is that it is necessary for the legitimate interests of the company including:
- selling and supplying goods and services to our customers;
- protecting customers, employees and other individuals and maintaining their safety, health and welfare;
- promoting, marketing and advertising our products and services;
- sending promotional communications which are relevant and tailored to individual customers;
- understanding our customers’ behaviour, activities, preferences and needs
- improving existing products and services and developing new products and services;
- complying with our legal and regulatory obligations;
- preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;
- handling customer contacts, queries, complaints or disputes;
- managing insurance claims by customers
- protecting the company, its employees and customers by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to the company;
- effectively handling any legal claims or regulatory enforcement actions taken against the company and
- fulfilling our duties to our customers, colleagues, shareholders and other stakeholders
In most situations we will not rely on your consent as a lawful ground to process your data. In general consent will only be relied on for sending direct marketing communications via email, social media or mobile phone messaging.
If you attend an event or meeting at our premises we may also ask that you give us permission to use your photographs for the promotion of our business.
If we do ask for consent for a specific purpose, you have the right not to provide it or to withdraw it at a later date.
Disclosure of your information
In order to provide our products and services to you or to otherwise fulfil contractual arrangements that we have with you, we may need to appoint other organisations to carry out some of the data processing activities on our behalf. These may include, for example, payment processing organisations, third party delivery companies, fraud prevention and screening, credit risk management companies and mail services.
We use the following third party service provider for our email communications and to manage out marketing subscriber lists:
We may share your data with third parties:
- if it is necessary to do so in order to enforce our contractual rights;
- if we are under a legal or regulatory duty to do so;
- where disclosure is necessary to protect the safety or security of any persons; and/or
- to lawfully assist the police or security services with the prevention and detection of criminal activity;
- otherwise as permitted under applicable law
These third parties could include:
- similar businesses for marketing or promotional purposes
- advertising networks and social media platforms for the purposes of selecting and serving the relevant advertisements to you via those networks, media platforms, search engines and analytics providers
We do not send your personal data outside the European Economic Area. If this changes you will be notified of this and the protections which are in place to protect the security of your data will be explained.
In all instances where we disclose your information to third parties, we will do our utmost to ensure that your information is appropriately protected.
Receiving communications from The Stickleback Fish Company
We want you to be the first to know about our special offers, new products, seasonality and availability information, invitations to events and general company and industry news.
We will have discussed communications from us with you at our first meeting, however if you haven’t already signed up to receive these exciting benefits please visit our website to do so.
You can unsubscribe and update your information and preferences at any time by clicking the relevant link at the bottom of our specials email. You can also contact us using the sales email address on our website and at the bottom of this policy.
Please note, if you don’t choose to receive this information, we will be unable to keep you informed of new services, products, events or special offers that may interest you and our ability to help you take advantage of these may be affected.
We take the security of your personal information very seriously. We employ technical and organisational security measures and have procedures in place to protect any paper based systems and computerised databases from loss and misuse, and only allow restricted access to them where necessary. Any use of personal information is carried out under strict guidelines.
We may monitor or record telephone calls for security purposes to improve the quality of services that we provide to you.
Please note that for your safety and security, CC1V is in operation in our premises.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org or www.allaboutcookies.org.
Our website uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics sets a cookie in order to evaluate your use of this website and compile reports for us on activity on the website. Google stores the information collected by the cookie on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf Google will not associate your IP address with any other data held by Google. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
Access to your information and other rights
Under the GDPR and the Data Protection Act 2018 (DPA 2018) you have a number of rights with regard to your personal data.
- The right to information about what personal data we process, how and on what basis as set out in this Privacy Notice
- The right to access your own personal data by way of a subject access request
- The right to rectification – to correct any inaccuracies in your personal data
- The right to be forgotten – to request that we erase your personal data, however this would only be where we were not entitled under the law to process it or it is no longer necessary to process it for the purpose it was collected
- The right to restriction of data processing in certain circumstances
- The right to object if we process your personal data for the purposes of direct marketing
- The right of portability – to receive a copy of your personal data and to transfer your personal data to another data controller. We will not charge for this and will in most cases aim to do this within one month
- With some exceptions, the right not to be subjected to automated decision-making
- In most situations, the right to notification of a significant data security breach concerning your personal data
You have the right to complain to the Information Commissioner. You can do this by contacting the Information Commissioner’s Office directly. Full contact details including a helpline number can be found on the Information Commissioner’s Office website (www.ico.org.uk). This website has further information on your rights and our obligations.
Identification will also be requested for security.
Changes to this policy
If we make any major changes that affect how we use your information, or what information we use, you will be notified using the email address you have provided. Renewed consent may be necessary and we will ensure we adhere to the relevant regulations in this regard.
If you wish to contact us regarding any details contained in this policy including if you wish to exercise your rights with regards to personal data or anything else relating to Data Protection please email: email@example.com or call 01707 257 462.
For general enquiries please email: firstname.lastname@example.org or call on the number above.