1.0 Key Definitions
Data processing: Data processing is any activity that involves the use of personal data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring personal data to third parties.
Personal data: Personal data is any information identifying a data subject (a living person to whom the data relates). It includes information relating to a data subject that can be identified (directly or indirectly) from that data alone or in combination with other identifiers Shimla Peppers possesses or can reasonably access. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behaviour.
2.0 How we process your personal information
We do not trade personal data for commercial purposes and will only disclose it if required by law, if it is necessary to arrange a service you have asked us for, or if it is with your consent. We will not use your information for automated decision making or profiling. Shimla Peppers uses providers (processors) based in the European Economic Area to process associate data.
3.0 Information you give to us
This is information about you that you give us by filling in forms on our site or by corresponding with us by phone, email or otherwise. It includes information you provide when you:
- Use our website
- Order any services or products offered by us or register for our promotional events
- Register to receive downloadable information, newsletters or other information
- Send us a request to contact you or when you report a problem with our product or services
The information you give us may include your name, position, address & post code, email address and phone number.
We will use this information to:
- send you information you have requested
- process orders for products and services
- inform our marketing and sales activities
- provide you with news and information which we think may be of interest to you and with information about our products and services
If you no longer wish us to use your data in this way, please let us know by clicking the unsubscribe button on our communications or emailing us on email@example.com.
4.0 Information we collect about you
With regard to each of your visits to our website we will automatically collect the following information:
Information about your visit, including items you viewed or searched for; page response times; length of visits to certain pages.
We will use this information:
- to administer our site so that it works well when you visit (we may also ask you for your opinion to help us do that) and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
- to improve our site to ensure that content is presented in the most effective manner for you and for your computer
- to allow you to participate in interactive features of our services, when you choose to do so as part of our efforts to keep our site secure
5.0 Information we receive from other sources
This is the information we receive about you:
From our third party service providers (including, for example, sub-contractors in technical and delivery services, search information providers).
6.0 Legal basis for processing your information
We process your personal information lawfully and fairly in accordance with data protection laws. We may process your personal information where we are:
- performing our business functions and activities generally
- providing services to you
- in receipt of your consent to our processing of your personal information
- presented with a legal obligation to do so or we have a legitimate interest to do so, for
example on a business sale or for fraud prevention purposes
7.0 Sharing your information
We may disclose your personal information to third parties, including:
- Our professional advisers and services providers with whom we work collaboratively to bring you services and information you have requested. In all circumstances this will be made clear
at the time of collecting your data.
- If Shimla Peppers or substantially all of its assets are acquired by a third party, in which case personal data held by us about you will be one of the transferred assets.
- If we are under a duty to disclose or share your personal information in order to comply with any legal obligation or in order to enforce or apply our Terms & Conditions. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
8.0 Where we store your personal data
All email information you provide to us is stored in our databases on a secure server located within the EEA (European Economic Area).
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
9.0 Retention of your personal data
We will only keep your personal data within the time-frames allowed by law and for so long as is necessary to comply with our legal obligations.
10.0 Your rights under the GDPR
10.1 Access to personal information
Individuals who are the subject of personal data held by Shimla Peppers are entitled to:
- Ask what information the company holds about them and why
- Ask how to gain access to it
- Be informed how to keep it up to date
- Be informed how the company is meeting its data protection obligations
If an individual contacts the company requesting this information, this is called a subject access request or SAR. Subject access requests from individuals should be made by email, addressed to firstname.lastname@example.org
We will respond to Subject Access Requests within one month as is the requirement under GDPR. We will always verify the identity of anyone making a subject access request before handing over any information.
10.2 Correcting personal information
Individuals may ask us to correct any personal information about them that is inaccurate, incomplete or out of date.
10.3 Deletion of personal information
Individuals have the right to ask us to delete personal information about them where:
- You consider that we no longer require the information for the purposes for which it was
- We are using that information with your consent and that consent has been withdrawn
- You have validly objected to our use of their personal information
- Our use of your personal information is contrary to law or our other legal obligations
10.4 Objecting to how we may use personal information
Individuals have the right at any time to require us to stop using their personal information for direct marketing purposes.
10.5 Restricting how we may use personal information
In some cases, individuals may ask us to restrict how we use their personal information. This right might apply, for example, where we are checking the accuracy of personal information that we hold or assessing the validity of any objection made by an individual to our use of their information. The right might also apply where there is no longer a basis for using an individual’s personal information but they don’t want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with the individual’s consent, for legal claims or where there are other public interest grounds to do so.
10.6 Withdrawing consent to using personal information
Where we use personal information with individual consent the individual may withdraw that consent at any time and we will stop using that personal information for the purpose(s) for which consent was given.
For queries as to whether the GDPR applies to the processing of your personal information or, if the GDPR does apply, and you wish to exercise any of these rights then please contact us. Please use the Contact information on our website.
We seek to resolve directly all complaints about how we handle personal information but you also have the right to lodge a complaint with the ICO (Information Commissioner’s Office) who are the regulators of data protection laws in the UK. They can be contacted via their website https://ico.org.uk/make-a-complaint/.