Pro Adventure Ltd do not disclose buyers’ information to third parties other than when order details are processed as part of the order fulfilment. In this case, the third party will not disclose any of the details to any other third party.
a. Take and fulfill customer orders
b. Administer and enhance the site and service
c. Only disclose information to third-parties for goods delivery purposes
d. To market our own products and services (not those of third parties), you can unsubscribe from marketing at any time by contacting us.
e. To remind you you have an uncompleted order that you may wish to complete.
GDPR: DATA PRIVACY NOTICE FOR CLIENTS AND SUPPLIERS
Reviewed 22 May 2018
Pro Adventure Ltd (“We”) are committed to protecting and respecting your privacy.
The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).
Data controller – A controller determines the purposes and means of processing personal data.
Data processor – A processor is responsible for processing personal data on behalf of a controller.
Data subject – Natural person
Categories of data: Personal data and special categories of personal data
Personal data – The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.
Special categories personal data – The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
- Who are we?
ProAdventure Ltd is the data controller. This means we decide how your personal data is processed and for what purposes. Our contact details are: ProAdventure Ltd, 41 Castle Street, Llangollen. LL20 8RU 01978 860605 firstname.lastname@example.org . For all data matters contact Peter Carol on email@example.com
- The purpose(s) of processing your personal data
We use your personal data for the following purposes:
Processing your order, sending you emails when you request a stock alert, sending you newsletter emails, verifying your age for age restricted sales, maintaining records for age restricted sales.
- The categories of personal data concerned
a. The personal data you give us may include your name, address, e-mail address and phone number, financial and credit card information, personal description (and photograph or passport image, driving license image or other identification to verify your age to complete our sales contract.)
b. Age verification data may also be obtained via 192.com, Agechecked Ltd or the companies house web site.
c. Contact data: such as names, email addresses, shipping/billing addresses, phone numbers, contact details
d. Sales data: such as details of the transactions undertaken through the Services, products/services purchased, date/time, payment amount/method, cancellations, returns, exchanges, etc.
e. Financial or payment information
f. Marketing preferences and communications
With reference to the categories of personal data described in the definitions section, we process the following categories of your data:
g. Personal data name, address, e-mail address and phone number, financial and credit card information, personal description (and photograph or passport image, driving license image or other identification to verify your age to complete our sales contract.)
- What is our legal basis for processing your personal data?
a) Personal data (article 6 of GDPR)
Our lawful basis for processing your general personal data:
Legitimate interest sending details about your products and events relevant to our products to people who have previously bought from us
Consent of the data subject; Marketing list membership for people who have not previously bought from us. Processing necessary for the performance of a contract with the data subject or to take steps to enter into a contract SALE OF GOODS, EMPLOYMENT AND EMPLOYMENT APPLICATION Processing necessary for compliance with a legal obligation SALE OF GOODS AND RELEVANT AGE VERIFICATION ON AGE RESTRICTED SALES. ACCOUNTING REQUIREMENTS FOR HMRC. Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
Age verification for age restricted sales
b) Special categories of personal data (article 9 of GDPR)
Our lawful basis for processing your special categories of data:
Explicit consent of the data subject MAILING LISTS, FACEBOOK PAGE AND GROUPS
Processing relates to personal data manifestly made public by the data subject
Age verification data
Processing necessary for the establishment, exercise or defence of legal claims or where courts are acting in their judicial capacity
Age verification data
- Sharing your personal data
Your personal data will be treated as strictly confidential, and will be shared only with our contracted data processors. These include but are not limited to Google (email and document storage), Teclan Ltd (email marketing and web design and maintenance), Feefo (customer feedback), 192.com (age verification), GBG PLC (address lookup), Microsoft 365 (data backups), Xero (accounting), VendHQ (electronic point of sale).
- How long do we keep your personal data?
We keep your personal data for no longer than reasonably necessary and we only retain your data for the following purposes and use the following criteria to determine how long to retain your personal data. General sale data is kept for up to four years, accounting data for up to six years, employee data for up to four years after the end of your work with us.
- Providing us with your personal data
If you are joining our email newsletter list, social media groups, pages or following you are under no statutory or contractual requirement or obligation to provide us with your personal data. But failure to do so will have the following consequences, we won’t be able to present any information to you.
For employees and purchasers, We require your personal data as it is a [statutory, with age restricted sales] and / or a requirement necessary to enter into a contract.
- Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
” The right to request a copy of the personal data which we hold about you;
” The right to request that we correct any personal data if it is found to be inaccurate or out of date;
” The right to request your personal data is erased where it is no longer necessary to retain such data;
” [THE RIGHT TO WITHDRAW YOUR CONSENT TO THE PROCESSING AT ANY TIME, WHERE CONSENT WAS YOUR LAWFUL BASIS FOR PROCESSING THE DATA];
” The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
” The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
” The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).
- Transfer of Data Abroad
OUR MAILING LIST IS HOSTED IN THE EEA, AS IS OUR WEB HOSTING. WHERE PERSONAL DATA IS TO BE TRANSFERRED OUTSIDE THE EEA, THIS MAY BE SECURED ON GOOGLE, AMAZON OR MICROSOFT 365 SERVERS ALL OF WHICH ARE SECURED WITH TWO FACTOR AUTHENTICATION. DATA ON OUR TILL SYSTEM MAY BE STORED OR TRANSFERRED OUT OF THE EEA, VENDHQ STORE AND SECURE THIS DATA AND PROCESS IT ON OUR BEHALF.
- Automated Decision Making
WE DO NOT USE ANY FORM OF AUTOMATED DECISION MAKING IN OUR BUSINESS.
- Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
- How to make a complaint
To exercise all relevant rights, queries or complaints please in the first instance contact Peter Carol on firstname.lastname@example.org
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.
Our website address is: https://www.proadventure.co.uk/wordpress.
What personal data we collect and why we collect it
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.