We understand that your privacy is important to you and that you care about how your information is used and shared online. We respect and value the privacy of everyone who visits Our Site and will only collect and use information in ways that are useful to you and in a manner consistent with your rights and Our obligations under the law.
SECTION 1 – INFORMATION ABOUT US
tombarlowonline.com is operated by Tom Barlow, trading as TBOnline at its trading address at 10 Colne Road, Bluntisham, Huntingdon, PE28 3LU, United Kingdom.
SECTION 2 – WHAT DATA DO WE COLLECT AND WHAT DO WE DO WITH YOUR INFORMATION?
Some data will be collected automatically by Our Site and other data will only be collected if you voluntarily submit it and consent to Us using it for the purposes set out in this section. When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, mailing address, email address and financial information.
When you submit a message via our contact form, We collect your name, email address, phone number and other personal data you choose to voluntarily submit to Us. When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
We use your data to provide the best possible products and services to you. This includes:
- Providing and managing your access to Our Site;
- Personalising and tailoring your experience on Our Site;
- Supplying our products and services to you;
- Responding to communications from you;
- Supplying you with email newsletters that you have subscribed to (you may unsubscribe at any time by following the links to unsubscribe within those communications);
- Market research;
- Analysing your use of Our Site to enable Us to continually improve Our Site and your user experience.
In some cases, the collection of data may be a statutory or contractual requirement, and We will be limited in the products and services We can provide you without your consent for Us to be able to use such data.
With your permission and/or where permitted by law, we may also use your data for marketing purposes, which may include sending you emails about our store, new products and other updates. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) and the Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended in 2004, 2011 and 2015. We will get your express opt-in consent before we share your personal data with any third parties for marketing purposes.
Under GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following basis applies:
- you have given consent to the processing of your personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which we are subject;
- processing is necessary to protect the vital interests of you or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or
- processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
SECTION 3 – CONSENT
How do you get my consent?
If we are relying on your consent in order to process your personal data, we will request this at the point at which you provide us with your personal information, including to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase.
We will only use your personal data for the purposes for which We collected it, unless We reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact Us. If we need to use your personal data for an unrelated purpose, We will notify you and we will explain the legal basis which allows Us to do so.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at email@example.com (email address) or mailing us at 10 Colne Road, Bluntisham, Huntingdon, PE28 3LU, United Kingdom
SECTION 4 – DISCLOSURE
We may contract with third parties to supply products and services to you on Our behalf. These may include payment processing, delivery or products, search engine facilities, advertising and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law. We currently contract with PayPal, Mailchimp, Stripe, Infusionsoft, SendOwl, and SamCart.
We may disclose your personal information if we are required by law to do so. We do not require any further consent from you in order to share your data in such circumstances and will comply as required with any legally binding request that is made of Us.
SECTION 5 – HOW DO WE STORE YOUR DATA
We will only retain your personal data for as long as necessary to fulfil the purposes We collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Some of Our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA. Whenever We transfer your personal data out of the EEA, We take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the EEA. Such steps may include, but not be limited to, the use of legally binding contractual terms between us and any third parties we engage and the use of the EU-approved Model Contractual Arrangements.
Our store is hosted on sendowl.com and samcart.com. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through infusionsoft.com data storage, databases and the general application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then PayPal or Stripe store your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Terms of Service:
SECTION 6 – THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
SECTION 7 – SECURITY
All personal data is stored securely in accordance with the GDPR. To protect your personal information, we have put in place suitable physical, electronic and managerial procedures and precautions to safeguard and secure your data and We follow industry best practices in this regard to make sure it is not accidentally lost, misused, accessed in an unauthorised way, disclosed, altered or destroyed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 8 – COOKIES
Cookies are small text files placed on your device when you visit Our Site. All cookies used by and on Our Site are used in accordance with current UK and EU cookie law (meaning the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended in 2004, 2011 and 2015).
‘Session cookies’ allow Us to track your actions during a single browsing session, but they do not remain on your device afterwards. ‘Persistent cookies’ remain on your device between sessions. We use them to authenticate you and to remember your preferences. We can also use them to balance the load on our servers and improve your experience on Our Site.
Session and persistent cookies can be either first or third party cookies. A first-party cookie is set by Us and we use these to improve our site’s performance and to provide and improve our services. A third-party cookie is set by a different website and We use these as described below. Both types of cookie may be used by Us or Our business partners.
All Our cookies fall within the classifications Strictly Necessary, Functionality and Performance. None are classified as Behavioural Targeting. If at any time you wish to disable Our cookies, you may do so through the settings on your browser but if you do so you will not be able to use certain important features of Our service.
You can choose to enable or disable cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party cookies. By default, most internet browsers accept cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device. You can choose to delete cookies at any time however you may lose any information that enables you to access Our Site more quickly and efficiently.
SECTION 9 – SUMMARY OF YOUR RIGHTS
Under the GDPR, you have:
- the right to request access to, deletion of or correction of, your personal data held by Us;
- the right to complain to a supervisory authority;
- be informed of what data processing is taking place;
- the right to restrict processing; the right to data portability;
- the right to object to processing of your personal data;
- rights with respect to automated decision-making and profiling
If you wish to exercise any of the rights set out above, please contact Us at the contact details set out below. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
QUESTIONS AND CONTACT INFORMATION
If you would like to exercise any of the rights stated above, register a complaint, or simply want more information please contact firstname.lastname@example.org or by mail at 10 Colne Road, Bluntisham, Huntingdon, PE28 3LU, United Kingdom