Privacy Policy
Contents
- Purpose of this Privacy Policy
- Who we are
- Why we collect personal data
- Information we may collect about you
- How we collect your data
- How we may use your information
- How is my personal data shared?
- How we protect your personal data
- Where your personal data may be processed
- Your rights over your personal data
- Retention of information
- Links to other websites
- Contacting the regulator
- Contact us
Purpose of this Privacy Policy
Zippy bags is committed to protecting the privacy and security of your personal data by complying with all data protection laws applicable to the United Kingdom.
We greatly respect your privacy and will do our utmost to keep the information you provide to us secure. This includes information that you submit to us via our website, by telephone or any related applications and services.
The purpose of this privacy policy is to clearly explain the information that we collect, how we use and share it, how to manage your marketing preferences and a confirmation of your rights. It is very important that you read this privacy policy when we are collecting or processing personal information about you so that you are aware of how and why we are using your personal information.
Please also read our Terms & Conditions of sale.
It is likely that we will have to update this privacy policy from time to time so please return to this page from time to time in order to keep up-to-date with any changes. When we make significant changes to the policy we will also notify you accordingly where we have accurate contact details and where you would expect to receive communications from us.
If you have any questions regarding our privacy policy or you object to any changes made in the future, please contact the Data Protection Officer at Zippybags using the contact details at the end of this policy.
For brevity throughout this policy, ‘we’, ‘us’ and ‘Zippybags’ are used to refer to Zippybags.
Who we are
We are a small family business based on the Wirral
For all our services, the data controller responsible for the privacy of your data is Zippybags.
Why we collect personal data
So that we, as an online retailer, may provide a service and fulfill any obligations to you (as an online visitor, user or our customer) it is necessary for us to collect and process personal data. The EU General Data Protection Regulation (Regulation EU 2016/679), (GDPR) sets out in law a number of different reasons why a company may collect and process your personal data. We use the following lawful basis for processing your personal information:
Consent
We may process your information in situations where we have gained your explicit consent. For example, when you tick a box to receive our Email newsletter.
Generally we do not rely on consent as a legal basis and you have the right to withdraw your consent to marketing at any time by contacting us using the contact details at the end of this policy.
Contractual obligations
We process personal data routinely to comply with contractual obligations we are about to enter into or have entered into with you. For example, we need to collect your delivery address details and pass to our couriers in order to deliver your purchase to you.
Legitimate interest
We require your data to pursue our legitimate interests in a way which might reasonably be expected and which does not impact your interests, freedoms and fundamental rights. For example, we can use your order history to send you personalized offers and your address details to send you direct marketing information by mail. We can also combine the shopping history of many customers to identify trends to better understand their needs.
Legal compliance
In certain situations the law requires us to collect and process your data to comply with our legal or regulatory obligation. For example, we can pass details of fraudulent transactions or other criminal activity affecting our business to law enforcement.
Information we may collect about you
Personal data means any information which relates to an individual and can be used for the purposes of identification, either directly or indirectly, typically through the use of an identifier. It does not include data where the identity has been removed.
We have grouped the different kinds of personal information we may collect, use, share or otherwise process about you below:
Data classification
Types of information
Identity Data
Data that can be used to identify you
Title, first name, last name, username or social identifier, date of birth and gender.
Your image may be recorded by CCTV if you visit one of our premises.
Contact Data
Data that can be used to contact you
Billing address, delivery address, email address and telephone numbers.
Financial Data
We don’t store any financial date for example card information.
Transactional Data
Data relating to your previous transactions
Payment transaction details to and from you (order receipts, refunds etc) and other details of products and services you have purchased from us.
Technical Data
Data about the device, browser, operating system and method used to access our website
Internet protocol (IP) address, login data, browser type and version, internet connection type, time zone setting and location, browser plug-ins and versions, operating system and platform and other technology on the devices you use to access our website.
Profile Data
Data that builds a user profile when specified
Username and password, purchases or orders made by you, your interests, preferences, comments, reviews, social or marketplace identifier, feedback and survey responses.
Usage Data
Data about your usage of our website and related services
Information about how you use our website, products and services including details of your visit and which site you came from to ours, the web pages viewed during your visit, any search terms you entered and the advertisements you clicked on. Please see our Cookie Policy.
Marketing and Communications Data
Data that specifies your marketing preferences and/or any communications you have with us
Your marketing preferences such as what information you would like to receive from us and by what method (by email, by mail etc).
This includes general communications data such as us making a note of conversations we have had with you in person and/or communications you sent to us.
This enables us to manage our relationship with you effectively and ensures you only receive communications from us that are relevant and timely.
Aggregated Data
We may also collect, use and share some Aggregated Data about our customers’ behaviour patterns and browsing actions. This data may be derived from your personal information but it does not identify you as an individual so is not considered personal data in law. For example, we may aggregate Usage Data to calculate the number of users visiting a specific website location. Should we combine Aggregated Data with your personal data so that it can identify you as an individual then we treat the combined data as personal data and subject to the provisions of this privacy policy.
Special Category (Sensitive) and Criminal Offence Data
We do not collect any Special Category Data or Sensitive Personal Data about you (such as your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any Criminal Offence Data about criminal convictions and offences.
If you fail to provide personal information
Where we need to collect personal information, either by law or under the terms of a contract we have with you, and you fail to provide the information upon request, we may not be able to fulfill the contract we have or are trying to enter into with you. For example, to deliver an order to you. This may lead to the cancellation of the contract between us. However, if this is the case we will notify you accordingly.
Personal identification documents
We do not ask for personal identification documents
How we collect your data
We collect different information about you in a number of ways:
Information you give us
When you create an account, make a purchase, sign up to our newsletter, register for an event, request marketing materials or give us feedback, we will store the personal information you give us such as your name, email address, postal address and telephone number . We will also keep a record of your purchases and any communications you have with us.
Automated technologies or interactions
As you interact with our website, we may automatically collect Technical Data about your equipment and Usage Data regarding your browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. For more information on cookies, please see our Cookie Policy.
Information from third parties
We do not seek to obtain, have never and will never purchase personal information about you from third parties.
However we do use Aggregated Data sources from third parties to improve the systems, services and products we provide to you and generally make informed business decisions as set out below:
- Analytics information from providers such as Google
- Advertising network performance such as Facebook and Google AdWords
- Search information providers such as Google
This third party Aggregated Data often relies on your use of cookies. For more information on cookies, please see our Cookie Policy.
In some specific situations such as fraud prevention, we may seek to access and use information about you that is placed in the public domain.
How we may use your information
We have set out in the following table all the ways in which we use your personal information. We will only use your information when the law allows us to, and the legal bases on which we rely upon to do so are also included in the table. In some instances, depending on the specific purpose for which we are using your data, there may be more than one lawful ground for processing your information.
Purpose/Activity |
Type of data |
Lawful basis for processing including basis of legitimate interest |
|---|---|---|
| To register you as a new customer |
|
|
| When you make an online purchase when logged in to your account |
|
|
| When you make an online purchase and check out as a guest (only transactional) |
|
|
| When you make a purchase by telephone |
|
|
| When you contact us by any means with queries, complaints etc |
|
|
| When you ask us to email you about a product |
|
|
| When you live chat with us |
|
|
| When you request to join our Email mailing list |
|
|
| When you request a ‘back in stock’ email notification |
|
|
| When you engage with us on social media |
|
|
| When you engage with us via our forum |
|
|
| When you enter prize draws or competitions |
|
|
| When you choose to complete any surveys we send you |
|
|
| When you comment on or review our products, content and services |
|
|
| When you book any kind of appointment with us. |
|
|
| When you fill in any forms e.g. a student discount application |
|
|
| When you have given a third party permission to share with us the information they hold about you |
|
|
| When you use our shops, visit our premises or attend an event, we may record your image on CCTV systems operated for security or you may feature in photography taken that is then used for marketing purposes |
|
|
| To make suggestions and recommendations to you about goods or services that may be of interest to you |
|
|
| When you browse our website we may record data analytics to improve our products/services and marketing/communications with you |
|
|
| To deliver relevant website content/advertisements and measure/understand the effectiveness of the advertising we serve to you |
|
|
| To administer and protect our business and this website (including troubleshooting, data analysis, logging, testing, maintenance, support, reporting and hosting of data) |
|
|
| We may collect data from publicly accessible sources (such as government agencies) where you have given consent to share information or it is made public by law |
|
|
Marketing communications
We aim to communicate with you about the products and services we provide in a way that you find relevant, timely, respectful and never excessive. To do this we use data we have collected and stored about you as a result of our contractual obligations in conjunction with any contact preferences you have told us about.
We only send marketing based communications by email where you have given us explicit consent; for example, by ticking the box to opt in during registration or guest checkout on our website. We use legitimate interest as the legal basis for communications by mail. In both instances you have the right to opt out of receiving these at any time either by contacting us or by updating your direct marketing preferences.
As part of our service to you, we may contact you by email or telephone to provide essential information related to your purchase or visit.
Online advertising
To keep you up-to-date with our brand and help you see and find products we believe are relevant to you, we use our legitimate interests to engage in online advertising.
We target banners and adverts to you when you are on other websites and apps using a variety of digital marketing networks and ad exchanges. These adverts use a number of different technologies such as pixels, ad tags, cookies and mobile identifiers as well as specific services offered by some sites and social networks such as Facebook’s Custom Audience service.
The banners and ads you see will be based on information we hold about you and/or your previous use of the Zippybags website such as your search history and the products you have looked at or added to your basket.
For more information on cookies, including how you can control what cookies are used, please see our Cookie Policy.
How we protect your personal data
We understand how important data security is to you and therefore take all appropriate steps to safeguard the collection, transmission and storage of the data we collect.
All areas of our website are protected with secure connections over “https” technology. Access to your personal data is password protected and we use secure server technology that implements Transport Layer Security (TLS) encryption to protect your sensitive data.
If you use your credit or debit card to purchase from us, we will ensure that this is carried out securely.
We also generate authorisation tokens when you place an order with us using a credit or debit card. Only we can use the authorisation token generated and since we only charge your card on dispatch, it is necessary in instances where part shipment of items is required e.g. to fulfil backorders. We never store your card details or security code in plain text.
Our systems are monitored for possible vulnerabilities and attacks, and we are continually looking to identify ways to further strengthen security in line with new technological advances and best practices.
Where your personal data may be processed
We store your data on secure servers outside of the European Economic Area (EEA).
International Orders
By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf within the UK. You have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.
Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Policy.
Your rights over your personal data
If you choose to share personal data with Zippybags you have rights relating to your personal information. You have the right to request:
- Information about the collection and use of your personal data (as outlined in this Privacy Policy or by contacting us).
- Access to the personal data we hold about you, free of charge, in most cases.
- The correction of inaccurate, out of date or incomplete personal data held about you.
- Your personal information to be erased, not processed or collected where there is no good reason for us to continue processing it. Otherwise known as `the right to be forgotten`.
- We stop using your personal data for direct marketing (either through select or all channels).
- We stop any content based processing of your personal data after you have withdrawn your consent.
- We transfer or port elements of your data either to you or another service provider.
- A review of any decision made based solely on automatic processing of your data.
- Complain to the data protection regulator (see contacting the regulator).
If we choose not to action your request we will explain to you our reasons for refusal.
Checking your identity
We may need to request specific information from you as a security measure. This is to confirm your identity and prevent personal information being disclosed to any person who has no right to receive it.
Time limit to respond
We aim to respond to all legitimate requests within one month. Occasionally it may take us longer if your particular request is complex or you have made a number of requests.
Updating your direct marketing preferences
There are several ways you can stop direct marketing communications from us:
- Click the unsubscribe or edit preferences link in any email
- If you have an account, sign in and visit the My Account area
- With a direct request, by email, telephone or in-store. See Contact Us.
When editing your preferences you will have the option to select the types of marketing you receive and by what means. You can of course opt to unsubscribe from all direct marketing communications. Please note there may be a small delay in updating your preferences until our systems fully update.
Deleting information and deactivation of accounts
You may request that your account is deleted by contacting us. Once deleted, your data, including previous order history, cannot be reinstated.
Retention of information
When we collect or process your personal information we will only keep it for as long as it is necessary to provide our services to you and to comply with our legal and contractual obligations.
At the end of that retention period, your data will be either deleted or made anonymous. In the latter scenario the data will be used in a non-identifiable way for statistical and business planning purposes.
Example retention periods
For purposes such as tax, accounting and warranty we will keep a record of all orders placed with us for the legally required duration of seven years.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Policy. You should exercise caution and look at the privacy statement applicable to the website in question.
Contacting the regulator
If you wish to make a complaint about the way we handle your personal data, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you may contact the Information Commissioner’s Office by calling 0303 1231113 or contacting them via their website: www.ico.org.uk
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
Contact us
If you have any questions about this Privacy Policy, please contact our Data Protection Officer who will be pleased to help you.
Write to us:
Data Protection Officer
Zippybags
198 – 200 Pensby Road
Heswall
Ch60 7RU
Last updated: Monday 13 May 2019