We treat all your Personal Information as confidential (although we reserve the right to disclose this information in the circumstances set out below). We will keep it on a secure server and we will fully comply with all applicable UK Data Protection and Consumer legislation.
The legal bases we rely on
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
Consent: In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive email newsletters. When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service.
Contractual obligations: In certain circumstances, we need your personal data to comply with our contractual obligations. For example we’ll collect your address details to deliver your purchase, and pass the appropriate details on to our couriers.
Legal compliance: If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement.
Legitimate interest: In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights or interests.
When do we collect information
We collect your data in the following circumstances:
When you visit our website and buy products online, in the shop or online.
When you make an online purchase and check out as a guest (in which case we just collect transaction-based data).
When you create an account with us.
When you purchase a product or service in store or by phone but don’t have an account.
When you contact us by any means with queries, complaints etc.
When you ask us to email you information about a product or service.
When you enter prize draws or competitions.
When you choose to complete any surveys we send you.
When you comment on or review our products and services.
When you’ve given a third party permission to share with us the information they hold about you.
What we collect
How we use this information
We confirm that any Personal Information which you provide to us or which is available on public registers and any User Information from which we can identify you, is held in accordance with the registration we have with the Information Commissioner's Office. We use your information only for the following purposes:
Processing your orders;
For statistical purposes to improve this Website and the service to you;
To modify website content;
To administer this website;
To contact you about leaving a review on a product once your order has been completed;
If you consent, to notify you of products or special offers that may be of interest to you.
We process our data within the European Economic Area ("EEA"). There may be instances where we transfer some of your data to suppliers within the EEA in order to deliver to you directly. Additionally, owing to the global nature of our business, the information that we collect from you may be transferred to locations outside the European Union for processing and storing, but only in connection with the services that we provide to you, such as international carriage. These countries may not have similar protections in place as the EEA regarding your data and its use as set out in this policy. By submitting your information you consent to such transfers outside the EEA. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
You agree that you do not object to us contacting you regarding the fulfilment of your order whether by telephone, e-mail or in writing and you confirm that you do not and will not consider any of the above as being a breach of any of your rights under the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 or any subsequent act with a similar intent. When you create an account while ordering online you will be given the option to receive information from The Worm that Turned about products, promotions or special offers which we feel may be of interest to you. You understand that you can unsubscribe from receiving such marketing information from us at any time, either via your online account or at the bottom of any marketing emails, but understand that we may need to contact you for reasons such as fulfilling your order.
When entering any of our competitions or prize draws, you provide your name, email address and mailing address. If you win, we will send the prize to the address entered and notify you by email. When you enter a contest or prize draw, you are also included in our newsletter list to receive notice of promotions, specials and new additions to the Website. You may unsubscribe from this news list by following the unsubscribe instructions in any email received.
Disclosure of Information
The relevant parts of your Personal Information may be disclosed to reputable third parties who will help process your order. The Worm that Turned requires all such third parties to treat your personal information as fully confidential and to fully comply with all applicable UK Data Protection and Consumer legislation in place.
Third parties may use these details to enhance the delivery process. This may involve the further sharing of your relevant details with our third party agents, subcontractors, affiliates or other third party services, solely for the purpose of providing or improving the service. Our third party agents will remain liable for any act or omission by another third party, which they have contracted to process data in order to fulfil the service or obligation required.
We will only give your Personal Information to third party companies for mailing or marketing purposes if you have given us express permission to do so. If you have a login account with us you can check and change your settings.
We will not release email addresses or phone numbers to third parties unless required to do so for delivery or review purposes as outlined above.
If we are requested by the police or any other regulatory or government authority investigating suspected illegal activities to provide your Personal Information and/or User Information you should be aware that we are entitled do so.
We have put in place various security procedures to protect your information. We consider the security of your personal data and the details of any transactions you make to be a matter of the highest priority. Only authorised employees can access your personal data. When you place an order with us, we use a secure server. Any data you provide to us is encrypted using a 'Secure Socket Layer' (SSL) session. SSL is an industry standard and is a widely used measure to guard against Internet messages being intercepted. You should be aware, however, that older browsers cannot use SSL. Please note that no payment card information is ever held on our servers in full. SagePay or other payment intermediaries such as PayPal hold all data relating to payment securely on their servers and access to the information controlled by those companies is restricted.
Retention and disposal of personal data
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.
You can access your online account using your username and password. You can also use this section to change or delete this information including any consent you have provided to receive marketing communications. We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. Alternatively you can click the ‘unsubscribe’ link in any email that we send to you.
You can request further details of personal information that we hold about you, including on our databases, by contacting firstname.lastname@example.org. Requests must be made in writing and are free of charge. Proof of identification is required in order to protect your information. However, we reserve the right to charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive. We may also charge a reasonable fee to comply with requests for further copies of the same information. This fee will be based on the administrative cost of providing the information.
Where requests are manifestly unfounded or excessive, we can also refuse to respond. In such circumstances we will explain why to the individual, informing them of their right to complain to the supervisory authority and to a judicial remedy without undue delay and at the latest within one month.
Children are not eligible to use our services and we ask that persons under 16 do not enter any personal information with us. We have a system in place to ensure that we do not obtain the personal information of any persons under 16 knowingly or without the express permission of a parental guardian.
Links to other websites
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
Review of this policy
We keep this Policy under regular review. This Policy was last updated on 15th May 2018.