The personal data we collect from you directly can include your name, email address, mobile/landline telephone number, address, your purchasing activity, your credit, or debit card or other payment information (this is collected by our payment provider Sage Pay we do not store credit or debit card details), and information you give us when you contact our customer services team, when you engage with our social media platform.
If you are using a mobile device and shopping with us online or browsing our website, we may collect your IP address or other device identifier, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other portable device information.
2. When do we collect your personal data?
- When you purchase products and services from us online or over the phone
- When you contact our customer services team in store, online or over the phone
- When you engage with us on social media (by mentioning/tagging us or by contacting us directly)
3. How do we use your personal data and what are our legal justifications for doing so?
To make our products and services available to you
We use your personal data to provide you with the information, products and services that you request or purchase from us (i.e. to complete certain tasks, processes or orders on our website or within our apps, take payment online (where applicable) and deliver your products or services), and to communicate with you regarding those products and services that you purchase from us and respond to your questions and comments;
We rely on our contractual arrangements with you as the lawful basis on which we collect and process your personal data when you make an order for products and services. Alternatively, in some cases, we rely on our legitimate interests as a business (for example, to measure customer satisfaction and troubleshoot customer issues). Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.
For administrative and internal business purposes
We may use your personal data for our internal business purposes, such as enhancing our site, improving our services and products and identifying usage trends. We may also use your data to monitor the use of our website and ensure that our website is presented in the most effective and relevant manner for you and your device and setting default options for you (such as language and store location);
It is in our legitimate interests as a business to use your personal data in this way. For example, we want to ensure our website is customer friendly and works properly and that our products and services are efficient and of high quality. We also want to make it easy for you to interact with us. Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.
For security and legal reasons
We use your personal data to:
- ensure the personal and financial information you provide us is accurate;
- conduct fraud checks or prevent other illegal activity;
- protect our rights or property (or those of others); and
- fulfil our legal and compliance-related obligations.
In some cases we will use your personal data because it's necessary for us to comply with a legal obligation (such as if we receive a legitimate request from a law enforcement agency). In other cases (such as the detection of fraud) we will rely on our legitimate interests as a business to use your personal data in this way. Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.
To personalise your shopping experience and improve our operations
We use your personal data to:
- allow you to create a profile on our website which enables you to purchase products and services online without having to fill in your personal data every time you shop online with us;
- provide you with marketing material via SMS and email;
- analyse how you shop and what you shop for. This may include information on products you have viewed, historical transactions and products you have added to your online basket. This allows us to provide a browsing experience which is relevant to you.
It is in our legitimate interests as a business to use your data in this way and we do this in order to enhance your shopping experience with us. This allows us to help you find the products and services which you may be looking for and avoids you having to browse through products or services which are not relevant to you.
4. Who do we share your personal data with?
We will never sell any of your personal data to a third party. However, in order for us to provide our services to you, we share your personal data with our trusted third party service providers or our group companies, as detailed below. Whenever we share your personal data, we put safeguards in place which require these organisations to keep your data safe and to ensure that they do not use your personal data for their own marketing purposes.
Third party service providers
To fulfil orders for products and services
We work with a number of trusted service providers who carry out services on our behalf. When you purchase products and services from us, the services provided by these organisations includes delivery and processing payments. It is in our legitimate interests as a business to work with these service providers since we may not have the capabilities to provide these services ourselves. In each case, we will ensure that the service provider is only allowed to use your personal data in order to provide the services to us and for no other purpose.
5. Your rights
You have a number of rights relating to your personal information and what happens to it. You are entitled to:
- have your data processed in a fair, lawful and transparent way;
- be informed about how your personal data is being used, an example being this privacy policy;
- access personal data we hold about you;
- require us to correct any mistakes in your personal data;
- require us to delete personal data concerning you in certain situations where there is no good reason for us to continue to process it;
- request that we transfer your personal data to you or another service provider in a simple, structured format;
- object at any time to processing of your personal data for direct marketing purposes;
- object to automated decision making which produces legal effects concerning you or similarly significantly affects you;
- object in certain other situations to our continued processing of your personal data; and
- otherwise restrict or temporarily stop our processing of your personal data in certain circumstances.
6. Changing your preferences
If you no longer wish to be contacted by us about our products or services, or for other marketing purposes, you can amend your preferences or unsubscribe by emailing us. Alternatively, if you have a profile on the Magic Whiteboard website, you can unsubscribe by logging into your account, or simply follow the unsubscribe link provided in emails you receive from us.
We want to ensure that all the information we have about our customers is factually correct and up to date. If you find that the personal data we have about you is inaccurate or needs updating (for instance, you may have changed your name or address) then please contact us so that we can correct it. If you have created a profile on the Magic Whiteboard website, you can change the details stored about you by logging into your account.
7. Security and retention of your personal data
Security of your personal data
We take the security of your personal data very seriously. We have implemented various strategies, controls, policies and measures to keep your data secure and keep these measures under close review. We protect your data by using encryption techniques and we use other safeguards such as firewalls and password protection. This means that your data is protected and only accessible by co-workers who need it to carry out their job responsibilities. We also ensure that there are strict physical controls in our buildings which restricts access to your personal data to keep it safe.
Retention of your personal data
In broad terms, we will only retain your personal data for as long as is necessary for the purposes described in this Privacy Policy. This means that the retention periods will vary according to the type of the data and the reason that we have the data in the first place.
We have procedures in place regarding our retention periods which we keep under review taking into account our reasons for processing your personal data and the legal basis for doing so.
8. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. If we make significant changes we will let you know but please regularly check this policy to ensure you are aware of the most updated version.
This Privacy Policy was last updated on 21th May 2018.
Magic Whiteboard is fully General Data Protection Regulation compliant as of 21st May 2018.
Background
The General Data Protection Regulation 2016 (‘GDPR’) comes into full effect on 25 May 2018. Its purpose is to protect the “rights and freedoms” of natural persons (i.e. living individuals) and to ensure that personal data is not processed without their knowledge and, wherever possible, that it is processed with their consent.
The GDPR applies to the processing of personal data wholly or partly by automated means (i.e. by computer) AND to the processing other than by automated means of personal data (i.e. paper records) that form part of a filing system or are intended to form part of a filing system.
Our Commitment
We are committed to compliance with all relevant EU and Member State laws in respect of personal data, and the protection of the rights and freedoms of individuals whose information we collect and process in accordance with the General Data Protection Regulation (GDPR). Ongoing compliance is embedded into the fabric of Magic Whiteboard Limited.
Our Current Position
As a result of our own assessment and the independent inspections that we have undergone, we are confident that our systems and operations are fully compliant with current Data Protection Act legislation and that we are already compliant with the GDPR.
How we ensured compliance
To ensure that we were fully GDPR compliant well in advance of the ‘go live’ date of 25 May 2018 we undertook a comprehensive, structured programme of work including:
- A GDPR gap analysis on all of our policies, procedures, work instructions and records;
- A formal review of how GDPR impacts on all of our products and services;
- Implementation of a GDPR Compliance Framework;
- An assessment of the potential impact of GDPR on our customers;
- Gaining confirmation from our suppliers regarding their commitment to GDPR;
- Review of our processes, procedures and contracts by a qualified solicitor with expertise in data protection legislation;
- A training and development programme for every member of our team.