It tells you about your rights in relation to your personal data and how the law protects you. Also covered is how to contact us and the authorities in the event you have a complaint.
Who we are
We collect, use, store and are responsible for certain personal data about you. We are regulated under the General Data Protection Regulation
What data is collected by us
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed which is classified as anonymous data.
During your visit and interaction with our website, we collect a variety of information. This personal data falls into these categories:
Contact data includes addresses, email addresses and telephone numbers when provided through an enquiry form, or registration form
Financial data includes billing addresses when purchasing through the eCommerce system (card information is not stored)
Transaction data includes details about payments from you and details of products you have purchased from us.
Technical data includes browser type and version, location, operating system and platform and other technology on the devices you use to access the website.
Aggregated data through a web analytical service called Google Analytics which provides statistical or demographic data. Aggregated data however is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate usage data to calculate the percentage of users accessing a specific website page or which days have more visitors.
How is your personal data collected?
We use different methods to collect data from and about you including:
Direct interactions - You may give us your identity, contact and financial data by filling in forms or by interacting with the website.
This includes personal data you provide when you:
- Sign up to receive a newsletter.
- Make enquiries or request information be sent to you
- Create an account on our website.
- Ordering our products or services.
Automated interactions - As you interact with us, we may automatically collect Technical Data about your device, browsing actions and patterns. We may also collect Tracking Data when you use our website. We also receive data about you from our analytic provider though this does not identify you.
How and why we use your personal data
Under data protection law, to comply with our legal and regulatory obligations, we can only use your personal data if we have a valid reason for doing so and where consent is required.
- When you make an enquiry with us, you provide us with your contact information to respond to you.
- When you purchase products from us, you are entering into an agreement for us to provide you with something for which we require contact and billing information.
What we use your personal data for
- To provide services to you
- To make contact with you through email or by telephone
- Notification of any changes to our services
- Marketing communications that may be of interest (only where consent has been given)
- Accounts - i.e. sending order confirmations and invoices or any other account queries
Third party data collection
Links to external sources and third party sites such as LinkedIn, Twitter and Facebook may exist from this website. They may request your personal data and we cannot take responsibility once you leave our site.
Who we share your personal data with
Outside of our company, we only share data with a third party supplier for the purpose of offsite data backup. All such backups are transmitted and stored in encrypted form (so is not readable) in locations within the United Kingdom.
We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.
Whilst third party organisations related to IT and software maintenance may have temporary visibility of your information, these organisations do not have permission to use your data and will only be given access if required.
We will not sell or lease your personal information to any third parties.
How long your personal data will be kept
We will keep your personal data when it is provided to us. We will do so for one of these reasons:
- To respond to any questions, complaints or claims made by you or on your behalf
- To show that we treated you fairly
- To keep records required by law
We will not retain your data for longer than necessary for the purposes set out in this policy. When it is no longer necessary to retain your personal data, we will delete it.
Under the General Data Protection Regulation, you have the following rights, which at any time you can exercise:
Right of access
You have the right to be provided with a copy of your personal data
You have the right to require us to correct any mistakes in your personal data
You have the right to be forgotten - The right to require us to delete your personal data in certain situations
Restriction of processing
You have the right to require us to restrict processing of your personal data
You have the right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format
The right to object
You have the right to object. However, in some situations this right can be rejected, so as to support legitimate business or lawful requirements.
Not to be subject to automated individual decision-making
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
For further information on each of the above rights, including the circumstances in which they apply, see the guidance from the UK Data Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- Email, call or write to us
- Let us know the data to which your request relates
Keeping your personal data secure
We have appropriate security measures in place to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your data will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach.
We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
When communicating with us by email you should ensure that you take all reasonable precautions to protect any sensitive personal data.
A cookie is a small piece of information that a site puts on your device so that it can remember something about you when you return at a later time. It is a mechanism that allows the server to store its own information about a user on the user's own computer.
In order to use the site, you agree to let cookies be saved as they are an important part of navigation of the site. You can turn off cookies within your browser by going to Tools > Internet Options > Privacy and selecting to block cookies
Third party cookies used on the site.
Google Analytics is a service that generates detailed statistics about our website visitors. Their cookies typically store anonymous information such as whether a visitor has been to the site before, the time of the current visit and what was the referrer site the visitor came from.
How to complain
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.
The supervisory authority in the UK is the Data Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
How to contact us
Please contact us if you have any questions about this privacy notice or the data we hold about you.
If you wish to contact us, by writing to Needlecraft, 142 Cotterells, Hemel Hempstead, Herts, HP1 1JQ, United Kingdom or call (+44) 01442 245383.
Changes to this privacy notice
This privacy notice was published on 23rd May 2018 and last updated on 23rd April 2023. We may change this privacy notice from time to time, when we do we will inform you.