For the purpose of the General Data Protection Regulation (GDPR), James & May is the data controller , located at 12 Hayhouse Road, Earls Colne, Colchester, Essex, CO6 2PR. In accordance with GDPR, we will only collect and use personal data in a lawful, fair and transparent way for clearly explained purposes.
Why do we collect information
- To process and fulfil your order
- Take payment via Stripe or PayPal
- Arrange delivery through Royal Mail or Parcelforce
- Communicate delivery information and inform you of any delays or queries
- Resolve any problems should they occur
- For authentication or identity checks
- To detect and prevent fraud
- To improve our website and services
- Keep you informed by email, if subscribed, about new products, offers or other information we believe may be of interest to you when this has been requested and consented to. You may choose to unsubscribe from this service at any time.
- To fulfil our legal obligations
What information do we collect?
- Your name
- Email address
- Billing address
- Delivery address
- Telephone numbers
- Credit or debit card details
- The content of emails and phone calls received
How do we collect data?
We collect personal information in a variety of ways, including when you place an order, subscribe to the newsletter, use our Contact Form to contact us or email or telephone us directly. You may, however, visit our Site anonymously.
Who do we share your information with?
- Stripe and PayPal who process payments on our behalf
- Our suppliers (some products are sent direct to the customer)
- Royal Mail and ParcelForce to enable delivery of orders placed
- Our website marketing developers (non personally identifiable information only)
We may also share your personal information in connection with any legal proceedings or for the purpose of fraud prevention however, will not sell, lease or distribute your personal information to any third parties without your permission unless required by law to do so.
How long do we store your information?
We do not store personal data for longer than it is necessary and legally required for us to do so. Information will only be held for as long as it is required for the purpose it was collected.
What are your data rights?
You have the following rights in respect of your personal data:
The right to access your personal data. You can contact us to request details of the personal data we hold on you at any time along with why we are holding the data. Once received, we will respond within 30 days.
The right for your data to be accurate and kept up to date. Please let us know if any personal information we hold about you needs to be corrected or updated.
The right to have your personal data erased. If you would prefer that we no longer hold and use your personal data, or believe we are unlawfully using it, you can request that it is erased. We will confirm when it is deleted or if it cannot be deleted and the reason why (for example compliance with legal obligations).
The right to object to the processing of your personal data. You have the right to ask that we stop processing your personal data, or alternatively to ask us to restrict processing of it. We will contact you to let you know that we will comply or if we are legally obliged to continue processing your data.
The right to withdraw consent. You can withdraw your consent to the processing of your data at any time by emailing, phoning or writing to us.
The right to data portability. You have the right to request that we transfer your data to another controller. Providing this is feasible, we will do so within 30 days.
The right to complain. If you believe there is an issue with how we handle your personal data, you have a right to complain to the ICO.
Please note that to access your data, have it amended, corrected or erased, evidence of your identity will be required (a certified photocopy of your passport or driving licence plus an original copy of a recent utility bill). Similarly, confirmation of your identity will be required if objecting to the processing of your personal data.
Protecting your data
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, transaction information and data stored on our Site.
Information provided is stored on secure servers and all financial transactions are handled through our payment services providers, Stripe and PayPal who use the latest most secure technology. We do not hold a copy of any debit or credit card information. When you place an order we use Secured Socket Layer (SSL) encryption, which encrypts your information before it is sent to us to protect it from unauthorised access.
You are responsible for keeping your password and user details confidential.
Further data processing
If we intend to use your personal data for a new purpose, not notified above, we will provide a new notice and wherever necessary seek your consent prior to the new processing.
Your acceptance of these terms
By using this Site, you signify your acceptance of this policy and terms of service. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.
James & May,
12 Hayhouse Road,
This document was last updated on 18th June 2019