Privacy Policy
Emporium Events Ltd TA Green Duck Events is committed to protecting and respecting your privacy. We want you to understand how we collect and use information about you. We also value your comments in this regard.
The privacy policy describes to you:
-
who we are
-
what personal data we collect and store about you, and how we collect it
-
why we collect personal data and what we do with it
-
the categories of third parties with whom we share your personal data
-
how we retain your information and keep it secure
-
your rights and how to exercise them
-
how to contact us
1. Who are we
For the purposes of data protection law, the “controller” is Emporium Events Ltd, a company incorporated and registered in England and Wales under company number 14362681 and having its registered office address 53 Grosvenor Road, Tunbridge Wells, Kent, TN1 2AY, United Kingdom (from now on referred to as “Emporium Events Ltd”, or as “we” and related words such as “us” and “our”).
As controller we are responsible for, and control the processing of, your personal data. We are registered as a data controller with the Information Commissioner’s Office, which is the UK’s supervisory authority for data protection matters.
If you would like to contact us about this policy, including if you wish to receive further information about any aspect of it, our details are as follows:
E-mail:
emporiumeventsltdrtw@gmail.com
Post:
Data Privacy
Emporium Events Ltd
53 Grosvenor Road
Tunbridge Wells
Kent
TN1 2AY
2. What information do we collect from you?
In the course of our business, which is the sale homewares, soaps, candles and furniture in our shops and online, we collect the following personal data when you provide it to us:
-
personal details, such as
-
- name and title
-
- username
-
- gender
-
- date of birth
-
-
contact data, such as
-
- delivery address
-
- billing address
-
- e-mail address
-
- telephone and mobile number(s)
-
-
image data, namely
-
- CCTV images
-
- Photographs (if we are taking pictures during an event and you have not objected to us doing so)
-
-
biographical data from job applications and CVs, such as
-
- institutions attended
-
- academic and other results gained
-
- employment history
-
- any other personal information you provide
-
-
payment card details
-
transaction data, such as
-
- details about payments to and from you
-
- details of products and services you have purchased from us
-
-
technical data, such as
-
- internet protocol (IP) address
-
- your login data, browser type and version
-
- time-zone setting and location
-
- browser plug-in types and versions
-
- operating system and platform and other technology on the devices you use to access our website
-
-
profile data, such as
-
- username and password
-
- orders made by you
-
- your preferences
-
- feedback and survey responses
-
-
usage data, such as
-
- information about how you use our website, products and services
-
-
marketing data, such as
-
- your preferences in receiving marketing and communications.
-
- Our marketing email uses clear gifs (web beacons), which tell us whether you open the email. The information is used to enable more accurate reporting and ensures we are sending you relevant content. You can turn off web beacons by not 'enabling images' in an email. Instructions on how to do this automatically should be in the help section of your browser or program.
-
We do not knowingly collect “special category” personal data. This is a special type of sensitive data to which more stringent processing conditions apply, and comprises data concerning your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, and genetic data and/or biometric data.
We also do not collect information about criminal convictions or offences.
3. How do we collect personal data?
We obtain personal data from sources as follows:
-
directly from you when you interact with us, for example when you
-
- create an account
-
- buy or return our products in a store or online
-
- sign up to our mailing lists
-
- request information
-
- write to us
-
- phone our customer services team (since your call may be recorded for training, fraud prevention and investigation purposes)
-
- contact our customer services team via our website’s live chat feature
-
- enter a competition
-
- take part in a survey
-
- give us feedback or post comments or reviews
-
- apply for a job or send a CV
-
-
from customers if they provide your details in relation to an order or a wish list: if you are providing another person’s details, please ensure you have that person’s explicit consent to do so.
-
from third parties, or combine your information with information lawfully obtained from third parties such as payment and delivery service providers, advertising networks, social media platforms, analytics service providers and search information providers.
-
from automated technologies such as cookies and tags when you use our website – for more information, please see Section 4 and our cookies policy.
4. Web Beacons within Emails
Emails may contain a clear gif (simple web beacon). We may use clear gifs to understand about how you interact with our email marketing campaigns, and we may use the information we collect through simple web beacons. This may include the time and date accessed, and / or your IP address at the location accessed. We use location to make sure we are sending the email in the correct language.
-
to determine which email messages sent to you were opened /clicked through to the Emporium Events Ltd website. We use this information to measure the relevancy of our content
-
to optimise your email experience.
-
to understand how you use and interact with our products and services.
By setting your email client to display emails as text only, you will be able to prevent the use of clear gif simple web beacons. Please consult the "Help" section of your email client for more information. If you would rather not receive interest-based content provided by us, or to remove yourself completely from our email marketing campaigns, please contact us using the details set out in Section 1 above.
5. How do we use your personal data?
Introduction
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
-
to allow you to register an account with us
-
to perform a contract we are about to enter into or have entered into with you, for example, when you want to buy something from us.
-
if it is necessary for our legitimate interests in conducting or managing our business (or the legitimate interests of a third party) and these are not overridden by your own rights and interests
-
where we need to comply with a legal or regulatory obligation.
Lawful processing
In order to process personal data, we must have a lawful reason (sometimes called a lawful basis). We always ensure that this is the case, and we set out our lawful bases below – but please note that more than one may apply at any given time: for example, if we inform you of changes to our privacy policy, we may process your personal data on the ground of complying with law and on the ground of legitimate interests.
We will use your personal data only for the purposes for which we collected it, unless we fairly consider that we need it for another reason that is compatible with the original purpose.
Please contact us if you would like more information on this, and on situations in which more than one lawful basis applies.
Contractual Necessity
If you are our customer or applying for a job, we will process your personal data for the following purposes, on the legal basis that it is necessary for us to provide our products and services to you:
-
to enable us to carry out our services
-
to identify you
-
to respond to your inquiries
-
to allow you to register and maintain an account or set up a wish list
-
to the extent necessary to provide you with information you have requested in relation to our products and services before you decide to purchase them
-
to provide our products and services, including enabling them to be delivered to you and contacting you about your order (for example, regarding stock or availability)
-
to carry out billing and administration activities, including refunds and credits
Of course, you are not obliged to provide us with any of this information, but if you chose not to, we may be unable to provide the product or service that you have requested.
Legitimate Interests
We process your personal information for our legitimate business purposes, which include the following:
-
to conduct and manage our business
-
to identify suspicious purchasing activity (for example, where a card has been used for high-volume and/or high-value purchases or where cardholder and delivery addresses differ) – however, we do not make automated decisions on the basis of such profiling
-
to prevent and detect fraud and other crime
-
to ensure our website and systems are secure (for example, by conducting security penetration tests on our website to ensure our security tools are effective)
-
to personalise your web experience – for example, by tailoring our products and offers to you
-
understanding our customers’ behaviour, activities, preferences and needs
-
to allow you to review a product you have purchased
-
to contact you for market research purposes
-
to analyse, improve and update our services for the benefit of our customers
-
to resolve issues with, develop, test and improve our website, (for example, we may record your browser's session ID and allow you to combine this with online feedback you leave us to help us resolve any problems you're having.)
-
to deal with complaints, queries and disputes
-
where you have made a purchase from us, to let you know about our products, services, promotions or events that we consider may be of interest to you (see section 'How might you personalise my experience with Emporium Events Ltd' below). We do this only where you have provided us with a preferred means of contact for this purpose. We carry out this processing on the legal basis that we have a legitimate interest in marketing our products and services, and only to the extent that we are permitted to do so by applicable direct marketing laws. You can opt out of receiving this marketing by unsubscribing from our emails, or by contacting us as set out in Section 1 above.
-
if you apply for a job with us, to evaluate your job application and take any next steps, and to evaluate your suitability for roles where you have asked to be considered for future opportunities.
Whenever we process your personal data for these purposes, we ensure that your interests, rights and freedoms are carefully considered.
Compliance with laws
We may process your personal data in order to comply with applicable laws (for example, if we are required to co-operate with an investigation pursuant to a court order).
Consent
If you have never purchased from us or have not purchased from us for a long time, but have given us your explicit consent to hear from us about our products, services, promotions or events that we consider may be of interest to you, we will contact you by post or email (according to the contact preference you have provided). You have the right to withdraw consent to marketing at any time by contacting us as set out in Section 1 above.
6. Do we share your personal data?
We may provide your personal data to the following recipients for the purposes set out in this policy:
​
-
our service providers, including
-
- logistics providers, such as those who deliver our orders
-
- e-mail and mail service providers
-
- technical and support partners, such as the companies who host our website and who provide technical support and back-up services
-
- recruitment service providers
-
- third party data services, who help us to segment and understand our audience by providing additional information so that we can send the most relevant and targeted communications possible.
-
- third party advertisers (such as Facebook or Google) to help us identify customers similar to our audience or to provide relevant adverts to you on third party websites. The information shared with these advertisers is pseudonymised to protect your personal data.
-
-
merger or acquisition partners, to the extent that sharing your personal data is necessary
-
law enforcement agencies, government or public agencies or officials, regulators, and any other person or entity that has the appropriate legal authority where we are legally required or permitted to do so, to respond to claims, or to protect our rights, interests, privacy, property or safety
-
any other parties, where we have your specific consent to do so.
7. How might Emporium Events Ltd personalise your experience?
To help us form a better, overall understanding of you as a visitor and/or customer, we may combine the personal data gathered during your online browsing and shopping experience with us (for example, via cookies which track the pages you viewed on our website – see our Cookie Policy for more information) and your in-store purchases. This also allows us to bring you offers and promotions that are most relevant to your interests.
8. How long will your personal data be kept for?
Emporium Events Ltd takes every reasonable step to ensure that your personal data is retained for no longer than is necessary for the purposes set out in this Privacy policy, or as required by law. For example, UK tax law currently specifies a six-year period for retention of some of your personal data. The factors for determining the retention period for your Personal Data may include:
-
Why we collected the data in the first place;
-
How old the data is;
-
Whether there is a legal/regulatory reason for us to keep the data;
-
Whether we need the data to protect you or us.
9. Do we transfer personal data outside the United Kingdom (“UK”)?
We may transfer, store or process the data we collect from you to a destination outside of the UK for the purposes described in this notice, or the data may be accessed by our employees or by our suppliers who are based outside of the United Kingdom. We may do this for example, to fulfil an order you have placed or to provide support services as described in Section 5. We take all reasonable steps to protect your data and ensure it is processed in accordance with this notice. When you submit your personal data to us, you agree to this transfer, storage and processing.
The UK ceased to be a member of the EEA on 31 December 2020. After this date, transfers from the UK to the EEA are permitted under UK data protection law as the UK government deems EEA countries deemed to provide an adequate level of protection for personal data. Transfers from the UK to countries outside of the EEA (such as the USA) are subject to appropriate safeguards to ensure that the personal data transferred reaches the standards required under UK data protection law. This includes:
-
Standard Contractual Clauses specified by the UK government or adopted by the European Commission; approved by the UK Information Commissioner’s Office or an EU data protection authority which are binding on the service provider.
Where we are required by law enforcement agencies, government agencies or government officials or regulators, we will ensure that we comply with the conditions required by UK data protection law for making such transfers. Please contact us using the details in Section 1 above if you would like further information.
10. How do we keep your personal data secure?
​
Emporium Events Ltd has security measures in place designed to prevent data loss, to preserve data integrity, and to regulate access to the data. Only authorised Emporium Events Ltd employees and third parties processing data on our behalf have access to your personal data.
All Emporium Events Ltd employees who have access to your personal data are required to adhere to the Emporium Events Ltd Privacy policy and we have in place contractual safeguards with our third-party data processors to ensure that your personal data is processed only as instructed by Emporium Events Ltd.
The security measures we have in place include:
-
regular reviews of information collection, storage and processing practices to protect against unauthorised access
-
restriction of access to personal information
-
monitoring of systems storing and processing information
-
use of secure technologies (e.g. SSL, encryption)
-
scenario planning and crisis-management exercises to ensure we are ready to respond to cyber security attacks and data security incidents.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
We take all reasonable steps to keep your data safe and secure and to ensure the data is accessed only by those who have a legitimate interest to do so. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us. Any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Please contact us using the details in section 1 of this policy if you would like more information about this.
11. What about children's privacy?
We do not knowingly collect personal information from children under the age of 13 or equivalent minimum age depending on jurisdiction. If we become aware that we have inadvertently received such personal information from a child under the age of 13 or equivalent minimum age depending on jurisdiction, we will delete such information from our records.
If you believe that a child under your care has submitted personal information to us, please contact us at emporiumeventsltdrtw@gmail.com so that we can delete it.
12. What are your information rights?
We draw your attention to your following rights under data protection law:
-
right to be informed about the collection and use of your personal data
-
right of access to your personal data, and the right to request a copy of the information that we hold about you and supplementary details about that information – you will be asked to provide proof of your identity and residential address, and we may ask you to provide further details to assist us in the provision of such information
-
right to have inaccurate personal data that we process about you rectified – we want to ensure that the personal information that we process and retain about you is accurate, so please do remember to tell us about any changes, for example if you have moved house or changed your contact details. It is your responsibility to ensure you submit true, accurate, and complete information to us; please also update us in the event this information changes
-
right of erasure – in certain circumstances you have the right to have personal data that we process about you blocked, erased or destroyed
-
the right to object to, or restrict:
-
- processing of personal data concerning you for direct marketing
-
- decisions being taken by automated means which produce legal effects concerning you or that similarly significantly affect you
-
- in certain other situations, to our continued processing of your personal data
-
-
the right of portability of your data in certain circumstances
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Please contact us using the details in section 1 of this policy if you would like to exercise any of these rights or know more about them.
These rights are subject to certain limitations that exist in law. Further information about your information rights is available on the ICO’s website: https://ico.org.uk/.
13. Cookies
Our website uses cookies. For more information on which cookies we use and how we use them, please see our cookies policy.
14. Changes to this privacy policy
We may change this policy from time to time. You should check this policy on our website occasionally, in order to ensure you are aware of the most recent version.
15. What should you do if you have a complaint?
We hope that you will be satisfied with the way in which we approach and use your personal data.
Should you find it necessary, you have a right to raise a concern with the information regulator, the Information Commissioner’s Office: https://ico.org.uk/.
However, we do hope that if you have a complaint about the way we handle your personal data, you will contact us in the first instance using the contact details in section 1 above, so that we have an opportunity to resolve it.
Last Updated: 20/06/2023