By making a purchase, registering an account with Norris Green Design, using our website, entering a Norris Green Design competition, or providing your details to us over the phone, then you acknowledge that your personal data may be used according to the practices set out in this policy.
Our Privacy Promise
In order to provide you with our services, sometimes we might need to collect some personal data from you. We take your privacy seriously and we will treat your personal information with care and respect.
Norris Green Design promises to be transparent with you about how we collect, process, store and share your personal data:
- You’re in control: your privacy will be respected at all times and we will put you in control with easy-to-use tools and clear choices
- We operate securely: we are committed to maintaining the safety and security of all personal data from the point of collection to its deletion from our company, using appropriate security measures and controls
- When we do process your personal data, we will do so to make your experience with Norris Green Design better and to improve our products and services
- We may also need to share your information with third parties who help us to provide our services, such as our couriers so they can deliver your items to you. We will make sure that all third parties we are engaged with treat your personal data with as much respect as we do.
How do we collect your personal data?
This section explains how and when we collect your personal data.
Data you give to us:
When you register an account on our website;
When you sign up for our newsletter and other marketing;
When you enter our competitions,
When you talk with us on the phone,
When you make an online enquiry,
If you send emails or letters to us.
Data we collect when you use our services:
Transactional details when you order something from us;
Cookies gathered from the devices you use to connect to our website or social media platforms
Data from 3rd parties we work with:
Our social media platforms;
Google Ads, Google Analytics;
What personal data do we collect from you?
We have to collect some information from you so that we can provide you with our services, for example when you order items from us. We do our best to make sure that we do not collect excessive information from you and limit it to only what is necessary for us to provide the service you require.
We do not collect any special category personal data from any of our customers. This includes information about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Data we collect about you
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity data – name and title
- Contact data – address, postcode, email address or telephone numbers;
- Transaction data – details of products/services you have purchased from us, including date and time of purchase and spend in relation to that purchase;
- Technical data – internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website;
- Profile data – purchases or orders made by you, your interests, preferences, feedback and survey responses and preferences about the use of our services (including whether you are interested in certain services that we offer);
- Usage data – information about how you use our website, products and services; and
- Marketing and communications data – your preferences in receiving marketing from us and our third parties and your communication preferences.
How we use your personal data
We use your information:
- to process your orders and manage your account
- to communicate with you about our products and promotions;
- to monitor purchase history, site use and traffic patterns to improve our site design and products.
- to allow you to participate in interactive features of our site.
- to personalise your repeat visits to our site
- to contact you about leaving a review once your order has been completed
- to verify your identity;
- to enable third parties to carry out technical, logistical or other functions on our behalf.
- to prevent and detect fraud or abuses of our site.
- where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).
Who we share your data with – Marketing
We use MailChimp to help manage our marketing database and send out information to you, so your data, including your name, email address and phone number will be stored within the MailChimp system.
MailChimp may process some of your personal data outside of the EEA and we have ensured that there are appropriate safeguards in place for doing so. MailChimp is Privacy Shield certified and also use Standard Contractual Clauses to ensure the security of processing outside of the EEA.
We will share your name, address, email address and phone number with our couriers so that they can deliver your items to you and contact you with delivery updates. We use different couriers depending on the size of the item you have ordered, how quickly you have requested your delivery, and where you live, but we will always tell you who will be delivering your order.
We use third-party payment providers, Stripe and PayPal to securely process our transactions, so information relating to your transactions, including your card details, will be shared with these providers.
Stripe and PayPal may all process your personal data outside of the EEA.
How long we keep your data
We work hard to ensure that we do not keep your personal data for longer than is necessary to fulfil the purpose for which it was collected. Generally, we will not keep your personal details for longer than 6 years as this is the statutory retention period for HMRC records.
How we look after your data
We will protect the data you entrust to us with appropriate measures and controls, as well as ensuring that the companies we work with are just as careful with your data.
We will always use appropriate technical and organisational measures to prevent the loss, misuse, destruction or alteration of your personal data.
We will continually test, audit and monitor our compliance with Information Security standards and relevant Data Protection regulations.
We ensure that the third parties we work with who process your personal data operate under a Data Sharing Agreement.
You have the following rights with regards to your personal data:
The right to be informed – this privacy notice explains to you how your personal data is processed by us.
The right to access – you can request that we provide you with all of the personal data that we hold about you. We will provide this to you free of charge within one month of your request.
The right to rectification – we like to make sure that the information we have about you is correct. You can manage your personal details within your Norris Green Design account to ensure that they are up to date, or you can contact us to let us know if we have any incorrect information about you by emailing firstname.lastname@example.org.
The right to erasure – you have the right to have your data ‘erased’ in the following situations:
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected or processed;
- When you withdraw consent;
- When you object to the processing and there is no overriding legitimate interest for continuing the processing;
- When the personal data was unlawfully processed;
- When the personal data has to be erased in order to comply with a legal obligation.
The right to restrict processing – You have the right to restrict processing in certain situations such as:
- where you contest the accuracy of your personal data, we will restrict the processing until you have verified the accuracy of your personal data;
- where you have objected to processing and we are considering whether our legitimate grounds override your legitimate grounds;
- when processing is unlawful and you oppose erasure and request restriction instead;
- where we no longer need the personal data but you require the data to establish, exercise or defend a legal claim.
The right to object – You have the right to object to the processing of your personal data in the following circumstances:
- Direct marketing – remember you can opt out at any time from our marketing communications using the preference centre in your Norris Green Design account, by using the ‘unsubscribe’ function in our marketing emails or by contacting us at email@example.com
- Where the processing is based on legitimate interests; and
- Processing for purposes of scientific/historical research and statistics.
You also have the right not to be subject to a decision that is based solely on automated processing. Norris Green Design does not conduct any automated decision making, including profiling, on our customers.
How to contact us
If you feel that we have not processed your data according to the law, please let us know using the contact details in the ‘Contact us’ section so we can try to fix the problem.