We collect your personal information so that we can successfully deliver your timpani sticks to you.
Other
information which you provide about your timpani stick choice,
specifications, etc. is used for the purpose of maintaining records
about your purchases in order to give you exceptional
service in the future.
The lawful basis for collecting your information is our contract with you when you place an order.
We take great care with your personal
information and do not sell it or share it with any other person,
company or organisation unless required to do so for legal reasons.
Our website is protected by a secure SSL Certificate for your confidence in submitting information.
Any
card details you input on our web site are not seen or held by us. They
are transmitted directly to Worldpay through a secure SSL connection.
We are fully compliant with PCI DSS card industry
standards.
David
Morbey Timpani & Percussion is registered with the UK Data
Protection Registrar in accordance with the provisions of the UK Data
Protection Act 2018.
You have a legal right to see the
information we hold about you, to ask us to correct any errors and to
request the removal of your information.
You can read the full Privacy Policy below.
David Morbey Timpani & Percussion Privacy Policy
This
policy describes how we will use your personal data when you use our
website at www.timpanisticks.com (the “site”) or use or buy our products
and services.
We have provided this policy to ensure that you
understand what personal data we may collect and hold about you, what we
may use it for and how we keep it safe. You have legal rights to access
the personal data that we hold about you and to control how we use it
which are also explained.
Who we are and how you can contact us
We
are David Morbey Timpani & Percussion, also known as David Morbey
Timpani Sticks. Our office address is at 55 Braemar Place, Aberdeen,
AB10 6EQ, Scotland, UK. The Data Controller is David Morbey.
You can contact us in writing at the above address or by emailing david@timpanisticks.com
Personal data we collect about you
We may collect:
Personal
data you provide to us. You may give us information about yourself by
filling in forms on our web site or by corresponding with us by phone,
fax, e-mail, social media or otherwise. This includes information you
provide when you register and use a David Morbey Timpani &
Percussion account, purchase products, participate in forums or other
social media functions, and if you report a problem with the site or our
timpani sticks. The information you provide may include your name,
address, e-mail address, phone numbers, timpani stick preferences and
financial and credit card information.
Personal data we collect when you use our site
We may collect:
Technical
information, including the Internet protocol (IP) address used to
connect your computer or mobile device to the Internet, your login
information, browser type and version, devices used or which connect to
your network from time to time, time zone setting, browser plug-in types
and versions, operating system and platform;
Information about your
visit, including the full Uniform Resource Locators (URL) clickstream
to, through and from the site (including date and time); products you
viewed or searched for; page response times, download errors, length of
visits to certain pages, page interaction information (such as
scrolling, clicks, and mouse-overs), and methods used to browse away
from the page.
Personal data we receive from other sources
We
may work with third parties (including, for example, analytics
providers, search information providers, credit reference agencies) and
may receive information about you from them.
The information that we collect about you as described above falls into two broad categories:
Personally Identifiable Information which is information that can be used to identify you as an individual.
Non-Personally
Identifiable Information which is information that cannot be used to
identify you as an individual. In general, information listed under the
headings “Personal data you provide to us” and “Personal data we receive
from other sources” will be personally identifiable whilst “Personal
data we collect when you use our site” will be Non-Personally
identifiable.
What we use your personal data for
We use your personal data in the following ways:
1. Personal data you provide to us and the personal data we receive from other sources
We will use this information:
to provide you with the information and timpani sticks that you request;
to provide you with excellent service and technical information about your previous timpani sticks when you re-order.
to notify you about changes to our products or to our services or terms;
to manage and administer our business;
2. Personal data we collect when you use our site
We will use this information:
to understand how the site is accessed and used;
to administer the site and for internal operations, including troubleshooting, data analysis and testing;
to improve the site to ensure that content is presented in the most effective manner for users;
as part of our efforts to keep the site safe and secure;
When we need your consent to use your personal data
Whilst
we always want you to be aware of how we are using your personal data,
this does not necessarily mean that we are required to ask for your
consent before we can use it. In the day to day running of our business
we may use your personal data without asking for your consent because:
we are entering into and carrying out our obligations under a contract with you;
we
need to use your personal data for our own legitimate purposes (such as
the administration and management of our business and the improvement
of our timpani sticks) and our doing so will not interfere with your
privacy rights.
Personal data you are legally obliged to provide
You
are not under a legal obligation to provide us with any of your
personal data but please note that if you elect not to provide us with
your personal data we may be unable to provide our timpani sticks to
you.
We would appreciate you keeping us informed about your current contact details so that our records are up to date.
Your rights to know what personal data we hold and to control how we use it
You
have a legal right to know what personal data we hold about you - this
is called the right of subject access. You can exercise this right by
sending us a written request at any time. Please mark your
correspondence “Subject Access Request” and send it to us by post or
email using the details in the “Who we are and how you can contact us”
section.
You also have rights to:
prevent your personal data
being used for marketing purposes (see “How we use your personal data
for marketing” for further details);
have inaccurate personal data corrected, blocked or erased;
object
to decisions being made about you by automated means or to your
personal data being used for profiling purposes (see “Automated decision
making and profiling”);
object to our using your personal data in ways that are likely to cause you damage or distress;
restrict our use of your personal data;
require that we delete your personal data;
require
that we provide you, or anyone that you nominate, with a copy of any
personal data you have given us in a structured electronic form such as a
CSV file.
You will not have to pay a fee to access your personal
data (or to exercise any of the other rights). However, we may charge a
reasonable admin fee if your request is clearly unfounded, repetitive
or excessive. Alternatively, we may refuse to comply with your request
in these circumstances.
We may need to request specific information
from you to help us confirm your identity and ensure your right to
access your personal data (or to exercise any of your other rights).
This is a security measure to ensure that personal data is not disclosed
to any person who has no right to receive it. We may also contact you
to ask you for further information in relation to your request to speed
up our response.
We will try to respond to all legitimate
requests within one month. Occasionally it may take us longer than a
month if your request is particularly complex or you have made a number
of requests. In this case, we will notify you and keep you updated.
You
can find full details of your personal data rights and the
circumstances in which you are able to exercise them on the Information
Commissioner’s Office website at www.ico.org.uk.
Automated decision making and profiling
We do not make use of automated decision making or profiling.
When we will share your personal data with others
We
do not share your data with any other companies or third parties or
individuals except exceptionally with third parties on a one-off basis,
for example:
If David Morbey Timpani & Percussion or
substantially all of its assets are acquired by a third party, in which
case personal data held by us about our customers will be one of the
transferred assets;
if we are under a duty to disclose or share your
personal data in order to comply with any legal obligation or in order
to enforce or apply our terms and conditions and other agreements
entered into with you or to protect the rights, property, or safety of
David Morbey Timpani & Percussion, our customers or others. This
includes exchanging information with other companies and organisations
for the purposes of fraud protection and credit risk reduction.
When
we share your information with a third party it will be for a specific
purpose which has been expressly agreed between us and the third party.
We do not permit third parties to use your information for any purpose
other than the purpose specifically agreed between us and them.
How we keep your personal data safe
We take every care to ensure that your personal data is kept secure. The security measures we take include:
Our primary electronic database is not connected to the internet;
Storing your personal data on our secure servers;
Using
specialist third party payment providers to process payments made
through our site (see the section on “Making payments through our
site”);
Keeping paper records stored in our locked offices;
Maintaining up to date firewalls and anti-virus software to minimise the risk of unauthorised access to our systems;
Please
remember that if you have registered an account you are responsible for
keeping your passwords secure. If you have chosen a password which
enables you to access certain parts of our website (or log in to your
account), you are responsible for keeping this password confidential.
Please do not to share your passwords with anyone.
Unfortunately,
sending information via the internet is not completely secure, but we
use an SSL secure connection with a trusted security certificate for the
whole site to minimize your risk. Although we will do our best to
protect your personal data, we cannot guarantee the security of personal
data sent to our website; you send us personal data at your own risk.
Once we have received your personal data, we will use procedures and
security features to try to prevent unauthorised access.
Making payments through our site
All
our payments are made through third party payment processors over a
secure connection. Only the payment processors store your full payment
card number or account information. During the order process you will be
directed on to pages hosted by our payment processor. Such pages will
have the trademark of the payment processor displayed (Currently
“Worldpay”).
How we use your personal data for marketing
We do not share your personal data with third parties for marketing purposes.
We do not send out direct marketing.
Accessing and managing your data and preferences through your account
You
can view and update your personal data through your account and we
encourage you to take the time to log in to your account periodically
for this purpose. If you have any questions about how to manage your
data and settings through your account please contact us using the
details set out in the “who we are and how to contact us” section of
this policy.
When we will send your personal data to other countries
Your
personal data may be transferred to, and stored at, a destination
outside the European Economic Area ("EEA") by us or by our
sub-contractors. Where we, or our sub-contractors, use IT systems or
software that is provided by non-UK companies, your personal data may be
stored on the servers of these non-UK companies outside the EEA. We
will take all steps reasonably necessary to ensure that your data is
treated securely and in accordance with this privacy policy.
How long we keep your personal data
Many
of our customers re-order timpani sticks many years after the original
date of making and find it useful that we maintain records of their
previous purchases and timpani stick specifications. We therefore keep
your personal data indefinitely to ensure this service is available for
your future requests. If you do not wish your personal data to be
stored indefinitely, then please let us know at the time of ordering
your timpani sticks or contact us using the details set out in the “who
we are and how to contact us” section of this policy. In this case your
personal data will be deleted from our records after a period of six
years from the date of your last order or the closure of your web based
account (whichever is later) except when we still need the data to
continue to provide you with services you have requested from us, comply
with our legal obligations, resolve disputes or enforce agreements.
Please
note that we may anonymise your personal data or use it for statistical
purposes. We keep anonymised and statistical data indefinitely but we
take care to ensure that such data can no longer identify or be
connected to any individual.
Cookies
Our web site
uses cookies to distinguish you from other users of the site and may use
web beacons to assess which pages you access when browsing the site.
This helps us to provide you with a good experience when you browse the
site and also allows us to improve the site. We also allow selected
third parties to use cookies and web beacons on the site for analytical
purposes only.
Links to third party sites
Our web
site may, from time to time, contain links to and from websites we
consider may be of interest to you. If you follow a link to any of these
websites, please note that these websites have their own privacy
policies and that we do not accept any responsibility or liability for
these policies. Please check these policies before you submit any
personal data to these websites.
How you can make a complaint
If
you are unhappy with the way we have used your personal data please
contact us to discuss this using the contact details set out in the “Who
we are and how to contact us” section of this policy.
You are
also entitled to make a complaint to the Information Commissioner’s
Office which you can do by visiting www.ico.org.uk. Whilst you are not
required to do so, we encourage you to contact us directly to discuss
any concerns that you may have and to allow us an opportunity to address
these before you contact the Information Commissioner’s Office.
How we keep this policy up to date
We
will review and update this policy from time to time. This may be to
reflect a change in the products we offer or to our internal procedures
or it may be to reflect a change in the law.
The easiest way to check for updates is by looking for the latest version of this policy on our web site.
Each
time we update our policy we will update the policy version number
shown at the end of the policy and the date on which that version of the
policy came into force.
This is policy version 2018-05, which came into effect on 25 May 2018.