About this Privacy Policy
Our website address is: https://www.shoeaid.co.uk.
This Privacy Policy explains what personal information we hold about you, how we collect it, and how we use and may share information about you. It relates to any personal information we collect from you via:
- our Websites: shoeaid.co.uk and any other ShoeAid website that links to this Privacy Policy
- our Social Pages: social media pages and accounts for Shoe Aid UK (@shoeaiduk) | “Twitter” and shoeaid |”Facebook”
It also relates to any personal information you provide or submit to us by email, phone, SMS, on social media (for example in response to a competition or promotion), in Messenger and other chat bots, in letters and in person.
Who We Are
When you visit our Websites, use our Services, or interact with us via our Social Pages or otherwise submit information to us, (‘us’ and ‘we’) is a ‘data controller’ and gathers and uses certain information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (and will still apply to the United Kingdom even after Brexit) and local applicable laws.
Information We Collect About You
The types of information we collect about you depends on how you interact with us. There are three ways in which we may collect your personal information:
- directly from you;
- from other sources; and
- automatically.
The table set out under the section ‘More about the information we collect and hold’ at the bottom of this policy sets out in detail the information we collect and hold about you by each of these methods. For a summary of each method, click below.
Information We Receive Directly From You
Whenever you interact with us directly, we receive information from you, for example when you:
- contact us, for example by using the contact forms on our Websites, by using Facebook Messenger, or by e-mailing us
- sign-up for an account on shoeaid.co.uk
- submit content to us, for example if you post a selfie and use one of our hashtags on your public social media account.
Information We Collect Automatically
When you access and browse any of our Websites or use our Services, we collect information about your usage and activity on our Websites or Services using certain technologies, such as cookies and web beacons.
Depending on the cookie settings in your browser and the cookie preferences you set when you first access our Websites or Services, our third-party service providers, advertisers, and/or partners may also place view, edit, or set their own cookies.
How We Use Your Personal Information
Generally, the reasons we use your personal information can be categorised as follows:
- to personalise our Services to you
- to maintain and improve our Services and our Websites’ infrastructure
Where we propose to use your personal information for any other uses we will ensure that we notify you first (and if required, obtain your consent).
Whether Information Has to be Provided By You, And If So Why
We’ve outlined in the table below, why each category of personal information we collect from you is required from us to be able to perform the purpose to which it relates and the possible consequences of failing to provide such information. We seek to ensure that our information collection and processing is always proportionate.
We will inform you at the point of collecting information from you, whether you are required to provide the information to us or not. We will notify you of any changes to information we collect from you or to the purposes for which we collect and process it.
How Long Your Personal Information Will Be Kept
We will keep your personal information while you have an account with us or we are providing any Services to you (including any marketing or newsletter services). Thereafter, we will keep your personal information for as long as is necessary:
- to respond to any questions, complaints or claims made by you or on your behalf
- to show that we treated you fairly
- to keep records required by law.
We will not retain your personal information for longer than necessary for the purposes set out in this policy and when it is no longer necessary to retain your personal information, we will delete or anonymise it. Different retention periods apply for different types of personal information. If you require further details, please see below ‘Contact Us’.
Reasons We Can Collect And Use Your Personal Information
This section addresses the legal basis for processing your personal data. Some processing is addressed in multiple sections in the Table set out below because more than one legal basis may apply depending on the circumstances or service and to make it easy for you.
The legal bases on which we rely in each instance where we collect and use your personal data, generally, are:
- to fulfill and enforce our contact with you
- as necessary for our (or others’) legitimate interests, including our interests in providing safe Website/Services, fraud detection, tailoring your experience on our Websites/Services, knowing how customers use our Website/Services and products, keeping our Websites/Services updated and relevant, developing our business and informing our marketing strategy, but only if these are not overridden by your interests, rights or freedoms.
Transfer Of Your Information Out Of The EEA
To deliver the Websites and our Services to you, it is sometimes necessary for us to share your personal information outside the European Economic Area (EEA), eg:
- with your and our service providers located outside the EEA
- if you are based outside the EEA
These transfers are subject to special rules under European and UK data protection law. Prior to permitting such transfers, we carry out assessments to ensure all personal information transferred will be kept secure.
Our standard practice is to use standard data protection model contract clauses that have been approved by the European Commission (as permitted under Article 46(2) of the General Data Protection Regulation) or to only transfer your data to companies that are registered with the Privacy Shield (for transfers to the USA).
Your Rights
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, you have the right to access your personal data and require that we rectify any errors in the data that we hold, or request that we erase your personal data subject to certain limitations. In some circumstances, you can also require that we restrict the way we process your personal data, object to its processing or request a copy of your personal data for the purposes of transmitting elsewhere. Where we have requested and obtained your consent to process particular information, you may withdraw that consent at any time. However if we do not hold all the data we need to administer contracts, orders, competitions or challenges you entered into, we may not be able to provide you with these benefits any longer.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please send your request to us via our Contact Page and:
- let us have enough information to identify you (eg your full name and contact details – including your email address); and
- let us know what right you want to exercise and the information to which your request relates (eg details of the specific information you require and any relevant dates).
Please note that we may ask you to provide proof of identity when considering your request.
Please note it may take up to 14 days for your request to be fulfilled and you may continue to receive our emails or communications from us during this period
Keeping Your Personal Information Secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
Our website uses HTTPS which means that all data transferred from your web browser to our servers is encrypted. Our data servers are located in the United Kingdom. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
For detailed information on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online risks, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
How To Complain
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/make-a-complaint/ or telephone: 0303 123 1113
Changes To This Privacy Notice
This privacy notice was published on 1st August 2019.
We may change this privacy notice from time to time, when we do we will we will post the changes on the Website. Where the changes are significant, we will inform all our registered users by email. Where required by law, will we obtain your consent to make these changes
How To Contact Us
Please contact us if you have any questions about this privacy notice or the information we hold about you.
If you wish to contact us please:
- contact us using the ‘contact page’ on this website