SECTION 1 – GENERAL
A & G Cairncross Ltd, trading as “Cairncross of Perth”, a private limited company registered in Scotland with company number SC055460 and registered office at 10 Abbey Park Place, Dunfermline, Fife, KY12 7NZ. References to “we”, “us” and “our” are references to A & G Cairncross Ltd.
SECTION 2 – PERSONAL INFORMATION WE COLLECT
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, last name.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
all referred to in this Policy as “Personal Information”.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
SECTION 3 – IF YOU FAIL TO PROVIDE PERSONAL INFORMATION
Where we need to collect Personal Information by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
SECTION 4 – HOW IS YOUR PERSONAL INFORMATION COLLECTED?
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes Personal Information you provide when you:
- make an order for our products;
- request marketing to be sent to you;
- make an in-shop purchase of products; or
- give us feedback or contact us.
- Third parties or publicly available sources. We will receive Personal Information about you from various third parties including analytics providers such as Shopify and Google analytics.
- Device Information by using the following technologies:
- "Cookies" are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- "Log files" track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- "Web beacons", "tags", and "pixels" are electronic files used to record information about how you browse the Site.
In addition, we use CCTV at our shop premises and your image may be captured and save for safety and security reasons when you visit our shop.
SECTION 5 – HOW DO WE USE YOUR PERSONAL INFORMATION?
We use the Identity, Contact and Financial Data that we collect generally to fulfil any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Personal Information to:
- Communicate with you;
- Screen our orders for potential risk or fraud; and
- When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimise our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
We will only use your Personal Information when the law allows us to. Most commonly, we will use your Personal Information in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
SECTION 6 – SHARING YOUR PERSONAL INFORMATION
We may share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store--you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
We also use Google Analytics to help us understand how our customers use the Site -you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
SECTION 7 – INTERNATIONAL TRANSFERS
We may transfer your Personal Information outside of the European Economic Area (“EEA”), in particular if you purchase something from us using Shopify.
Whenever we transfer your Personal Information out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your Personal Information to countries that have been deemed to provide an adequate level of protection for Personal Information by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Information the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to Personal Information shared between Europe and the US.
Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Information out of the EEA.
SECTION 8 – DATA SECURITY
We have put in place appropriate security measures to prevent your Personal Information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
SECTION 9 – HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION FOR?
We will only retain your Personal Information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
SECTION 10 – WHAT RIGHTS DO YOU HAVE?
Under certain circumstances, you have rights under data protection laws in relation to your Personal Information: request access; request correction; request erasure; object to processing; request restriction of processing; request transfer; and right to withdraw consent.
If you wish to exercise any of your rights please contact firstname.lastname@example.org. You will not have to pay a fee to access your Personal Information (or to exercise any of the other rights).
However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
You also have the right to make a complaint at any time to the Information Commissioner's Office, the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.