Privacy Policy
- Who we are and how you can contact us
“Squats Not Sweeties” (referred to in this policy as “we”, “us” or “our”) is a trading name of:
T H Knightall Limited
Rosehill House,
Tedgeness Road,
Grindleford,
Hope Valley,
Derbyshire,
S32 2HX
Registered Company Number: 01655011
ICO Registration Number: 00010921957
If you have any questions or feedback about the way your data is handled, please contact us at the above address and we would be happy to help.
- Where we collect your personal data:
We collect personal data about you in the following ways:
- When you use our website;
- When you buy our products or use our services;
- When you interact with us over social media;
- When you talk to us on the phone;
- When you apply to work for;
- When you send emails or letters to us;
- When you take part in our competitions or promotions;
- When you sign up to our marketing communications;
- When you give us feedback;
- From third parties or publically available sources (for example Companies House in relation to corporate customers).
- Data we collect about you
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity data– name, title, date of birth,
- Contact data– location, full address, postcode, email address or telephone numbers.
- Transaction data– details of any products or services you have purchased from us, including date and time of purchase and spend in relation to that transaction.
- Technical data– internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our online channels/ platforms.
- Profile data– purchases or orders made by you, your interests, preferences, feedback and survey responses, preferences about the use of products or services.
- Usage data– information about how you use our website and services.
- Marketing and communications data– your preferences in receiving marketing from us and your communication preferences. We will also track when messages are opened and viewed.
- CV Data – previous employment history, education, awards and references.
- How we use your personal data
We are only allowed to use personal data about you if we have a legal basis to do so, and we are required to tell you what that legal basis is. We have set out in the table below: the personal data which we collect from you, how we use it, and the legal ground on which we rely when we use the personal data.
In some circumstances we can use your personal data if it is in our legitimate interest to do so, provided that we have told you what that legitimate interest is. A legitimate interest is when we have a business or commercial reason to use your information which, when balanced against your rights, is justifiable. If we are relying on our legitimate interests, we have set that out in the table below.
What we use your personal data for: | What personal data we collect: | Our legal grounds for processing: | Our legitimate interests (if applicable) |
To register you as a new or prospective customer. | · Identity
· Contact |
· Performance of a contract with you
· Legitimate Interest |
To develop and grow our business. |
To process and deliver our services to you. | · Identity
· Contact · Transaction |
· Performance of a contract with you | |
To manage sales and financial transactions with us. | · Identity
· Contact · Transaction |
· Performance of a contract with you
· Legal obligation |
|
To manage our relationship with you, including notifying you about changes to our terms or privacy notices | · Identity
· Contact · Transaction |
· Performance of a contract with you
· Necessary to comply with a legal obligation · Legitimate interests |
To keep our records up to date |
To enable you to partake in a marketing, competitions or to complete a survey | · Identity
· Contact · Transaction |
· Performance of a contract with you
· Legitimate interests · Consent |
To understand our customers to provide enhanced products and website service functionality. |
To administer and protect our business and our website | · Transaction
· Technical · Usage |
· Legitimate interests | Running our business, provision of administration and IT services, network security |
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you. | · Identity
· Contact · Marketing and communications · Usage · Profile |
· Legitimate interests | To study how customers use our services, to develop them, to grow our business and to inform our marketing strategy |
To use data analytics to improve our website, services, marketing, supporter and client relationships and experiences | · Technical
· Usage · Profile |
· Legitimate interests | To define types of customers and contacts for our products, to keep our website updated and relevant, to develop our business and to inform our marketing strategy |
- Who we share your personal data with
In order to provide you with our products and services and meet our legal obligations, we only share your data with third parties, in the following circumstances:
- To fulfil the services, we have been engaged to perform;
- To verify your identity;
- To authorise debit/credit card payments and any other transactions authorised by you;
- To manage and maintain the accuracy of your records;
- To answer your questions and improve customer service;
- To administer marketing on behalf of Squats Not Sweeties; and
- To meet legal obligations, for example, for the purposes of national security, taxation and criminal investigations.
We’ll never make your personal data available to anyone outside Squats Not Sweeties for them to use for their own marketing purposes without your prior consent.
- Third party links
Our website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice or policy of every website you visit.
- Transferring your personal data outside the EEA
The EEA is the European Economic Area, which consists of the EU Members States, Iceland, Liechtenstein and Norway. If we transfer your personal data outside the EEA we have to tell you.
Limited personal information that we collect from you may be transferred to and processed in a destination outside of the EEA. In these circumstances, your personal information will only be transferred on one of the following bases:
- The country that we send the data is approved by the European Commission as providing an adequate level of protection for personal information; or
- The recipient has agreed with us standard contractual clauses (SCC’s) approved by the European Commission, obliging the recipient to safeguard the personal information; or
- There exists another situation where the transfer is permitted under applicable data protection legislation (for example, where a third party recipient of personal data in the United States has registered for the EU-US Privacy Shield).
Limited situations where your personal data may be transferred outside the EEA are as follows:
Purpose of Processing | Nature of the Data | 3rd Party | Location | Appropriate and Suitable Safeguard |
Analytics for Website |
· Technical data · Usage data |
Google Inc | USA | EU-US Privacy Shield |
Marketing Email Service Provider |
· Identity data · Contact data |
The Rocket Science Group LLC t/a “MailChimp” | USA | EU-US Privacy Shield |
eCommerce Platform | · Identity data
· Contact data · Transaction data |
Automattic Inc t/a “WooCommerce” | USA | EU-US Privacy Shield |
Payment Provider |
· Identity data · Contact data · Transaction Data · Profile Data |
PayPal (Europe) S.à r.l. & Cie, S.C.A. t/a “PayPal” | Worldwide | Binding Corporate Rules |
Payment Provider |
· Identity data · Contact data · Transaction Data · Profile Data |
Stripe Inc t/a “Stripe” | USA | EU-US Privacy Shield |
To find out more about how your personal data is protected when it is transferred outside the EEA, please contact us using the details above. Before sharing any information with a third party, we will ensure that there is an appropriate data sharing agreement or data processing agreement in place requiring that the third party protects personal data according to GDPR.
- Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (including the ICO) of a breach where we are legally required to do so.
- How long do we keep your personal data?
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected. When assessing what retention period is appropriate for your personal data, we take into consideration:
- The requirements of our business and the services provided;
- Any statutory or legal obligations;
- The purposes for which we originally collected the personal data;
- The lawful grounds on which we based our processing;
- The types of personal data we have collected;
- The amount and categories of your personal data; and
- Whether the purpose of the processing could reasonably be fulfilled by other means.
In most cases we will retain your data for a period of 6 years following your last transaction. After such time, we will securely delete or destroy your personal data.
- Marketing
We may use your personal data to tell you about relevant products and services.
We can only use your personal data to send you marketing messages if we have either your consent or a legitimate interest to do so.
You can ask us to stop sending you marketing messages at any time – you just need to contact us via our details set out above in section 1, or use the opt-out links on any marketing message sent to you.
Where you opt out of receiving marketing messages, this will not apply to personal data provided to us as a result of purchasing our services or any other transaction between you and us.
- Your rights
You have certain rights which are set out in the law relating to your personal data. The most important rights are set out below.
Access to a copy of the information we hold about you
You can ask us for a copy of the personal data which we hold about you, by writing to us (in Section 1). This is known as a data subject access request.
You will not have to pay a fee to access your personal data, unless we believe that your request is clearly unfounded, repetitive or excessive. In such circumstances we can charge a reasonable fee or refuse to comply with your request.
We will try to respond to all legitimate requests within one month.
Telling us if information we hold is incorrect
You have the right to question any information we hold about you that you think is wrong or incomplete. Please contact the Data Protection Officer if you want to do this and we will take reasonable steps to check its accuracy and, if necessary, correct it.
Telling us if you want us to stop using your personal data
You have the right to:
- Object to our use of your personal data (known as the right to object); or
- Ask us to delete the personal data (known as the right to erasure); or
- Request the restriction of processing.
There may be legal reasons why we need to keep or use your data, which we will tell you if you exercise one of the above rights.
Withdrawing consent
You can withdraw your consent to us using your personal data at any time. Please contact the Data Protection Officer if you want to withdraw your consent. If you withdraw your consent, we may not be able to provide you with our services.
Request a transfer of data
You may ask us to transfer your personal data to a third party. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Making a complaint
Please let us know if you are unhappy with how we have used your personal data by contacting us directly (details can be found in section 1).
You also have a right to complain to the Information Commissioner’s Office. You can find their contact details at www.ico.org.uk. We would be grateful for the chance to deal with your concerns before you approach the ICO so please do contact us in the first instance.