Important notice - This privacy policy Updated May 24th 2018
In brief
The full privacy policy
Personal Data we may collect and why
Cookies
Third party cookies
How we use your personal data
Legal grounds for processing
Consent
Who we share your personal data with
How long we keep your personal data for
Your rights
Keeping Your Personal Information Safe
Links to other websites
Right to make a complaint
How to contact us
Changes to this Privacy Policy
In brief
To carry out the daily function of our business it may be necessary for us, The Source, to process your basic contact details, payment details and information about you as an individual or the business or organisation you represent on a lawful basesto answer enquiries and provide you with the products and services requested - we will not hold more data than we need. The Source will not sell your data. The Source will not share your data or carry out marketing unless you have given consent except as described in this Privacy Notice - Third party websites will have their own Privacy policy which you should read.
The full privacy policy is set out below.
PLEASE READ THIS POLICY CAREFULLY BEFORE USING THIS WEBSITE
We take your privacy seriously and use your personal data as further explained in this Privacy Policy. We are the "controller" of the personal data you provide to us. Protecting your data, privacy and financial details is very important to The Source (“the Source”, “us” or “we”) and its website thesource.wales (our “Site”) and adhere to the data protection principles' using information fairly, lawfully and transparently.
This policy (together with our Website Terms and Conditions and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand the types of information we collect from you, how we use that information and the circumstances under which we will share it with third parties.
The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government. The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). For the purpose of the General Data Protection Regulation 2016/679 (GDPR), the controller of your data is The Source Unit 1B, Crosby Yard Industrial estate, Lawrence close, Bridgend, CF31 1JZ This Privacy Policy describes how we obtain and use your personal data, why we are allowed to do so by the law, who has access to your personal data and what your rights are. Please review it carefully.
You have the right to object to us processing your personal data for our legitimate business interests or for direct marketing purposes (including any related profiling). For more information about your rights and how you can exercise them, please see the section on Your rights.
Personal Data we may collect and why
Personal data is any information which identifies you personally whether directly (for example, your name) or indirectly (for example, information about your use of our products and services).
We may collect the following data about you:
Contact details: your name, email address, and telephone number so that we can contact you in response to an enquiry you make via our Site or in relation to the products and services that we have from time to time agreed to provide to you;
Correspondence: we collect any additional personal data you may provide to us from time to time if you contact us by email, letter or telephone, through our Site, by submitting a comment on our Site, or by any other means;
Transaction details: we or our third party providers will collect information relating to transactions you carry out through our Site and for the purposes of fulfilling your orders;
Details of visits to the Sites: details of your visits to our Site, including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
Furthermore, The UK Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). For the purpose of the General Data Protection Regulation 2016/679 (GDPR) we follow standard security procedures in the storage and disclosure of information you have given to us to prevent unauthorised access.
Cookies
What are Cookies? A cookie is a small file placed on your device when you visit a website that can be understood by the site that issued the cookie. We collect information about your use of our Site through cookies. Cookies are information that files store on your computer, tablet or smartphone that help websites remember who you are and information about your visit. Cookies can help to display the information on our Site in a way that matches your interests. Most major websites use cookies. Please read the full Cookie policy for further information on cookies.
How we use your personal data
We use your personal data for the following purposes:
To provide you with the products and services you have requested We use your personal data to accept you as a new or returning customer to provide you with the products and services you have requested in accordance with the Trading Terms or Terms of Trading.
To send you service communications, including in relation to changes to our Trading Terms or Terms of Trading We use the contact details you have provided to us so that we can communicate with you about the products and services that we provide, including to let you know about major changes to those products and services or to the Trading Terms orTerms of Trading between us or to any related information.
Direct marketing (including by third parties) If you have provided your consent or we otherwise have the right to do so, we may use your contact details to send you direct marketing and keep you informed of promotional offers by email, SMS, post or telephone relating to our products and services. This will only take place if you have opted in for future information. You can unsubscribe from our direct marketing at any time by clicking the "Unsubscribe" link in any of our emails or by contacting us. Our trusted business partners may also like to use your name, email address, postal address and telephone number to inform you of similar products, services and promotional offers. We will only share your personal data with our partners where you have provided us with your consent to do so. You can unsubscribe at any time by clicking the "Unsubscribe" link in any of their emails or by contacting us.
To track your usage of our website, communications, products and services We use cookies and similar technologies to track your activity on our Site so that we can provide important features and functionality on our Site, monitor its usage, and provide you with a more personalised experienced.
To provide and improve customer support We use your personal data to be able to provide and improve the customer support we provide to you (for example, where you have questions about our products and services).
To maintain our records and improve data accuracy Like any business, we process personal data in the course of maintaining and administering our internal records. This includes processing your personal data to ensure that the information we hold about you is kept up to date and accurate.
To respond to enquiries, complaints and disputes We use the personal data we hold about you to help us respond to any enquiries or complaints you have made, or deal with any dispute which may arise in the course of us providing our products and services to you, in the most effective manner.
To investigate, detect and prevent fraud and comply with our legal obligations In certain circumstances, we use your personal data only to the extent required in order to enable us to comply with our legal obligations, including for fraud detection, investigation and prevention purposes. This may require us to provide your personal data to law enforcement agencies if they request it.
Legal grounds for processing
Data protection law requires us to only process your personal data if we satisfy one or more legal grounds. These are set out in data protection law and we rely on a number of different grounds for the processing we carry out. These are as follows:
Consent
In certain circumstances, we process your personal data after obtaining your consent to do so for the purposes of:
sending you marketing communications about our products and services;
sharing your name, email address, postal address and telephone number with our trusted business partners so that they may market to you about their own similar products and services;
conducting marketing research;
obtaining your credit score so that we can establish the best possible payment terms we are able to offer to you.
Necessary for the performance of a contract and to comply with our legal obligations It is necessary for us to process your basic contact details, payment details and information about you as an individual or the business or organisation you represent or for the performance of the Trading Terms or Terms of Trading between us. In particular, we rely on this legal ground to:
provide you with the products and services;
communicate with you about the products and services that we provide to you, including to let you know about major changes to those products and services or to the Trading Terms or Terms of Trading between us or to any related information;
provide and improve customer support; and
notify you about changes to our service
If you choose not to give some or all of the aforementioned information to us, this may affect our ability to provide our products and services to you. In certain circumstances, we also use your personal data only to the extent required in order to enable us to comply with our legal obligations, including to detect, investigate and prevent fraud.
Necessary for the purposes of our legitimate business interests or those of a third party It is sometimes necessary to collect and use your personal data for the purposes of our legitimate interests as a business,which are to:
provide you with products and services that are as useful and beneficial as possible, including by personalising our contact with you and making sure we tell you about all the offers that are relevant to you;
better understand our customer base so that we can improve our products and services and marketing activities (which could also benefit you);
comply with our contractual obligations to third parties;
develop and improve our Site to enhance the customer experience;
train our staff so that we can provide you with a better customer service;
respond to any enquiries or complaints you have made, or deal with any dispute which may arise in the course of us providing our products and services to you; and
to ensure that content from our Site is presented in the most effective manner for you and for your computer;
ensure effective operational management and internal administration of our business, document retention, compliance with regulatory guidance and exercise or defence of legal claims.Where we think there is a risk that one of your interests or fundamental rights and freedoms may be affected we will not process your personal data unless there is another legal ground for us to do so (either that we have obtained your consent to the processing or it is necessary for us to perform our contract with you or to comply with our legal obligations)
Who we share your personal data with
We may provide your personal data to our suppliers and service providers, who provide certain business services for us and act as "processors" of your personal data on our behalf. In addition, we may disclose your personal data if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to protect the rights, property, or safety, of our business, our customers or others. This includes, in specific cases, exchanging information with other organisations for the purposes of fraud protection.
In some cases, the personal data we collect from you may, for the purposes set out above, be transferred outside the European Economic Area (EEA) and such destinations may not have laws which protect your personal data to the same extent as in the EEA. We are required by data protection law to ensure that where we or our "processors" transfer your personal data outside of the EEA, it is treated securely and is protected against unauthorised access, loss or destruction, unlawful processing and any processing which is inconsistent with the purposes set out in this Privacy Policy.
How long we keep your personal data for
We retain your personal data for no longer than is necessary for the purposes(s) for which it was provided. What this means in practice will vary between different types of data. When determining the relevant retention periods, we take into account factors including:
legal obligation(s) under applicable law to retain data for a certain period of time;
statute of limitations under applicable law;
potential or actual disputes; and
guidelines issued by relevant data protection authorities.
Otherwise, we securely erase your personal data from our systems when it is no longer needed.
Your rights
You have the following rights regarding your personal data:
Rights to be informed You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we are providing you with the information in this Privacy Policy.You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Policy).
Right of access You have the right to obtain access to your personal data (if we are processing it) and certain other information (similar to that provided in this Privacy Policy). This is so you are aware and can check that we are using your personal data in accordance with data protection law. In most cases you will not be charged for complying with a request. You will have a month to comply,. We can refuse or charge for requests that are manifestly unfounded or excessive.
Right to rectification You are entitled to have your personal data corrected if it is inaccurate or incomplete.
Right to erasure This is also known as 'the right to be forgotten' and, in simple terms, enable you to request the deletion or removal of your personal data where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
Right to restrict processing You have the right to 'block' or supress further use of your personal data in certain circumstances. When processing is restricted, we can still store your personal data, but may not use it further.
Right of data portability You have the right to obtain and reuse your personal data in a structured, commonly used and machine-readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.
Right to object to processing You have the right to object to us processing your personal data for our legitimate business interests or for direct marketing purposes (including in each case any related profiling).
Right to withdraw consent to processing If you have given your consent to us to process your personal data for a particular purpose (for example, direct marketing), you have the right to withdraw your consent at any time (although if you do so, it does not mean that any processing of your personal data up to that point is unlawful).
We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for baseless or excessive/repeated requests, or further copies of the same information. Alternatively, we may be entitled to refuse to act on the request.
Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.
Keeping Your Personal Information Safe
We take all reasonable steps to put in place appropriate physical, electronic, and procedural safeguards to protect the integrity and security of personal information about you and to prevent unauthorized or unlawful processing of personal information and the accidental loss, destruction, or damage to personal information. These measures include internal reviews of our data collection, storage and processing practices and security measures (Strong password protection and in certain areas industry standard SSL-encryption to protect data transmissions), as well as physical security measures to guard against unauthorized access to systems where we store data.
We use tried and tested partners such as weebly, Paypal, yahoo, google , microsoft, and their privacy shield certifications . However, data transmissions over the Internet and methods of electronic storage are not 100% secure. Consequently, we cannot guarantee or warrant the security of any information you transmit to us or via third parties and you do so at your own risk.
If we learn of a security systems breach we may attempt to notify you electronically so that you can take appropriate protective steps. We may post a notice on our web site if a security breach occurs. If this happens, you will need a web browser enabling you to view the applicable web sites. In these circumstances, we will also send an email to you at the email address you have provided to us. Under the GDPR you have a legal right to receive notice of a security breach in writing.
Links to other websites
Our website may contain hyperlinks to websites owned and operated by third parties. This Privacy Policy does not apply to those other websites. We encourage you to read the privacy statements on the other websites you visit, as they will govern the use of any personal data you provide when visiting those websites. We do not accept any responsibility or liability for the privacy practices of such third party websites and your use of such websites is at your own risk.
Complaints
If you are unhappy about our use of your information, you can contact us using the details below or in the Contact section. If you would like to exercise your data protection rights or if you are unhappy with how we have handled your personal data, please feel free to contact us by using the details set out on our Site.
Right to make a complaint to the data protection authorities
You have the right to make a complaint to the Information Commissioner's Office (ICO) if you are unhappy with how we have handled your personal data or believe our processing of your personal data does not comply with data protection law. If you're not satisfied with our response to any enquiries or complaint or believe our processing of your personal data does not comply with data protection law, you can make a complaint to the Information Commissioner's Office (ICO) by writing to:
Information Commissioner's Officer, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF;
Calling: 0303 123 1113; or submitting a message through the ICO's website at: ico.org.uk
How to contact us
Questions regarding this privacy policy are welcomed and should be addressed to; FAO Legal - Privacy, The Source Unit 1B, Crosby Yard Industrial estate, Lawrence close, Bridgend, CF31 1JZ Or you can write to us by email at talksource@yahoo.co.uk
Changes to this Privacy Policy
This Privacy Policy was last updated on 24th May 2018. This Privacy Policy may be updated from time to time, so you may want to check it each time you provide personal data to us.