Seasalt Limited ("Seasalt", "we", "us" or "our") is a company incorporated in England and Wales with company number 02259954. Our registered office is Unit 8, Falmouth Business Park, Bickland Water Road, Falmouth TR11 4SZ.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, or that we obtain from other sources will be processed by us when you:
- use our website: www.seasaltcornwall.com;
- use our mobile applications;
- visit our stores;
- use our services;
- purchase products from us; and/or
- use our online portal for distributors.
For the purpose of data protection laws, we are a data controller and we are registered as a data controller with the Information Commissioner's Office under number Z7017081.
In compliance with Article 3 of the EU's General Data Protection Regulation 2016 ("GDPR") we confirm to our customers within Ireland and the rest of the European Union ("EU"), that after 31 December 2021 Seasalt Limited in the United Kingdom ("UK") will continue to act as the controller in relation to your personal data, and our branch in Clonakilty serves as our establishment within the EU for the purposes of compliance. If you have any queries in relation to processing of your personal data, please do not hesitate to contact Lucy, our Data Protection Officer at firstname.lastname@example.org.
1. BASIS FOR PROCESSING PERSONAL DATA
1.1 Sections 1.2 – 1.20 below explain how and why we process your personal data, as well as the legal basis on which we carry out this processing.
1.2 To enter contracts with you: Where you order goods and/or services from us, we will process your personal data to process your order so that we can deliver these goods to you. Our use of personal data in this way includes sharing your personal data with our payment system provider, and delivery companies.
The legal basis on which we process your personal data in this way is the necessity to be able to enter into and perform the contract for the sale of goods you have requested from us. If you do not wish to provide us with your personal data in this way, you will be unable to purchase goods and/or services from us.
1.3 To respond to your queries, refund requests and complaints: Handling the information you have provided to us enables us to respond to you, and process your refund requests or complaints. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you.
The legal basis on which we do this are our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service, and understanding how we can improve our service and products based on your experience.
1.4 To protect our business and your account from fraud and other illegal activities: This includes using your personal data to maintain, update and safeguard your account.
We'll also use your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. We'll do all of this as part of our legitimate interest.
For example, by checking your delivery addresses to identify potentially fraudulent transactions by third parties (eg if someone were to use your bank card).
1.5 To protect our customers, premises, assets and Partners from crime: We operate CCTV systems in our stores which record images for security. We do this on the basis of our legitimate business interests.
1.6 To process payments, refunds and to prevent fraudulent transactions.
We do this on the basis of our legitimate business interests. This also helps to protect our customers from fraud.
If we discover any criminal activity or alleged criminal activity through our use of CCTV, fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts. We aim to protect the individuals we interact with from criminal activities.
1.7 To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Notice, product recall notices, and legally required information relating to your orders. These service messages will not include any promotional content.
1.9 To administer any of our prize draws or competitions which you enter, based on your consent given at the time of entering.
1.10 To comply with the Committee of Advertising Practice’s (CAP) Code in any of our prize draws or competitions , based on your consent given at the time of entering.
We do this on the basis of our legal obligation to comply with the Code. If we want to publish any other information it will be on the basis of your consent as set out in 1.9.
1.11 To resolve issues with, develop, test and improve our website.
We'll do this on the basis of our legitimate business interests.
For example, we'll record your browser's Session ID to help us understand more when you leave us online feedback about any problems you're having.
1.12 To comply with our contractual or legal obligations to share data with law enforcement.
For example, when a court order is submitted to share data with law enforcement agencies or a court of law.
1.13 To send you survey and feedback requests to help improve our services. These messages will not include any promotional content and do not require prior consent when sent by email or text message.
We have a legitimate interest to do so as this helps make our products or services more relevant to you.
Of course, you are free to opt out of receiving these requests from us at any time by phoning Customer Services on 01326 640075.
1.14 For Seasalt Friends members, to decide which information to show you , with the help of computer algorithms.
We do this on the basis of your consent when you become a Seasalt Friends member. If you don't want to continue receiving Seasalt Friends offers, you'll be unable to continue your Seasalt Friends membership.
For example, if you consent through our apps, we may use your shopping preferences to offer you tailored rewards.
1.15 To provide products to others:
Where you have provided personal data about another person (for example, where you order goods as a gift to be delivered to someone else), we need to process such personal data in order to provide these products to the other person or people. This will include sharing their personal data with delivery companies. We need to process their personal data in this way to be able to provide them with the goods you have ordered for them from us
The legal basis on which we process their personal data in these circumstances is our legitimate interest to provide the person you have identified and requested with the products you have ordered
1.16 To make our website better:
We may process your personal data in order to provide you with a more tailored user experience (such as displaying goods we believe you will be interested in, based on your purchase history and browsing habits, or allowing our shopping basket to remember what you have ordered from us). We may also use your personal data to make sure our website is displayed in the most effective way for the device you are using. This processing means that your experience of our site will be more tailored to you, and that the products you see on our site may differ from someone accessing the same site with a different purchase history or browsing habits.
We also use various cookies to help us improve our website (more details are set out in our Cookies Policy), and share your personal data with the third party analytics and search engine providers that assist us in the improvement and optimisation of our website.
We will also process personal data for the purposes of making our website more secure, and to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. The legal basis on which we process personal data in these circumstances is our legitimate interest to provide you with the best customer experience we can, and to ensure that our website is kept secure.
1.17 Automated Processing:
We carry out automated processing in order to tailor your experience of our website. We will automatically collect information about your browsing habits and purchase history in order to promote more relevant products and/or services to you when you visit our site.
This profiling will not have a significant impact on you or produce any legal effects.
The lawful basis on which we carry out this processing is our legitimate interests to provide you with the best customer experience, grow our business and make adverts relevant to you. You can opt-out of this processing by deleting or disabling cookies.
1.18 For marketing purposes:
18.104.22.168 - you have expressly opted in to receive marketing communications from us, we will process your personal data to provide you with marketing communications in line with the preferences you have provided;
22.214.171.124 - you have expressly opted in via our site to receive marketing communications from a third party, we will process your personal data by transferring it to the relevant third party, in each case, the legal basis on which we process your personal data is your consent.
In some limited circumstances, we may contact you about similar products where you have purchased products from us and you have not opted-out of receiving this information.
126.96.36.199 - you have provided us with your name and address, you may receive a catalogue from us through the post. The legal basis on which we process your personal data to do this is our Legitimate Interests. You have the right to object to us processing your personal data in this way. To do this, you can contact us by telephoning our Customer Services team on +44 01326 640075 or by writing to us at Privacy, Seasalt Limited, Unit 8 Falmouth Business Park, Bickland Water Road, Falmouth TR11 4SZ. Our Data Protection Officer can be contacted by email at email@example.com.
You are not under any obligation to provide us with your personal data for marketing purposes, and you can withdraw your consent to your personal data being processed in this way at any time by contacting us (please see section 12) or, where relevant, by following the unsubscribe link in every marketing communication you receive from us. If you do choose to withdraw your consent, this will not mean that our processing of your personal data before you withdrew your consent was unlawful.
1.19 If our business is sold: We will transfer your personal data to a third party:
188.8.131.52 in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets (at all times in accordance with all applicable data protection laws); or
184.108.40.206 if Seasalt or substantially all of its assets are acquired by a third party, in which case personal data held by Seasalt about its customers will be one of the assets transferred to the purchaser.
In each case, the legal basis on which we process your data in these circumstances is our legitimate interest to ensure our business can be continued by a purchaser. If you object to our use of personal data in this way, the relevant seller or buyer of our business may not be able to provide good and/or services to you.
1.20 We occasionally live-monitor calls to our Customer Services team. We do not record calls. You will be reminded that we do this by a message before your call goes through. We do this for training and monitoring reasons. The legal basis on which we process your call in this way is our legitimate interest in improving our Customer Services. If you object to our use of your data in this way, please inform the Customer Services Team member at the start of the call.
2 CATEGORIES OF INFORMATION WE COLLECT FROM YOU
2.1 We will collect and process the following personal data about you.
2.2 Information you give us: This is information about you that you give us when visiting our stores, filling in forms on our website, making a purchase from our website or in store, or by corresponding with us by phone, e-mail or otherwise. It includes information provided when you register to use our website, register for Seasalt Friends, use our services, participate in social media functions on our website (including Live Chat), enter a competition, promotion or survey and when you report a problem with our website. The information you give us may include names, addresses, financial information, email addresses and phone numbers.
2.3 Information we collect about you: With regard to each of your visits to our website we will automatically collect the following information:
2.3.1 technical information, including the Internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, screen resolution, operating system and platform; and
2.3.2 information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.
2.4 Information we receive from other sources: We may receive information about you when you use our site. We are also working closely with third parties (including, for example business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, hosting providers and search information providers) from whom we may also receive information about you.
2.5 We do not process any special categories of personal data, meaning personal data revealing:
2.5.1 racial or ethnic origin;
2.5.2 political opinions; religious or philosophical beliefs or trade union membership;
2.5.3 genetic or biometric data that uniquely identifies you; or
2.5.4 data concerning your health, sex life or sexual orientation.
2.6 We do not collect data relating to criminal convictions or offences or related security measures.
3 CATEGORIES OF RECIPIENTS OF PERSONAL DATA
3.2 Your personal data may be shared by us with categories of recipients that include:
3.2.1 Those third parties with whom you have agreed that we can share your information in order to alert you to offers and promotions of interest to you. You can withdraw your consent by calling Customer Services on 01326 640340.
3.2.2 Business partners, other members of the Seasalt Group, suppliers and sub-contractors for the performance of any contract we enter into with you.
3.2.3 Analytics and search engine providers that assist us in the improvement and optimisation of our website.
We work with Sub2 Technologies Limited ("Sub2"), a company which acts as our data processor in order to maximise website user engagement. We share with Sub2 (or Sub2 accesses directly from your website use) information about you and how you use our website, including any information that you provide to us. This information is then used for the purposes of providing you with marketing which is more relevant to you and your interests.
3.2.4 To improve your customer experience and understand where our customers find us, Seasalt use marketing tools from IBM. For more information on how IBM collect and use data click here.
3.2.5 We use a third-party service provider to serve ads on our behalf across the internet. They may collect anonymous information about your visits to seasaltcornwall.com, and your interaction with our products and services. They may also use information about your visits to this and other websites to target advertisements for goods and services. This anonymous information is collected through the use of a pixel tag. A pixel tag is industry standard technology used by most major websites. No personally identifiable information is collected or used in this process; no personally identifying information is known about the user. If you would like more information about this and to know your choices about not having this anonymous information used by our third party service provider please contact our Privacy Team on firstname.lastname@example.org
3.2.6 In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
3.3 If Seasalt Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
3.4 If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions and other agreements; or to protect the rights, property, or safety of Seasalt Limited, other Seasalt Group members, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
4.2 A cookie is a small file of letters and numbers that we store on your browser or the hard drive of their computer. We only use (and store) non-essential cookies on your computer's browser or hard drive if you provide your consent.
4.5 You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.
5 USES MADE OF THE INFORMATION
5.1 We will combine the information you provide to us with information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
6 WHERE WE STORE PERSONAL DATA
6.1 We will process your data in the UK and the EEA. If you are a customer in the EEA, please note that the transfer from the EEA to the UK shall take place as is necessary for the performance of the sales contract with you and otherwise only with your explicit consent, in each case in compliance with Article 49(1) of GDPR.
6.2 Some of our suppliers are based outside the UK and the EEA.
6.3 Whenever we transfer personal data out of the UK and the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
6.3.1 We will only transfer personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
6.3.2 Where we use certain service providers, especially in the USA, we may use specific contract clauses approved by the European Commission which give personal data the same protection it has in Europe.
6.4 If further information on the specific mechanism used by us when transferring your personal data out of the EEA is required, please contact us directly (please see section 13).
Learn more on the European Commission Justice website: https://ec.europa.eu/info/law/law-topic/data-protection_en .
7 DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
All information you provide to us is stored on secure servers. All information you provide to us is transmitted using TLS encryption, and is stored on our secure servers behind firewalls. We limit access to our servers to ensure that your information is not viewable by any unauthorised parties. Your personal data will only be processed by those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Any payment transactions will be encrypted using PCI compliant technology. Although we will do our best to protect your personal data, Seasalt cannot guarantee the security of data transmitted via the internet. Any transmission is at your own risk.
8 PERIOD OF STORAGE
8.1 Where you order goods and/or services from us, we will retain your data for a period of six (6) years after the goods were delivered and/or the services performed, to ensure that we are able to assist you should you have any questions or feedback in relation to our goods and/or services or to protect, or defend our legal rights.
8.2 Where we have processed your personal data to provide you with marketing communications with consent, we may contact you at least every twelve (12) months to ensure you are happy to continue receiving such communications. If you tell us that you no longer wish to receive such communications, your personal data will be removed from our lists.
8.3 Where we have processed your data for any other reason (such as where you have contacted us with a question in connection with our goods and/or services), subject to section 7.1, we will retain your data for twelve (12) months.
9 YOUR RIGHT TO OBJECT UNDER DATA PROTECTION LAWS
9.1 You have the right to object to us processing your personal data where we are processing personal data:
9.1.1 based on our legitimate interests (as set out at section 1 above). If you ask us to stop processing your personal data on this basis, we will stop processing your personal data unless we can demonstrate compelling grounds as to why the processing should continue in accordance with data protection laws; and
9.1.2 for direct marking purposes. If you ask us to stop processing your personal data on this basis, we will stop.
In each case please do so by making contact with us directly (please see section 15).
10 YOUR OTHER RIGHTS UNDER DATA PROTECTION LAWS
Right of access
10.1 You have the right to receive confirmation as to whether your personal data is being processed by us, as well as various other information relating to our use of your personal data. You also have the right to access your personal data which we are processing. You can exercise this right by making contact with us directly (please see section 13). After 25 May 2018 we will deal with Access Requests for free, however we are entitled under the Act to refuse to process your request, or to charge for a request to meet our costs in providing you with details of the information we hold about you, if we feel the request is manifestly unfounded or excessive.
If you exercise this right before 25 May 2018, your request will be subject to a £10 fee.
Right to rectification
10.2 You have the right to require us to rectify any inaccurate personal data we hold about you.
10.3 You also have the right to have incomplete personal data we hold about you completed, by providing a supplementary statement to us.
10.4 If you request a correction of your personal information we will take reasonable steps to check its accuracy and correct it.
Right to restriction
10.5 You have the right to restrict our processing of your personal data where:
10.5.1 the accuracy of the personal data is being contested by you;
10.5.2 the processing by us of your personal data is unlawful, but you do not want the relevant personal data erased;
10.5.3 we no longer need to process your personal data for the agreed purposes, but you want to preserve your personal data for the establishment, exercise or defence of legal claims; or
10.5.4 we are processing your data on the basis of our legitimate interest (as set out at section 1 above) and you:
10.5.4.1 object to our processing on the basis of our legitimate interest under section 8.1.1 above; and
10.5.4.2 want processing of the relevant personal data to be restricted until it can be determined whether our legitimate interest overrides their legitimate interest.
10.6 Where any exercise by you of your right to restriction determines that our processing of particular personal data are to be restricted, we will then only process the relevant personal data in accordance with your consent and, in addition, for storage purposes and for the purpose of legal claims.
Right to data portability
10.7 You have the right to receive your personal data in structured, standard machine readable format and the right to transmit such personal data to another controller.
Right to erasure
10.8 You have the right to require we erase your personal data which we are processing where one of the following grounds applies:
10.8.1 the processing is no longer necessary in relation to the purposes for which your personal data was collected or otherwise processed;
10.8.2 our processing of your personal data is based on your consent, you have subsequently withdrawn your consent and there is no other legal ground we can use to process your personal data;
10.8.3 you object to the processing in your personal data as set out in section 8.1.1 above and we have no overriding legitimate interest for our processing;
10.8.4 the personal data have been unlawfully processed; and
10.8.5 the erasure is required for compliance with a law to which we are subject.
10.9 On verification of your request for erasure, please note that we will endeavour to erase the relevant data as quickly as possible. We will try to comply with your request within one month, however please note that our catalogues are ordered in advance and that you may receive another catalogue after you make your request.
10.10 You have the right to lodge a complaint with the Information Commissioner's Office, the supervisory authority for data protection issues in England and Wales.
10.11 Exercising your rights: You can exercise your rights by making contact with us directly (please see section 15).
11 LINKS ON OUR WEBSITE
Our website may, from time to time, contain links to and from the websites of our partner networks and affiliates. Our service connects you to different websites. If you follow a link to any of these websites or use our service, please note that you have left our website and these websites have their own privacy policies. We do not accept any responsibility or liability for these policies or websites. Please check these policies before submitting any personal data to these websites.
12 INTERNATIONAL VISITORS
Our Site is hosted and operated in the United Kingdom (“UK”). By using this Site, you are consenting to the transfer of your personal data to the UK. If you are accessing our Site from outside of the UK, please be advised that UK law may not offer the same privacy protections as the laws of your jurisdiction.
13 CUSTOMERS IN CALIFORNIA
The Privacy Act (“CCPA”) provides customers who are California residents with certain rights relating to their personal information, including the right to:
- know what personal information we collect, use, or disclose about you, including the categories of third parties who receive your data;
- obtain a copy of personal information collected about you;
- instruct us not to sell your data;
- not be discriminated against as a result of exercising your CCPA rights.
You can rest assured that Seasalt will never sell your personal data to any third party.
You have the right to know what personal information we collect or disclose about you, including the categories of third parties who received your data, including disclosure relating to:
- the categories of personal information we have collected about you during the preceding 12 months;
- the categories of sources from which we collect personal information;
- the specific pieces of personal information we collect;
- the business or commercial purpose for collecting personal information;
- the categories of third parties with whom we share personal information;
You have the right to request the deletion of, and we will direct our third-party service providers to delete, any personal information collected about you, after receipt of a verified request from you, unless an exception applies.
We may deny your verified deletion request where we or our third party service providers need to retain your personal information in order to:
- complete the transaction for which we collected the personal information, fulfil the terms of a written warranty or product recall conducted under federal law, provide a good or service requested by you or is reasonably anticipated within our ongoing business relationship with you, or is otherwise required in performing our contract with you;
- detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute the individuals responsible for that activity;
- debug to identify and repair errors that impair existing intended functionality;
- exercise a legal right, including exercising or ensuring free speech;
- comply with the California Electronic Communications Privacy Act;
- enable internal uses reasonably aligned with your expectations based on your relationship with us;
- comply with a legal obligation; or
- otherwise use your personal information internally in a lawful manner that is compatible with the context in which you provided the information.
How to Submit a Verifiable Request
If you want to submit a disclosure or deletion request, please contact email@example.com or via any of the methods listed in the “Contact Details” section (section 14) below
In order to respond to your request, we must perform some verification. You will be required to submit your:
- telephone number and
- marketing preferences.
We will use this information to search our systems and determine the information we have about you.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify your identity or authority to make the request.
You may make a verifiable consumer request up to two (2) times within a twelve (12) month period, free of charge, unless the request is manifestly unfounded or excessive.
We will respond to verifiable requests within 45 days after receipt, potentially extendable once for up to 90 days provided you are notified within 45 days of the extension and its reasons. Any disclosures we provide will only cover the twelve-month period preceding receipt. The response we provide will also explain any reasons we cannot comply with a request, if applicable.
You will receive our response by email to the email address you provided at the time you submitted your request.
Opting-Out of Sale of Personal Information
Seasalt does not sell personal information to third parties.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through discounts or other benefits, or by imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
You can contact us by telephoning our Customer Services team on +44 01326 640075 or by writing to us at Privacy, Seasalt Limited, Unit 8 Falmouth Business Park, Bickland Water Road, Falmouth TR11 4SZ.
Our Data Protection Officer can be contacted by email at firstname.lastname@example.org.