of May 25th 2018
§1. General information
2. The Personal Data Controller, as defined by Regulation (EU) No 2016/679 of the European Parliament and the Council of April 27th 2016 regarding the protection of natural persons with regard to the processing of personal data and regarding the free movement of such data, as well as the repeal of Directive 95/46/EC (“GDPR”) L 119/40 Official Journal of the European Union May 4th 2016 is:
SUNLUX LIMITED, Unit 9c Europa Trading Estate, Fraser Road, Erith, Kent, England, DA8 1QL , Company number 08123548, tel: 0208 310 0400, email: firstname.lastname@example.org
3. Contact regarding personal data processing handled by SUNLUX LIMITED.
§2. The aims of data processing performed by the Controller and data collected for the purposes of the order’s completion
1. In accordance with the Regulations, one of the conditions for making an order by the User is providing personal data. The User provides their data willingly. However, failing to provide certain data may hinder the order process, as the Service Provider and Seller won’t have any means of accepting the Order and contacting the User in order to determine the details of the Order or any Sales Agreement, or service contract for Products other than the Item
2. The Service Provider, the Seller, and third parties collect the following data from the User: name, tax identification number (contractors), email address, nick, phone number, Item Delivery address, data required for the completion of payment for the Order. In the event that the Item is picked up directly from the Seller should the Price be paid prior, the Service Provider, Seller, and third parties may additionally collect data in the form of the User’s mobile phone number.
3. The Service Provider collects all of the User’s data in order to make a contract regarding providing a Service, as well as for the execution of said contract.
4. The Seller collects the User’s data for the purposes of making a Sales Agreement, as well as for its execution.
5. Registering an Account requires the User to provide a Login and Password for securing the Account. The Password should contain a unique combination of numbers, letters, and characters.
6. The Login and Password are confidential and should be protected by the User from being used by unauthorised persons.
8. The Controller reserves the right to submit an enquiry to the User when handling the enquiry / order, via phone and / or email, regarding further permission to process personal data for direct marketing purposes and utilising telecommunications terminal equipment. Without consent from the User, their data will not be processed for this purpose.
§3 Automatically collected data
1. As the User uses the website, data on the User is being collected automatically. This data includes: IP address, domain name, browser type, OS type, as well as the User’s interests, age, and sex. This data can be collected through cookies, the Google Analytics system, as well as the HotJar system.
2. The aforementioned cookies are files sent to the User’s device as they browse the Shop’s website.
3. Cookies store the User’s preferences, which allows them to:
a) improve the quality of the Service,
b) correct the search results as well as the accuracy of the viewed Goods,
c) create view stats,
d) track the User’s preferences,
e) maintain a logged-in User’s session.
4. Cookies do not make any configuration to the device or software installed on the device used by the User.
7. Should the user want to delete the cookies that have accumulated up to that point, they should choose the proper settings in their preferred web browsers or delete all cookies manually. The process of removing cookie files differs depending on the User’s preferred web browser.
8. The service provider notes that blocking or deleting cookie files may hinder the use of the website and, in some cases, make certain options impossible to access.
9. HotJar is a file used to monitor User activity on a website.
10. If a user doesn’t consent to the use of the HotJar file, they should implement cookie blocking software. With a cookie blocker, the User will be considered an anonymous user, i.e. one that cannot be attributed any preferences, traits, etc.
11. Google Analytics is an Internet analytics system that gives insight to the traffic of online shop data, as well as the demographic data on Users. It is used for marketing purposes.
12. If a user doesn’t consent to the use of Google Analytics, they should implement cookie blocking software.
13. If a user doesn’t consent to the use of Google Analytics, they should implement cookie blocking software.
§4 Data use
1. The data provided by the User will be used by the Service Provider and the Seller to:
a) provide services and ensure an appropriate User service,
b) fulfil Orders, making and enforcing a Sales Agreement or contracts regarding to Products other than the Item,
c) accept and consider the enquiries and reservations made by the User,
d) provide support and realisation of the payment process,
e) adjust, measure, and improve the Online Shop services,
f) implement marketing operations.
2. Should the User consent to the processing of their personal data for marketing purposes (by accepting a specific Clause), the User’s data will be collected and utilised by the Service Provider – in the case of consenting to data disclosure for purposes of the presentation of a commercial offer, running contests, and other marketing operations.
3. Should the User consent to the processing of their personal data for the purpose of receiving commercial information in the form of a newsletter, the User’s data will be collected and utilised by the Service Provider – but only if the User provides a specific form of consent for this purpose. The User consenting to the processing of their personal data for the purpose of receiving commercial information is equivalent to the User consenting to the processing of their data for marketing purposes.
4. The automatically collected data may be used to analyse the behaviours of Users within the Online Shop, collect demographic data on the Users, personalise the contents of the Online Shop, as well as for the purposes outlined in pt. II.B above.
5. The automatically collected data pertaining to Users who comment as part of the forum may be used to promote the Online Shop.
6. Data collected through the User directly contacting an employee/consultant working for the Service Provider or Seller, including contact made through the phone line, may only be used for the purposes of contacting the User and providing them with assistance.
7. The Service Provider reserved the right to amass the IP addresses of Users visiting the Online Shop, as they could be helpful in diagnosing technical problems with the server, creating statistical analyses (e.g. defining the regions that the Online Shop has the greatest number of visits from). Additionally, they can be helpful in the process of administering and improving the Online Shop.
8. The User may withdraw their consent to receive commercial and marketing information at any time by changing the option in their Account settings. Should the User not possess a registered account, they can withdraw their consent via telephone.
9. The Service Provider reserves the right to use the services of third parties to develop statistics regarding the usage of the Online Shop. The Service Provider ensures that, in such an event, these third parties will not be provided with any data identifying the Users.
11. Users making purchases on the Online Shop may, as part of their Account, consent to the assignment of a purchase history (receipt registration) for the orders made through the Online Shop.
12. Order History is a tab on the client’s individual account on the online shop.
13. Should the Client create an individual account for the online shop sunluxsashwindows.co.uk in the future, the purchase history will be available on the created Account, while identification will occur via email.
14. In order to withdraw consent for recording the Order history, the User must submit their demand via email through the Seller or via help line.
15. In the event of withdrawal of consent to record the order history, the order history will no longer be attached to the email address or Account created on the Website.
§5. Rights of the User whose data is being processed
1. The User has the right to:
– access their personal data,
– amend their personal data,
– limit the processing of their personal data,
– moving their personal data,
– objecting to the processing of their personal data.
2. In order to exercise their rights, the User should contact us via e-mail at:email@example.com
3. The Controller will carry out the User’s request right away, though it’s important to keep in mind that the limitation, deletion, move, or objection toward data processing may influence the scope of the proper management of the enquiry / order, including the delivery of personalised commercial information.
§6. Time of personal data processing by the Controller
Collected User data will be stored so long as is considered acceptable by legal standards and regulations (including accountancy-related regulations), as well as necessary in order to accomplish the goals set.
§7. Duties of the Personal Data Controller
The Personal Data Controller must take all measures to ensures the safe processing of personal data within the scope defined by the Directive. In particular, the Controller is obliged to:
1. secure the data from being made available to unauthorised persons, taken by an unauthorised person, changed, damaged, or destroyed,
2. allow for the processing of personal data to be performed by persons with proper authorisation issued by the Controller,
3. ensure control over the proper processing of personal data,
4. perform a record of persons authorise to process personal data; taking all measures to ensure that persons authorised to processing such data keep them secret, even after the Controller’s task has been completed, including informing them of the legal consequences of breaching the privacy of the data and receiving declarations regarding maintaining the secrecy of such data,
5. manage the required documentation describing the means of processing the provided personal data, as well as the technical and organisational means of ensuring the protection of the processing of such data, in particular the Information Controller’s Office, the Personal Information Security Policy, and the Manual for Information System managing the Processing of Personal Data.