For the purpose of the Data Protection Act 1998 (the “Act”), and the General Data Protection Regulation (“GDPR”) the data controller is Prept Kitchens, a trading name of company number 07036375 whose registered address is 81 Burton Road, Derby, Derbyshire, DE1 1TJ.
You are not required to provide the personal information that we request, but, if you choose not to do so, in many cases we will not be able to provide you with our products or services or respond to any queries you may have.
Information we may collect from you
- Information collected directly from you
We may collect the following information directly from you:
Your name, e-mail address and phone number.
Information that you provide by filling in forms on www.prept-kitchens.co.uk; (“Site”) or by corresponding with us by e-mail or otherwise, for instance, through surveys.
We may also collect information when you:
place an order;
search for goods;
When you report a problem with the Site.
Information collected automatically
We gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit websites and applications, operating system, date/time stamp, and clickstream data.
We use this information to understand and analyse trends, to administer the Site, to learn about user behaviour on the Site, to improve our product and services, and to gather demographic information about our user base as a whole.
Information collected via Third Parties
We may collect the following information via trusted third parties who provide services to you through different websites we operate or other services we provide including business partners, sub-contractors (including those providing payment and delivery services) advertising networks, analytics providers, search information providers, credit reference agencies, and website, hosting and maintenance providers.
For detailed information on the cookies we use and the purposes for which we use them see our Cookies Policy.
Uses made of the information
We use information held about you in the following ways:
- to provide goods and services to you;
- to process orders;
- to train our employees in respect of providing services to users;
- to ensure that content from our Site is presented in the most effective manner for you and for your computer and as part of our efforts to keep our Site safe and secure;
- to administer our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- with your agreement, to send you our promotional materials or provide you with information regarding special offers and new ranges that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
- to allow you to participate in interactive features of our service, when you choose to do so;
- to notify you about changes to our service
- where we have a legal duty to use or disclose your information (for example, in relation to an investigation by a public authority or in a legal dispute); and
- to assess your credit scores via third party credit reference agencies, where this is a condition of us entering into a contract with you.
Legal basis for us processing your personal data
In general, we only rely on consent as a legal basis for processing in relation to sending direct marketing communications to you via email or post.
You have the right to withdraw consent at any time and where consent is the only legal basis for processing, we will cease to process data after your consent is withdrawn.
We collect and use your personal data because it is necessary for:
- the purposes of complying with our duties and exercising our rights under a contract for the sale of goods to you;
- complying with our legal obligations; or
- the pursuit of our legitimate interests including but not limited to:
- selling and supplying goods and services to you;
- protecting customers, employees and other individuals and maintaining their safety, health and welfare;
- promoting, marketing and advertising our products and services;
- understanding our customers’ behaviour, activities, preferences, and needs;
- improving existing products and services and developing new products and services;
- complying with our legal and regulatory obligations;
- preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;
- handling customer contacts, queries, complaints or disputes
- managing insurance claims by customers;
- protecting Kesseler UK Ltd, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to Kesseler UK Ltd;
- effectively handling any legal claims or regulatory enforcement actions taken against Kesseler UK Ltd;
- fulfilling our duties to our customers, colleagues, shareholders and other stakeholders; and
- training our employees in respect of providing services to users.
Disclosure of your information to third parties
- In order to make certain services available to you, we may need to share your personal data with members of our group and some of our service partners including:
- couriers used by us from time to time for the purposes of delivering goods ordered by you;
- advertisers and advertising networks that require the data to select and serve relevant adverts to you and others; and
- analytics and search engine providers that assist us in the improvement and optimisation of our Site.
Other Third Parties
Aside from our service providers, we will not disclose your personal data to any third party, except as set out below and we will never sell or rent your data to other organisations for marketing purposes.
We may, however, share your data with:
- credit reference agencies, where necessary for card payments;
- prospective sellers or buyers, in the event that we sell or buy any business or assets, in which case we may need to disclose your personal data to a prospective buyer or seller; and
- prospective third parties which acquire our assets, in the event that we are acquired by a third party, in which case personal data we hold will be transferred to the third party acquiring our other assets.
- Governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers:
where we are under a duty to disclose or share your personal data in order to comply with any legal obligation;
- in order to enforce or apply our terms of website use or terms and conditions of sale and other agreements;
- to protect the rights, property, or safety of Kesseler UK Ltd, our customers, or others (this includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction; or
- where we are required to do so to comply with our legal obligations, to exercise our legal rights (for example in court cases), for the prevention, detection, investigation of crime or prosecution of offenders; and for the protection of our employees and customers.
- Where we store your personal data
- The personal data that we collect from you will not be transferred or stored at a destination outside the European Economic Area (“EEA”).
How we protect your data
We are committed to keeping your personal data safe and secure.
- Our security measures include:
- [regular cyber security assessments of all service providers who may handle your personal data];
- [regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents]
- [[daily/monthly/yearly] penetration testing of systems]];
- [security controls which protect the entire Kesseler UK Ltd infrastructure from external attack and unauthorised access]; and
- [internal policies setting out our data security approach and training for employees.]
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk.
- Duration of storage
- We will not retain your data for longer than necessary for the purposes set out in this policy unless a longer retention period is required or permitted by law.
- Links to other Websites
- Our Site may contain links to third party websites, and some of our services provide you with access to third party services (such as social networks).
- We have no control over how third party websites and services process your personal information. We do not review third party websites and services, and we are not responsible for such third party websites and services or their privacy practices. Please read the privacy statements of any third party websites or services that you access from our websites or services.
The rights that you have in your personal data are due to be expanded significantly after a new law, the General Data Protection Regulation (GDPR) comes into force on 25 May 2018.
- We are committed to handling your personal data in the right way and we welcome the new rights introduced; your enhanced rights as from 25 May 2018 are set out below:
- You may opt out of any marketing communications that we send you, even after initially consenting.
- Your information will be treated securely and strictly in accordance with the Data Protection Act 1998.
- You have the right to access information held about you. Any access request may be subject to a fee specified by law (currently of £10.00). After 25 May 2018, we will not charge a standard administrative fee of £10.00 but please note we may still be able to recover costs from you where your request is vexatious or very repetitive in nature.
- You have the right to ask us (at no cost) to update and correct any personal information which is out of date or incorrect.
- You have the right to ask us to erase your personal data or restrict our processing of the data if you wish.
- Where you have consented to our processing your data in a certain manner, you have the right to withdraw that consent at any time.
- You have the right to make a complaint directly with the Information Commissioner’s Office. In order to report a concern, you should follow the directions given on www.ico.org.uk which contains details about available methods of complaint.
- You have the right to receive from us a copy of the personal data in a commonly used, machine readable format and the right to store it for further personal use on a private device.
- You have the right to transmit the personal data to another entity where this is technically possible.
You can help ensure that your contact information and communication preferences are accurate, complete, and up to date by contacting us at [insert appropriate email address].
81 Burton Road