Enterprise International Holdings Ltd (“EIH”) respect your right to privacy and comply with obligations under the Data Protection Acts 1998 and 2002 and the EU General Data Protection Regulation 2018 (GDPR). EIH are committed to protecting any personal data that they collect. The purpose of this Privacy Policy is to enable you to understand what personal information of yours is collected, how and when EIH might use or share your information, and how you can correct any inaccuracies in the information. This Privacy Policy also explains EIHs online information practices and the choices you can make about the way your information is collected and used. By using EIH services, you agree to the use collection and disclosure of the data that EIH collect in accordance with this Privacy Policy.
Claire Adams is the data controller for all the personal data that you submit. We encourage individuals covered by this policy to raise concerns about our processing of information by contacting the data controller at Enterprise International Holdings Ltd, 182 Highgate Road, Clayton Heights, Bradford, BD13 1DS. Email claire@embroideryinhouse.com or telephone 01274 889299
How is your personal data collected?
EIH use different methods to collect data from and about you including:
Direct interactions. You may give us your identity, contact and financial data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- apply for or purchase our products or services
- create an account on our website
- subscribe to our service or publications or newsletter
- request marketing to be sent to you
- enter a competition, promotion or survey; or
- by providing us with feedback
Third parties or publicly available sources. EIH may receive personal data about you from third parties and public sources as set out below and technical data from the following parties:
- analytics providers such as Google which may be based outside the EU;
- advertising networks such as Google which may be based outside the EU; and
- search information providers such as Google which may be based outside the EU
- contact, financial and transaction data from providers of technical, payment and delivery services such as Payment Sense or Credit Safe which are based inside the EU
- identity and Contact Data from data brokers or aggregators such as market locations, which are based inside the EU
- identity and Contact Data from publicly available sources such as Companies House and the Electoral Register which are based inside the EU
How EIH use your personal data. EIH will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- where we need to perform the contract, we are about to enter into or have entered into with you
- where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests
- where we need to comply with a legal or regulatory obligation
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us
Purposes for which EIH will use your personal data.
We have set out below the ways in which we plan to use your personal data and which of the legal bases we rely on to do so. We have also identified our legitimate interests where appropriate. Please note we may use your personal data for more than one lawful reason depending on the purpose for which we are using your data. Purpose or Activity (“P”). Data Type (“D”). Basis for processing (“B”)
- To register you as a new customer (P)
- Identity and contact information (D)
- Performance of a contract with you (B)
- To process and deliver your order, including management of payments to include any associated fees and charges and to recover money owed to us (P)
- Identity, contact, financial, transaction, marketing and communications (D)
- Performance of a contract with you and also necessary for our legitimate interests for example to recover debts due to us (B)
- To manage our relationship with you including to notify you of changes to our privacy policy or to take a survey or asking you for feedback or a review (P)
- Identity, contact, profile, marketing and communications (D)
- Performance of a contract with you, necessary to comply with our legal obligations and necessary for our legitimate interests to keep our records updated and to study how customers use our products and services (B)
- To enable you to partake in a competition, prize draw or survey (P)
- Identity, contact, profile, usage, marketing and communications (D)
- Performance of a contract with you and necessary for our legitimate interests to study how customers use our services and to develop them and grow our business (B)
- To administer and protect our business and this website including troubleshooting, data analysis, testing, systems maintenance, support, reporting and hosting of data (P)
- Identity, contact and technical (D)
- Necessary to comply with a legal obligation and for our legitimate interests in running our business, the provision of administration and IT services and to prevent fraud in the context of business restructure or reorganisation (B)
- To make recommendations to you about goods or services that may be of interest to you (P)
- Identity, contact, technical, usage and profile (D)
- Necessary for our legitimate interest in developing our services and to grow our business (B)
- To use data analytics to improve our website, products, marketing and customer experience (P)
- Technical, usage (D)
- Necessary for our legitimate interests to keep our website updated and relevant defining types of customers for our products, to develop our business and marketing strategy (B)
- To deliver relevant website content and advertisements to you and to be able to measure the effectiveness of such (P)
- Identity, contact, profile, usage, technical, marketing and communications (D)
- Necessary for our legitimate interests to study how customers use our products or service, to grow our business and to inform our marketing strategy (B)
Promotional offers from us.
We may use your identity, contact, technical, usage and profile data to make a decision on what we think may be of interest to you. This is how we decide what products, services and offers may be relevant. This is what we call marketing. You will receive marketing communications form us if you have requested information from us or purchased goods or services from us or if you provided us with your details when you entered a competition or registered for a promotion and if you have not in each case opted out of receiving such
Opting out.
You can ask us to stop sending you marketing messages at any time by logging into your account on the website and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on the marketing messages sent to you. Where you opt out of receiving marketing messages this will not apply to personal data provided to us as a result of a product or service purchase, product or service experience or feedback or other transactions
Change of purpose.
We will only use your personal data for the purposes of which it was collected. If we need to use your data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so. Please note we may process your personal data without your knowledge or consent where this is required by law
Disclosures of your personal data.
We may share your personal data with the parties below for purposes set out in the section above titled ‘purposes for which we will use your personal data’:
- email service providers and social media platforms such as facebook and twitter to deliver relevant website content and advertisements to you and measure its effectiveness
- web analytics and user experience
- third parties who we choose to sell or merge part or whole of our business or assets
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions
Disclosure of Information to Third Parties.
We share personal information in the following ways:
- Partners and Sponsors. Some of our services may be offered or promoted in conjunction with a partner or sponsor, or another brand. We may share your information with these parties to offer the product or service or to facilitate your use of additional amenities
- Service Providers. We may transfer (or otherwise make available) your personal information to third parties that help us provide our services or provide services on our behalf. For example, we use service providers to authorise and process online payments, to raise and issue our invoices, to host our website and provide our email services. Our service providers are given the information they need to perform their designated functions, and we do not authorise them to use or disclose personal information for their own purposes
- Sale of Business. We reserve the right to transfer information (including your Personal Data) to a third party in the event of a sale, merger, liquidation, receivership or transfer of all or substantially all of the assets of our company provided that the third party agrees to adhere to the terms of the Privacy Policy and provided that the third party only uses your Personal Data for the purposes that you provided it to us. You will be notified in the event of any such transfer and you will be afforded an opportunity to opt-out
- Legal and Compliance Reasons. We may access, preserve and share your information with companies, organisations, government department or individuals outside of our Company if we believe, in good faith, that the law requires us to do so. This may include, but is not limited to, responding to court orders or other legal processes. We may also access, preserve and share your information as necessary to: (i) establish or exercise our legal rights or defend against any legal claim; (ii) investigate, prevent, or take action regarding suspected fraud or other illegal activities; (iii) prevent death or serious physical harm to any person; or (iv) investigate violations of our Terms & Conditions
International transfers.
We do not transfer your personal data outside the European Economic Area (EEA) and will not do so
Security of your personal data.
We place great importance on the security of all personally identifiable information associated with our customers to avoid loss, misuse, alteration or unauthorised disclosure of information under our control. We use measures including but not limited to physical, electronic and managerial procedures to safeguard and secure the information we collect online. All sensitive information is collected through an encrypted connection through SSL technology. This technology is known to use and include the following features:
- authentication assuring your browser that your data is sent to the correct server and the server is secure.
- encryption which encodes the data so that it cannot be read other than the secure server.
- data Integrity that checks the data being transferred to ensure it hasn’t been altered.
Storage and management of your personal data.
The data that we collect in connection with our services is stored locally on our computer system. We also have a local server which securely backs up this data separate to our computer system. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website and subsequently any transmission is at your own risk.
Data retention.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process your personal data and whether we can achieve those purposes through other means. In some circumstances we may anonymise your personal data so it can’t be associated with you any longer for research and statistical purposes in which case we may use this information indefinitely without notice to you
Your legal rights.
You have the right to object to how we use your personal information. You also have the absolute right to see what personal information we hold about you. You can ask us to correct inaccuracies or delete or restrict personal information or to ask for some of your personal information to be provided to someone else.
- Right to object. You can object to the processing of your personal information. Please contact our data controller providing details of your objection.
- Access to your personal information. You can request access to a copy of your personal information that we hold along with what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making.
- Right to withdraw consent. If you have given us your consent to use personal information you can withdraw your consent at any time and update your preferences by contacting out data controller.
- Rectification. You can ask us to change inaccurate or incomplete personal information we hold about you.
- Erasure. You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent or where there is no lawful basis for us to keep it.
- Portability. You can ask us to provide a third party or yourself with some of the personal information that we hold about you in a structured commonly used electronic form so it can be transferred easily.
- Restriction. You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
- Personal data breach notification. We ensure to the best of our ability that our systems and server are protected from hackers, viruses, intruders and other online and offline issues however if we experience a data breach of any kind where customers data is compromised a notification will be sent to all those affected within 48 hours or becoming aware of the breach.