Privacy - G P & J Baker

GP & J BAKER’S PRIVACY NOTICE

INTRODUCTION

1.1	This privacy notice (Privacy Notice) sets out the ways in which we, GP & J Baker (we, us, our), collect and use your personal data (your personal information) in connection with our business. It also explains what rights you have to access or change your personal information.

1.2

Our website is not intended for children. We do not knowingly collect or maintain the personal information of children under the age of 13. If you are under the age of 13, please do not access our website at any time or in any manner. We will take appropriate steps to delete the personal information of persons under the age of 13.

ABOUT US
- 2.1
  We are a company registered in England under company number 03761709, with our registered address as set out below.
- 2.2
  FAO:
  Data Protection Manager
  Address:
  6 Stinsford Road, Poole, Dorset, BH17 0SW, UK
  Email:
  GDPR@gpjbaker.com

INFORMATION WE COLLECT ABOUT YOU

3.1	Information that you provide to us

3.1.1
We will collect any information that you provide to us when you:
- (a)
  make an enquiry, provide feedback or make a complaint over the phone, in person or by email;
- (b)
  submit correspondence to us by post, email or via our website;
- (c)
  order products from us
- (d)
  supply products to us;
- (e)
  visit our showrooms;
- (f)
  order services from us, for example our design and sampling services;
- (g)
  subscribe to our newsletter and mailing lists;
- (h)
  visit our website;
- (i)
  update your account details;
- (j)
  ‘follow’, ‘like’, post to or interact with our social media accounts, including Facebook, Instagram, Pinterest, LinkedIn and Twitter;
- (k)
  register to and/or attend our events; and
- (l)
  submit a job application or CV, or attend an interview.

3.1.2

The information you provide to us will include (depending on the circumstances):

(a)
Identity and contact data: titles, names, addresses, email addresses, IP addresses and phone numbers
(b)
Account profile data: if you’re registering to open an account with us you provide a job title/position and company;

(c)	Financial Data: If you purchase products or services, you will also provide payment details, which includes billing addresses, credit/debit card details and bank account details. If we purchase products from you, you will provide payment details and price lists

(d)
Survey data: From time to time we might ask if you would be willing to participate in our surveys; if you agree, we will also collect any information that you provide as part of that survey;

(e)

Employment and background data: If you are submitting a job application, you may also provide additional information about your academic and work history, qualifications, skills, projects that you are involved in, references, your entitlement to work in the UK, your national security number, your passport or other identity document details, your current level of remuneration (including benefits) and any other such similar information that you provide to us; and

(f)
Sensitive information: If you are submitting a job application, you may provide information about your race or ethnicity, religious beliefs, health and whether or not you have any disability.

3.2	Information we collect about you:

3.2.1

Information contained in correspondence: We will collect any information contained in any correspondence between us. For example, if you contact us by email or telephone, we keep a record of that correspondence;

3.2.2
Transactional data: We will collect information related to your transactions, including the date and time, the amounts charged and other related transaction details; and
3.2.3
CCTV images: If you visit our offices we collect images of you via CCTV.

3.3	Information we receive from third parties

3.3.1

In certain circumstances, we will receive information about you from third parties. For example:

(a)

Service providers: We may collect personal information from our parent company, Kravet Inc, which provides us with services such as IT support and operates e-Design Trade, our payment services provider, insurers, bank and credit card provider, credit reference agency, recruiters, pension and healthcare scheme providers, third party payroll bureau and company car lessors (who may be based outside the EU)

(b)
Stockists: We may collect personal information from our stockists based in the EU, for example, when we receive orders for products, requests for samples, product returns etc.;

(c)	Employers, recruitment agencies and referees: If you are a job applicant we may contact your recruiter, current and former employers and/or referees, who may be based inside or outside the EU, to provide information about you and your application;

(d)	Fraud detection agencies: Where permitted or required by law, we may receive information about you, including demographic data or fraud detection information from third party service providers and/or partners who are based both inside and outside the EU; an

(e)

Website security: We will collect information from our website security service partners who are based both inside and outside the EU, about any misuse to the website, for instance, the introduction of viruses, Trojans, worms, logic bombs, website attacks or any other material or action that is malicious or harmful.

(f)
Sensitive information: If you are submitting a job application, you may provide information about your race or ethnicity, religious beliefs, health and whether or not you have any disability.

HOW WE USE INFORMATION ABOUT YOU AND RECIPIENTS OF YOUR INFORMATION

4.1
We will use your information for the purposes listed below either on the basis of:
- 4.1.1
  performance of your contract with us and the provision of our products and services to you;
- 4.1.2
  your consent (where we request it);
- 4.1.3
  where we need to comply with a legal or regulatory obligation; or
- 4.1.4
  our legitimate interests (see paragraph 4.3 below).

4.2	We use your information for the following purposes:

4.2.1

To manage your requests or purchases with us. We will use your information to provide you with any products that you request or purchase from us. This includes requests for samples (on the basis of our legitimate interests to assist you in sampling our products) and purchase and delivery of a product (on the basis of performing our contract with you);

4.2.2

To process and facilitate transactions with us: We will use your information to process transactions and payments, and to collect and recover money owed to us (on the basis of performing our contract with you and on the basis of our legitimate interest to recover debts due);

4.2.3
To conduct business with you or your employer. We use your information to contact you and manage and facilitate our business relationship with you and your employer;

4.2.4

To send you service communications and provide customer support. We will use your information to send you any communications relevant to the products you’ve requested or purchased from us. This includes sending you an email to notify you of changes to your delivery, provide you with customer service and support, deal with your enquiries, complaints, comments or observations shared with us (on the basis of performing our contract with you or on the basis of our legitimate interests to provide you with customer service);

4.2.5

To improve our customer service. We monitor calls for the purposes of improving our customer service, ensure quality assurance, training, security and for general business purposes (on the basis of our legitimate interest in improving our customer service);

4.2.6

Recruitment and employment: To process any job applications you submit to us, whether directly or via an agent or recruiter (on the basis of our legitimate interest to recruit new employees or contractors) to verify your eligibility to work in the UK and to make any reasonable adjustments for job applicants, employees and current employees under disability laws and regulations (on the basis of complying with our legal and regulatory obligations);

4.2.7

Marketing: To keep in contact with you about our news, events, new website features products or services that we believe may interest you (either on the basis of your consent where we have requested it, or our legitimate interests to provide you with marketing communications where we may lawfully do so);

4.2.8

Social media interactions: To interact with users on social media platforms including Facebook, Twitter, Instagram and Pinterest, for example, responding to comments and messages, posting, ‘retweeting’ and ‘liking’ posts (on the basis of our legitimate interest in promoting our brand and communicating with interested individuals);

4.2.9

Analytics: To use data analytics to improve our website, products/services, marketing, customer relationships and experiences (on the basis of our legitimate interests in defining types of customers for our website and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy);

4.2.10

Fraud and unlawful activity detection: To protect, investigate, and deter against fraudulent, unauthorised, or illegal activity, including identity fraud (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so);

4.2.11

Compliance with policies, procedures and laws: To enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so); and

4.2.12
Equal opportunities monitoring: To carry out equal opportunities monitoring during the recruitment process (where it is needed in the public interest).

4.3	Where we refer to using your information on the basis of our “legitimate interests”, we mean our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interest we have in:

4.3.1
providing you with samples of our products;
4.3.2
providing you with and improving our customer service;

4.3.3

keeping our records updated and study how our website and services are used personalising, enhancing, modifying or otherwise improving the products, services and/or communications that we provide to you;

4.3.4
detecting and preventing fraud and operating a safe and lawful business; and
4.3.5
improving security and optimisation of our network, sites and services.

4.4

Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing please refer to details of “Your Rights” in paragraph 9 below.

HOW WE USE PARTICULARLY SENSITIVE PERSONAL INFORMATION

5.1

“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data. We process special categories of personal information where it is needed in the public interest for equal opportunities monitoring.

WHO WE MIGHT SHARE YOUR INFORMATION WITH

6.1	In connection with the purposes and on the lawful grounds described above and in addition to the recipients of your information as described above, we will share your personal information when relevant with third parties such as:

6.1.1
Our service providers: Service providers we work with to deliver our business, who are acting as processors and provide us with:
- (a)
  website development and hosting services based in the USA;
- (b)
  marketing services (such as Mail Chimp) based in the USA;
- (c)
  IT, system administration and security services based in the USA;
- (d)
  analytics services (such as Google Analytics) based in the EU
- (e)
  payment services based in UK, USA, France, Belgium, Germany, Austria, Italy, Sweden, Norway, Denmark, Switzerland;
- (f)
  courier and delivery companies based in UK, EU and USA;
- (g)
  identity verification, fraud prevention and detection services based in UK and EU;
- (h)
  banking services based in UK, USA, France, Belgium, Germany, Austria, Italy, Sweden, Norway, Denmark, Switzerland;
- (i)
  legal, accountancy, auditing and insurance services and other professional advisers based in the United Kingdom and the USA; and
- (j)
  recruitment service providers based in the United Kingdom.

6.1.2

Regulators and governmental bodies: HM Revenue & Customs, regulators, governmental bodies and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances;

6.1.3
Prospective sellers and buyers of our business: Any prospective seller or buyer of such business or assets, only in the event that we decide to sell or buy any business or assets; and

6.1.4

Other third parties (including professional advisers): Any other third parties (including legal or other advisors, regulatory authorities, courts, law enforcement agencies and government agencies) based in the United Kingdom where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.

6.2
We require third parties to maintain appropriate security to protect your information from unauthorised access or processing.

COOKIES

7.1	We use cookies to ensure that you get the most out of our website. Cookies are small amounts of information in the form of text files which we store on the device you use to access our website. Cookies allow us to monitor your use of the software and simplify your use of the website.

7.2

If you do not wish for cookies to be installed on your device, you can change the settings on your browser or device to reject cookies. For more information about how to reject cookies using your internet browser settings please consult the “Help” section of your internet browser (or alternatively visit http://www.aboutcookies.org). Please note that, if you do set your Internet browser to reject cookies, you may not be able to access all of the functions of our website.

7.3

Our website may contain content and links to other sites that are operated by third parties that may also operate cookies. We don’t control these third party sites or cookies and this Privacy Notice does not apply to them. Please consult the terms and conditions and Privacy Notice of the relevant third party site to find out how that site collects and uses your information and to establish whether and for what purpose they use cookies

7.4	The names of the cookies used on our website and the purposes for which these cookies are used are set out in the table below:

Product Name	Cookie Name	Purpose	Duration
Google Analytics	_ga	Used to distinguish users For more information please go to: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=en-G	2 years
Google Analytics	_gid	Used to distinguish users For more information please go to: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=en-GB	24 hours
Google Analytics	_gat	Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id> For more information please go to: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=en-GB	1 minute
Cookie Consent	cookieconsent_dismissed	Used to not display the Cookie Consent banner after it has been dismissed.	1 Year

HOW WE LOOK AFTER YOUR INFORMATION AND HOW LONG WE KEEP IT FOR

8.1	We operate a policy of “privacy by design” by looking for opportunities to minimise the amount of personal information we hold about you. We use appropriate technological and operational security measures to protect your information against any unauthorised access or unlawful use, such as:

8.1.1
ensuring the physical security of our offices, warehouses or other sites;
8.1.2
ensuring the physical and digital security of our equipment and devices by using appropriate password protection;
8.1.3
maintaining a data protection policy for, and delivering data protection training to, our employees; and
8.1.4
limiting access to your personal information to those in our company who need to use it in the course of their work.

8.2

We will retain your information for as long as is necessary to provide you with the products and services that you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes, such as for the purposes of exercising our legal rights or where we are permitted to do or to abide by statutory requirements. We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it. For example

8.2.1
we retain information relating to orders and refunds for approximately seven years and/or as long as the business relationship continues;
8.2.2
we maintain a suppression list of email addresses of individuals who no longer wish to be contacted by us. So that we can comply with their wishes, we must store this information permanently; and

8.2.3

we retain any unsuccessful CVs or job applications that we receive for a period of up to 9 months in case we think you might be suited to another opportunity that becomes available in the near future.

HELP KEEP YOUR INFORMATION SAFE
- 9.1
  You can also play a part in keeping your information safe by:
  - 9.1.1
    choosing a strong account password on e-commerce sites and changing it regularly;
  - 9.1.2
    using different passwords for different online accounts;
  - 9.1.3
    keeping your passwords confidential and avoiding sharing your login with others;
  - 9.1.4
    making sure you log out of e-commerce sites each time you have finished using them. This is particularly important when using a shared computer;
  - 9.1.5
    letting us know if you know or suspect that your account has been compromised, or if someone has accessed your account without your permission;
  - 9.1.6
    keeping your devices protected by using the latest version of your operating system and maintaining any necessary anti-virus software;
  - 9.1.7
    being vigilant to any fraudulent emails that appear to be from us. Any emails that we send will come from an email address ending in ‘@gpjbaker.com’;
  - 9.1.8
    clearing your browsing history on public devices.

INTERNATIONAL TRANSFERS OF YOUR INFORMATION

10.1
Our company is located in the UK. We share your personal information with Kravet Inc. and this will involve a transfer of data outside the EEA.

10.2

Whenever we transfer your personal information out of the EEA, we ensure a similar degree of protection is afforded to it using a specific contract approved by the European Commission which gives personal information the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal information to third countries.

YOUR RIGHTS TO THE INFORMATION WE HOLD ABOUT YOU

11.1	You have certain rights in respect of the information that we hold about you, including:

11.1.1
the right to be informed of the ways in which we use your information, as we seek to do in this Privacy Policy;
11.1.2
the right to ask us not to process your personal information for marketing purposes;
11.1.3
the right to request access to the information that we hold about you;
11.1.4
the right to request that we correct or rectify any information that we hold about you which is out of date or incorrect;
11.1.5
in certain circumstances, the right to ask us to stop processing information about you;
11.1.6
the right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/) or with the relevant authority in your country of work or residence;

11.1.7

the right to withdraw your consent for our use of your information in reliance of your consent (refer to paragraph 4 to see when we are relying on your consent), which you can do by contacting us using any of the details at the top of this Privacy Notice;

11.1.8

the right to object to our using your information on the basis of our legitimate interests (refer to paragraph 4 above to see when we are relying on our legitimate interests) (or those of a third party)) and there is something about your particular situation which makes you want to object to processing on this ground;

11.1.9

the right to receive a copy of any information we hold about you (or request that we transfer this to another service provider) in a structured, commonly-used, machine readable format, in certain circumstances; and

11.1.10
the right to ask us to limit or cease processing or erase information we hold about you in certain circumstances.

11.2	Please note that we need to retain certain information for our own record-keeping purposes. We may also need to send you service-related communications relating to product or service requests even when you have requested not to receive marketing communications.

11.3

How to exercise your rights

You may exercise your rights above by contacting us using the details in paragraph 2 of this Privacy Notice, or in the case of preventing processing for marketing activities also by using the unsubscribe button at the bottom of our marketing emails. We will comply with your requests unless we have a lawful reason not to do so.

11.4	What we need from you to process your requests

11.4.1

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

11.4.2

From 25 May 2018, you will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

CHANGES TO THIS PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES

12.1
We may make changes to this Privacy Notice from time to time. We will post any changes to our site, or notify you of any material changes by e-mail

12.2

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us by updating your profile account information or contacting us via the contact details at the top of this Privacy Notice.

This Privacy Notice was updated on 18 May 2018.