SMILE GIFTS UK is committed to ensuring that your privacy is protected. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
SMILE GIFTS UK may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from April 2018.
If you reside in the EU and wish to raise a concern about my use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local data protection authority.
Why do we need your personal data?
We collect and process data in order to fulfil our contractual obligation to you, the customer. We need your personal data for the purposes of fulfilling your order, tracking your order and communicating with you regarding your order.
We also collect and process some of your data via cookies to help us improve the products and services we supply to you.
What Personal Data do we receive?
As well as cookies, our web server also stores your I.P. address to maintain your visitor “session” and we may also use this data for fraud prevention reasons.
With the above exceptions, we only receive personally identifiable information from you when it is voluntarily submitted by buyers when placing an on-line order with smile-gifts.co.uk and making payment via PayPal. The data we receive includes: name, billing address, delivery name, delivery address, email address, telephone number, date of order, items ordered, value of items ordered and chosen method of delivery.
We do not have access to your payment details as this is not provided to us by PayPal.
What do we do with the information we gather?
We use and/or store your data for the following reasons:
- Internal record keeping for Tax and VAT records
- To process and deliver your order
- To contact you regarding your order and update you on the progress of your order.
- We may use this data to improve our products and services.
Who do we share your details with?
We only share your details for the following purposes and situations:
- With Postal service providers and couriers to deliver your order (this will normally be Royal Mail).
- If we are required or permitted to do so by law
- It is required by law enforcement or fraud prevention
Your data may also be securely stored by cloud storage services and cloud hosting services for reporting and archiving purposes. We only store such information with services that meet the EU’s GDPR requirements and are also covered by the E.U.-U.S. Privacy Shield Framework where necessary.
For requests that require us to deliver outside of the E.U., the delivery service organisation may be required to share the recipient’s contact details with a sub-contracted non-EU delivery service.
We do not sell or rent personally identifiable information to any third party for any purpose unless we have your permission.
How can you find out what Personal Information we have about you?
Under the GDPR, buyers are entitled to obtain from us a copy of the data held concerning them and to have any inaccuracies in the data rectified. If we are requested by a customer to provide we will verify the identity of the person making the request using reasonable means. We are obliged to provide this data to you within 1 calendar month and free of charge. However, we have the right to refuse or charge for requests that are manifestly unfounded or excessive and repetitive.
If you would like a copy of the information held on you, please contact us at firstname.lastname@example.org.
How long do we hold your personal data?
We may retain your personal data for up to seven years in order to comply with HMRC filing regulations.
Can you ask us to delete your personal data?
We have the right to retain personal data used for our record keeping for tax and VAT purposes.
If a request is made to delete/amend personal data that we have which is not needed by us as a reasonable business or legal requirement, we will delete/amend this records within a reasonable amount of time (28 days from the date of request) and inform the customer once this is done in writing (either via email or letter)
If you would like to request deletion of your data, please contact us at email@example.com.