PRIVACY POLICY

Last updated: 01-Apr-2019

In this privacy policy the following words have these meanings:

(a) 'We', 'Us', 'Our' means Alex Brooks, sole trader trading as Car-Lux;

(b) 'You', 'Your' and 'Yourself' means the person who is browsing this website or whose name is used to place an order;

(c) 'our services' means this website (www.carcleaningproducts.co.uk);

(d) 'personal information' means information that could identify you;

(e) 'processing' means collect, use, transfer and store.

1. INTRODUCTION

We are committed to protecting Your privacy and the confidentiality of Your personal information. This privacy policy describes what information We collect from you, how We use this information and how We protect it. It also covers information that You provide to Us, and includes information that could identify You personally and information that could not. This privacy policy also tells You about Your privacy rights and how the law protects You.

Our privacy policy complies with current UK law, including the General Data Protection Regulation (GDPR) 2016 and the UK Data Protection Act 2018. The law requires Us to tell You about Your rights and Our obligations to You with regards to the processing and control of Your personal information. We do this below, in Section 10 of this privacy policy, and by requesting that You read the information provided on the Know Your Privacy Rights website.

2. WHO IS THE DATA CONTROLLER?

For the purposes of the General Data Protection Regulation (GDPR) 2016 and the UK Data Protection Act 2018, the data controller for any personal information We hold about You is Alex Brooks, a sole trader trading as Car-Lux.

Under the law, the data controller is responsible for ensuring that Your legal rights regarding Your personal information are respected, that You are provided with accurate information about how Your personal information is used, and that Your personal information is held securely. If You have any questions or concerns about Our use of Your personal information, please e-mail privacy@carcleaningproducts.co.uk.

3. WHAT INFORMATION DO WE COLLECT?

We collect only the information we require in order to enable us to provide our services to you. Some of this information is personal information and some of it isn't, as described in the following scenarios:

(a) when you browse our website we collect your internet protocol (IP) address (which is personal information) and anonymised data about your browser type and version, your operating system type and version, your screen size and display settings, your time zone and location settings, and the pages you visit and how you interact with them (none of which is personal information);

(b) if you subscribe to our newsletter service we collect your e-mail address (which is personal information);

(c) if you create an account we collect your first name, last name, e-mail address, and the password you specify (all of which is personal information);

(d) if you place an order, we collect all of the personal information we need to process your order, including your first name, last name, e-mail address, delivery address, telephone number, billing address (if different to your delivery address) and payment details;

(e) if you contact us using the contact form provided on our website, we collect your name and e-mail address (all of which is personal information), along with the details of your query (which may or may not contain additional personal information provided by you);

(f) if you contact us by sending us an e-mail directly, we collect your e-mail address (which is personal information), along with the details of your query (which may or may not contain additional personal information provided by you);

(g) if you contact us by telephone we may ask you to provide us with more information to help us resolve your query (some of which may be personal information).

4. HOW DO WE USE THE INFORMATION WE COLLECT?

We process the information we collect in the following ways:

(a) We use the personal information we collect when you browse our website to provide you with the ability to navigate the site, add products to the cart/basket and complete the checkout process, and we use the anonymised data we collect when you browse our website to analyse how the site is being used, in order to make improvements to it;

(b) We use the personal information we collect when you subscribe to our newsletter service to send you newsletters by e-mail whenever new products are added to our website or special offers go live;

(c) We use the personal information we collect when you create an account to recognise you on return visits and provide you with the ability to save your addresses, view your order history and save your payment methods;

(d) We use the personal information we collect when you place an order to allow us to fulfil our contract of sale with you (including taking payment and performing anti-fraud checks, dispatching and delivering your order, providing status updates, handling cancellation and return requests, and resolving any issues arising), and to send you review requests by e-mail afterwards;

(e) If you provide us with personal information belonging to somebody else when you place an order (i.e. the delivery address of a family member or friend), we use that information to fulfil part of our contract of sale with you, namely dispatching and delivering your order;

(f) We use the personal information we collect when you contact us using the contact form provided on our website to send you a reply by e-mail;

(g) We use the personal information we collect when you contact us by sending us a direct e-mail, to send you a reply by email;

(h) If we collect any personal information when you contact us by telephone, we use that information to help us resolve your query.

5. UNDER WHAT LEGAL BASES DO WE PROCESS THE INFORMATION WE COLLECT?

Under the law, we must have a valid reason for using your personal information (and personal information belonging to somebody else that you provide us with) and we must not collect, use or store data about you that is not compatible with that reason. The law defines six valid reasons (bases) for processing personal information; contract, consent, legitimate interest, legal obligation, vital interest and public task. Of these six reasons, we process the personal information we collect under the first four, as follows:

Most of the personal information we process is necessary to allow us to fulfil our contract of sale with you when you place an order, e.g. your e-mail address is used to send you confirmation of the order and status updates, your name and delivery address is used to dispatch and deliver your parcel, your telephone number is used to send you tracking updates and contact you about any issues arising, your billing address is used to process your payment and perform anti-fraud checks, and your payment details are used to take payment;
Some of the personal information we process is necessary to allow us to provide you with services that you have provided your consent for, e.g. if you subscribe to our newsletter service you are consenting to allow us to send you newsletters by e-mail, and if you create an account you are consenting to allow us to recognise you on return visits and provide you with the ability to save your addresses, view your order history and save your payment methods. If you have provided your consent to our use of your personal information, you are entitled to withdraw your consent at any time;
Some of the personal information we process is necessary on the basis that we have a legitimate interest in doing so. When we process personal information on this basis, we do so after having given careful consideration to whether the same objective could be achieved through other means and whether you would expect us to process your data and consider it reasonable to do so. For example, we use the personal information we collect when you browse our website to provide you with the ability to navigate the site, add products to the cart/basket and complete the checkout process, because we have a legitimate interest in making sure our website works properly and enables you to place orders;
Some of the personal information we process is necessary because we must comply with our legal obligations, e.g. we are required by law to store order records for six years from the end of the financial year to which they relate.

The legal basis for each of the ways in which we use your personal information is as follows:

Our use of your personal information is necessary on the basis that we have a legitimate interest in making sure our website works properly and enables you to place orders. Our collection and use of anonymised browsing data is subject to your consent, which you may provide or withdraw at any time using the cookie control tool that is accessible at the bottom of our website on all devices. More information about our use of cookies is provided in Section 11 below (Our use of cookies).

(b) We use the personal information we collect when you subscribe to our news blast service to send you newsletters by email whenever new products are added to our website or special offers go live;

Our use of your personal information is necessary on the basis that you have provided your consent for us to send you newsletters by e-mail whenever new products are added to our website or special offers go live.

Our use of your personal information is necessary on the basis that you have provided your consent for us to recognise you on return visits and provide you with the ability to save your addresses, view your order history and save your payment methods.

Our use of your personal information is necessary on the basis that we have a contract of sale with you, which involves taking payment and performing anti-fraud checks, dispatching and delivering your order, providing status updates, handling cancellation and return requests, and resolving any issues arising.

Our use of your personal information is necessary on the basis that we have a legitimate interest in soliciting feedback from you about your level of satisfaction with the products and/or service you received from us, in order to improve our services.

Our use of your personal information is necessary on the basis that we must comply with our legal obligations, e.g. we are required by law to store order records for six years from the end of the financial year to which they relate.

Our use of their personal information is necessary on the basis that we have a contract of sale with you, under the terms of which you have specified an alternative recipient to whom we must dispatch and deliver your order.

(f) We use the personal information we collect when you contact us using the contact form provided on our website to send you a reply by e-mail;

Our use of your personal information is necessary on the basis that we have a legitimate interest in replying to unsolicited e-mails from you to help resolve your queries.

(g) We use the personal information we collect when you contact us by sending us a direct e-mail, to send you a reply by email;

Our use of your personal information is necessary on the basis that we have a legitimate interest in replying to unsolicited e-mails from you to help resolve your queries.

(h) If we collect any personal information when you contact us by telephone, we use that information to help us resolve your query;

Our use of your personal information is necessary on the basis that we have a legitimate interest in answering your calls and helping to resolve your queries.

6. WHO PROCESSES THE INFORMATION WE COLLECT?

Your personal information will be processed initially by internal staff members of Car-Lux, who have been specifically trained and authorised for this task. In carrying out the processing, your personal information will also be transmitted to third parties that we use to provide our services. These third parties have been assessed and offer a guarantee of compliance with the legislation on the processing of personal information. These parties are designated as data processors and carry out their activities under the control of, and according to instructions issued by, Car-Lux.

The third parties in question belong to the following categories (the examples provided for each category are not exhaustive, rather they are provided to offer a greater degree of recognition of the types of companies involved): banking service providers (Stripe, PayPal), courier service providers (Royal Mail) and website hosting (Wix.com).

Under some circumstances we may be required to disclose or share your personal information without your consent. For example, your data may be transmitted to the police, judicial and administrative authorities, in accordance with the law, for the investigation and prosecution of crimes, the prevention of and protection from threats to public security, to allow us to ascertain, exercise or defend our rights in court. We may also transfer your personal data to a buyer in the event that our assets are acquired by another organisation. If this situation ever arises, the purchaser will be required by law to process your personal information only as described in our privacy policy.

7. TRANSFER OF INFORMATION OUTSIDE THE EUROPEAN UNION

Some of the third parties listed in Section 6 of this privacy policy (Who processes the information we collect?) are located in countries outside of the European Union. Nevertheless, these countries offer an adequate level of data protection, as determined by the European Commission (Adequacy of the protection of personal data in non-EU countries). Furthermore, in each case, the third party's own privacy policy has been assessed and offers a guarantee of compliance with European Union legislation on the processing of personal information, via participation in an official legal framework (e.g. the EU-U.S. Privacy Shield).

8. HOW LONG DO WE KEEP THE INFORMATION WE COLLECT?

We keep your personal information for a limited period of time in line with our internal data retention policy. The specific retention period will vary according to the reason for processing your personal data. After this period, your data will be permanently erased or otherwise irreversibly anonymised. Currently, the specific retention periods we adhere to are as follows:

(a) We keep the personal information we collect when you browse our website until you close your browser or an hour passes by with no keyboard activity, or, if you are an account holder and you sign in, for two years (to ensure that any items you add to the basket are saved for your next visit). We keep the anonymised data we collect when you browse our website (if you provide us with your consent to do so) forever;

(b) We keep the personal information we collect when you subscribe to our newsletter service until such time that you choose to withdraw your consent by unsubscribing from the service using the unsubscribe link provided in a newsletter e-mail;

(c) We keep the personal information we collect when you create an account for six years after the date that you last sign in, or until such time that you choose to withdraw your consent by asking us to close your account. If you wish to withdraw your consent and close your account, please contact us using the details provided in Section 2 of this privacy policy (Who is the data controller?). Upon receiving your request we will close your account promptly;

(d) We keep the personal information we collect when you place an order for six years from the end of the financial year in which the order was placed. If you reply to a review request, we keep the personal information associated with the review for six years from the date you submitted the review;

(e) If you provide us with personal information belonging to somebody else when you place an order (i.e. the delivery address of a family member or friend), we keep that information for six years from the end of the financial year in which the order was placed;

(f) We keep the personal information we collect when you contact us using the contact form provided on our website for twelve months;

(g) We keep the personal information we collect when you contact us by sending us a direct e-mail for twelve months;

(h) If we collect any personal information when you contact us by telephone, we keep that information only for as long as it takes to resolve your query.

9. HOW DO WE KEEP THE INFORMATION WE COLLECT SAFE?

As we stated at the outset of this privacy policy, we are committed to protecting your privacy and the confidentiality of your personal information.

Car-Lux is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.

All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

10. YOUR PRIVACY RIGHTS

Every citizen of the European Union has specific privacy rights with respect to the processing of their personal information. Each of these rights is listed below, along with an explanation of how we meet our legal obligations with regard to respecting them:

(a) the right to be informed

We are required to tell you when we use your personal information, and explain why and how we use it, who we share it with, how long we keep it and how we keep it safe. We are also required to tell you about your rights with regards to the processing and control of your personal information. The information we provide to you must be easy to understand and easy to access, written in plain English and available free of charge. This privacy policy meets these requirements.

(b) the right to access

As well as having the right to be informed, you have a right to see exactly what personal information is being held by us. You have the right to request a copy of the data that we hold about you, and we will provide this to you free of charge once we have confirmed your identity. If you wish to see a copy of the data we hold about you, please contact us using the details provided in Section 2 of this privacy policy (Who is the data controller?). If we hold data about you we will: give you a description of it; tell you why we are holding it; tell you who it could be shared with; tell you how long we will keep it; tell you whether it has been used for automated decision making; tell you if it is stored outside of the European Union, and; tell you what safeguards are in place to protect it. We will do this in writing in a clear and concise way, within one month of receiving your request.

You have the right to ask us to correct any inaccuracies in the personal information we hold about you, and to stop us using your data until it has been corrected. We want to ensure that the personal information we hold about you is accurate and up to date, and we will be happy to correct or remove any information that isn't accurate. To report any inaccuracies or omissions, please contact us using the details provided in Section 2 of this privacy policy (Who is the data controller?). Upon receiving your request we will rectify your data promptly.

(d) the right to be forgotten

You have the right to request the deletion of all or some of the personal information we hold about you. You are required to provide a reason for the request, such as you believe that the legal basis for processing your personal information is no longer valid, or it was unlawfully collected or used, or it needs to be erased to comply with a legal obligation. To request the erasure of all or some of the personal information we hold about you, please contact us using the details provided in Section 2 of this privacy policy (Who is the data controller?). Upon receiving your request we will review it, and if we agree with it we will delete the specified data promptly. If we disagree with it, e.g. because we are under a legal obligation to keep the data, we will respond to you promptly explaining why.

(e) the right to restrict processing

You have the right to ask us to stop processing your personal information at any time. You will need to explain the reasons behind your request and allow us time to consider your request and respond. During this interval we will restrict the processing of your personal information. In each case we will discuss your request with you and agree on a satisfactory solution before we begin processing your personal information again.

(f) the right to data portability

You have the right to ask us to share any personal information we hold about you, that we currently process on the basis of there being a contract between us or you having provided your consent for us to do so, with other organisations. If we receive such a request from you, we will prepare the data in a standard format such as a comma separated values (CSV) file, store it securely on a server and then make it available on demand to the organisations you specify. We will do this within one month of receiving your request.

(g) the right to object

You have the right to object to the processing of your personal information in cases where you have valid grounds to object (relating to your particular situation), or our legal basis for processing your personal information is our legitimate interests, or our use is for direct marketing or statistical purposes. If you wish to raise an objection under any of these grounds, please contact us using the details provided in Section 2 of this privacy policy (Who is the data controller?). Upon receiving your request we will restrict the processing of your personal information while we discuss your request with you and agree on a satisfactory solution. If your objection concerns our use of your information for direct marketing, we will stop using your data immediately and permanently erase it. Similarly, if we agree with your objection on other grounds, we will stop using your data immediately and permanently erase it. However, in certain situations we may need to keep a small amount of your personal information in order to prevent future processing. For example, if you wish to continue to use all of our services but opt out of receiving review requests by email, we will need to continue to store your email address in a specific database so as to ensure that no further requests are sent to you. In each case we will discuss your request with you and agree on a satisfactory solution before we begin processing your personal information again.

(h) rights relating to profiling and automated decision-making

Profiling can form part of an automated decision-making process, where a decision affecting you and based on your data is made without any human involvement. If the effect of the decision adversely affects your legal rights, or the effect of the decision could be significantly detrimental, then a decision cannot be made only by automated means; it must be made or reviewed by a human. We do not perform profiling or employ automated decision-making at Car-Lux.

To exercise any of the above rights, please contact us using the details provided in Section 2 of this privacy policy (Who is the data controller?). To ensure that your data is not subject to illegitimate use by third parties, we will ask you to confirm your identity before carrying out any request.

11. OUR USE OF COOKIES

Cookies are small pieces of data that are downloaded to your computer or mobile device when you visit a website or application. There are two main types of cookies:

Session (transient) cookies: These cookies are erased when you close your browser and are not used to collect information from your computer/device. They typically store information in the form of a session identification that does not personally identify you.
Persistent (permanent or stored) cookies: These cookies are stored on your hard drive until they expire (at a set expiration date) or until they are deleted. Persistent cookies are used to collect identifying information about you, such as tracking your session or remembering your preferences on our website.

Take a look at the table below to view which cookies Wix places on www.carcleaningproducts.co.uk:

Measuring website usage (Google Analytics)

We use Google Analytics software (Universal Analytics) to collect information about how you use www.carcleaningproducts.co.uk. We do this to help make sure the site is meeting the needs of its users and to help us make improvements.

Google Analytics stores information about:

the pages you visit
how long you spend on each page
how you got to the site
what you click on while you’re visiting the site

We do not collect or store your personal information (for example your name or address) so this information cannot be used to identify who you are. We do not allow Google to use or share our analytics data.

Google Analytics sets the following cookies:

12. LINKS TO OTHER WEBSITES

In an attempt to provide you with increased value, we may include third party links on our website. These linked sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these linked sites (including if a specific link does not work).

If you go to another website from this one, read the privacy policy on that website to find out what it does with your information. If you come to www.carcleaningproducts.co.uk from another website, we may receive information from the other website. We do not use this data! You should read the privacy policy of the website you came from to find out more about this.

12. COMPLAINTS

If you are not happy with our privacy policy or you wish to make a complaint about our processing of your personal information, please contact us using the details provided in Section 2 of this privacy policy (Who is the data controller?). If a dispute arises that we are unable to settle, then we hope you will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration. However, if you believe that we are processing your personal information in contravention of the law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO)

via the following link: https://ico.org.uk/make-a-complaint/

13. CHANGES TO THIS PRIVACY POLICY

We may update this privacy policy in order to reflect changes to our services and amendments to the law, so please review it frequently. If we make changes to this policy we will update the 'Last updated' date, located at the top of this page. Any changes to this privacy policy will apply to you and your data immediately.