We take data protection and management very seriously. In line with data regulations, we strive to always safeguard and preserve your privacy when you visit our website or whenever you communicate with us.
We are committed to ensuring that your privacy is protected, pursuant to compliance with the UK Data Protection Act (DPA) prior to May 25th 2018, and EU General Data Protection Regulation (GDPR) thereafter. We are also compliant with the PCI Data Security Standard (PCI DSS) — this means we are required to regularly audit our processes and systems to ensure that any data we receive from you is handled according to strict guidelines.
Should we ask you to provide certain information by which you can be identified when using this website, you can be assured that it will only be used in accordance with this policy. We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
What information do we collect about you?
Information that you give to us
We collect personal data from you when you register on this website, place an order, sign up for our mailing list or fill out a web form. Where we ask for your data we will specify the purpose for which it is being requested, and we will not use this data for any other purpose, or store it for longer than is necessary to fulfill out contractual obligations to you, or where it is necessary for our legitimate interest or legal basis.
The categories of personal data we may request include your name, contact information (email, postal address and phone/mobile number), general information about you such as your experience with us, and our products and services. We may also keep copies of any correspondence you send us which may include personal data.
Information collected via automated means
We also obtain some of your personal data by automated means when you visit the website. We collect the IP address of the device you use to connect to the Internet, the geographical location of your device, the browser you are using, the type of device you are using (tablet, mobile, desktop), the URL you came from and the web pages you access. We use this data to better understand how you use the website, and to improve your experience when using it.
How do we use your personal data?
We are required by law to provide you with information about the purposes for which we use your information and the legal justification for us to use that information. For example, there may be a legal justification for us to use your personal data where:
- We need to use your information to perform a contract with you or to fulfil a request originated by you.
- You have given your consent to us using your information.
- Using your information is in our legitimate business interests (provided these interests are balanced against your rights).
- We need to process your personal data to comply with legal obligations to which we are subject.
The table below sets out the different purposes for which we may use your personal data and the legal basis for each one. Note that the purposes for which we use your personal data may change from time to time, in which case we will update this policy.
|We may use your personal data to||How do we use personal data for this purpose?||Legal basis|
|Improve your experience on our website||We use personal data such as your IP address, demographic information, site usage information and purchase history to improve your experience on our website. We may use this information to track your activities on our website; to recognise your computer or device so that you are able to save your preferences and stay logged in to the website without having to re-enter your account credentials; to preserve the contents of your shopping cart and remind you if you have left items in it, or to remind you if you left the website without adding items to your cart; and to otherwise enhance, monitor and analyse your usage of the website.||Our legitimate business interests in providing the best shopping and browsing experiences to our customers and visitors, to enable the use of our website and functionality and to protect their operation, to identify and resolve possible technical issues, and to continuously improve and protect our company, property and customers against fraud (referred to as “our legitimate interest”)|
|Identify you when you contact us||We may use your name, email address, postal address, telephone number or purchase information to identify you when you contact us, for the purposes of processing and fulfilling your requests for products and services and keeping you informed about your requests.||Performance of our contractual obligations, our legitimate interest, or your consent.|
|Detect and prevent fraudulent transactions||We may need to process your personal data in order to keep your payments safe and secure and protect against fraudulent transactions.||It is in our legitimate interests to process personal data to keep our customers' payments secure.|
|Comply with legal obligations to which we are subject||We may need to process your personal data to comply with legal obligations binding or accepted by us. For example, we may need to retain your transaction records for a period of time to comply with tax or accounting requirements, or disclose your personal data where we are subject to a court order to do so.||Compliance with our legal obligations.|
|Product development, to understand what products and services you might prefer, and tailor your experience according to your preferences||We use personal data (such as your name, email address, postal address (including postcode), telephone number, date of birth, order history, IP address; preferences, and site usage information) to better understand you and your preferences so that we can provide you with tailored offers and personalise your experience on our website, and with our company as a whole.||Our legitimate interest, or your consent.|
|Send you communications regarding your order or your account||We use your personal data to send you electronic communications about your order or your account, for example to let you know when your order has been shipped, or changes that you or we make to your account.||Performance of our contractual obligations, our legitimate interest or your consent.|
|Carry out surveys, research, analysis and customer profiling||We use your personal data to carry out market research and build profiles of our customers. This is to help improve our products and services, advertising and marketing, Website content, customer service, business planning, online and offline operations and your overall customer experience.||Our legitimate interest, or your consent.|
|Invite you to Proto-col events that you may be interested in||We may use the contact information you provide to us (such as your name, address, telephone numbers and email address) to invite you to Proto-col events you may be interested in, provided this is in line with your marketing choices.||Our legitimate interest or your consent.|
|Answer your general or product inquiries||We use your personal data including account or order information to answer your queries about the website and any other general enquiries you make.||Performance of our contractual obligations, or our legitimate interest.|
|Resolve complaints and other customer service issues (e.g. organising returns)||We use your personal data including account or order information when we deal with complaints or other customer service issues, such as organising replacement products and returns.||Performance of our contractual obligations, or our legitimate interest.|
|Defend our legal rights and to protect the security or integrity of the website, our customers and our business in general||We may need to process personal data in order to defend our legal rights, for example to enforce our terms and conditions or to collect unpaid debts that we are owed. We may also need to process personal data to protect the security and integrity of our website, our customers and our business in general.||Our legitimate interest.|
|Send you newsletters and marketing information about our products and services||We use your personal data to send you newsletters and other information about products and services that you may be interested in, provided this is in line with your marketing choices. You can unsubscribe from marketing communication at any time by following the instructions in any of the messages you receive.||Our legitimate interest or your consent.|
How do we protect your personal data?
We use Secure Sockets Layer (SSL) software and Transport Layer Security (TLS) 1.1 or higher to protect your online transactions. SSL/TLS encrypts the personal data you provide to us before travelling over the internet. We maintain appropriate administrative, technical and physical safeguards to protect the personal data you provide to us against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use and other unlawful forms of processing.
Where we have given you (or where you have chosen) a password to access your account or other privileged areas of the website, you are responsible for keeping this password confidential.
Processing your payments – card security
When you place an order on this website your payment details are transmitted over an encrypted connection to our third-party payment processors. During this process you are redirected to the payment processor's website (in the case of SagePay this appears as an embedded "frame" within our website). Your card details are only seen and processed by these payment processors – we do not receive these details, only confirmation that payment was authorised or declined.
Your data protection rights
You have the following rights in relation to your personal data:
- Access — you have the right to request a copy of the personal data we are processing about you, which we will provide back to you in electronic form. For your own privacy and security, in our discretion we may require you to prove your identity before providing the requested information. If you require multiple copies of your personal data, we may charge a reasonable administration fee where we are permitted to do so in accordance with the GDPR.
- Rectification — you have the right to have incomplete or inaccurate personal data that we process about you rectified. Note that you can always make certain adjustments to certain personal data directly through your online account.
- Deletion — you have the right to request that we delete personal data that we process about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
- Restriction — you have the right to restrict our processing of your personal data where you believe such data to be inaccurate, our processing is unlawful or that we no longer need to process such data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it.
- Portability — you have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another Data Controller, where this is (a) personal data which you have provided to us, and (b) if we are processing that data on the basis of your consent (such as for direct marketing communications) or to perform a contract with you.
- Objection — where the legal justification for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.
- Withdrawing Consent — if you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt out from marketing messages that you receive from us. You can unsubscribe from marketing communications at any time by following the instructions in any individual message. The legality of the processing of your personal data prior to you withdrawing your consent remains unaffected by this.
Who do we share information with?
We do not disclose personal data to any third-party except where it is necessary to fulfill our contractual obligations to you, or to improve your experience whilst visiting the website, with our products and services, and the company as a whole.
Where personal data is disclosed we reveal only the minimum required to ensure the service provider is able to perform their duties, to facilitate your purchase or other interaction with our website and company.
For example: when you place an order or update the address book on your account we provide a "postcode lookup" tool which automatically fills in an address based on the postcode, or partial address, you enter. This is done as a convenience to you, to reduce the amount of typing that would otherwise be required. When you complete payment for an order, we submit the basic details of your order to the payment processor so that it is possible to identify your payment at a later date if you make an inquiry about it. In both these cases this exposure of data is necessary for us to perform our contractual obligations to you.
Cookies are small text files that are downloaded and stored on your device when you visit most websites, including ours. These cookies allow a website to customise its behaviour and experience towards you, offer bespoke functionality and to improve your overall experience when using it. If you do not want cookies to be used you can disable them by configuring the relevant settings in your web browser. Please note that disabling cookies may restrict the functionality of the website, and limit what services we are able to provide to you.
Links to external websites
How long do we keep your personal data?
Your personal information is processed by us and/or our service providers only for the period necessary for the purposes for which the information is collected, or where we are relying upon your consent until you withdraw that consent. When we no longer need to use your information for those purposes or if we are relying on your consent where you withdraw that consent, we will remove it from our systems and records or take steps to anonymise it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which we are subject).
How to contact us
- submit your request using our contact form
- send an email to us at firstname.lastname@example.org
- call us on 0333 000 7788
- write to us at: On-Group Ltd, Unit 5, Brook Lane, Westbury, Wiltshire, BA13 4ES
Want to work with us?
Please click here to learn more about our data management obligations.