Deborah Online

Last updated: 12 November 2021

The website www.deborahonline.com (the Site) is operated by Deborah Online 
(“we”, “us”, “our”), a business trading in England and Wales.

We are committed to protecting your privacy and complying with our data protection obligations under the Data Protection Act 2018 (the DPA 2018), the UK General Data Protection Regulation 2016/679 (the UK GDPR) and any other applicable UK legislation (together, Data Protection Law).

When you interact with us or use the Site, we act as the data controller of your personal data. This means that we are responsible for processing your personal data and deciding how to use it. This privacy policy explains the types of personal data we may collect about you when you interact with us, why we collect it, what we use it for and what rights you have over that data. Personal data is any information about an identifiable person. Processing is anything we do with your personal data, including using, storing, sharing and deleting it.

This policy was last updated on the date shown at the top. We may change this policy at any time by posting an updated version on the Site and will make reasonable efforts to bring any material changes to your attention. You may wish to check it before using the Site as any changes will be effective from the date that they are made.

CONTACT INFORMATION

If you have any concerns or would like further information about our use of data or this policy in general, you can contact us at deborah@deborahonline.com.

WHAT INFORMATION DO WE COLLECT?

We collect, store and use the types of personal data set out in the table at the end of this policy.

HOW WILL WE USE YOUR PERSONAL DATA?

We will use your personal data for the purposes set out in the table at the end of this policy.

HOW DO WE SHARE YOUR PERSONAL DATA?

When we share personal data, we do so in accordance with Data Protection Law. We may share certain personal data, where necessary, with employees, contractors, consultants or advisers, to facilitate sales and for general commercial purposes.

In addition, where necessary, your personal data may be shared:

  • with parties who provide products or services to us, such as, user analytics,
    email services, Google Analytics, MonsterInsights etc.

We may also provide third parties with aggregated but anonymised information and analytics about our customers. Before we do so we will make sure that it does not identify you.

THIRD PARTY LINKS

This Site contains links to other websites over which we have no control. We are not responsible for and do not review or endorse the privacy policies or practices of other sites which you choose to access from this Site. We encourage you to review the privacy policies of those other sites, so you can understand how they collect, use and share your personal information.

YOUR RIGHTS

We respect your rights to privacy and will respond to requests for access or control over information about you in accordance with Data Protection Law. We may require you to verify your identity before we take any action.

Depending on the reason we have your personal data, you have a right to:

  • access the personal information we hold about you (commonly known as subject access);
  • request that we correct or complete personal information we hold about you that is inaccurate or incomplete;
  • request that we erase your personal information in some circumstances, or object to our processing it as detailed at paragraph 7.5;
  • restrict how we use your personal information, in certain circumstances;
  • request that we provide you with copies of your personal information in a machine-readable format or transfer it across different services; and
  • where we have asked for your consent to process your data, to withdraw this consent.

These rights are limited in some situations under Data Protection Law – for example, where we can demonstrate that we are under a legal obligation to process your data.

If you wish to exercise any of these rights, please contact us at deborah@deborahonline.com

YOUR RIGHT TO OBJECT

You have a right to object to our processing of your personal data and ask us to stop doing so. If we are processing your personal data for direct marketing purposes (which includes profiling to the extent that it is related to such direct marketing) and you object to this, we will stop processing your personal data immediately.

If our processing of your personal data is in the public interest or pursuant to our legitimate interests and you object to this, we will stop processing your personal data unless we have compelling reasons which override your interests, or our use of your personal data is for the establishment, exercise or defence of legal claims.

We hope that we can satisfy any queries you may have about the way we process your data. However, if you have unresolved concerns you also have the right to complain to data protection authorities (in the UK, the Information Commissioner’s Office). You can call the ICO on 0303 123 1113 or go to their website: https://ico.org.uk/make-a-complaint/).

DATA RETENTION

Your personal data will only be kept for as long as necessary for our purposes.

DATA PROTECTION PRINCIPLES

We process your personal data in accordance with the following principles:

  • we process your personal data lawfully, fairly and in a transparent way;
  • we collect your personal data for specified, explicit and legitimate purposes; any further processing we do is compatible with the original purposes for which for which we collected it;
  • we only process personal data which is adequate, relevant and limited to what is necessary to achieve the purpose for which it is processed;
  • we take reasonable steps to ensure that all personal data is accurate and kept up to date where necessary;
  • we do not store personal data in a form which identifies you for any longer than is necessary for the purposes of processing; and
  • we process personal data securely and in a way that protects against unauthorised or unlawful processing, accidental loss, destruction or damage.

When we ask for your personal data we will tell you whether you are required by law or contract to provide it, and what will happen if you do not provide the data.

WHAT IS OUR LAWFUL BASIS FOR PROCESSING?

We will only process personal data when we have a lawful basis for doing that processing. The table at the end of this policy sets out the lawful basis we rely on for each type of data we process.

We will choose one of the lawful bases in the UK GDPR to justify how we use your personal data. These are:

  • Consent: You have given consent to the processing of your personal data for one or more specific purposes.
  • Contract: The processing is necessary for the performance of a contract with you or in order to take steps at your request before entering into a contract.
  • Legal obligation: We need to process your personal data to comply with a legal obligation.
  • Vital interests: The processing is necessary to protect the vital interests of you or another person.
  • Public interest: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of some official authority.
  • Legitimate interests: Processing is necessary for the purposes of legitimate interests pursued by us or someone else, except where such interests are overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.

TABLE OF PERSONAL INFORMATION WE USE

The table below sets out detailed information about our purposes for processing, the basis for processing and the retention period for the personal data.

Category of
personal
data 		Purpose of
processing 		Lawful basis of
processing 		Retention
period
Name and
contact details		To send you
order updates

For fraud
prevention and detection

To contact you
with
information,
newsletters and marketing
materials about our products
and services 		Performance of contract
 
Compliance
with legal
obligation  
Consent 		For three years since you gave consent, or until you withdraw
consent if
earlier  
Payment
information   		To take
payment and
give refunds

For fraud
prevention and detection 		Performance of contract

Compliance
with legal
obligation   		For three years since you gave consent, or until you withdraw
consent if
earlier  
Contact history To provide
customer
service and
support 		Performance
of contract  

Legitimate
interests in
dealing with
complaints or
claims 		For six years
since you last
logged on to
the Site
Purchase
history   		To provide
customer
service and
support and
handle returns   To  find out
what products you like   		Performance
of contract  
Consent 		For three years since you gave consent, or until you withdraw
consent if
earlier  
Browser, device and Site usage
information 		To improve
the Site

To protect
the Site
against fraud

To set default
options for
you, such as
language and
currency 		Performance
of contract  

Legitimate
interest in
maintaining
our Site 		For three years since you last
logged on to
the Site  
Customer
comments and product reviews 		To improve our products and
services

Where relevant, to establish,
exercise or
defend legal
claims 		Performance
of contract
 
Legitimate
interest in
dealing with
complaints or
claims and
improving our
products
and/or services generally   		For six years  
Information
generated in
the course of
the use of our
products and
services   		For internal
research and
development
purposes

To improve
and test the
features and
functions of
our Site 		Performance
of contract
 
Legitimate
interest in
maintaining our Site and
improving our
products
and/or services generally   		For four years
Information
collected
through
cookies and
similar
technologies 		To conduct
and store site
usage analytics, statistical and
trend analysis
and market
research

To generate
customer
profiles to
facilitate
marketing
initiatives   		Consent For three years since you gave consent, or until you withdraw
consent if
earlier