This privacy notice sets out how we use and manage your personal data. Where we refer to “personal data” in this privacy notice, this means data which relates to you and which personally identifies you either directly or indirectly.
A data controller is an organisation that collects and uses personal data and has responsibility for how the personal data is used and managed.
A data protection officer is the person in an organisation who has responsibility for monitoring compliance with the law and for ensuring that personal data is protected within an organisation.
The Real Meat and Milk Company provides your goods and is the data controller of personal data that you provide when you order goods.
In the context of this privacy notice, when we use the term ‘we’ it means The Real Meat and Milk Company
The Data Protection Officer for The Real Meat and Milk Company can be contacted on email@example.com
How We Use Your Data
We use your personal data to provide goods and services to you and to enter into and administer any credit accounts you may have with us.
We will use your personal data in the following ways:
We will collect personal data directly from you when you purchase goods or services, apply for a credit account, or change any of your details (such as your name or address) via My Account. We require you to provide personal data in order to assess whether to enter into a contract with you or to perform our contract with you and if you do not provide the personal data we request, we will be unable to enter into or fulfill this contract.
We obtain data from third party sources such as fraud prevention agencies and publicly available information relating to you on the internet (for example on social media websites).
We may also obtain personal data from third party companies for the purposes of sending marketing communications to you. Such marketing communication may be sent by ourselves or by the third parties. These third parties must check you have given your permission for such contacts to take place.
We need to process your personal data for a number of different reasons and these are our legal bases for processing. We also need to keep your personal data for as long as is necessary for us to operate our business and to comply with legal and regulatory obligations.
We rely on one or more of the following legal bases for processing personal data:
We need to process your personal data to fulfil our contract with you or to assess whether to enter into a contract with you, whether this is in selling and delivering goods and services to you or providing credit facilities or other financial services products to you.
When we process personal data to fulfil our legitimate interests we will use it in a way in which you would reasonably expect and which will have a minimal privacy impact. When we or third parties are relying on legitimate interests we will balance our interests against your interests and the privacy impact of the processing on you and we will process your personal data responsibly.
Examples of our legitimate interests are: direct marketing, fraud prevention, preventing and investigating crime, assessing affordability and credit worthiness, IT security and development by us and third parties of new products and services.
We have to comply with relevant law and regulation in order to provide retail and financial services products and we will need to process your personal data in order to comply with these legal obligations.
If we are relying on consent as our legal basis to process your personal data, you have the right to withdraw consent at any time.
We will keep your personal data for the purposes set out in this privacy notice and only for as long as any legal basis continues to apply. Below is a non exhaustive list of some of the reasons we need to retain your personal data:
The length of time we need to keep the personal data will vary depending on the nature of the personal data and the reason we are obliged to hold it. We will apply appropriate risk based measures to protect your personal data which may include pseudonymising or anonymising the personal data. If personal data is pseudonymised, this means it is de-identified so you are no longer identifiable, but we can re-identify you if we have a requirement to do so. If personal data is anonymised, it is de-identified, but can never be re-identified in the future.
Transferring personal data to other organisations needs to take place with appropriate safeguards and you can be assured that we will only share the personal data that is needed for these organisations to be able to provide the right service to you or support us in doing so.
We may transfer your personal data to the following third parties:
We will only transfer your personal data to third parties who adhere to appropriate data security standards and controls.
You have certain rights in respect of your personal data and we have processes to enable you to exercise these rights.
This is known as a Subject Access Request. If you want to know if we are processing personal data relating to you and to have access to any such personal data you can contact our Customer Services Team on firstname.lastname@example.org
If you believe that we hold inaccurate personal data about you, then you can either update this information directly by logging in to “My Account” and updating the relevant details or you can request that we carry out a review by contacting our customer services team on email@example.com. Depending on the type of personal data you believe is inaccurate, we may ask you for further proof to ensure that the personal data is being corrected properly. If we are satisfied that the personal data is inaccurate we will make the necessary changes.
You have a right to ask for your personal data to be erased in certain circumstances. However, this right does not apply where we have to comply with a legal obligation or where we need personal data for the establishment, exercise or defence of legal claims. Therefore we cannot comply with an erasure request where you have an open account, owe money or have otherwise bought products and services for which we must keep records. In addition, if you opt out of marketing communications or have previously opted out of marketing communications, we have to keep a record or such opt out to ensure that we don’t contact you in the future.
You have a right to request that processing of personal data is restricted in certain circumstances. However, we shall still continue to process the personal data for storage purposes, for the establishment, exercise or defence of legal claims or with your consent.
Where we are relying on legitimate interests as a legal basis to process your data, you have a right to object to such processing on grounds relating to your particular situation.
If you object to our use of your personal data for marketing purposes, we will opt you out of marketing. You can do this by logging into My Account and amending your preferences or you can call our Customer Services Team on 07920831398. You may also object to other processing when we rely on our legitimate interests as the basis for processing, but we do not have to stop the processing if we can demonstrate compelling legitimate grounds for the processing (taking into account our processing activities, the nature of our business and our legitimate interests) and that these grounds override your interests, rights and freedoms or in the event that we need the personal data for the establishment, exercise or defence of legal claims. To enable us to consider any objection we will need to know what specific interests, rights or freedoms relating to your particular situation you believe will potentially be put at risk by our processing. If we do stop processing your personal data (apart from for direct marketing purposes), this may affect our ability to trade with you.
From time to time, in deciding whether to enter into a contract with you, or during the ongoing performance of a contract, we take decisions based on automated processing which produces legal affects or similarly significantly affects you, for example, deciding whether to offer a credit facility or assessing a fraud risk. We use data from a variety of sources in our automated processing for credit scoring and fraud decisioning and we use statistical methods to produce the results. This logic helps us understand the risk posed by individuals by placing a weighting on certain criteria which is then calculated to give an overall score.
There are a number of consequences of such automated processing:
We also use automated processing in relation to the information we hold about you to make recommendations of products and services we think you would be interested in and to improve your experience when you visit our website by making it relevant and tailored to you.
In certain circumstances, you can request that we provide to you your personal data in a commonly used format. If you wish to make such a request, you can contact our Customer Services Team at firstname.lastname@example.org.
You have the right to lodge a complaint with the Information Commissioner and more details can be found on their website www.ico.org.uk.
Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
The personal data you have provided, we have collected from you, or we have received from third parties may include your:
When we and fraud prevention agencies process your personal data, we do so on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also necessary to enable us to enter into and perform our contracts with you.
We, and fraud prevention agencies, may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if:
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area.
They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
Your personal data is protected by legal rights, which include your rights to:
For more information or to exercise your data protection rights, please contact us using the contact details above.
You also have a right to complain to the Information Commissioner’s Office, which regulates the processing of personal data.
From time to time we may contact you with details on special promotional offers or products that we think you would be interested in, via Email, Telephone, SMS, Post or from specially selected Third Parties, If you do not want to receive these communications you can opt out in the following ways: