This privacy notice explains in detail the types of personal data we may collect about you and/or your business when you interact with us. It also explains how we’ll store and handle that data, and keep it safe.
As part of our attitude to customer service and transparency, we want you to be fully informed about your rights, and how The Island Railway Shop uses your data.
We hope the following sections will answer any questions you have but if not, please do get in touch with us.
Who are we?
We are The Island Railway Shop – which we’ll refer to as ‘the Company’ in this document.
For simplicity throughout this policy, ‘we’ and ‘us’ means the Company and its brands.
For clarity, we are The Island Railway Shop Limited, owned by Snell Mitchell & Co. Ltd., a company registered in England under number 08467682. Our registered office is at 7 King Street, Weymouth, DT4 7BJ, United Kingdom. We are the Data Controller.
When we can use your information
We collect and use your information in the following situations:
- Where our use of your information is necessary for us to perform the contract or contracts that we have with you.
- Where our use of your information is for the purposes of our legitimate interests.
- Where we believe it is necessary to use your information to comply with a legal obligation to which we are subject.
- Where we have your consent. You can find out more about the types of information, and when we collect data later in this policy.
Where we rely on your consent to use your information, you have the right to withdraw that consent at any time. Please see the ‘Your choices and rights’ section in this policy.
When do we collect your personal data?
Throughout your relationship with us, there will be occasions where we may collect your data. These may include;
- When you visit any of our websites, and/or use your account to buy products and services, or redeem offers from the Company on the phone, in person or online (online service not available in all territories).
- When you purchase a product or service on the phone or face-to-face, but don’t have (or don’t use) an account.
- When you apply for, or open an account with us.
- When you engage with us on social media.
- When you contact us by any means with comments, queries or complaints etc.
- When you enter a special offer, prize draw or other competition run by the Company or one of its brands.
- When you book any kind of appointment with one of our members of staff.
- When you choose to complete any surveys we may send you.
- When you comment on or review any of our products and services.
- When you fill in any forms in one of our offices, for example if you were to be involved in an accident.
- When you’ve given a third party permission to share information they hold about you.
Please note we collect publicly available data from sources where you have given your consent to share information, or where the information is made public as a matter of law.
It’s also worth bearing in mind that any individual may access personal data related to them, including opinions. So if your comment or review includes information about a team member or partner who provided that service, it may be passed on to them if requested.
What sort of personal data do we collect?
- If you have an online account with us, we will collect your name, date of birth (certain products only), invoicing/delivery address, email address, telephone number, VAT registration number (where provided/applicable) and any company registration information.
- We may also collect copies of any documents you provide in order to hold an account facility with us or where the law requires proof of identity either as an individual or as a corporate entity. In the case of the identification of company directors, proprietors and partners this may include copies of a driving licence, passport or otherwise which will provide your full name, address, date of birth, facial image and other identifying marks such as your gender or nationality.
- Details of any interactions with us by phone, in any physical location or online including via our social media channels.
- Details of your visits to any of our web sites, and which site you came from before you came to ours, for example, Google or Facebook.
- Details of any personal information which may help us recommend items of interest.
- In the case of contact via social media, your social media username, to help us respond to your comments, questions or feedback.
How we protect your data
We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
We secure access to all account and transactional areas of all of our websites using ‘https’ technology, where applicable. Access to your personal data is password-protected, and sensitive data is secured by SSL encryption.
We do not store data on credit or debit card payments made via our web sites, by phone or in branch.
How long we keep personal data
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
For example, as a one-off (or guest) customer when you place an order we’ll generally keep the personal data for a period of 7 years however this may be different for trade account customers, or where the product warranty period is longer.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning. This is also the case for technical and analytical information obtained using web sites tools and cookies.
Who will we share your information with?
We may share your information within the company between staff members as well as trusted third parties. For example;
- Other organisations and service providers including delivery companies and couriers (such as Royal Mail, GLS and ParcelForce Worldwide), engineers visiting your location, for fraud management, to handle complaints and so on.
- Our professional advisors and agents including IT support companies who support our websites and other business systems, sub-contractors, direct marketing companies who manage our electronic or postal communications, Google and/or Facebook to show you products which may interest you while you’re browsing the internet and so on.
- The police, any other law enforcement agency, court, regulator, government authority or other third party where believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our legitimate interests. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
We promise we’ll never share your details with anyone else.
Where your data may be processed
Sometimes we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA), such as Australia or the United States. This generally only applies to international orders and we will transfer the data that we collect from you to the United Kingdom.
For example, this might be required in order to fulfil your order, process your account application or payment details or provide after-sales support services.
Your choices and rights over your data
You have a number of rights in relation to your information, and can make a number of choices about how we collect and use it. For example, you have the right to request:
- Access to the personal data we hold about you, free of charge in most cases.
- The correction of your personal data when incorrect, out of date or incomplete.
- That we stop using your personal data for direct marketing (either through specific channels, or all channels as you prefer).
- That we stop any consent-based processing of your personal data after you withdraw that consent.
- Review by a staff member of any decision made based solely on automatic processing of your data (for example, where no human has yet reviewed the outcome and criteria for the decision).
You have a right to request a copy of any information held about you or your business that the Company holds at any time. To ask for this, please contact Data Protection Officer, The Island Railway Shop, PO Box 7363, Portland DT5 9AL. To ask for your information to be amended, please update your online account, where available, or contact your usual representative or our head office.
Just so you know, if we choose not to action your request we will explain to you the full reasons for our refusal.
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
How can you stop the use of your personal data for direct marketing?
There are several ways you can stop direct marketing communications from us:
- Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails from us. To make it easier, when you first purchase from us you are given the choice to op
- If you have an account and the service is available to you, log in into your account, visit the ‘My account’ or ‘Profile’ area and change your preferences where they are available.
- Write to us at The Island Railway Shop, PO Box 7363, Portland DT5 9AL.
- Email firstname.lastname@example.org with details of your request.
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
Contacting the regulator with any concerns
If you feel that your personal data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
Within the UK, you can contact them by calling 0303 123 1113 or visit their website at www.ico.org.uk/concerns.
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
Last updated: 8 April 2019.