Privacy Notice

Privacy Notice

Introduction

This Privacy Notice explains how Oates & Co. uses your data. This includes the types of personal data we may collect about you, how we store and handle that data, and how we keep it safe.

We hope this notice provides all of the information about our processes that you need, but if not, please get in touch and we will do our best to help.

We will probably need to update this notice from time to time. If you are subscribed to our database, we will notify you of any significant changes, otherwise you can always get the latest version by visiting our site.

The legal bases we rely on

The law on data protection provides several acceptable reasons why we can collect and process personal data. These include:

Contractual obligations – For example, when you place an order with Oates & Co., we collect your delivery address and we may pass this on to our couriers.

Legal compliance – For example, if we detect any fraudulent or other criminal activity, we can pass details of this on to the police.

Legitimate interests – In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. 

Consent – where you have given clear consent for us to process your personal data for a specific purpose.

When do we collect your data?

  • When you place an order with Oates & Co.
  • When you create an account with us
  • When you engage with us on social media
  • When you contact us to ask a question or raise a complaint
  • When you enter competitions that we run

What sort of personal data do we collect?

Data that we collect about you may include your name, billing and delivery address, email address, telephone number, and order details. We will also keep an encrypted version of the password you use to login to your account, if you have one.

We will also keep records of contact you have made with us whether that is by email, telephone or through the post, and details of your interaction with our website, social media sites and email campaigns.

Our site’s cookies also collect certain information – find out how we use cookies here.

We collect your payment information through our third party partners, Stripe and Paypal. We never receive nor store your full payment card details.

How and why do we use your personal data?

We collect your personal data mainly for the purposes of fulfilling orders placed with us.

We may also contact you from time to time with promotions, products, services and news that are likely to interest you because you have signed up to our enewsletter. You can unsubscribe from these at any time by using the link that is present on every email, or by emailing hello@oatesandco.com with “unsubscribe” in the subject line.

We may also use your data to comply with contractual or legal obligations to share data with law enforcement agencies, for example when a court order is submitted to share data.

How we protect your personal data

We treat your data with the utmost care and take all possible measures to protect it.

The transactional area of our website is protected using https technology.

Access to your personal data is password protected, and sensitive data such as payment card information is never passed to us.

We use Stripe and Paypal to process our payments; both of these providers have robust data protection policies (please note we are not responsible for the content of third party sites).

We regularly review and risk assess our systems and working practices to identify any data security risks, and put in place measures to mitigate these.

How long do we keep your data?

We only keep your personal data for as long as is necessary for the purpose for which it was collected.

At the end of this period, your data will be permanently deleted or fully anonymised.

Who do we share your data with?

We only share your data with trusted third parties, for example our courier/delivery partners.

We may occasionally engage the services of other companies that become data processors for Oates & Co. This could include a direct marketing agency, for example. When we do, we will always ensure they are fully GDPR compliant, and that we have written GDPR-compliant agreements in place with them.

What are your rights concerning your data?

You have the right to access any personal data we hold about you, to correct it, to withdraw your consent of its use (whether or not you consented in the first place) and the right to restrict its use. If you would like a copy of any data we hold about you, or if you would like to correct it, restrict its use, or withdraw your consent for its use, please contact us on hello@oatesandco.com. Alternatively, write to Oates & Co., 28 Runswick Drive, Nottingham, NG8 1JD.

If you would like to opt out from receiving email communications, please use the unsubscribe link which is present on every marketing email we send, or contact us on hello@oatesandco.com to request this. Alternatively, write to us at the same postal address shown above.

To protect your confidentiality when processing any request within this section, we will always check your identity first.

Questions

If you have any questions about our privacy notice, please contact us on hello@oatesandco.com and we will do our best to answer them.

If you have a complaint regarding your personal data, and have already contacted us to resolve it but are not satisfied with the resolution, you have a right to complain to the Information Commissioner at www.ico.org.uk/concerns or by calling 0303 123 1113.