Craig & Rose Limited Privacy & Cookies Policy

Version 3.0 - May 2018

Our commitment to protect your privacy

Craig & Rose recognises the importance of your privacy and how important it is for us to protect your personal information. We are committed to protecting personal information which we hold and to complying with all relevant data protection and privacy laws in the jurisdictions in which we operate. This document describes how we manage your personal information and safeguard your privacy.

We are committed to protecting your privacy. We will use your personal information in accordance with the Data Protection Act 1998, EU General Data Protection Regulation (GDPR), PCI-DSS, and European data protection legislation and other applicable laws and regulations that relate to data protection and privacy.

References to ‘Craig & Rose’, ‘we’ and ‘us’ include Craig & Rose Limited and its related entities, a company incorporated in England under number 09968464 with the registered address of Suite 1, 3rd Floor, 11-12 St. James’s Square, London, SW1Y 4LB .

Any changes we may make to this Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to this Privacy Policy. This Privacy Policy was last updated 24 May 2018.

How do we collect and hold personal information about you? 

The kinds of personal information we collect and hold will depend upon the type of products and services we provide to you or obtain from you. It may be contained in:

  • Information you give us when you request a product or service from us or enter a competition of ours;
  • Records of communications and other interactions you have with us (including telephone, email and online); and
  • If you have or had one of our products, information about the use of that product or your opinions about that product recorded when you respond to a survey.

This information may include your name, address, telephone numbers, email address, bank account and credit card details, date of birth, identification information and organisation.

The personal information we request is generally optional, but if you choose not to provide personal information to us, we may not be able to fulfil your request or provide you with the product or service you require. Sometimes, however, there are situations where we are required by law to collect certain personal information from you and, if this is the case, we will take reasonable steps to inform you of the law that imposes this requirement.

We generally collect personal information directly from you whenever it is reasonable practicable to do so. We may also collect personal information from other parties such as our related bodies corporate your agents or representatives (such as your legal or financial adviser) and from publicly available sources of information.

What do we do with the personal information we collect? 

We collect, use and disclose personal information to carry on our business; to provide, administer, improve and personalise our products and services; to identify and interact with our customers; to let our customers know about other products and services which might interest them; to assess and improve the quality of our products and services; to protect our lawful interests; to deal with our customers’ concerns and enquiries; and to assist us generally in managing transactions with our customers, suppliers, consumers and other contacts.

In order to provide the above product and services we collect information from you and this collection of data may occur when you:

  • Place an order for any Products
  • Make an enquiry (including about any of our Products or complete a form on one of our websites
  • Participate in discussion boards and/or other social media functions on our site
  • Products (including associated applications) that you use
  • Enter a competition, promotion or survey
  • Reviews that you submit about our Products
  • Register to use our site and/or subscribe to any of our Products
  • Correspond with us in relation to your account, our Products you have purchased (including post-sales support and warranties)
  • Report a problem with our site
  • Enquire about or submit an Employment application through our site 

Under data protection law, we can only use your personal information if we have a proper reason for doing so, for example:

  • to comply with our legal and regulatory obligations
  • for the performance of our contract with you or to take steps at your request before entering into a contract
  • for our legitimate interests or those of a third party; or
  • where you have given consent

 A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

The table below explains what we use (process) your personal information for and our reasons for doing so:

What we use your personal information for Our reasons 

To provide products and/or related information to you

For the performance of our contract with you or to take steps at your request before entering into a contract 

To comply with our legal and regulatory obligations

To prevent and detect fraud against you or us

For our legitimate interests or those of a third party, that is, to minimise fraud that could be damaging for us and for you

Conducting checks to identify you and verify your identity

Screening for financial and other sanctions or embargoes

Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business

To comply with our legal and regulatory obligations

Gathering and providing information required by or relating to enquiries or investigations by regulatory bodies

To comply with our legal and regulatory obligations

Operational reasons, such as improving efficiency, training and quality control

For our legitimate interests or those of a third party, that is, to be as efficient as we can so we can deliver the best service for you at the best price

Statistical analysis to help us manage our site and/or business: for example, in relation to customer base, Product range or other efficiency measures

For our legitimate interests or those of a third party: that is, to be as efficient as we can so we can deliver the best service for you at the best price

Preventing unauthorised access and modifications to our site and/or systems

For our legitimate interests or those of a third party- that is, to prevent and detect criminal activity that could be damaging for us and for you

To comply with our legal and regulatory obligations

Updating and enhancing customer records

For the performance of our contract with you or to take steps at your request before entering into a contract

To comply with our legal and regulatory obligations

For our legitimate interests or those of a third party – for example, making sure that we can keep in touch with our customers about existing orders and new products

Marketing our Products and, where agreed, those products of selected third parties to:

—existing and former customers;

—third parties who have previously expressed an interest in our Products;

—third parties with whom we have had no previous dealings.

For our legitimate interests or those of a third party, for example, to promote our business to existing and former customers

Credit reference checks via external credit reference agencies

For our legitimate interests or those of a third party – that is, to ensure our customers are likely to be able to pay for our products and services

Administering, managing and maintaining your accounts and/or subscriptions with us

For the performance of our contract with you or to take steps at your request before entering into a contract.

For our legitimate interests or those of a third party- that is, to be as efficient as we can so we can deliver the best service for you at the best price

Corresponding with you in relation to your account, our Products you have purchased (including post-sales support and warranties)

For the performance of our contract with you or to take steps at your request before entering into a contract

For our legitimate interests or those of a third party - that is, to be as efficient as we can so we can deliver the best service for you at the best price

Notifying you about changes to our Products and/or our site

For the performance of our contract with you or to take steps at your request before entering into a contract

For our legitimate interests or those of a third party, that is, to be as efficient as we can so we can deliver the best service for you at the best price

Customising our Products to provide more personalized content

Measuring or understanding the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you

For our legitimate interests or those of a third party, that is, to be as efficient as we can so we can deliver the best service for you at the best price

Note that we may process your personal data for more than one reason (lawful ground) depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific reason we are processing your personal data where more than one reason has been set out in the table above.

You have a right to be forgotten and have data erased and / or stop being processed where the personal data is no longer necessary for the purpose of collection, you withdraw consent, when you object to the processing or to comply with a legal obligation.

We will not erase your records as we need to maintain your transactional data for our legal obligations to the local tax and revenue authorities. What we will undertake is to anonymise your records, overwriting your personal data with fictional names, addresses and emails. Once this has been done it will be impossible to restore a single customer, and a new customer registration will be required.

The above table does not apply to special category personal information, which we will only process with your explicit consent.

Data may be aggregated into anonymised data sets, which means the data can no longer be linked to any individuals. This analysis may be used for such purposes (but not limited to) as product research, marketing and service optimisation and this anonymised data may also be shared with third parties such as advertising and market research partners.

We routinely share personal information with:

 

  • companies within our group
  • third parties we use to help deliver our Products to you – for example, payment service providers/gateways, warehouses and delivery companies;
  • other third parties we use to help us run our business – for example, marketing agencies or website hosts, marketing communication platforms, analytics and reporting systems;
  • third parties which operate review websites which provide you with an opportunity to share feedback on our Products with others. 

 

We may also exchange information with other Craig & Rose entities and with our service providers including our print service providers, call centres and mail houses, advertising agencies, accountants, auditors and lawyers, credit reporting and collection agencies, and providers of archival, banking, payment, data processing, data analysis, information broking, research, investigation, website and technology services.  We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers relating to ensure they can only use your personal information to provide services to us and to you.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

We may also disclose your personal information in corporate transactions involving the transfer of all or part of our assets (including debts) or business or in a corporate restructure.

As part of the products and services offered to you through our website, the information you provide to Craig & Rose may be transferred to countries outside of the European Economic Area (“EEA”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EEA or if one of Craig & Rose’s service providers is located in a country outside of the EEA. By way of example, this may also happen if you access  our website and receive the products and services in a country outside the EEA whether or not as a resident of one of these countries or as a visitor.

If you use Craig & Rose’s website or other services while you are outside the EEA, your information and content (containing third party personal data) may be transferred outside the EEA in order to provide you with those services.

The countries in which you receive or supply personal data or certain content may not have similar data protection laws to the UK. If Craig & Rose transfers your information and content outside of the EEA in this way, Craig & Rose will take steps with the aim of ensuring that your privacy rights continue to be protected as outlined in this privacy policy. However, members who access the website from outside the United Kingdom do so at their own risk and on their own initiative and are responsible for compliance with their own local laws, to the extent that any local laws are applicable when Craig & Rose transfers your information and content outside the EEA.

How do we protect your personal information? 

We have appropriate security measures to prevent personal information from being accidentally lost, or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. The information we collect via this website may include any personal details you type in and submit (such as your name, address, email address, etc.)

We hold personal information electronically and in hard copy form. We take reasonable steps to protect your personal information from loss, misuse, modification, or unauthorised access, use and disclosure. These steps include access control for our buildings, confidentiality obligations imposed on our employees and service providers and the use of security measures for computer system access. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Once we no longer require your personal information for any of the purposes for which it was collected we will, subject to any legal obligations and responsibilities, take reasonable steps to destroy or de-identify your personal information.

This privacy policy also applies to the websites operated by related entities of Craig & Rose and the other sites we operate on which this privacy policy is made available). 

The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our site; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

Cookie Policy

We operate websites which may utilise ‘cookies’ to collect personal information. A cookie is a small file that is stored on your hard disk by a website. Cookies contain information which is readable by the website that issued the cookie to you. Cookies cannot execute programs or access other information on your computer. Your web browser can be configured to reject cookies issued by our websites, but if you do so, some functionality that we provide on our websites may become unavailable as a result. Descriptions of the cookies used by us on our websites are provided in the Table below. This policy is applicable only to the use of cookies by us and does not cover the use of cookies by any third parties. 

 

cookie type  name  purpose  further   information

Google Analytics Cookies 

    utma, _utmb, _utmc, _utmz

The Platform uses Google Analytics cookies to collect information about how visitors use the Website,which the Platform use to help improve it. These cookies collect information in an anonymous form,including the number of visitors to the Website, where visitors have come to the Website from and the pages they visited.

  Google  Analytics Guide

 

If you transact electronically with another member of Craig & Rose, you should refer to the website of that member for more information on its website privacy and security procedures.

When you visit a website of ours, we may collect the following information from you: your IP address, domain name, the date, time and duration of your visit, the pages and documents you accessed, the previous site you had accessed (ie the referring URL), the type of browser you are using and information you volunteer such as survey information, name and email address. 

While we take care that the personal information you give us on our websites is protected, the Internet is not a secure environment. If you are considering sending us any personal information through one of our websites or by other means, please be aware that the information may be insecure in transit, particularly where no encryption is used (eg. email, standard HTTP). We are subject to laws requiring us to protect information once it comes into our possession.

You may be able to access external websites, operated by companies unrelated to us, by clicking on links we have provided. Those other websites are not subject to our privacy standards and we are not responsible for their privacy practices or the content of such other websites. You should contact those websites directly to ascertain their privacy standards, policies and procedures. 

Credit reporting

This section applies in relation to our handling personal information from credit reporting bodies (CRBs) and certain other consumer credit-related personal information described below (credit information). We generally handle credit information in the context of commercial credit rather than consumer credit arrangements. For example, information about an individual’s consumer credit worthiness may be handled where we provide trade credit to sole traders, or individuals such as directors provide personal guarantees in relation to trade credit we extend to companies.

We may collect and hold any types of credit information about an individual permitted under the relevant privacy laws, including:

  • name, sex, date of birth, driver’s licence number, employer and three most recent addresses; 
  • confirmation of previous information requests about the individual to CRBs made by other credit providers and credit insurers; 
  • details of previous credit applications, including the amount and type of credit and credit limit;
  • details of current and previous credit arrangements, including credit providers, start/end dates and certain terms and conditions;
  • permitted payment default information, including information about related payment arrangements and subsequent repayment;
  • information about serious credit infringements (e.g. fraud);
  • information about adverse court judgments and insolvency;
  • publicly available information about the individual’s credit worthiness; and
  • any credit score or credit risk assessment indicating a CRB’s or credit provider's analysis of the individual’s eligibility for consumer credit. 

This credit information may include information about your arrangements with other credit providers as well as with us.

Where we collect credit information about you from a CRB, we may use that information to produce our own assessments and ratings in respect of your credit worthiness.

We may disclose credit information to CRBs to assist the CRBs to maintain information about you to provide to other credit providers for credit assessments. We may collect credit information from CRBs for purposes including, to the extent permitted by law, to assess your credit or guarantee application, manage your credit/guarantee, assign debts and collect overdue payments. We may also exchange credit information with debt buyers and other credit providers.

You have the right to request CRBs not to:

  • use your credit information to determine your eligibility to receive direct marketing from credit providers; and
  • use or disclose your credit information, if you have been or are likely to be a victim of fraud.

Please see other sections of this Privacy Policy for further information regarding access, correction, complaints, disclosures (including to other countries) of personal information and how we collect and hold personal information. In some cases, we are subject to further obligations under the Privacy Act regarding credit information, and this Privacy Policy is not intended to limit or exclude those obligations. Additional privacy consents and notifications may also apply for our credit-related services.

What rights do you have in relation to your personal information which we hold?

We take reasonable steps to ensure that the personal information we collect, use and disclose is accurate, complete and up-to-date. If you become aware of any errors in your personal information or you change your personal details such as your name, address or bank account details, please contact us at your earliest convenience.

You can gain access to personal information that we hold about you, subject to certain exceptions allowed by law. Please contact us (as set out below) if you would like details about the personal information we may hold about you or if you would like us to update or correct it – or remove it. We will handle any request in accordance with the relevant privacy regulations. We may require you to complete a request form and we also reserve the right to charge a reasonable fee for gaining access. We endeavour to deal with such requests promptly, but requests for a large amount of information, or information which is not currently in use, may require significant time to extract.

Generally, if you request us to do so we will amend any personal information about you held by us which is inaccurate, incomplete or out of date. If we are not able or unwilling to provide you with access to any personal information or to correct any personal information held by us, we will provide you with our reasons. If we do not agree to amend your personal information and you disagree, you may request that we make a note of your requested correction with the information.

You may also contact us to request us to stop using your personal information to contact you about our products and services. You can contact us if you wish to obtain more information about the way we manage personal information about you which we hold or if you are concerned that we may have breached our privacy obligations and wish to make a complaint. If you make a complaint, we will endeavour to respond and resolve your complaint promptly. For more information about privacy generally, or if your compliant is not resolved to your satisfaction,please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) https://ico.org.uk/ and on 0303 123 1113 on individuals’ rights under the General Data Protection Regulation.

You have the following rights, which you can exercise free of charge:

Access

The right to be provided with a copy of your personal information (the right of access)

Rectification

The right to require us to correct any mistakes in your personal information

To be forgotten

The right to require us to delete your personal information—in certain situations

Restriction of processing

The right to require us to restrict processing of your personal information—in certain circumstances – for example, if you contest the accuracy of the data

Data portability

The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations

To object

The right to object:

—at any time to your personal information being processed for direct marketing (including profiling);

—in certain other situations to our continued processing of your personal information – for example, processing carried out for the purpose of our legitimate interests.

Not to be subject to automated individual decision-making

The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

How to contact us

Please visit the Contact Us page of this website or by telephone on+44 (0) 138 740 011 or by writing to us at Craig & Rose - Data Protection, Unit 8, Halbeath Industrial Estate, Dunfermline, Fife KY11 7EG.

Changes to this privacy statement

We may change our privacy policies from time to time to comply with new laws or industry codes of practice which are developed or to align with changes to our business. It is your responsibility to refer to our privacy policies from time to time to familiarise yourself with any changes. We encourage you to visit our websites regularly for any updates to our privacy policies.

Collection statement

References to ‘Craig & Rose’, ‘we’ and ‘us’ include Craig & Rose Limited and its related entities, a company incorporated in England under number 09968464 with the registered address of Suite 1, 3rd Floor, 11-12 St. James’s Square, London, SW1Y 4LB . Your privacy is important to us: Craig & Rose collects, uses and discloses the information you submit to process your subscriptions with us. Craig & Rose (and its marketing and communications agencies on its behalf) may also use your name and contact details to send you information for this purpose. If you opt in to receive updates for our products or promotions, Craig & Rose (and its marketing and communications agencies on its behalf) may also use your name and contact details to send you information for this purpose. Craig & Rose may disclose the information to contractors, market research organisations, marketing and communications agencies and related bodies corporate for the above purposes.. If you do not provide the personal information requested, we will not be able to fulfil your request. We may also exchange your personal information with other related companies and our service providers, such as delivery companies and technology providers. .  

Please refer to our Privacy Policy, above or on request. It contains further details about: (i) the personal information we collect; (ii) what we do with it; (iii) where we send it; (iv) how you can access and correct it; (v) how you can lodge a privacy complaint regarding the handling of your personal information; (vi) how we handle those complaints; (vii) online privacy; and (viii) the types of service providers we use. 

If you have any questions regarding the way we handle your personal information or wish to seek access to, or correct, personal information we hold about you, please visit the Contact Us page of this website or by telephone on+44 (0) 138 740 011 or by writing to us at Craig & Rose - Data Protection , Unit 8, Halbeath Industrial Estate, Dunfermline, Fife KY11 7EG.