When you order products through this site, we need to know your e-mail address or, where you wish it to be sent by post, your name and postal address. We use this data to send you the products you request.
We will not pass your details to anyone else without your permission.
If you wish us to change or delete any of the personal information you have entered whilst visiting our site or if you have any questions about our privacy statement, please e-mail us with your requirements.
Under the Data Protection Act 1998 (the Act), a person who determines the purposes for which and the manner in which any personal data are or are to be processed is the data controller. In a business (that is not run by a sole trader or that is not a partnership) the data controller is the organisation itself.
The Act sets out eight rules data controllers must follow for protecting personal data - these are known as the eight principles.
Personal data must be:
1. Obtained and processed fairly and lawfully
2 .Processed only for one or more specified and lawful purposes.
3. Adequate, relevant and not excessive for those purposes.
4. Accurate and kept up to date - data subjects have the right to have inaccurate personal data corrected or destroyed and it is your responsibility to correct errors and make changes to the information you keep.
5. Kept for no longer than is necessary for the purposes it is being processed - you will need a method of removing data after it is not required.
6. Processed in line with the rights of the individual (the data subject) - this includes the right to be informed of all the information held about them, to prevent processing of their personal data for marketing purposes, and to compensation if they can prove they have been damaged by a data controller's non-compliance with the Act.
7. Secure and protected against loss, damage and inappropriate processing - this applies to you even if your business uses a third party to process your data for you, as you will remain responsible.
8. Not transferred to countries outside the European Economic Area (the EU plus Norway, Iceland and Liechtenstein) that do not have adequate protection for the particular data being transferred, unless certain conditions are met, for example you have the consent of the data subject.
If your business does not comply with the principles, the Information Commissioner can take enforcement action against the data controller, whether it is an individual or your business.