Website privacy notice
This notice explains how The Happy Puzzle Company Limited ("We") collects personal data from you, why we collect it, how we process it and where we may disclose it to other entities.
We are committed to complying with the Data Protection Act 1998 and the EU General Data Protection Regulation for the purposes of data protection and privacy.
We are registered as a data controller under the terms of the Data Protection Act 1998 and the EU General Data Protection Regulation with the UK Information Commissioner's Office. Details of our registration may be found on the ICO website.
As of 25th of May 2018, the EU General Data Protection Regulation replaces the Data Protection Act 1998. This gives you new rights in relation to the privacy of your personal information. As treating customers fairly is part of our culture, we have provided a brief explanation below of how you can use those rights.
In the case of any request involving one of your rights, we will respond to your request without delay and at most within one month of receipt of your request. We are permitted to extend this time period by up to two months if your request is particularly complex.
The Right of Access
Subject Access Requests allow your right to obtain a copy of the information that we hold about you. You have the right to ask us to provide you with this information free of charge. However, should the request be deemed to be manifestly excessive, manifestly unfounded or repetitive, then we are permitted to charge a reasonable fee for providing the information. In such circumstances, and as an alternative, we can refuse to comply with the request. If this is the case then we shall let you know the reasons for us refusing to comply. You have a right to appeal such a decision via the UK Information Commissioner’s Office. For further information visit https://ico.org.uk/
Subject access requests may be sent to the Data Controller.
The Right to Rectification
You are entitled to have the information that we hold about you rectified if it is inaccurate or incomplete.
If you believe that the information that we hold about you is inaccurate, incomplete or out of date then please let the Data Controller know.
We will also inform any third parties of the rectification in order that they can update their records too.
The Right to Erasure
You have the right to request that we delete the personal information that we hold about you where we have no compelling reason for its continued processing. This right will apply:
This right shall not apply
Erasure requests may be sent to the Data Controller.
We will also inform any third parties of the request in order that they can erase their records too.
The Right to Restrict Processing
You can request that we restrict the processing of your information. This means that you may have requested one of your other rights, where until the request is concluded that we suspend the processing of your data. If we have passed your data to a third party, we will also inform them that they must restrict the processing of your data. This right will apply:
Restriction requests may be sent to the Data Controller.
The Right to Data Portability
You have the right to request the information that we hold on you be supplied to you in a portable format. This allows you to take your information from our IT environment to another organisation's IT environment. The format in which we supply your data will be a structured and machine readable CSV file.
Portable data requests may be sent to the Data Controller.
The Right to Object
You have the right to object to your personal information being processed by us. This means:
If you choose the second option and then change your mind at a later date, then you will need to set up a new account to resume shopping with us.
Requests for either of these options may be sent to the Data Controller
We use data profiling in order to make the content of our communications to you more interesting and relevant. This means that you will only receive details of our very best offers that have been tailored with you in mind. It also allows us not to waste your time by sending offers that are unlikely to be of interest.
You have the right not to be subject to a decision based solely on automated processing. This includes decisions based on profiling. If you choose to exercise this right, then you will no longer receive offers from us as we base our mailing list on our customers’ purchase history.
If you object to such automated decisions making being made based on your personal data, then please inform the Data Controller and we will ensure that is not done by either us or any organisation that processes your information on our behalf.
Information We May Collect From You
We use the EU General Data Protection Regulation definition of personal data. This is any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We may collect and process the following data about you:
Privacy Notice UK Website
We may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies and other such software on our website contain information that is transferred to your computer's hard drive. They help us to improve the website and to deliver a better and more personalised service.
This includes, but is not limited to:
The purpose of this is for system administration and to report aggregate information. This contains statistical data about our users' browsing actions and patterns, and does not identify any individual.
The website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Use of Our Services by Children
Our website is not intended for the use of children under the age of sixteen. We ask that children do not provide personal information through our website. If we become aware that we have collected personal information from a child under the age of sixteen, then we will delete that information from our records.
Where We Store Your Personal Data
We use physical, technological and administrative safeguards to protect your personal information against loss, misuse or alteration. All your personal information is stored securely and may only be accessed by employees with a legitimate business need to access the information. Unfortunately, the transmission of information via the internet is not completely secure and we cannot guarantee the security of your data transmitted to the website. Any transmission is at your own risk.
How We Use Your Information
We use information held about you in the following ways:
Direct Marketing Communications
We may use your data to enable us to send you post and emails with information about our goods and services that we believe may be of interest to you. We may permit trusted retail partners to use your data in order to provide you with information about their goods and services by post. We will do this when we believe it is in our mutual legitimate interest to do so.
By trusted retail partners, we mean companies operating in the following categories:
You have the right to withdraw from or amend the receipt of direct marketing communications. If you would like to do this then simply contact the Data Controller and let us know. If you do decide to do this then you will miss out on news of the fantastic offers that we would like to make you aware of.
Customer Feedback Surveys
We may contact you via telephone, email or SMS to ask you to complete surveys and feedback forms. We do this in order to improve our customer service and the products that we offer. Sometimes we will nominate a representative to do this on our behalf. You are under no obligation to respond to such requests.
Disclosure of Your Information
We may disclose your personal information to third parties:
In addition to the information that we share in order to comply with our legal obligations, we also may share or disclose the information:
Data pools are groups of retailers who share information on what their customers buy. This pooled information is analysed to understand consumer's wider buying patterns. From this information, customers are sent tailored communications containing suitable offers that should be of interest to them based on what they like to buy. We do not share email addresses for the purposes of data pooling.
We may also exchange your information with other companies and organisations for the purposes of fraud protection and credit risk reduction. Where false information or fraud is suspected, we may pass this information to fraud prevention and law enforcement agencies.
Retention of Data
We retain your information for as long as you hold an account with us. This enables us to maintain an ongoing relationship with you and allows us to service the orders that you place with us. We follow a data retention schedule; this has been put in place to ensure that we retain the minimum amount of personal data about you.
We ask that you not send or disclose any sensitive personal information to us either through our website, post, email, text message, live chat, telephone call or by any other method. For clarity, sensitive personal information means information related to racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background or trade union membership.
In the unlikely event that information that you have supplied us is compromised then we shall notify both the UK Information Commissioner's Office and you that this is the case. This notification will be made without due delay.
Changes to This Privacy Notice
We review this notice at least annually or after any significant change to our website, processes, systems or because of government regulations. Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. We recommend that you visit this page from time to time to view any changes that we may have made.
Date of Last Review: 15th May 2018
Date of Next Review: May 2019
The Data Controller
Our Data Controller may be contacted in writing at:The Data Controller, Unit 1, Lismirrane Ind Park, Elstree Road, Elstree, Herts, WD6 3EE.
Or by email at firstname.lastname@example.org
If you have a complaint relating to our data protection or data privacy then please email the Data Controller.
If you are unhappy with the final response that you receive from us in relation to a complaint, then you have the right to complain to our supervisory authority – the UK Information Commissioner's Office. For further information, please visit https://ico.org.uk/concerns/