Data Protection

At Smyth & Gibson we take handling and processing your personal data seriously. Data you provide to Smyth & Gibson is never used nor shared unlawfully with anyone outside of Smyth & Gibson. We are committed to not only limiting how long we keep your data, but limiting the data we require from you when you make a purchase. This privacy policy sets out:

 

  1. Who we are
  2. What data we collect from you
  3. Why we need it
  4. How we use it
  5. Who we share it with
  6. How you can see the data, amend the data or have it deleted.

 

Who we are

Smyth & Gibson is a business at web address https://smythandgibson.com, with a physical address in Ballymena, Northern Ireland.

 

What personal data we collect and why we collect it

Smyth & Gibson collects data from you when you contact us, sign up to our mailing list or place an order.  When we process an order we require your name, shipping address, phone number and email address. If your billing address is different to your shipping address, you will also be asked to provide it. To make shopping easier, you can easily make an account with us. To create an account we require a first name, last name, e-mail and password.

This data ensures we can send your order to the right address, in an acceptable time frame. We also collect your contact details incase we have a problem with your order, or to contact you with confirmation and dispatch notices. If your order is delivered by a courier, we provide your phone number to the courier company, to help with delivery (Fastway and UPS).

On the checkout page (also on a popup) you also have an option to sign up or our newsletter. Our newsletter lets users knows our latest deals and upcoming sales. A list of email addresses is collected in an online database hosted by MailChimp. You can find their privacy policy here: https://mailchimp.com/legal/privacy/.

When we process a payment we require your card number, cardholder name, expiry date and your CVC code. This enables Shopify (our payment processor) to process your payment. We use a secure HTTP protocol called HTTPS to transfer your payment details over the internet. This is the industry standard for sending encrypted data over the internet. When you place a payment, your card information is encrypted and sent to the Shopify’s servers, where it is decrypted and the payment is processed. Smyth & Gibson never sees your payment data and we cannot access your payment details. You can read Shopify’s privacy report at https://www.shopify.com/legal/privacy.

To use our site is to accept the use of cookies. Cookies are tiny pieces of information stored on your computer, to verify who you are, and if you have an account. Cookies make our site easier to browse, for example staying logged in and not having to enter a password every time. These cookies also help us analyse how users are using the site and what products they are looking at. Shopify also uses cookies that don’t identify who you are, these cookie help Shopify load balance their system, so you can browse on their system without delay. You can read more about Shopify cookies here: https://www.shopify.co.uk/legal/cookies.

 

Who we share your data with

When you make a payment on Smyth & Gibson, your payment details are shared with Shopify (our payment processor). To find out who they share data with, you can find their privacy policy at https://www.shopify.com/legal/privacy.

Smyth & Gibson uses Royal Mail to deliver products. Your name and delivery information is sent directly to Royal Mail in order to get your order to you. You can find their privacy report at https://www.royalmail.com/privacy-notice.

Other than the above companies, Smyth & Gibson will not share your order details with anyone outside of Smyth & Gibson and we are committed to only working with companies who have a strict GDPR policy.

 

How long we retain your data

We are committed to not holding your data longer than necessary. Your order data such as your name, address and contact details along with the details of what you ordered are held for 6 years in accordance with UK law. If you have not requested your data be deleted before then, it will be deleted after 6 years.

We never keep nor see your payment card details. 

If you sign up to our mailing list, your email will remain on the list until you unsubscribe. 

If you contact us by email or by writing, we will keep the information you supply for as long as necessary to deal with your request.

 

What rights you have over your data

If you have an account on this site, you can request to receive an exported file of the personal data we hold about you, including all data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

As someone who provides us data, your rights over your data include:

  1. Right of access
  2. Right to challenge accuracy of data held on you
  3. Right to object to the use of your personal information 
  4. Right to object to direct marketing
  5. Right to restrict use of your personal information
  6. Right to erasure of your data
  7. Right to withdraw your consent for us to use your data

 

If you have a data protection question or would like to assert any of your rights over your data, please email the Smyth & Gibson data protection officer at andrew@smyth&gibson.com and we will reply promptly. Alternatively you can write to us at:

Smyth & Gibson
5 Millennium Park,
Woodside Road,
Ballymena,
BT42 4QJ

 

Data breach procedures 

In the case of a data breach, it is now the law that we contact those affected as soon as possible. In the unlikely event of a data breach we will contact users within one working day to inform them that their data may have been accessed by someone else. We do everything possible to stop this from happening.