The General Data Protection Regulation (GDPR) comes into effect from 25th May 2018.
The regulations are aimed at harmonising the different privacy and data protection laws present within different member states of the European Economic Area (EEA). They also provide more rights for individuals in relation to their ability to access and control personal data that you collect and store about them.
The GDPR applies to all businesses processing personal data of people within the EEA, even if you're business is located outside of the EEA. It will become law in the United Kingdom before it's withdrawal from the European Union, and so still applies to businesses within the UK.
The European Union has published information about The GDPR on a website available at https://www.eugdpr.org
The Office of the Information Commissioner (the UK body responsible for Data Protection) also has guidance available on their website.
Smithie UK GDPR Privacy Notice Statement
Smithie UK Limited is a UK based distributor of both Tech products and LED Lighting, presented to the market as Smithie IT and Smithie LED. We operate a channel model, where we sell to businesses known as Resellers or Trade Accounts, but in some instances we make our products available to private individuals using our eCommerce stores:
Consent & What Information do we collect about you?
We collect information about you when you register with us or place an order for products or services.
We collect the following information about you:
i) Your Name ii) Company Name iii) Telephone Number iv) Email Address v) Any postal addresses that you provide
This information will be taken from you at the time that you make a purchase through our online store, or make contact with us through the contact us page on our online profile.
We also collect information when you voluntarily request or give consent to receive news and information on products and promotions. This may include completing customer surveys, providing feedback and participating in competitions. Website information is collected using cookies for reporting and analytics and remarketing using Internet tools such as Google Analytics and Google Adwords. For more information on Google GDPR visit: https://privacy.google.com/businesses/compliance/#?modal_active=none
For our Trade customers, information is gathered when completing a Trade Account Application Form. The completion of this form means you are giving us permission to use your information for commercial reasons; to process orders, manage your account and receive information about product updates across our portfolio. This information is never shared with third parties, other than usual credit application processes.
Customer Data Storage
Our eCommerce stores have been created on a Shopwired platform. We use Shopwired services to collect and store data about our customer's and website visitors.
All information is held in the Shopwired store and processed on our behalf. Information about our customers is held on servers hosted with Amazon Web Services (AWS). Shopwired do not store data on any devices, internal databases or networks outside of AWS.
For more information about security at AWS please see review their guidance at https://aws.amazon.com/security/.
AWS have published information about The GDPR on their website here:
Data Security - The security of our customers' data
All data stored on the Shopwired platform is encrypted whilst 'at rest' and 'in flight', i.e. when stored on their servers the data is encrypted, and they use encryption when allowing us to access the data through our account or downloading information to our computers for marketing purposes.
Any data processed on the Shopwired platform is processed in a manner which ensures its security.
Access by the Shopwired team is restricted on a 'need to know' basis, and all access is logged by their internal systems.
Because data is not stored on networks or devices outside of AWS, Shopwired exposure to accidental loss, destruction or damage or unauthorised or unlawful processing is limited.
Any data transferred between devices in the network is transferred in an encrypted state.
For trade accounts, with customer transactions outside of our ecommerce platforms, and for day-to-day commercial operations our systems are regularly backed up to the Microsoft Azure cloud service in a UK based datacenter. Data is encrypted in transit and at rest using 256bit AES encryption and accessible only by private keys associated with our Azure Tenant and our Backup Servers.
For information about security in the Azure platform please see their guidance at https://www.microsoft.com/en-us/TrustCenter/CloudServices/Azure/GDPR
The transfer of data outside of the EEA
At the present time, no data is transferred by Shopwired systems outside of the EEA except where we may use a device located outside of the EEA to access that data.
Breaches of Our Customers' data
The GDPR introduces a duty on all organisations to report certain types of data breaches to the relevant supervisory authority.
In certain circumstances, Smithie UK will also have a duty to report the breach to the individual(s) affected.
A breach is more than just the loss of data, it also includes destruction, alteration, unauthorised access or disclosure of personal data.
If there is a breach of personal data on eCommerce platforms, Shopwired we will notify the relevant regulatory authority within the regulatory requirement of 72 hours after we first become aware of it.
If the data of our customers is, or might have been, affected, we will notify them within 72 hours.
How will we use the information about you?
We collect information about you to process your order, manage your account and, if you agree, to email you about other products and services we think may be of interest and relevant to you. Sometimes, because we also have a drop shipping service, our customers may include their end users address where they want products shipped direct. We never use this drop ship information, other than to provide proof of delivery.
We use your information collected for the website to personalize your repeat visits to our website.
Smithie UK will never share your information for marketing purposes with companies outside of Smithie UK.
When placing an order as a Trade customer we may send your details to, and also use information from, credit reference agencies and fraud prevention agencies.
We would like to send you information about our products and services which may be of interest to you. If you have consented to receiving marketing communications, you may opt out at a later date.
We use Mailchimp to process our marketing email campaigns; this platform is GDPR compliant as MailChimp has an agreement to EU/US and Swiss Safe Harbor Frameworks since 2007. Read more here: https://kb.mailchimp.com/accounts/management/about-mailchimp-the-eu-swiss-privacy-shield-and-the-gdpr
You have the right at any time to stop us from contacting you for marketing purposes. Simply unsubscribe from our emails.
Access to Your Information and Correction
You have the right to request a copy of the information that we hold about you, you will find it online under your Account Information when you login. However, if you would like a copy of some, or all of your personal information please email us, though we may make a small charge for this service. Email to: firstname.lastname@example.org
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think it is inaccurate.
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. This information is used to track visitor use of the websites and to compile statistical reports on website activity.
For further information visit: www.aboutcookies.org
You can set your web browser not to accept cookies and the above website will tell you how to remove cookies from your browser. However in few cases some of our website features may not function as a result.
Data Protection Officer (DPO)
Currently, Smithie UK operates outside of the remit to appoint a dedicated DPO to oversee how our organisation collects and processes personal data, including conducting data protection impact assessments when our organisation changes how it collects and processes personal data. However we have a small team working in collaboration to review and ensure compliance to GDPR to the best of our knowledge, for further information please contact:
Head of Marketing