Here at 4YH Textiles (4 Your Home Limited) we respect and value your privacy greatly, however we need to gather certain information about you to be able to fulfil your order with us.
We gather data about our customers from a number of sources. Where orders are fulfilled via ourselves via our own website we identify as the Data Controller.
What data do we collect?
When you order we will record your name, address, email address, phone number and delivery address. We use Pay Pal Website Payments Pro for all our online payments/telephone orders or direct sales. We do not store credit card details, nor do we share credit card details with any third parties.
We also need to record the product information that is included in your order and any special instructions that you have included or informed us of separately. Without this information we would be unable to process your order or notify you of our acknowledgment of your order and subsequent information as your order is processed.
We keep a record of your orders with us so that we can deal with any issues and so that we can tailor future promotions and offers which we feel will to suit or benefit you. Please note that we keep a record of any emails that you send to us in relation to your order or account in able for us to provide you with the highest standard of customer service for now and in the future.
We may also collect your personal information for email marketing purposes – we will only market to you via email with your explicit consent – which will be gathered at the time of ordering.
Where is your data stored?
Our store is hosted on Shopify Inc. and our order management system is hosted by Zenstores, these platforms reside within the European Economic Area (EEA), however data may sometimes be transferred out of the EEA for legitimate business purposes. Where this is done, the data is transferred to countries and environments recognised by the EU with adequate data protection regimes – these include Canada and EU-U.S. Privacy Shield environments in the United States.
Where we store any data on our internal systems, this data will be stored securely within the European Union and with robust levels of data protections.
Our lawful purposes for processing data
We have identified that, in order to fulfil your order, we need to process your personal information for the following lawful purposes:
- in the performance of a contract and;
- in the legitimate interests of 4YH Textiles as an e-commerce business.
Where we email market to you, our lawful purpose for doing so will be:
- based on consent, which we will gather at the time of ordering or;
- in the legitimate interests of 4YH Textiles when you open an account via our website and Shopify or leave an order open in your basket on a website.
If you wish to be removed from our Mailing List after initially giving us your consent, please email us at info@4yhtextiles so we can action your request.
Transferring personal data to third parties
Sometimes your personal information will have to be disclosed to third parties. These third parties may include our delivery partners, third-party fulfilment units, law enforcement and other official bodies. We will only disclose this data where one of the following lawful purposes apply:
- with the explicit consent of you, as the Data Subject;
- in order to fulfil a contract;
- in order to comply with a legal obligation;
- to protect the vital interests of the data subject or human life;
- in the public interest or for official functions or;
- in the legitimate interests of 4YH Textiles as the Data Controller.
Where we pass this data to third parties, we will ensure that your data is secured and encrypted in transit and at rest. We ensure that any third-party to whom we pass personal data implements robust technical and organisational controls for data protection. Where we use cloud providers to store data, we ensure that all providers store data in locations compliant with the General Data Protection Regulation (GDPR).
How long will we retain your data?
When your order is fulfilled, your details will be archived immediately, and your order information deleted after 3 years. Any data we hold in paper format will be destroyed after a maximum of 6 months.
Where we are not the Data Controller for your information (whereby your data has come to us from PayPal or Shopify) please refer to the privacy statements for these providers with regards to retention periods and your rights.
How do we protect your data?
We take information security extremely seriously and have implement rigid information security processes to protect your data. Some of the technical controls we have implemented to secure your data include encryption, two-factor authentication, secure backup, staff training and a review of cyber and physical security for our business.
We have certified to both the IASME governance and Cyber Essentials certifications to demonstrate to you, our customers, that we take the protection of your data seriously.
You have rights over how your data is processed, your rights are:
- the right to access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- the right to complain to a supervisory authority; and
- the right to withdraw consent.
To exercise any of these rights, please raise a subject access request (SAR) to our Data Protection Manager (DPM).
Subject access requests (SARs)
You have the right to receive confirmation from us that your data is being processed and access to the data which we are processing.
We must provide an individual with a copy of the information the request, free of charge. This must occur without delay, and within one month of receipt. We endeavour to provide data subjects access to their information in commonly used electronic formats, and where possible, provide direct access to the information through a remote accessed secure system.
You may inform us at any time to stop using your data for marketing purposes. We may also retain your personal data to comply with other legal obligations or in our legitimate interests. When we make a decision on this, this will be done fairly and transparently, and you will have the right to challenge this decision by contacting our Data Protection Manager.
Subject access requests and enquiries can be directed to our Data Protection Manager:
4YH Textiles Data Protection Manager
Name: Michael Daly
Phone: 01925 875 703
You have the right to take any complaints about how we process your personal data to the Information Commissioner, who can be contacted via the following means:
0303 123 1113.
Information Commissioner's Office Wycliffe House
Cheshire SK9 5AF
For more information about privacy issues you may wish to visit the website for the Information Commisioner at https://ico.org.uk/concerns/
Alternatively feel free to ask us any further questions about cookies on our site at firstname.lastname@example.org