Version 2 - 25th May 2018
We are committed to complying with the Data Protection Act 1998 and the EU General Data Protection Regulation for the purposes of data protection and privacy.
The House of Bruar collects and uses customers’ personal data because is it necessary for:
- complying with our legal obligations
- the pursuit of our legitimate interests
- the purposes of complying with our duties and exercising our rights under a contract for the sale of goods to a customer
In general, we only rely on consent as a legal basis for processing in relation to digital marketing.
Customers have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.
Legitimate Interest for The House of Bruar processing customer personal data
The normal legal basis for processing customer data is that it is necessary for the legitimate interests of The House of Bruar, including:-
- selling and supplying goods to our customers;
- dealing with customer service issues;
- protecting customers, employees and other individuals and maintaining their safety, health and welfare;
- promoting, marketing and advertising our products;
- sending promotional communications which are relevant and tailored to individual customers;
- understanding our customers’ behaviour, activities, preferences, and needs;
- improving existing products and developing new products;
- complying with our legal and regulatory obligations;
- preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;
- handling customer contacts, queries, complaints or disputes;
- managing insurance claims by customers;
- protecting The House of Bruar, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to The House of Bruar;
- effectively handling any legal claims or regulatory enforcement actions taken against The House of Bruar; and
- fulfilling our duties to our customers, staff and owners.
Information We May Collect From You
We use the EU General Data Protection Regulation definition of personal data: any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We may collect and process the following data about you:
If you buy from us, we require your name, billing address, delivery address, email address and phone number. This information is required so that we can process your order efficiently.
Website: On placement of your order your data is saved in our website and passed to our master database.
Telephone/Post: On placement of your order your data is placed in our master database.
Online registration: If you are not ready to place and order with us but would like to register online you are free to do so. We require your name, billing address, delivery address, email address, phone number and password. When you are ready to place an order, the details you have provided at registration will appear to help make your checkout process as smooth as possible
Website: So that we can process payments online we require your name and the billing address for the credit card used to pay online. Our external payment provider Verifone requires your credit card details and these do not touch our systems and are encrypted using the latest version of SSL technology. House of Bruar do not store nor have access to your credit card details on our systems.
Telephone/Post: So that we can process payments for telephone and catalogue sales, we require your name and billing address which will entered by our customer service representatives on to our systems. Our external payment provider Verifone requires your credit card details and these do not touch our systems but are entered via a Verfone Iframe using the latest version of SSL technology.
House of Bruar do not store nor have access to your credit card details on our systems.
If you are not ordering, or have not ordered in the past, but wish to receive a postal copy of our catalogue, we will require your name and full postal address. We may also ask for your email address.
Email Only Registration
If you want to receive email communications from us but do not want to register online, you may sign up to our emails. In order to receive emails we require your name, email and postcode so that we can tailor your House Of Bruar experience.
Surveys and Competitions
From time to time we may invite you to take part in a survey or competition. Participation in these is completely voluntary and you have a choice whether or not to disclose your information. Any information submitted will be stored in our database and we use the contact information provided to notify winners.
Customer Care Queries
If you contact us by phone or email we may log the call and keep a record of the details you have provided to us and the correspondence. This is primarily to help us contact you with answers to your queries.
Web Chat: During a Web Chat we may record details you have provided to us within your customer account.
Calls to our Call Centre: Calls to our Call Centre may be recorded for training, fraud prevention, servicing your account and regulatory consent
Cookies are small files which are stored on your computer after you visit certain web pages to help us enhance your online experience. Our cookies do not harm your computer and they do not store any personally identifiable information.
If you take the opportunity to share content from our site with your friends throughout social buttons, you should be aware that these sites are likely to be collecting information about what you are doing. We suggest that you check the third party websites for more information about their policies to see exactly how they use your information and to find out how to opt out or delete this information.
External Web Services
At present the only external web service we use to display content is Youtube to display our videos. As with social buttons, we can't prevent this site from collecting information on your usage of this content. If you are not logged into Youtube then they will not know who you are, but they may still gather anonymous usage information from your views of our video on our website.
We don't add any tracking into our order emails ie. order places, order dispatched, refunds processed. However, we do add tracking to our customer emails ie. news and offers so that we can monitor whether or not you like what we are sending you and so that we can keep improving our content.
How we use your Data
The House of Bruar (and trusted partners acting on our behalf) uses your personal data:
- to provide goods and services to you;
- to make a tailored website available to you;
- to manage any registered account(s) that you hold with us;
- to verify your identity;
- for crime and fraud prevention, detection and related purposes;
- with your agreement, to contact you electronically about products and promotions which we think may interest you;
- to contact you via post about promotional offers and products which we think may interest you;
- for market research purposes - to better understand your needs;
- to enable The House of Bruar to manage customer service interactions with you; and
- where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).
The House of Bruar uses your personal data for electronic marketing purposes (with your consent) and may send you postal mail to update you with our latest offers.
The House of Bruar aims to update you about products which are of interest and relevance to you as an individual.
You have the right to opt out of receiving Marketing Communications at any time, by:
- making use of the simple “unsubscribe” link in emails; and/or
- contacting The House of Bruar via the contact channels set out in this Policy.
We use third-party services to serve ads on our behalf across the internet (Google, Conversant) and sometimes on this site. They may collect anonymous information about your visits to our Web site, and your interaction with our products and services. They may also use information about your visits to this and other Web sites to target advertisements for goods and services. This anonymous information is collected through the use of a pixel tag, which is industry standard technology used by most major websites. No personally identifiable information is collected or used in this process. They do not know the name, phone number, address, email address, or any personally identifying information about the user. If you would like more information about this practice and to know your choices about not having this anonymous information used by our third party service provider, please visit our third party service provider’s websites.
You can read more about online marketing practices and the technologies that support them by visiting the Your Online Choices page on our website.
We use data profiling in order to make the content of our communications to you more interesting and relevant. This means that you will only receive details of our very best offers that have been tailored with you in mind. It also allows us not to waste your time by sending offers that are unlikely to be of interest.
You have the right not to be subject to a decision based solely on automated processing. This includes decisions based on profiling. If you choose to exercise this right, then you will no longer receive offers from us as we base our mailing list on our customers’ purchase history.
If you object to such automated decisions being made based on your personal data, then please inform the Data Controller and we will ensure that is not done by either us or any organisation that processes your information on our behalf
We may share personal data with 3rd parties in order to comply with our legal or financial obligations:
- credit reference agencies where necessary for card payments;
- governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so;
- to comply with our legal obligations;
- to exercise our legal rights (for example in court cases);
- for the prevention, detection, investigation of crime or prosecution of offenders; and
- for the protection of our employees and customers.
In addition to the information that we share in order to comply with our legal obligations, we also may share or disclose the information:
- To third parties that process data on our behalf
- To our trusted retail partners via data pooling
- To our trusted retail partners for one off marketing offers
- To any other party with your prior consent
- To courier and mailing agents to enable delivery of your orders and catalogues
Data pools are groups of retailers who share information on what their customers buy. This pooled information is analysed to understand consumer's wider buying patterns. From this information, customers are sent tailored communications containing suitable offers that should be of interest to them based on what they like to buy. We do not share email addresses for the purposes of data pooling.
The House of Bruar only allows its service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls.
Additional Data Sources
Occasionally we receive personal data from third parties, including data brokers such as Epsilon, Experian and i-behaviour, where they have received an individual’s name from another company which has indicated they wouldn’t mind receiving catalogues from us. We also receive data from our trusted retail partners. We use this data to send a copy of our latest catalogue via post.
If this applies to you and you wish to be removed from our mailing list please contact us at the address given at the end of this document.
International Data transfers
To deliver products and services to you, it is sometimes necessary for The House of Bruar to share your data outside of the European Economic Area. This will typically occur when service providers are located outside the EEA or if you are based outside the EEA.
If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure.
How long do we keep your data?
We retain your information for as long as you hold an account with us. This enables us to maintain an ongoing relationship with you and allows us to service the orders that you place with us. We follow a data retention schedule; this has been put in place to ensure that we retain the minimum amount of personal data about you. If you do not wish to continue to receive any marketing from us in the future, we will retain some personal details in order to suppress your details from future data supplies from 3rd parties.
We ask that you not send or disclose any sensitive personal information to us either through our website, post, email, text message, live chat, telephone call or by any other method. For clarity, sensitive personal information means information related to racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background or trade union membership.
In the unlikely event that information that you have supplied us is compromised then we shall notify both the UK Information Commissioner's Office and you that this is the case. This notification will be made without due delay.
Use of Our Services by Children
We do not knowingly promote our goods and services to children and therefore take all due care to only process personal data belonging to adults.
Our website is not intended for the use of children. We ask that children do not provide personal information through our website. If we become aware that we have collected personal information from a child, then we will delete that information from our records.
As from the 25th of May 2018, the EU General Data Protection Regulation replaces the Data Protection Act 1998. This gives new rights in relation to the privacy of your personal information.
In the case of any request involving one of these rights, The House of Bruar will respond to your request timely and at most within one month of receipt of your request. We are permitted to extend this time period by up to two months if the request is particularly complex.
The Right of Access
Subject Access Requests give you the right to obtain a copy of the information that we hold about you. You have the right to request this information free of charge. However, should we deem the request to be manifestly excessive, manifestly unfounded or repetitive, then we are permitted to charge a reasonable fee for providing the information. In such circumstances we can refuse to comply with the request. If this is the case then we shall let you know the reasons for our refusal to comply. You have the right to appeal such a decision via the UK Information Commissioner’s Office. For further information visit https://ico.org.uk/
Subject access requests may be sent to the Data Controller.
The Right to Rectification
You are entitled to have the information that we hold rectified if it is inaccurate or incomplete.
If you believe that the information that we hold is inaccurate, incomplete or out of date then you can make a request for rectification. You should send your request to the Data Controller.
The House of Bruar will inform any relevant third parties of the rectification in order that they can update their records.
The Right to Erasure
You have the right to request that the personal information that we hold is deleted, where we have no compelling reason for its continued processing.
This right will apply:
- Where retention of the data is no longer necessary for the purposes that it was originally collected or processed
- Where you have withdrawn consent
- Where you object to us processing the data and there is no overriding legitimate interest for us to continue to do so
- When the personal data has to be erased for us to comply with a legal obligation
- When the data has been unlawfully processed
- Where the data relates to a child
This right shall not apply:
- Where we are exercising the right of freedom of expression and information
- Where we are complying with a legal obligation
- Where we are archiving data in the public interest, for scientific research or for statistical purposes
- When we need the data to exercise or defend a legal claim
Erasure requests may be sent to the Data Controller.
The House of Bruar will inform any relevant third parties of the rectification in order that they can update their records.
The Right to Restrict Processing
You can request that The House of Bruar restrict the processing of your personal information. This means that you may have requested one of your other rights where, until the request is concluded, that we suspend the processing of all personal data. If we have passed the data to a third party, we will inform them that they must restrict the processing of the data.
This right will apply:
- Where the accuracy of the information held is contested by you and you request that we restrict processing while we investigate
- You object to us processing your personal data, but we believe that processing is in the public interest or the performance of our legitimate interests and that these are legitimate grounds to override the Customer interest
- Where you believe that processing is unlawful and request restriction instead of deletion
- Where we no longer need that data, but you require the data stored in order to pursue a legal claim
Restriction requests may be sent to the Data Controller.
The Right to Data Portability
The Customer has the right to request the information that we hold be supplied in a portable format. This allows the Customer to take their information from our IT environment to another organisation's IT environment. The format in which we supply the data will be a structured and machine readable CSV file.
Portable data requests may be sent to the Data Controller.
The Right to Object
You have the right to object to your personal information being processed.
- If you object to the processing of your data for marketing purposes then let us know and we and our third parties will stop sending you marketing material
Requests for either of these options may be sent to the Data Controller
GENERAL INFORMATION AND RESPONSIBLE BODYRegistered address:
The House of Bruar
By Blair Atholl
Tel. 01796 483236
Company Registration Number: SC145746
VAT Registration Number: 607704939
The House of Bruar as the operator of the Website https://www.houseofbruar.co.uk/ is the body responsible for the collection, processing and use of personal data of users of the website within the meaning of the Data Protection Act 1998 (DPA). Should you have any questions or requests relating to the protection of your data, please contact our Data Controller.
The House of Bruar
By Blair Atholl
We are registered as a data controller under the terms of the Data Protection Act 1998 and the EU General Data Protection Regulation with the UK Information Commissioner's Office. Details of our registration may be found at https://ico.org.uk/ESDWebPages/Entry/Z9123977