This notice governs the manner in which PM Antiques & Collectables processes, collects, manages and stores data that can identify you. Throughout this notice, “we”, “us” and “our” means PM Antiques & Collectables and “you”, “your” and “user” means the individual whom the data relates.
For the purposes of the GDPR (General Data Protection Regulations), we will be the controller of all personal data we hold of you. We are registered with the ICO (Information Commissioner’s Office) and our contact information is provided beneath should you have any questions.
Types of information we collect and why we collect them
We collect and store information about you when you interact with our website or correspond with us, either directly, or using a third-party service or social media platform. This information might include:
- Telephone number
- Internet protocol (IP) address
- Username of a third-party website account
Personal Information is collected on our website when you visit the site or interact with the site in any way, for instance; submitting a contact/enquiry form or subscribing to our newsletter. The information is set out on the web page on which we collect it.
Sometimes we may request additional information from you, which might include:
- Proof of identity
- Ownership of goods valued/offered for sale including descriptions, images and provenance. This information may be forwarded onto relevant third-parties for specialist appraisal. We may also use this information in our own interests to assist in the prospective resale of the goods concerned.
We may contact you in relation to your interaction with us or to send you receipts/invoices for any transactions you make with us. Your personal information is kept private and stored securely until a time it is no longer required.
If you reply to a blog post on our website your name and comment will be published on our website once it has been reviewed and approved by us.
When you make a transaction with us, we may collect the following types of information from you:
- Billing address
- Shipping address
- Method of payment and payment information (excluding bank card numbers)
- Telephone number
- Proof of identity
- Username of a third-party website account
We use this information to fulfil the transaction, arrange shipping, contact you in relation to the transaction and keep documented records for our taxation obligations. This information may also be used to confirm our compliance with relevant authorities or to check your details with fraud protection agencies if suspected false or inaccurate information has been provided.
Our website’s shopping cart payment page is outsourced using PayPal (PCI DDS, SAQ ‘A’), a Woocommerce payment gateway. PayPal are a PCI-compliant third-party service provider and during the payment process your browser is redirected to their payment page. For more information, please read the PCI DSS information as found on PayPal’s website.
We may use your email address to send you user information and notify you of any updates relating to your order.
Your information is stored and retained by us for as long as it is deemed necessary to comply with our legal obligations. We are legally obliged to maintain records of all business transactions and this information will be retained for a period of seven years.
We maintain physical, technical and organisational safeguards for the collection, processing and storage of personally identifiable information. Personal data is stored in both electronic and physical form, including but not limited to; emails, text messages, web servers, computer files and any third-party websites, applications or payment gateways utilised in relation to your interaction with us. Electronic means of such information is only accessible via password protected computers and devices. Physical/printed personal data is stored locked away. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you. Where third-party service providers have been used to complete your transaction, please review the privacy policies of those respective providers.
We have appropriate data collection, storage and processing security measures in place to protect personal information on our website from unauthorised access, alteration, disclosure or destruction. This information is stored on an external server hosted by our website developers, Thunderbolt Digital Limited. Private data exchanged between you and the website is safeguarded using a TLS (SSL) secured communication protocol to encrypt and protect your personal data with digital signatures. A ‘captcha’ is applied to areas of our website where personal information is submitted through submission forms. Our website is maintained by Thunderbolt Digital Limited, who update the site’s plugins, software and security patches on a regular basis. We will report any unlawful data breach of our website’s database to relevant persons and authorities within 72-hours of the breach. This is only if it is apparent that personal data stored in an identifiable manner has been stolen. We will notify you promptly in the event of any data breach that might expose you to serious risk.
We will only use your personal information for the purposes for which we collected it, unless we rationally consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Sharing your personal information
We may pass your personal data to third-parties who are service providers, agents, sub-contractors or courier/delivery firms for the purposes of completing tasks and providing services to you on our behalf. We do this for the purpose of our legitimate interests in operating the business. However, we only disclose the personal data that is necessary for the third-party to perform their service. It is possible that third-parties may themselves engage with sub-processors to process your data, and where this is the case, they are required to have contractual arrangements with their sub-processors that ensure your information is kept secure.
Thunderbolt Digital Limited host and maintain our website’s open source CMS database (WordPress). The website’s data is therefore stored on Thunderbolt Digital Limited’s Linode server. Much of our stock is advertised on eBay and we use plugins to integrate products and order information between eBay and our website in order to manage our stock and customer orders effectively. Personal data received from eBay sales will therefore get stored on Thunderbolt Digital Limited’s server.
We use an external accountancy firm to complete our accounts and tax lodgements. Transaction records containing personal information are shared with our accountant so that necessary tasks can be carried out in the interests of our business operations. When our accountant provides a service to us, physical records of respective transactions are stored at the accountant’s external premises until a time that the service is deemed complete. Electronic files containing personally identifiable information are password protected and we generally use an online portal, StayPrivate, to transfer such files.
Third-party courier and shipping firms are used to fulfil orders by delivering purchased goods to your address. We commonly use Royal Mail, Parcelforce, UPS and AnyVan. Where orders have been placed on eBay, we may purchase postage labels online from Packlink Shipping S.L. (eBay Delivery) or Shutl / Royal Mail via eBay’s seller platform.
We use Click4Assistance to allow us to provide live chat support via our website. Chats are SHA 256-bit encrypted and data is hosted on Click4Assistance’s DPA and PCI compliant database located within a UK data centre. Individuals rights, data protection by design and by default along with consent and all other GDPR concepts and principles are addressed by Click4Assistance.
When you communicate with us via our website’s contact forms, the content of your enquiry is processed through Twilio SendGrid, a service which sends contact form content to our email inbox. Please visit SendGrid’s website for further privacy information.
We use Mailchimp as our email marketing platform. When you subscribe to our mailing list, your information will be transferred to Mailchimp for processing. We have a data processing agreement in place with Mailchimp and you can find out more about Mailchimp’s privacy practices by visiting their website.
We are not in the business of selling, renting or trading personal information with other companies for marketing or financial gain.
When you visit our site we automatically collect certain information about your device. This might include information about your web browser, your IP address, your time zone, and some of the cookies that are installed on your device. As you browse our site we collect information about the web pages or products that you view, the websites or search terms that referred you to our site, and information on how you interact with the site. We refer to this automatically-collected information as ‘device information’ and we may use it to improve and optimise our site (for example, generating analytics about user’s interaction with the site, and to access the success of our marketing and advertising campaigns) and to help up screen for potential risk or fraud. Device information is collected through the following technologies:
- Cookies: A cookie is a text file sent by a web server (a device where one or more websites are stored) to a web browser, and stored by the web browser. The text file is then sent back to the web server each time the web browser requests a page from the web server. This enables the web server to identify and track the web browser and provide enhanced user experiences for visitors to a website. Cookies are useful because they allow a website to recognise a user’s device. You can learn more about cookies at www.allaboutcookies.org and www.youronlinechoices.eu.
- Log files: Log files track actions occurring on the site and collect data including your IP address, browser type, internet service provider, referring/exit pages and date/time stamps.
- Web beacons, tags and pixels: These are electronic files used to record information about how you browse the site.
We operate a mailing list program to update our subscribers with latest news and to notify them of general website, product and service-related information. When you subscribe to our mailing list, your email address is retained until you ask us to discard it. You can unsubscribe from our mailing list at any time in receipt of emails sent by us or by contacting us directly. Our mailing lists are also controlled by Mailchimp and Thunderbolt Digital Limited.
In order to run the business efficiently, we use third-parties, including, but not limited to service providers, websites, applications and social media platforms. When you engage with any third-party, you are not governed by our privacy notice, but instead that of the respective third-party.
While we may have official profiles on social media platforms, you are advised to verify authenticity of such profiles before engaging with, or sharing information with them. Users are advised to conduct themselves appropriately when engaging with us on social media.
There may be instances where our website features social sharing buttons, which help share web content directly from web pages to the respective social media platforms. You use social sharing buttons at your own discretion and accept that doing so may publish content to your social media profile feed or page.
We use your personal information to provide you with targeted advertisements or marketing communications that we believe may interest you. Further information about how targeted advertising works can be found on the Network Advertising Initiative’s (“NAI”) informative webpage: http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work
You can opt out of some marketing services by visiting the Digital Advertising Alliance’s opt-out portal: http://optout.aboutads.info
We run Google search and display network marketing campaigns. This means that you may see one of our adverts on another website displaying adverts served by Google. Google uses information shared by various sites and applications to deliver its services including Google Analytics and third-party cookies. If your ad personalisation is enabled, Google will use your data to select ads more suited to you. You can change your ad personalisation and control which personal information Google accesses to show you ads by adjusting your Google ad settings. For more information, please visit https://www.google.com/settings/ads/anonymous
We also run marketing campaigns on Facebook. The personal data we access is provided by Facebook, who control the data for users on their database. Facebook matches users with CRM (Customer Relationship Management) data to create custom audiences for advertising campaigns – such as ours. CRM is a strategy for managing an organisation’s interactions with customers and potential customers. You can opt-out of Facebook’s targeted advertising by adjusting your Facebook ad settings.
Thunderbolt Digital Limited carry out our marketing campaigns and access our respective email and social media accounts. Thunderbolt Digital Limited act as data processors, processing data on behalf of data controllers such as Facebook and ourselves. Thunderbolt Digital Limited have obligations to process data safely and legally and are GDPR-compliant.
Under the GDPR, if you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, transferred or deleted in accordance with our legal obligations. If you would like to exercise this right, please contact us. We may need to request specific information from you to help us confirm your identity and ensure your right to access any personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to another person who has no right to receive it.
Right to complain
You have the right to make a complaint if you wish to do so. The organisation with oversight of our processing is the Information Commissioner’s Office, which can be contacted in writing at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, by telephone (0303 123 1113) or by email (email@example.com).
We may update this policy from time to time without notice to you in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.
This notice was last updated on 2nd August 2020.
For more information about our privacy practices or if you have any comments, please contact PM Antiques & Collectables at firstname.lastname@example.org.