Your privacy is important to us.
ESL Ltd makes a commitment to protecting your privacy and the security of our customers data and will only use information collected about you in accordance with the General Data Protection Regulations (GDPR). We fully appreciate and respect the importance of data protection and security on the Internet.
The policy outlines how your personal information is treated when using our website, and describes your rights and the manner in which any information that can be associated with you (including, for example, your name, address, telephone number, e-mail address and information about your online activities) (“Personal Information”), will be collected and used and forms part of our terms and conditions.
Information that we collect from you
When you visit, register or order products or services on our website you may be asked to provide certain information about yourself including your name, contact details and credit or debit card information. We may also collect information about your usage of our website as well as information about you from messages you post to the website and e-mails or letters you send to us. We only collect information which is necessary, relevant and adequate for the purpose you are providing it for.
We do not record telephone conversations.
What we do with your information
We will only process information that is necessary for the purpose for which it has been collected. You will always have the option not to receive marketing communications from us (and you can withdraw your consent or object at any time). We will never send you unsolicited “junk” email or communications, or share your personal information with anyone else who might.
Your information will enable us to provide you with access to all parts of our website and to supply the goods or services you have requested. It will also enable us to charge you and to contact you where necessary concerning your orders. We will also use and analyse the information we collect so that we can administer, support, improve and develop our business.
There are various ways in which we may use or process your personal information. We list these below:
Where you have provided consent, we may use and process information to:
- Contact you from time to time with marketing material or special offers, products or information which we think may be of interest to you.
- Send a monthly newsletter if you have placed an order. You can unsubscribe at any time by clicking the “Unsubscribe” link in the footer of the email newsletter.
- Contact you for your views on our services and to notify you occasionally about important changes or developments to the website or our services.
- Share your personal information with 3rd party companies in order to deliver your orders for our couriers (we will of course, give you details about these third parties before you give permissions for us to send to them)
You have the option to unsubscribe from our e-mails through a link at the bottom of every e-mail we send to you. If you want to change the details that you have registered with us, or would like to amend your subscription preferences or unsubscribe altogether, this can be changed in the “My Account” section of our Site or by contacting our customer services team.
Please contact our customer services team for assistance if information needs updating.
2. Contractual performance
We may use and process your personal information where this is necessary to perform a contract with you and to fulfil and complete your orders, purchases and other transactions entered into with us. This includes:
- to provide you with an account on our site, if you choose to sign up for one;
- to fulfil any order that you place with us;
- to collect payment from you;
- to provide you with a receipt, if you ask us to send this to you electronically;
- to protect and defend our legal rights and interests.
3. Legitimate Interests
We may use and process your personal information as set out below where it is necessary for us to carry out activities for which it is in our legitimate interest as a business to do so. This includes:
- Processing necessary for us to support customers with sales and other enquiries;
- Processing necessary for us to respond to understanding customers’ needs;
- Processing necessary for us to promote our business, brands and products and measure the reach and effectiveness of our business;
- Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively;
- Administering and monitoring our Site, to ensure that content is presented in the most effective manner for you and for your device, and to allow you to participate in interactive features when you choose to;
- Analyse any feedback that you provide on our services, and to improve our services.
4. Legal Obligation
We may process your personal information where we are required to do so by the courts or to comply with other legal, statutory and/ or regulatory obligations including accounting and taxation requirements;
5. Vital Interest
Sometimes we will need to process your personal information to contact you if there is an urgent safety or product recall notice and we need to tell you about it.
How long we keep your information
We retain the information you provide for the following periods:
- for as long as you subscribe to receive marketing information;
- for as long as your account is being used and for a period of two years after the date you cease to use your account, after which period we will anonymise the personal information on file by deleting the personal information and allocating a personally unidentifiable unique reference ID and store the remaining information indefinitely in systems and backups (“Data Retention”). You can request the deletion of personal information in advance of the two year inactivity period by contacting us. Your personal information will be removed within 14 days of this request. If you wish to set up an account after this period, this will be treated as a new account and your transaction history will not be available;
- in the case of any contact you may have with our Customer Care team for as long as is necessary to provide support-related reports and trend analysis.
Our Data Retention Period has been determined to cover credit risk, fraud detection and customer service periods, as well as to cover regulatory requirements, and the resolution of disputes or fraud prevention.
How we store your information
Your information may be processed by our staff to the extent necessary to fulfil your order. By submitting your personal information to us, you agree to the transfer of your personal information, its storage and processing.
We check all orders for security purposes using a number of means, some of which involve outside sources such as the Electoral Roll.
We will keep the data which we collect from you on a secure server. Our servers offer 256-bit SSL3 encryption of data transmissions, so your security is assured whenever you place an order. Depending on your browser, you will see a different confirmation that your connection is secure (on our checkout page). Generally, it will be a small padlock next to the web address.
We do not store your debit/credit card details. We have a secure payment company who handle our transactions called ?????????. The payment information provided to us by you is HTTPS encrypted. This means that no one else can access your information because they would not have the suitable decryption key to decipher it. Our security certificates are issued by ?????? who are one of the top SSL certificate providers.
Where we have given you a password (or where you have chosen one) to access certain parts of this Site, you are responsible for keeping this password confidential. We ask that you setup a secure password and do not share a password with anyone.
PCI DSS (Payment Card Industry Data Security Standards) is a proprietary information security standard for organisations that handle cardholder information from the major card providers.
Any information you give us relating to credit card details is handled by a PCI compliant third party and encrypted using secure server technology. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access and require our suppliers to do the same.
We are committed to reducing online fraud.
Rights you may have
You may have certain rights in relation to personal information that we hold about you. These include the right to request access to your personal information, to request that it is erased, that its processing is restricted, or that any inaccurate personal information is rectified. You may also have the right to object to the processing of your personal information, or in some circumstances to obtain a copy of the personal information in a machine readable format. You also have the right to complain about the use of your personal information to the Information Commissioner’s Office.
Please contact our privacy officer at firstname.lastname@example.org if you would like to make a request.
Changes to this policy
We may change this policy from time to time. If we make changes, we will notify you by revising the date of this policy, and if the changes are significant, we may provide you with an additional notice such as adding a statement to the homepage of the Site or sending you an e-mail with the update.
Please check this policy regularly to stay informed about our information practices and the ways you can help protect your privacy.
Last updated 31st January 2018