For the purpose of the Data Protection Act 1998 (the Act) and from 25th May 2018, the EU General Data Protection Regulations 2016/679 (the “GDPR”) the data controller is All in Stone Ltd Limited (company number 10712918) having its registered office at Roland Road, Reddish, Stockport, SK5 6TJ.
All in Stone Limited (“All in Stone Ltd”, “we” or “us”) are committed to protecting your privacy. Please read through this policy carefully so that you know how and why we collect information about you, how you can contact us to access, rectify, erase, restrict, port or object to your data being processed and what procedures we have in place to keep your personal data safe.
Why do we collect your information?
Knowing more about you helps us to focus on what is most likely to interest and appeal to you.
The information we collect allows us to provide you with the most relevant offers such as money-off vouchers and rewards, for items you buy from us and for things you might be interested in buying in the future. We can also draw your attention to special offers linked to where you live, or promotions in stores near you by sending you relevant news, product information, special offers and details of events and competitions. However, you’ll be given the option to opt-out of such communications at the point that your data is collected and subsequently through clicking the “unsubscribe” option on any of our marketing emails or by updating your marketing preferences if you have an online account with us.
What information we collect
1) Information you give us.
This is information that you share with us in a variety of ways:
- a) This could be through our Website forms, placing an order, completing part of the checkout process online, creating a wishlist, searching for a product, signing up for offers and news, submitting customer reviews, entering a competition or prize draw, booking an appointment with one of our consultants or creating or updating your account, requesting swatches or a brochure or by corresponding with us by phone, email, social media or otherwise. This information may include personal details such as your name, email address, postal address and telephone number, personal description, photograph, your relevant passwords and preferred usernames, contact details, account details, financial and credit card information, your preferences, interests and details of any complaints you may have and any other information provided by you.
- b) Details of products and services purchased. This is detailed information about what products you have purchased whilst using our Website and in an All in Stone Ltd or All in Stone (South) Ltd store and the fulfilment of your orders, for example the time and date of purchase, the products you purchase from us, delivery addresses you use and if paying by debit or credit cards your card details and card expiry date to complete your payment.
- c) Correspondence. If you contact us, we may keep a record of that correspondence or call.
2) Information we collect about you.
When you visit our Website we will automatically collect information from you:-
- a) Website visit details. This includes but is not limited to when and how you access our Website, products you searched or viewed, HTTP protocol elements, search terms, length of visits of pages, page interaction, your customer journey, device type and ID, HTTPs cookies, traffic data, location data, referring website, weblogs and other communication data. Much of this data is collected by cookies and analytical software tracking tags used on our Website, details of which are noted under the cookies policy.
- b) Technical information. We may collect your IP address, which is assigned to your computer when it is connected to the Internet and operating system browser. We may collect other technical information such as your login information (where you set up an account with us), your browser type and version, time zone setting, browser plug in types and versions, and the operating systems you use.
3) Information we receive from other sources.
This is information that we receive about you if you use another website we operate or the other services we provide. We are working with third parties (including for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, customer review providers, live chat providers, credit reference agencies). This may include Cookies, refer to our Cookies Policy for more information.
We may also collect, use and share “Aggregated Data” such as statistical or demographic data for any purpose, Aggregated data may be derived from our personal data but it is anonymised and does not (directly or indirectly) reveal your identity. We use automated learning based on anonymous customer data from on our Website to provide product recommendations, tailored search results, adverts and content on our website that will be most relevant to you and to enable us to improve our website through ongoing testing and optimisation.
We do not collect any “Special Categories of Data” about you (e.g., your race, ethnicity, religion, sex life, political opinion, health (other than where we have a legal obligation to do so, for example in the event of an accident on our premises) or genetic or biometric data). Nor do we collect data regarding criminal convictions and offences. Nor do we collect children’s data.
How we use the information we collect
Personal data submitted to us will be used for the purposes stated in this Policy or as stated in our website or may be notified to you. We use your personal data to:
- Develop our website:
- to help you to use the All in Stone Ltd website to browse and shop, to provide a more seamless shopping journey in-store and online by sharing your details with our in-store teams, to improve your experience of using the Website, to administer and monitor our Website and to improve our Website.
- to personalise our Website to you and the things you may like, dislike or be interested in;
- to ensure that we present and evaluate the content on the Website in the most effective manner for your and other users.
- to provide you with information, products or services that you request from us or which may interest you, where you have consented to be contacted for such purposes. To personalise these communications to you and your likes and dislikes.
- to provide you with distance to your nearest All in Stone Ltd store based on your location set by device, or to send you store directions by SMS in accordance with your request, when using our store location section of the website
- Meet our service obligations:
- to meet our obligations arising from any contracts entered into between yourself and us, including for example delivery of the product or product guarantees.
- to notify you promptly about changes to our products and / or services.
- to process your payments for products and services to enable you to shop with us online and in-store and all payments are subject to the individual payment providers privacy policies.
- to check that you have (or are likely to have) the means to pay us for any products you order from us over the internet or in store.
- to keep accurate records of purchases, sales or other transactions to ensure that the requisite payments and deliveries are made, or services provided in respect of those transactions, and to make financial or management forecasts to assist us in conducting our business activities (All in Stone Ltd does not hold or take payment details, this is all undertaken by a 3rd party payment gateway)
- to provide you with after-sales services.
- If you fail to provide personal data which we need to provide the product or service to you then we may not be able to perform our contract we have with you. Please ensure that the personal data you give us is accurate and up to date.
- to allow us to send you direct marketing. We may do this by contacting you via telephone, post, SMS or email about special offers and current, or new products that you may be interested in, and to monitor the success of campaigns and promotions. You have the right to object to your data being processed for marketing purposes. This is explained in more detail in the Your Rights section.
- to allow us to contact you in relation to competitions and prize draws, to process your entries to our competitions/prize draws and to fulfil our obligation under our competition/ prize draw terms and conditions. This may require you disclosing your data with All in Stone Ltd agents or subcontractors who are collecting the data on our behalf.
- for the purpose of advertising or marketing our products and services, our business itself and for public relations promotions in connection with our business, products and services including digital advertising. This may require us to disclose your personal details to All in Stone Ltd agents or subcontractors in accordance with how we use your data. However, we do not sell or pass your data on to third parties for their marketing purposes. Additionally, this may involve tailoring our digital advertising based on what you view on our Website and your interests on third party websites, so that this is more relevant to you. This advertising is delivered across third party websites including social media.
- to allow us to contact you via email if you have added products to your Shopping Basket whilst shopping on our Website. Email address and name is provided to a third party who managed our shopping basket email programme to enable this.
- to analyse the effectiveness of digital advertising based on your interactivity and in accordance with our Cookies Policy
- to analyse sales processed through the Website and specific products which have been frequently viewed on the Website for marketing and business development purposes.
- to allow us to send you personalised email communications based on your browse behaviour whilst visiting our website. Email address is provided to a third party who manage our browse behaviour email programme to enable this.
- For Customer Services:
- to respond to any questions, suggestions, or complaints you have raised with us directly, via any social media posts, or any comments you make directly to us or in the public domain; and
- to carry out administrative tasks and research and statistical analysis for customer surveys and research.
- Improve our Products and Services made available to You:
- to forecast demand for our products and services and logistics planning;
- to ensure that the All in Stone Ltd adverts you see on different websites are more relevant to you, we’ll now provide some anonymous information about you and your shopping habits to the organisations who place our online advertising. We gather this information from your Email activity, website cookies and other similar technologies. It is then combined with data from other internet users to create audience profiles consisting of particular interests and characteristics. These audience profiles are used by our online advertisers including social media to serve you adverts relevant to you and your interests. This may include social media websites including Facebook, Pinterest, Instagram, Twitter along with third party websites.
- to gather statistics about how you and other people use our website and mobile apps, and what you think of our advertisements, special offers, news, products and product information, competitions, sponsored events, social media and other content and services. We then analyse all this data to see if what we do is interesting to people and meets their needs, or if they should be improved, and if so, what changes would be most beneficial both for our customers and for us. For this purpose, `we use third party providers including Google Analytics, to help us collect and analyse visitor and customer behaviour on our Website. This data is mainly anonymous with the exception of partially anonymised data in the form of order number or a unique id that is shared with Google Analytics to enable us to undertake analysis at an aggregate level, verify data and improve the Website and understand behaviour across multiple devices.
- For Compliance:
- to monitor how people use our websites and mobile apps to see if they are being abused or threatened, for example, by internet trolls posting inappropriate comments in review areas or by would-be hackers looking to undermine our security.
- to protect you and our business from any other potentially criminal behaviour, including identity theft and fraud.
- to monitor our premises, including using CCTV in stores to protect you and our business from any potentially criminal behaviour, including theft.
- to help us maintain administrative and statutory records about our business so we can better understand what we have sold, and how, when, where and at what price, and pay our taxes.
- to help us maintain administrative and statutory records about our business so we can satisfy our legal and contractual obligations for example, accident reporting:
- Legitimate Interest of the Company:
- to enable us (and our third-party service providers) to plan and manage our day-to-day business as effectively as possible, for example, to predict the possible sales volumes of a particular product so we can make sure that we have sufficient stocks to meet the likely demand.
- to help us conduct focused market research based on trends and common factors, so we can further improve the products and services we offer to all our customers.
- to see if the money we spend on marketing and advertising across all media represents good value for us or not.
- for legitimate business purposes such as process improvement and risk management.
Every so often, we like to send you an email newsletter informing you about products and services. You can subscribe to our Newsletters at any time via the All in Stone Ltd website. You can withdraw your consent in a number of ways as detailed in Your Rights” section of this Policy below or as detailed in the footer of each email.
We can’t guarantee or verify the contents of any external linked website despite our best efforts. However, if you do click on external links, we won’t be held liable for any damages or implications caused by visiting any external links.
Social media platforms
Any communication, engagement and action on social media is subject to the terms and conditions and privacy policies held from each social media platform. In order to protect your own privacy and personal details, we advise that you use social media sites wisely. Other than to contact you regarding a specific query or complaint in which case we may request your name, order number and telephone number via Social Media. Otherwise, we will never ask for your private personal information via social media platforms. However, if you want to discuss your private personal details, we are happy to help via email.
We may use social sharing buttons to share content directly from web pages to social media platforms. Please note, that you are using social sharing buttons at your own discretion and these social media platforms may be tracked to save requests and to share a web page through your social media account.
Who does my information go to?
We may use any relevant information to contact you or pass it on to our trusted agents and sub-contractors to process and fulfil your order, confirm your identity, validate and authorise transactions made by your debit or credit card and to manage your prize draw and competition entries.
We may pass on your personal data to help us fulfil pre-contractual or contractual obligations, for example to send you product samples, to arrange delivery of or after-care for your product.
We may pass on your personal information about sales and website usage for research and analytical purposes.
Where you purchase products from us we may use suppliers based outside the EEA You expressly consent to us that these companies may also process your personal data where necessary in order to fulfil our contractual obligation to you.
Where we store your personal data
Any personal details we have collected about you are kept securely and in accordance with the Data Protection Act 1998 and GDPR. Therefore, we will never sell or disclose your information to third parties, shared companies for any other purposes than described in this policy or for legal reasons (e.g., to comply with a legal process).
Your data is kept secure using the high security server technology ensuring your data is protected. Where you have chosen a password which enables you to access certain parts of our website you are responsible for keeping the password confidential. You must not share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure and although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How Long Do We Keep Your Information For?
All in Stone Ltd will not keep your personal data for longer than is necessary for the purpose for which it was collected unless there is a further legal reason for us to do so. We will take all reasonable steps to ensure the personal data is erased from our systems, or securely destroyed when it is no longer required. We will keep your data for as long as you continue to shop with us or use our services (for example where your product is under a product guarantee) and for a period time afterwards when we may contact you if there is a legitimate interest to do so. We may also be required to retain your data for legal reasons.
Disclosure of your information
We may disclose information about you to law enforcement officials in the investigation of any alleged unlawful activities by you. We may also be required to disclose information to a court or regulatory body when required to do so by law.
We may also share your information with our service providers (to help manage the Website and provide services, including, marketing and market research, processing online purchases, delivery companies and our designers and manufacturers) and with any person or organisation (and their advisers) who might take over the services provided by the Website to allow them to prepare for taking over (after that, we may also allow that person or organisation to use and share your information on the same basis as us).
If you make a post on the Website, we may share your username, and any information you include in your post with other users of the Website or in our marketing materials, for example this would include any posts or comments which you make via on Website's blog or any similar post or comment.
Under the GDPR you have certain rights. In particular you have the right to
- Where we are relying on your consent to process your personal data, you can withdraw your consent to our processing of your personal data at any time. If you have signed up for an online account with us, you can do this by updating your preferences with us. Alternatively, you can use the “unsubscribe” or “stop” option on our emails and texts. In certain circumstances, we can process your personal data without your consent in line with the lawful processing requirements in GDPR. These include (amongst other reasons) where processing is necessary to comply with a legal obligation, or to protect your vital interests.
- Ask us to rectify inaccurate or incomplete personal data. We would seek to rectify the data as soon as possible and usually within one month unless the request is complex.
- Ask us to erase your personal data. This is commonly referred to as the right to be forgotten. This right is only applicable where there is no compelling reason for the continued processing of your personal data. There are some circumstances where this right to erasure does not apply and in such cases, we would notify you of the reason(s) why we need to retain your personal data (unless prevented to do so by law).
- Restrict processing of your personal data where, for example, the data is inaccurate, being processed unlawfully or where the data is no longer relevant to the specific purpose for processing. In such cases, we would retain the data, but we would not process it further without your consent, or if processing your data is for establishing, exercising or defending a legal claim, or for the protection of rights of other individuals, or for public interest reasons. In such circumstances, we would let you know that we intend to lift the restriction on processing your personal data.
- Request access to your personal data via a subject access request. Your request should be made to us in writing, and we may ask you for proof of your identity before providing you with the data. There is usually no fee for making such a request however, in limited circumstances, we can charge an administrative fee (which will be based on the administrative cost of providing the information).
- You have the right to ask us not to process your personal data for marketing purposes (including profiling). We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data or by unsubscribing using the ‘unsubscribe’ function in a marketing email or by choosing not to accept or block certain cookies. In respect of SMS marketing, should you wish us to stop sending you mobile SMS correspondence, please see the STOP details in each text message.
You can also exercise the right at any time by contacting us at email@example.com
- Obtain and reuse your personal data for your own purposes across different services (right to data portability). This right is only applicable to data that you have provided to us, where we are processing the data based on your consent or for the performance of a contract and when the processing is carried out by automated means. Where this right applies, the data will be provided to you in a structured, commonly used and machine-readable format.
Our site may, from time to time, contain links to and from the websites of third parties, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Contact and complaints.
Name of DPO: Gary Rogers
Email address: firstname.lastname@example.org
Postal address: All in Stone Ltd. Roland Road, Reddish, Stockport, SK5 6TJ
If you have any complaints regarding our handling of your personal data, we would appreciate the chance to deal with your concerns in the first instance. However, if you wish, you may make a complaint directly to the Information Commissioner’s Office, the UK supervisory authority for data protection issues, use the link below for more information.
https://ico.org.uk or 0303 123 1113