Signbox – Privacy Policy

INTRODUCTION

This privacy policy explains in detail the type of personal data we may collect from you when you interact with us; it also explains how we store and handle that data and keep it safe. From time to time we’ll need to update this policy, but we’ll always notify you of any significant changes.

We hope the following sections will answer any questions you might have but, if not, please get in touch with The Compliance Officer, Signbox Ltd, Unit 3, Egham Business Village, Crabtree Road, Egham TW20 8RB.

When you’re using our websites, Signbox Limited is the data controller.

ABOUT SIGNBOX LIMITED

UK-based Signbox Limited is a leading signage specialist with over 30 years’ industry experience. With intelligent design and application, we consistently deliver award-winning visual communication strategies using traditional and pioneering signage methods across all market sectors, notably corporate, education, healthcare, retail, hotel and leisure.

Signbox Limited is associated with the following businesses:

EXPLAINING THE LEGAL BASIS WE RELY ON

The law (including the latest requirements placed upon us by the General Data Protection Regulation – GDPR) on data protection sets out a number of different reasons why we may collect and process your personal data, including:

Consent

In specific situations, we can collect and process your data with your consent.

For example, when you tick a box to receive email newsletters. When collecting your personal data, we’ll always make clear which data is required for a particular service.

Contractual obligations

In certain circumstances, we’ll need your personal data to comply with our contractual obligations.

For example, if you order an item from us for delivery, we’ll collect your address details to deliver your purchase and pass them to our courier.

Legal compliance

If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity affecting us to law enforcement agencies.

Legitimate interest

In specific situations, we require your data to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.

For example, we’ll use your purchase history to send you or make available further offers. We’ll use your name and address details to send you direct marketing information by post to you about products and services we think might interest you. We may also combine the transaction history of customers to identify trends and develop new products or services.

WHEN DO WE COLLECT YOUR PERSONAL DATA?

WHAT SORT OF PERSONAL DATA DO WE COLLECT?

If you have a web account with us, we’ll record your name, gender, billing/delivery address, orders and receipts, email and telephone number. For your security, we’ll also keep an encrypted record of your login password. We’ll also record:

HOW AND WHY DO WE USE YOUR PERSONAL DATA?

The data privacy law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service. If you choose not to share your personal data with us or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.

For example, if you’ve asked us to let you know when an item comes back into stock, we can’t do that if you’ve withdrawn your general consent to hear from us.

Here’s how we’ll use your personal data and why:

For example, your details may need to be passed to a third party to supply or deliver the product or service that you ordered and we may keep your details for a reasonable period afterwards in order to fulfill any contractual obligations such as refunds, guarantees and so on.

For example, by checking your password when you log in and using automated monitoring of IP addresses to identify possible fraudulent logins from unexpected locations.

For example, we might display a list of items you’ve recently looked at or offer you recommendations based on your purchase history and any other data you’ve shared with us.

For example, we’ll record your browser’s Session ID to help us understand more when you leave us online feedback about any problems you’re having.

For example, when a court order is submitted to share data with law enforcement agencies or a court of law.

For example, by combining this data, it will help us personalise your experience and decide which content to share with you.

COMBINING YOUR DATA FOR PERSONALISED DIRECT MARKETING

We want to bring you offers and promotions that are relevant to you. To do this, we combine the data we collect directly from you with data we obtain from third parties to whom you’ve given your consent to pass it data on to us. This includes information about planning applications, etc.

HOW WE PROTECT YOUR PERSONAL DATA

We’ll always treat your data with the utmost care and take all appropriate steps to protect it. We secure access to all transactional areas of our websites and apps using trusted https:// technology.

Access to your personal data is password protected and sensitive data such as payment card information is secured by SagePay to ensure that’s protected too.

We regularly monitor our system for possible vulnerabilities and attacks and carry out penetration testing to identify ways to strengthen security even further.

HOW LONG WILL WE KEEP YOUR PERSONAL DATA?

Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected; at the end of that retention period your data will be deleted completely.

For example, customer data retention periods include:

Orders

When you place an order we’ll keep the personal data you give us for 10 years so we can comply with our legal and contractual obligations. 

Inactive accounts

If you haven’t used your account for more than 10 years, it will be flagged as inactive and we’ll contact you to ask if you want to keep it open. If you don’t confirm you do, we’ll close the account and delete the personal data associated with it. 

Warranties

If your order included a warranty the associated personal data will be kept until the end of the warranty period.

WHO DO WE SHARE YOUR PERSONAL DATA WITH?

We sometimes share your personal data with trusted third parties. 

For example, delivery couriers or third-party technicians who visit your premises.

Here’s the policy we apply to those organisations to keep your data safe and protect your privacy: 

Examples of the kind of third parties we work with are:

Sharing your data with third parties for their own purposes:

We’ll only do this in very specific circumstances, for example:

To help personalise your journey through our websites we currently use the following companies who may process your personal data as part of their contracts with us:

WHERE YOUR PERSONAL DATA MAY BE PROCESSED

Your data is processed in the UK.

WHAT ARE YOUR RIGHTS OVER YOUR PERSONAL DATA?

You have the right to request:

You can contact us to request to exercise these rights at any time as follows: 

To ask for your information please contact The Compliance Officer, Signbox Ltd, Unit 3, Egham Business Village, Crabtree Road, Egham TW20 8RB or email complianceofficer@signbox.co.uk  To ask for your information to be amended please update your online account or contact our Customer Services team.

If we choose not to action your request we’ll tell you why.

Your right to withdraw consent

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

Where we rely on our legitimate interest

In cases where we’re processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons relating to your individual situation. We must do that unless we believe we have a legitimate overriding reason to continue processing your personal data.

Direct marketing

You have the right to stop the use of your personal data for direct marketing activity through all channels or selected channels.

Checking your identity

To protect the confidentiality of your information we we’ll ask you to verify your identity before proceeding with any request you make under this privacy policy.

If you’ve authorised a third party to submit a request on your behalf we’ll ask them to prove they have your permission to act.

HOW CAN YOU STOP THE USE OF YOUR PERSONAL DATA FOR DIRECT MARKETING?

There are several ways you can stop direct marketing communications from us:

Please note you may continue to receive communications for a short period after changing your preferences while our systems are updated.