INTRODUCTION
This privacy policy explains in detail the type of personal data we may collect from you when you interact with us; it also explains how we store and handle that data and keep it safe. From time to time we’ll need to update this policy, but we’ll always notify you of any significant changes.
We hope the following sections will answer any questions you might have but, if not, please get in touch with The Compliance Officer, Signbox Ltd, Unit 3, Egham Business Village, Crabtree Road, Egham TW20 8RB.
When you’re using our websites, Signbox Limited is the data controller.
ABOUT SIGNBOX LIMITED
UK-based Signbox Limited is a leading signage specialist with over 30 years’ industry experience. With intelligent design and application, we consistently deliver award-winning visual communication strategies using traditional and pioneering signage methods across all market sectors, notably corporate, education, healthcare, retail, hotel and leisure.
Signbox Limited is associated with the following businesses:
- Signbox International Limited
- Smart Poster Limited
EXPLAINING THE LEGAL BASIS WE RELY ON
The law (including the latest requirements placed upon us by the General Data Protection Regulation – GDPR) on data protection sets out a number of different reasons why we may collect and process your personal data, including:
Consent
In specific situations, we can collect and process your data with your consent.
For example, when you tick a box to receive email newsletters. When collecting your personal data, we’ll always make clear which data is required for a particular service.
Contractual obligations
In certain circumstances, we’ll need your personal data to comply with our contractual obligations.
For example, if you order an item from us for delivery, we’ll collect your address details to deliver your purchase and pass them to our courier.
Legal compliance
If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity affecting us to law enforcement agencies.
Legitimate interest
In specific situations, we require your data to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
For example, we’ll use your purchase history to send you or make available further offers. We’ll use your name and address details to send you direct marketing information by post to you about products and services we think might interest you. We may also combine the transaction history of customers to identify trends and develop new products or services.
WHEN DO WE COLLECT YOUR PERSONAL DATA?
- When you visit any our websites and use your account to buy products and services.
- When you make an online purchase and check out as a customer (in which case we just collect transaction-based data).
- When you create an account with us.
- When you purchase a product or service by phone and email, but don’t have (or don’t use) an account.
- When you engage with us on social media.
- When you download or install one of our apps.
- When you contact us with queries, complaints etc.
- When you ask one of our employees to email you information about a product or service.
- When you’ve given a third-party permission to share the information they hold about you with us
- We collect data from publicly available sources (such as planning permissions) when you’ve given your consent to share information or where the information is made public as a matter of law.
- When you use our car park, which has a CCTV system operated for the security of our customers and employees – this system may record your image during your visit.
- When you enter our office and register as a visitor.
- When you call our office, conversations may be recorded for training and quality purposes.
WHAT SORT OF PERSONAL DATA DO WE COLLECT?
If you have a web account with us, we’ll record your name, gender, billing/delivery address, orders and receipts, email and telephone number. For your security, we’ll also keep an encrypted record of your login password. We’ll also record:
- Details of your interactions with us online or when using one our apps. For example, we collect notes from our conversations with you, details of any complaints or comments you make, details of purchases you made, items viewed or added to your basket, products you show an interest in, web pages you visit, how and when you contact us and details of your shopping preferences.
- Details of your visits to our websites or apps and which site you came from to reach ours.
- Information gathered by the use of cookies in your web browser.
Learn more about how we use cookies and similar technologies.
- Your comments and product reviews.
- Your image may be recorded on CCTV when you visit our office.
- Your car number plate may be recorded from our car park when you visit our office.
- To deliver the best possible web experience, we collect technical information about your internet connection and browser as well as the country and telephone code where your computer is located, the web pages viewed during your visit, the advertisements you clicked on, and any search terms you entered.
- Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
HOW AND WHY DO WE USE YOUR PERSONAL DATA?
The data privacy law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service. If you choose not to share your personal data with us or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.
For example, if you’ve asked us to let you know when an item comes back into stock, we can’t do that if you’ve withdrawn your general consent to hear from us.
Here’s how we’ll use your personal data and why:
- To process orders that you make using our websites or apps. If we don’t collect your personal data during checkout, we won’t be able to process your order and comply with our legal obligations.
For example, your details may need to be passed to a third party to supply or deliver the product or service that you ordered and we may keep your details for a reasonable period afterwards in order to fulfill any contractual obligations such as refunds, guarantees and so on.
- To respond to your queries, refund requests and complaints – handling the information you sent enables us to respond to these. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
- To protect our business and your account from fraud and other illegal activity. This includes using your personal data to maintain, update and safeguard your account. We’ll also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. We’ll do all this as part of our legitimate interest.
For example, by checking your password when you log in and using automated monitoring of IP addresses to identify possible fraudulent logins from unexpected locations.
- To protect our customers, premises, assets and employees from crime, we operate CCTV systems in our office and car park, which record images for security; we do this on the basis of our legitimate business interests.
- To process payments and to prevent fraudulent transactions; we do this on the basis of our legitimate business interests and it helps to protect our customers from fraud.
- If we discover any criminal activity or alleged criminal activity through our use of CCTV, fraud monitoring and suspicious transaction monitoring, we’ll process this data for the purposes of preventing or detecting unlawful acts. We aim to protect the individuals we interact with from criminal activities.
- With your consent, we’ll use your personal data, preferences and details of your transactions to keep you informed by email, web, text and telephone about relevant products and services. You’re free to opt out of hearing from us by any of these channels at any time.
- To send you relevant, personalised communications by post in relation to updates, products and services’ we’ll do this on the basis of our legitimate business interest. You’re free to opt out of hearing from us by post at any time.
- To send you communications required by law or which are necessary to inform you about our changes to the services we provide you, including updates to this privacy policy, product recall notices and legally required information relating to your orders, etc. These service messages won’t include any promotional content and don’t require prior consent when sent by email or text message. If we didn’t use your personal data for these purposes, we’d be unable to comply with our legal obligations.
- To display the most interesting content to you on our websites or apps, we’ll use data we hold about your favourite products. We do so on the basis of your consent to receive app notifications and/or for our website to place cookies or similar technology on your device.
For example, we might display a list of items you’ve recently looked at or offer you recommendations based on your purchase history and any other data you’ve shared with us.
- To develop, test and improve the systems, services and products we provide to you; we’ll do this on the basis of our legitimate business interests.
For example, we’ll record your browser’s Session ID to help us understand more when you leave us online feedback about any problems you’re having.
- To comply with our contractual or legal obligations to share data with law enforcement.
For example, when a court order is submitted to share data with law enforcement agencies or a court of law.
- To send you feedback requests to help improve our services; these messages won’t include any promotional content and don’t require prior consent when sent by email or text message. We have a legitimate interest to do so as this helps make our products or services more relevant to you. You’re free to opt out of this service at any time by updating your preferences in your online account or by unsubscribing from our communications.
- To build a rich picture of who you are and what you like and, to inform our business decisions, we’ll combine data captured from across the company, third parties and data from publicly available lists as we’ve described in the section ‘What sort of personal data do we collect’. We’ll do this on the basis of our legitimate business interest.
For example, by combining this data, it will help us personalise your experience and decide which content to share with you.
- Sometimes we’ll need to share your details with a third party who is providing a service to us (such as delivery couriers). Without sharing your personal data we’d be unable to fulfill your order.
COMBINING YOUR DATA FOR PERSONALISED DIRECT MARKETING
We want to bring you offers and promotions that are relevant to you. To do this, we combine the data we collect directly from you with data we obtain from third parties to whom you’ve given your consent to pass it data on to us. This includes information about planning applications, etc.
HOW WE PROTECT YOUR PERSONAL DATA
We’ll always treat your data with the utmost care and take all appropriate steps to protect it. We secure access to all transactional areas of our websites and apps using trusted https:// technology.
Access to your personal data is password protected and sensitive data such as payment card information is secured by SagePay to ensure that’s protected too.
We regularly monitor our system for possible vulnerabilities and attacks and carry out penetration testing to identify ways to strengthen security even further.
HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected; at the end of that retention period your data will be deleted completely.
For example, customer data retention periods include:
Orders
When you place an order we’ll keep the personal data you give us for 10 years so we can comply with our legal and contractual obligations.
Inactive accounts
If you haven’t used your account for more than 10 years, it will be flagged as inactive and we’ll contact you to ask if you want to keep it open. If you don’t confirm you do, we’ll close the account and delete the personal data associated with it.
Warranties
If your order included a warranty the associated personal data will be kept until the end of the warranty period.
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
We sometimes share your personal data with trusted third parties.
For example, delivery couriers or third-party technicians who visit your premises.
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
- We provide only the information they need to perform their specific services.
- They may only use your data for the exact purposes we specify in our contract with them.
- We work closely with them to ensure that your privacy is respected and protected at all times.
- If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Examples of the kind of third parties we work with are:
- IT companies who support our website and other business systems.
- Sub-contract installation contractors.
- Companies such as delivery couriers.
- Direct marketing companies who help us manage our electronic communications with you.
- Google/Facebook who may show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites. See our Cookies Notice for details.
Sharing your data with third parties for their own purposes:
We’ll only do this in very specific circumstances, for example:
- For fraud management, we may share information about fraudulent or potentially fraudulent activity on our premises or systems; this may include sharing data about individuals with law enforcement agencies.
- We may also be required to disclose your personal data to the police or other enforcement, regulatory or government body upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
- We may, from time to time, expand, reduce or sell the company and this may involve the transfer of divisions or the whole business to new owners. If this happens, your personal data will, where appropriate, be transferred to the new owner or controlling party, under the terms of this privacy policy.
To help personalise your journey through our websites we currently use the following companies who may process your personal data as part of their contracts with us:
- Google
- Twitter
- Pinterest
- Instagram
- YouTube
- Facebook
- LinkedIn
- Lead Forensics
- Campaign Monitor
- Vimeo
- Yell
WHERE YOUR PERSONAL DATA MAY BE PROCESSED
Your data is processed in the UK.
WHAT ARE YOUR RIGHTS OVER YOUR PERSONAL DATA?
You have the right to request:
- Access to the personal data we hold about you.
- The correction of your personal data when incorrect, out of date or incomplete.
- That we stop using your personal data for direct marketing (either through specific channels or all channels).
- That we stop any consent-based processing of your personal data after you withdraw that consent.
You can contact us to request to exercise these rights at any time as follows:
To ask for your information please contact The Compliance Officer, Signbox Ltd, Unit 3, Egham Business Village, Crabtree Road, Egham TW20 8RB or email complianceofficer@signbox.co.uk To ask for your information to be amended please update your online account or contact our Customer Services team.
If we choose not to action your request we’ll tell you why.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we’re processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons relating to your individual situation. We must do that unless we believe we have a legitimate overriding reason to continue processing your personal data.
Direct marketing
You have the right to stop the use of your personal data for direct marketing activity through all channels or selected channels.
Checking your identity
To protect the confidentiality of your information we we’ll ask you to verify your identity before proceeding with any request you make under this privacy policy.
If you’ve authorised a third party to submit a request on your behalf we’ll ask them to prove they have your permission to act.
HOW CAN YOU STOP THE USE OF YOUR PERSONAL DATA FOR DIRECT MARKETING?
There are several ways you can stop direct marketing communications from us:
- Click the ‘unsubscribe’ link in any email communication we send you. We’ll then stop any further emails from us.
- If you have an account, log in into your account, visit the ‘My Account’ area and change your preferences.
- In our apps, you can manage your preferences and opt out of one or all of the different push notifications by selecting or deselecting the relevant options in the ‘Settings’ section.
- Write to The Compliance Officer, Signbox Ltd, Unit 3, Egham Business Village, Crabtree Road, Egham TW20 8RB, or email complianceofficer@signbox.co.uk
Please note you may continue to receive communications for a short period after changing your preferences while our systems are updated.