Privacy Policy

General Data Protection Regulations (GDPR) & Polydron Ltd

Polydron is committed to safeguarding and preserving the privacy of our customers. This Privacy Policy explains what happens to any personal information (data) provided to us and defines how Polydron complies with EU Law, specifically the General Data Protection Regulations.

Any enquiries with regards to the Privacy Policy or the data processed by Polydron should be directed to our Head Office.

Collecting data

To deliver our services, Polydron needs to collect personal data and this may be collected from a number of sources. Examples include:

  • Upon receipt of an enquiry.
  • Information that you provide when you communicate with us by any means.
  • In reply to a communication from Polydron.
  • From a customer purchasing our products.

Use of data

We will only use the data we collect and hold to provide our services. We will not sell or pass on information for commercial purposes. We do not make personal data public. We will treat your data fairly and legally.

Polydron has no reason to process children's data and will never knowingly do so.

Cookies

We use cookies to track visitor activity to our website and to keep the contents of any shopping basket you create. We do not use the data we collect from cookies for any marketing purposes.

There are only two cookies created by our ecommerce system:

PHPSESSID
(Contains a PHP "session ID", expires when the browser is closed)

The "PHPSESSID" cookie is required so that the site can recognise the same user clicking from page to page. Without it, every page would be treated as the first visit to the site, and anything added to the shopping basket would be instantly forgotten. Online shopping would, therefore, be impossible.

session
(Contains a PHP "session ID", can also contain an email address and encrypted password, expires after one year)

The "session" cookie is intended for the user's convenience, our system creates this with a copy of the initial session ID so that they can be classed as "returning" and the contents of their shopping basket will still be available. If the user signs in with an email address and password, these login details are are also saved so that they can remain logged in when returning (the password is encrypted). If the user signs out, their login details are removed from the cookie.

Any other cookies are created by 3rd party scripts such as Google Analytics.

Information from third parties

Polydron may collect information or data from third parties (e.g. distributors). The third party will hold the appropriate permission for this. This information will only be used to fulfil orders and for no other purpose.

Disclosing data to third parties

Polydron will only disclose data to third parties for a limited number of reasons:

  • Information may be shared with our service providers to deliver agreed products and services to clients in a fair and lawful manner.
  • Information as required or permitted by law, or when it is believed that disclosure is necessary to protect our rights, protect an individual's safety or the safety of others, and/or to comply with a judicial proceeding, court order, or other legal process served upon Polydron.
  • To protect the risk of fraud.

If you are ordering from outside of the European Economic Area we will need to share your data with third parties for us to be able to fulfil your order. We will ensure that any information is secure and processed in accordance with data protections laws.

Data Retention

Polydron will retain data securely, ensuring the IT infrastructure is covered by appropriate hardware and software maintenance and support.

We will not hold your data for any longer than is necessary and only for its defined purpose. We hold a full data retention schedule to comply with the principles of the GDPR.

The rights of individuals

Individuals have rights within the GDPR and Polydron is committed to complying with those rights:

  • The right to be informed
    We will communicate with you in a concise, clear and transparent way. We will tell you what data we collect from you and how we will use that data.
  • The right of access
    You may ask us to send you a copy of the personal data we hold about you.
  • The right to rectification
    You may ask us to correct or erase any incorrect or incomplete personal data that we hold about you.
  • The right to erasure
    You may ask us to stop using your data and we will do so if there is no legal reason for us to continue to hold or use that personal data.
  • The right to restricted processing
    You have the right to withdraw your consent that you have given to us to use your personal
  • The right to object
    You can object to us processing your data and we will stop doing so unless we have legitimate grounds giving us an overriding interest.
  • The right to data portability
    You can ask us to transfer a copy of your personal data to you or another service provider or third party providing this is technically feasible.
  • The right to object to any automated decision making
    We do not carry out any automated decision making and therefore this rule does not apply to our products and services.

Breach

If there is a breach of personal data Polydron will comply with the duties set down in the GDPR, informing the Information Commissioners Office when necessary. Where feasible, we will honour our obligations within 72 hours of becoming aware of the breach.

Should the breach be likely to result in a high risk of adversely affecting individuals' rights and freedoms, Polydron will also inform those individuals without undue delay.

If you believe that we have not met our promises to you, you have the right to complain to the Information Commissioner's Office. Further information, including contact details, is available at ico.org.uk.

Date of Policy: 31st May 2018. Next review date May 2019.