PRIVACY POLICY

Website Privacy Policy – Onetouch Designs and Prints
This is the Website Privacy Policy of Onetouch Designs and Prints who is the data controller, and responsible for your personal data (collectively referred to as Onetouch, “we”, “us” or “our” in this privacy policy).
Our contact details are
Onetouch Designs and Prints
Jhumat House
160 London Road
Barking, Essex
IG11 8BB
Tel: 02080 683966
Our commitment to you
We respect your privacy and remain committed to protecting your personal data.
This privacy policy will explain the way in which we collect, store and process the personal data you provide to us over our website.
You should read this policy, and any other privacy policies we provide when we collect your data, so that you fully understand the ways in which we process your data. All Onetouch’ privacy policies are intended to supplement one another, not override each other.
See here for our Data Protection Policy
The data we collect from you
We will never collect or process special category data, or data relating to criminal convictions or offences, from you. This website is not intended for children and we do not knowingly collect data relating to children.
The personal data we would like to collect from you is as follows:
When You
You provide
Via
Use our contact us form
First name
Surname
Email address
Telephone number
Website form
Create a new account on our website
First name
Surname
Email address
Postal address
Telephone number
Website form
Access customer support
First name
Surname
Email address
Delivery address
Telephone number
Live chat
Email
Telephone support
Buy a product
First name
Surname
Email address
Postal address
Billing address
Delivery address
Telephone number
Website checkout process
Order a sample pack
First name
Surname
Email address
Postal address
Telephone number
Website form
Sign up to our mailing list
First name
Last name
Email
Website form
Email
Support
Live chat
Unsubscribe
(we have to add your details to our do not contact list)
First name
Last name
Email
Email
Live chat
Telephone support
If you choose not to provide your data then we may not be able to offer key products and services to you.
How we process your data, and our lawful bases
We collect and process your data on the following lawful bases
  • In the performance of a contract
This means we process your data where it is necessary for the performance of a contract with you, or to take steps, at your request, before entering into such a contract.
  • With legitimate interests
This means we process your data in the legitimate the interest of our business in order that we may provide to you to the best service/product and the most secure experience. We always consider and balance any potential impact on you and your rights before we process your personal data for our legitimate interests.
We will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
You can obtain further information about how we assess our legitimate interests against any potential impact on you, in respect of specific processing activities, by contacting our Data Protection Officer on the details provided in this privacy policy.
In any instance where we’re processing your data based on legitimate interests, you still have the right to object to your data being processed in that manner. To do this please contact our Data Protection Officer.
  • To comply with a legal or regulatory obligation
This means processing your personal data where it is necessary for compliance with a legal or regulatory obligation.
  • With your consent
This means we’ve asked for your explicit consent to process your data in a certain way, and you’ve provided it.
The table below describes all the ways we plan to use your personal data, and identifying which of the legal bases we process according to.
Purpose of processing
Data processed
Lawful basis for processing
Support
To respond to your enquiry
First name
Surname
Email address
Telephone number
Legitimate interests
Customer Service:
To create you a new account
To enable you to make a purchase
To fulfil your order
First name
Surname
Email address
Postal address
Billing address
Telephone number
Performance of a contract with you
Customer Reviews
To glean your feedback so that we may improve our products and services
First name
Surname
Email address
Legitimate interests
Email Marketing
To email you news and information on offers, discounts and new products.
First name
Surname
Email address
Consent
(Legitimate interests)
Unsubscribe
When we add your details to our do not contact list
First name
Surname
Email address
Legal obligation
Email Marketing
We will not actively seek consent from customers to continue to send marketing emails to them beyond 25th May 2018, when the General Data Protection Regulation comes into effect.
We adopt this approach using the lawful basis of legitimate interests; assuming that you’d benefit from receiving information about offers and promotions. This type of processing is secure and presents a low risk to you. This practice is in line with the Privacy and Electronic Communications Regulation 2003.
If you would like to opt out of these marketing emails, you can do so by:
  • Unsubscribing or directly from any emails you’ve received from us; or
  • Contact our Data Protection Officer to unsubscribe.
Prior to the 25th May 2018, we will seek explicit consent from any mailing list member that hasn’t made a purchase with us in the last three years. If we do not gain such an individual’s consent by 24th May 2018, we will permanently delete said personal data from our mailing list.
In future, we will always seek explicit consent from new website users and customers in order to send marketing emails to them.
Cookies
We provide information about the cookies we use, and how you can control use of them, in our cookie policy
Purpose limitation
We will only use your personal data for the purposes we originally collected it. This is unless we need it for another reason that we believe is compatible with why we originally collected your data.
Who we share your data with
We may have to share your personal data with the parties set out below for the purposes set out in this privacy policy.
Providers acting as processors based in the European Union, and on occasion the United States of America, who provide IT and system administration services.
Professional advisers acting as processors including lawyers, bankers, auditors and insurers based in the UK who provide related services to us.
HM Revenue & Customs, regulators and other authorities based in the UK acting as processors or joint controllers who require reporting of processing activities in certain circumstances.
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Your rights
We fully support your rights. If you ever feel this is not the case please contact our Data Protection Officer or the Information Commissioner’s Office to discuss the matter further.
At any point you can exercise your:
  • Right of access – contact us for a copy of the data we hold about you.
  • Right of rectification – let us know if the data we hold is out of date or inaccurate and we’ll update it.
  • Right to be forgotten – if you no longer want to use our services, please contact us and we’ll delete all related data where we’re able to.
  • Right to restrict processing – we only ever collect the data we need and actively ensure we’re never collecting anything over and above that need.
  • Right of portability – we will support reasonable requests to transfer your data to another organisation should you require it.
  • Right to object to automated decision making and profiling- we do not currently use any automated profiling of any description. In the event you’re ever unhappy with the way we’re processing your data please contact our Data Protection Officer.
In the event we ever need to refuse your rights we will provide you with a reason why. You will then have the right to complain to the supervisory authority as outlined below.
Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.
We engage a small, trusted group of GDPR compliant data processors. They will only process your personal data on our instructions, they are party to a data processing agreement with us which includes a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are required to do so.
Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When determining the appropriate retention period for personal data we consider:
  • the amount, nature, and sensitivity of the personal data;
  • the potential risk posed to you by unauthorized use or disclosure of that data;
  • the purposes for which we process it;
  • any applicable legal requirements; and
  • whether we can achieve those purposes through other means.
Details of retention periods relating to your personal data can be requested from our Data Protection Officer.
In some circumstances you can ask us to delete your data. In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes. In these instances we are able use this information indefinitely without further notice to you.
Subject Access Requests
You will not have to pay a fee to access your personal data (or to exercise any of the other rights).
However, we may charge a reasonable admin fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Complaints
To exercise all relevant rights, queries or complaints in relation to this policy or any other data protection matter between you and us, please in the first instance contact our dedicated Data Protection Officer:
Michael Abberdee
Onetouch Designs and Prints
Jhumat House
160 London Road
Barking, Essex
IG11 8BB
Tel: 02080 683978