We are OSS Technology Limited t/a Online Spy Shop a company registered in England and Wales (Company No. 06986542) with its registered accounts office at 76 Manchester Road, Denton, Manchester, M34 3PS. Our main trading address is Regus, 5300 Lakeside, Cheadle Royal Business Park, Cheadle, SK8 3GP, UK. Our VAT number is GB 916 6388 94. (“we”, “our”, “us”, “the Company”).
We are a “Data Controller” for the purposes of the Data Protection Act 2018 and the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) whilst undertaking our business services.
We only use your personal information (used when you make a purchase through the Checkout process of our website) to enable us to package and dispatch the product/s to you. We never sell, rent, share or otherwise distribute or make public your personal information. Furthermore, we do not, nor have we ever since trading market directly to our customers about our services and/or products without express permission. The only time we may periodically promote ourselves is via opt-in newsletters of which very few will be sent in a blue moon. Customers that do opt-in to our newsletters can opt-out just as easily by unsubscribing through any newsletter received.
We believe the buying process should be made easy to navigate, easy to understand, be transparent on pricing and delivery and that your personal data should only be used to fulfil the order. Any personal data that we lawfully retain is securely held and is processed for legitimate business purposes that are not outweighed by your rights, including identifying you in the event of product support should you need to contact us.
1. DATA PROTECTION PRINCIPLES
We will comply with data protection law and principles, which means that your information will be:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
- Relevant to the purposes we have told you about and limited only to those purposes;
- Accurate and kept up to date;
- Kept only as long as necessary for the purposes we have told you about; and
- Kept securely.
2. PERSONAL INFORMATION THAT THIS WEBSITE COLLECTS
If you purchase product/s from us or communicate with us this will result in us collecting personal data about you. We will collect, store and use the following types of personal information about you:
- First name, surname;
- Company name;
- Billing and delivery address;
- Telephone number;
- Email address;
- Bank and transaction details such as details about payments to and from you and other details of product/s and service/s you have purchased from us;
- Technical information such as IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website;
- Information about our service to you including username and password (if applicable), purchases or orders made by you, your preferences and any feedback you give us; and
- Records of your correspondence with us if you contact us.
3. HOW IS IT COLLECTED
We collect your personal information though different methods including:
- Direct interactions with you by telephone, email or through the contact form of the site; and
- Automated technologies or interactions. As you interact with our website, we may automatically collect technical information about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
4. HOW WE USE YOUR INFORMATION
We will only use your personal information when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
- Where we need to comply with a legal or regulatory obligation.
Generally, we do not rely on consent as a legal basis for processing your personal information other than in relation to sending third party direct marketing communications to you via email. You have the right to withdraw consent to such marketing at any time.
5. WHY IT IS COLLECTED
This website collects and uses personal information that you provide to us for the purposes of:
- Fulfilling an order placed by you on the website;
- Our verification process;
- To complete the dispatch and delivery of product/s to your specified address; and
- To correctly identify you in order to provide customer support to you when you request it.
If you fail to provide certain information when requested either by law, or under the terms of a contract we have with you, and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods).
6. SHARING YOUR INFORMATION
We may need to share your delivery details (name and address) with any of our product suppliers and the courier services we use for the purpose of fulfilling an order and ensuring that you are kept informed of the delivery status and that product/s arrive to your delivery destination in a timely manner.
Third party providers include the following:
- Paid on Results
- Sage Pay, WorldPay, PayPal
- Royal Mail, DPD, DHL, Interparcel (FedEx, UPS)
We will disclose your information if we are required to so by law. We may disclose your information to enforcement authorities if they ask us to, or to a third party in the context of actual or threatened legal proceedings, provided we could do so without breaching data protection laws.
In the unlikely event this business is sold or integrated with another business, your details may be disclosed to our advisers and any prospective buyer/s and their advisers, and will be passed on to the new owners of the business. In this case you will be informed of any change in ownership in our business.
7. PAYMENT PROCESSING
When you place an order with us, any data you provide is encrypted using a 'Secure Socket Layer' (SSL) session. SSL is an industry standard and is a widely used measure to guard against Internet messages being intercepted. The use of older browsers does not use SSL therefore, please use Netscape (version 4.05) or above, Microsoft Internet Explorer (version 4) or above, or any similar updated browser for example Firefox or Opera.
We do not store or have access to full credit card details on our server. The card details we are permitted to view are the last four (4) digits of your card and the fraud score generated by the associated third party card vendor/s. Credit and debit cards are processed in strict compliance by third party vendors Sage Pay, WorldPay and PayPal (depending on your chosen purchase transaction method). Sage Pay has the highest level of card data security (PCI DSS Level 1 compliant) and security and fraud reduction are two (2) of Sage Pay’s top priorities to keep your data secure which is why thousands of business already entrust their security with Sage Pay.
8. SITE VISITATION TRACKING
By using this Site, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
A “cookie” is a piece of information that is stored on your computer, tablet or phone to recognise your browser and records how you have used a website. This means that when you go back to that website it can give you tailored options based on the information it has stored about your last visit. You can normally alter the settings of your browser to prevent it from accepting cookies.
The cookies we use are explained below:
9.2. NECESSARY COOKIES:
These are cookies that are required for the operation of our website and are completely anonymous. Below are examples of when or why we will use these cookies:
- To help the website to function and enhance the look and feel of the website;
- To ensure you are always provided with a quick and responsive browsing experience;
- Our web servers to respond to your actions on the website or browsing the website. The website would not be able to work without it; and
- They also help to improve navigation around our website and allow you to return to pages you have previously visited.
These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences. Below are examples of when we will use these cookies:
- As soon as you visit the website, a cookie on your device will identify you have returned to the website and record your preferences;
- Remembering your choice of language or region; and
- When submitting a comment to one of our blogs, the information you enter is remembered in order to make it easier for you to comment next time.
9.4. THIRD PARTY COOKIES:
Payment processors which you access or use through the site for the purposes of placing an order with us may also send cookies to your browser in order to properly track and identify you when you use their services. These cookies would only be used to ensure secure and reliable identification while you follow any payment or money-related procedures or services and would always be deleted upon completion of an order. Please make sure to check you are in agreement with any such payment processor’s cookies policy, if you are concerned.
10. HOW TO DISABLE COOKIES
If you do not wish to receive cookies that are not strictly necessary to perform basic features of our Site you can set your browser to reject cookies or to tell you when a website tries to put a cookie on your computer.
Most web browsers will accept cookies but if you would rather that we did not collect data in this way you can choose to accept all or some or reject cookies in your browser’s privacy settings. Rejecting all cookies means that certain features on the Site cannot then be provided to you and accordingly you may not be able to take full advantage of all our Site’s features. The “Help” menu in the bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. Additionally, you can disable or delete similar data used by browser add-ons, such as Flash cookies, by changing the add-ons settings or visiting the website of its manufacturer.
10.1 FURTHER INFORMATION:
For more general information on cookies and how to disable them please go to the Information Commissioner’s webpage on cookies: https://ico.org.uk/for-the-public/online/cookies.
11. SOCIAL MEDIA
Any social media posts or comments you make (on the Online Spy Shop Facebook page, for instance) will be shared under the terms of the relevant social media platform (e.g. Facebook / Twitter) on which they are written and could be made public.
Other people, not us, control these platforms. We are not responsible for this kind of sharing. We recommend you review the terms and conditions and privacy policies of the associated social media platforms you use. That way, you will understand how they will use your information, what information relating to you they will place in the public domain, and how you can stop them from doing so if you are unhappy about it.
Any review, post or comment you make about us, our products and services on any social media platform, or user community services will be shared with all other members of that service and the public at large. Any comments you make on these services and on social media in general must be not offensive, insulting or defamatory. You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.
Should you leave a comment to any post/s that have been published on our blog, the details that you leave with your comment will be saved to this website’s database along with your computer IP address and the time and date that you submitted the comment. This information is only used to identify you as a contributor to the comment section for the respective blog post and is not passed to any third party data processors. Only your name will be shown on the public facing website.
Your comment and its associated personal data will remain on this site until we see fit to either remove the comment or remove the blog post. Should you wish to have the comment and its associated personal data deleted, please email us at email@example.com.
If you are under the age of 16 years you must obtain parental consent before posting a comment on our blog. Regardless of age you should avoid entering personally identifiable information to the actual comment field of any blog post comment/s that you submit on this website.
13. LINKS TO THIRD PARTY WEBSITES
If we have included links on this site to any other sites it is for your personal use and reference only. We are not responsible for the privacy policies on these websites. Online Spy Shop has no control of the content of any linked website and is not responsible for these websites or their content or availability. You should be aware that the privacy policies of these sites may differ from our own.
14. EMAIL NEWSLETTERS
If you choose to join our email newsletter the email address that you submit to us will be forwarded to MailChimp who provide us with email marketing services. We consider MailChimp to be a third party data processor. The email address that you submit will not be stored within this website’s own database or in any of our internal computer systems.
Your email address will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email please send your email to us using the email account that is subscribed to the mailing list.
If you are under 16 years of age you must obtain parental consent before joining our email newsletter. While your email address remains within the MailChimp database, you will receive periodic newsletter-style emails from us.
15. CUSTOMER FEEDBACK
If you choose to submit feedback about your experience using the Online Spy Shop website and/or products, the comments that you leave are collected by eKomi and transparently displayed for other users/viewers to read on our website. eKomi is an independent feedback company and provider of transaction-based reviews and ratings. eKomi are a Google worldwide partner with over 250+ employees with headquarters in Berlin, Germany, Los Angeles, California and with offices in London, Paris, Madrid, and San Francisco.
eKomi receives no PII End customer information from the database of the company via the interface. Only an anonymous order transaction ID will be transmitted. In case that eKomi is providing the service of sending the review invitation email, the necessary personal information will be transmitted and used only for this exact purpose. After the expiry of the retention period set out in section 18 this data will be deleted.
16. LIVE CHAT
Our website uses a basic live chat service provided by Zopim for the purpose of providing you relevant information about our products and/or services prior to purchase, or to provide product support when requested. When the live chat is enabled and you visit our website we are able to view information relating to your navigation however, we are not able to identify you. A random Visitor ID is assigned to you that displays geographic location, web browser, duration, web page, referrer (e.g: Google) and the number of previous visits. Should you choose to correspond with us through the live chat, any correspondence between you and ourselves is temporally stored in the chat history partition. All stored chat history is erased after seven (7) days on a regular rolling basis.
17. PAID ON RESULTS
We use a third party affiliation program in order to promote ourselves through verified and accepted businesses that sign up with Paid on Results. When a business/company explicitly signs up through the Paid on Results affiliation program and is then accepted by ourselves, that registered business/company then places graphic banners or URL links on their own website encouraging their customers to click through to our website in order to browse our product range and potentially make a purchase. Successful purchases result in 10% commission of the overall sale value of the product/s (excluding VAT) to that associated affiliation business/company.
We do not collect or store any information on our servers from any business/company that signs up with the Paid on Results affiliation program however, through the Paid on Results dashboard we are able to see the Order Number of any purchaser. This allows us to cross reference with our customer database to verify the purchase was successful and that no returns have been requested in order to pay the commission.
This website is hosted by UKFast within a UK data centre located in the North West of Manchester. Some of the data centre’s more notable security features are as follows:
- ISO 27001 and 9001 certified and secured to UK government IL4 standards
- Multi-factor access control
- 24/7 onsite security and CCTV throughout
- Operating at Tier 3 standards for uptime and availability
- Concurrently maintainable systems including UPS, standby diesel generators and high-density infrastructures in excess of 15kW per rack to offer a 100% network uptime guarantee
- The website is held on its own dedicated server isolated from other shared websites. We hold a quality certification as proof of the build process by UKFast and under stringent compliance.
All traffic between this website and your browser is encrypted and delivered over HTTPS.
19. HOW LONG DO WE KEEP YOUR INFORMATION FOR
To make sure we meet our legal data protection and privacy obligations, we only hold on to your information for as long as we actually need it for the purposes we acquired it for in the first place. This means we will keep your information for as long as you continue to use our services and for the purpose of providing customer support and for a reasonable period of time afterwards if you stop doing so. After that we will delete it other than where we lawfully can keep any data for audit or legal reasons i.e. for a period of 7 years.
We shall keep data on our prospect database for not longer than 3 years from receipt subject to an individual’s right to unsubscribe or to be forgotten at any time.
20. INDIVIDUAL’S RIGHTS
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your business relationship with us.
Under certain circumstances, by law you have the right to:
a) Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
b) Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
c) Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
d) Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
e) Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
f) Request the transfer of your personal information to another party.
g) If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us at firstname.lastname@example.org. Please note, there are some specific circumstances where these rights do not apply and we can refuse to deal with your request.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
21. ACCESS TO YOUR INFORMATION
You can write to us at any time to obtain details of the personal information we may hold about you. Please email: email@example.com or write to the Data Protection Officer, OSS Technology Ltd, Regus Building, 5300 Lakeside, Cheadle Royal Business Park, SK8 3GP.
22. DATA BREACHES
We will report any personal data breach including any breach of this website’s database or the database(s) of any of our third party data processors to affected data subjects and to the ICO within 72 hours of the breach if it is apparent that there is a risk that data subject’s rights and freedoms have been affected.
Last updated: 25th May 2018.