User privacy and data protection are human rights and we have a duty of care to the people within our data. Data is a liability and should only be collected and processed when necessary. To help skip through the jargon normally associated with Privacy Policies the following paragraph sums up the data we hold on you and what we do with that data in a nutshell:
1. RELEVANT LEGISLATION
This website is designed to comply with the General Data Protection Regulation (GDPR) with regards to data protection and user privacy. We are registered with the Information Commissioner (see www.ico.gov.uk).
This site’s compliance with the above legislation means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries as well. If you are unsure about whether this site is compliant with your own country’s specific data protection and user privacy legislation you should contact our data protection officer for clarification.
2. PERSONAL INFORMATION THAT THIS WEBSITE COLLECTS AND WHY IT IS COLLECTED
This website collects and uses personal information that you provide to us for the purposes of fulfilling an order placed by you on the website, including your first name, surname, (including business name where applicable), postal address, postcode, telephone number, email address and IP address. We use your provided information as part of the verification process and to complete the dispatch and delivery of product/s to your specified address. We also use your information to correctly identify you in order to provide customer support to you when you request it.
3. SHARING YOUR INFORMATION
We may need to share your delivery details (name and address) with any of our product suppliers and the courier services we use for the purpose of fulfilling an order and ensuring product/s arrive to your delivery destination in a timely manner.
We will disclose your information if we are required to so by law. We may disclose your information to enforcement authorities if they ask us to, or to a third party in the context of actual or threatened legal proceedings, provided we can do so without breaching data protection laws.
4. PAYMENT PROCESSING
When you place an order with us, any data you provide to us, is encrypted using a 'Secure Socket Layer' (SSL) session. SSL is an industry standard and is a widely used measure to guard against Internet messages being intercepted. The use of older browsers does not use SSL therefore, please use Netscape (version 4.05) or above, Microsoft Internet Explorer (version 4) or above, or any similar updated browser for example Firefox or Opera.
We do not actually store credit card detials on our server. Credit and debit cards are processed in strict compliance by third party vendors Sage Pay, WorldPay and PayPal (depending on your chosen purchase transaction method). Sage Pay has the highest level of card data security (PCI DSS Level 1 compliant) so our customers can purchase with peace of mind. Payment security and fraud reduction are two of Sage Pay’s top priorities and keep your data secure which is why thousands of business already entrust their security with Sage Pay. The information we hold are the last 4 digits of your card, the card holder name and a reference to the last transaction made on that card from us.
5. HOW LONG DO WE KEEP YOUR INFORMATION FOR?
To make sure we meet our legal data protection and privacy obligations, we only hold on to your information for as long as we actually need it for the purposes we acquired it for in the first place. This means we will keep your information for as long as you continue to use our services, and for the the purpose of providing customer support and for a reasonable period of time afterwards if you stop doing so. After that we will delete it other than where we lawfully can keep any data for audit or legal reasons.
We shall keep data on our prospect database for not longer than 3 years from receipt subject to an individual’s right to unsubscribe or be forgotten at any time.
6. ACCESS TO YOUR INFORMATION
The information we hold about you is the information you have provided to us when placing an order on our website. You can write to us at any time to obtain details of the personal information we may hold about you. Please email: firstname.lastname@example.org or write to the Data Protection Officer, OSS Technology Ltd, Regus Building, 5300 Lakeside, Cheadle Royal Business Park, SK8 3GP.
Please quote your name and order number and provide brief details of what information you want a copy of (this helps us to more readily locate your data). We will take all reasonable steps to confirm your identity before providing you with details of any personal information we may hold about you. Likewise, if we hold any information about you which is incorrect or if there are any changes to your details please let us know so that we can keep our records accurate and up to date.
7. SITE VISITATION TRACKING
This website uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data including geographical location, user device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor.
8. GOOGLE ANALYTICS
An example of the kind of information Google Analytics tracks include number of pages visited, bounce rate of pages, geographical location of visitors, daily or monthly unique visitors to the site and so on.
9. SOCIAL MEDIA
Any social media posts or comments you send to us (on the OnlineSpyShop Facebook page, for instance) will be shared under the terms of the relevant social media platform (e.g. Facebook / Twitter) on which they are written and could be made public.
Other people, not us, control these platforms. We are not responsible for this kind of sharing. We recommend you should review the terms and conditions and privacy policies of the associated social media platforms you use. That way, you will understand how they will use your information, what information relating to you they will place in the public domain, and how you can stop them from doing so if you are unhappy about it.
Any review, post or comment you make about us, our products and services on any social media platform, or user community services will be shared with all other members of that service and the public at large. Any comments you make on these services and on social media in general must be not offensive, insulting or defamatory. You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.
10. OUR BLOG
Should you leave a comment to any post/s that have been published on our blog, the details that you leave with your comment will be saved to this website’s database, along with your computer’s IP address and the time and date that you submitted the comment. This information is only used to identify you as a contributor to the comment section for the respective blog post and is not passed to any third party data processors. Only your name will be shown on the public facing website.
Your comment and it’s associated personal data will remain on this site until we see fit to either remove the comment remove the blog post. Should you wish to have the comment and it’s associated personal data deleted, please email us at email@example.com.
If you are under the age of 16 years, you must obtain parental consent before posting a comment on our blog. Regardless of age, you should avoid entering personally identifiable information to the actual comment field of any blog post comment/s that you submit on this website.
11. LINKS TO THIRD PARTY WEBSITES
If we have included links on this site to any other sites it is for your personal use and reference only. We are not responsible for the privacy policies on these websites. OnlineSpyShop has no control of the content of any linked website and is not responsible for these websites or their content or availability. You should be aware that the privacy policies of these sites may differ from our own.
12. EMAIL NEWSLETTERS
If you choose to join our email newsletter, the email address that you submit to us will be forwarded to MailChimp who provide us with email marketing services. We consider MailChimp to be a third party data processor. The email address that you submit will not be stored within this website’s own database or in any of our internal computer systems.
Your email address will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.
If you are under 16 years of age you must obtain parental consent before joining our email newsletter. While your email address remains within the MailChimp database, you will receive periodic newsletter-style emails from us.
13. CUSTOMER FEEDBACK
If you choose to submit feedback about your experience using the OnlineSpyShop website and/or products, the comments that you leave are collected by eKomi and transparently displayed for other users / viewers to read on our website. eKomi is an independent company and feedback provider of transaction-based reviews and ratings. eKomi are a Google worldwide partner with over 250+ employees with headquarters in Berlin, Germany, Los Angeles, California and with offices in London, Paris, Madrid, and San Francisco.
eKomi receives no PII End customer information from the database of the company via the interface. Only an anonymous order transaction ID will be transmitted. In case that eKomi is providing the service of sending the review invitation email, the necessary personal information will be transmitted and used only for this exact purpose. After the legal retention period this data will be deleted.
14. LIVE CHAT
Our website uses a basic live chat service provided by Zopim for the purpose of providing you relevant information about our products and/or services prior to purchase, or to provide product support when requested. When the live chat is enabled and you visit our website we are able to view information relating to your navigation but we are not able to identify you. A random Visitor ID is assigned to you which displays geographic location, web browser, duration, web page, referrer (eg: Google) and the number of previous visits. Should you choose to correspond with us through the live chat any correspondence between you and ourselves is temporally stored in the chat history partition. All stored chat history is erased after seven (7) days on a regular rolling basis.
15. ABOUT THIS WEBSITE’S SERVER
This website is hosted by UKFast within a UK data centre located in the North West of Manchester. Some of the data centre’s more notable security features are as follows:
ISO 27001 and 9001 certified and secured to UK government IL4 standards.
Multi-factor access control
24/7 onsite security and CCTV throughout
Operating at Tier 3 standards for uptime and availability
Concurrently maintainable systems including UPS, standby diesel generators and high-density infrastructures in excess of 15kW per rack to offer a 100% network uptime guarantee
The website is held on its own dedicated server isolated from other shared websites. We hold a quality certification as proof of the build process by UKFast and under stringent compliance.
All traffic between this website and your browser is encrypted and delivered over HTTPS.
16. DATA BREACHES
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
Our registered office is:
OSS Technology Ltd
Cheadle Royal Business Park
Our registered accounts office is:
Usher Spiby Ltd
76 Manchester Road
A cookie is information which is sent to your web browser from our server and is stored there - either for the duration only of your visit to the site (using 'Session Cookies') or for a fixed period of time (using 'Persistent Cookies') - in order to send communication and information from your browser to our server or to the server of any other 3rd party who may send you cookies.
Such communication between browser and server enables a web server to identify, analyse, track or otherwise make use of certain data from your web browser, improving your browsing experience and the quality of the service provided.
Our shopping cart system will place a Session Cookie on your computer when you visit our website. This only contains your shopping items and does not store any personal details nor has any effect outside of the domain therefore, as soon as you leave the domain or close your browser - the items you have stored will be lost.
Any payment processors which you access or use through the site for the purposes of placing an order with us may also send cookies to your browser in order to properly track and identify you when you use their services. These cookies would only be used to ensure secure and reliable identification while you follow any payment or money-related procedures or services and would always be deleted upon completion of an order.
Please make sure to check you are in agreement with any such payment processor’s cookies policy, if you are concerned.
18. HOW TO DISABLE COOKIES
You can set your web browser to reject Cookies, or you can delete your browser history (visit www.aboutcookies.org). You can also block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, deleting or rejecting cookies could prevent you from using this site properly, such as not enabling the shopping cart to collect your items correctly or enabling your order to be completed through the secure card payment processor.
19. TELEPHONE CALLS
We do not monitor or record telephone calls.
20. SALE OF BUSINESS
In the unlikely event this business is sold or integrated with another business, your details may be disclosed to our advisers and any prospective buyer/s and their advisers, and will be passed on to the new owners of the business. In this case you will be informed of any change in ownership in our business.