We are OSS Technology Limited t/a Online Spy Shop, a company registered in England and Wales (Company No. 06986542) with its registered accounts office at 76 Manchester Road, Denton, Manchester, M34 3PS. Our main trading address is Landmark House, Station Road, Cheadle Hulme, SK8 7BS, UK. Our VAT number is GB 916 6388 94. (“we”, “our”, “us”, “the Company”).
We are a “Data Controller” for the purposes of the Data Protection Act 2018 and the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) whilst undertaking our business services.
OSS Technology Ltd
Tel: 0161 537 0550
International: +44 (161) 537 0550
We only use your personal information when you purchase through our website to package and dispatch the product/s to you. We never sell, rent, share or otherwise distribute or make public your personal information. Furthermore, we do not, nor have we ever, marketed directly to our customers about our services and/or products without express permission. We may periodically promote ourselves via opt-in newsletters, of which we send very few. Customers that do opt-in to our newsletters can opt-out just as easily by unsubscribing through any newsletter received.
We believe the buying process should be made easy to navigate, easy to understand, be transparent on pricing and delivery and that your personal data should only be used to fulfil an order. Any personal data that we lawfully retain is securely held and is processed for legitimate business purposes that are not outweighed by your rights, including identifying you in the event of product support should you need to contact us.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard the information we collect online.
1. DATA PROTECTION PRINCIPLES
We will comply with data protection law and principles, which means that your information will be:
Used lawfully, fairly and in a transparent way;
Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
Relevant to the purposes we have told you about and limited only to those purposes;
Accurate and kept up to date;
Kept only as long as necessary for the purposes we have told you about; and
2. PERSONAL INFORMATION THAT THIS WEBSITE COLLECTS
If you purchase products from us or communicate with us, we will collect personal data about you. We will collect, store and use the following types of personal information about you:
First name, surname;
Billing and delivery address;
Bank and transaction details such as details about payments to and from you and other details of product/s and service/s you have purchased from us;
Technical information such as IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website;
Information about our service to you, including username and password (if applicable), purchases or orders made by you, your preferences and any feedback you give us; and records of your correspondence with us if you contact us.
3. HOW IS IT COLLECTED
We collect your personal information through different methods, including:
Direct interactions with you by telephone, email or through the contact form of the site; and Automated technologies or interactions. As you interact with our Website, we may automatically collect technical information about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
4. HOW WE USE YOUR INFORMATION
We will only use your personal information when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you;
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
Where we need to comply with a legal or regulatory obligation.
Generally, we do not rely on consent as a legal basis for processing your personal information other than sending third-party direct marketing communications to you via email. You have the right to withdraw consent to such marketing at any time.
5. WHY IT IS COLLECTED
This website collects and uses personal information that you provide to us for:
Fulfilling an order placed by you on the website;
Our verification process;
To complete the dispatch and delivery of product/s to your specified address; and
To correctly identify you to provide customer support to you when requested.
If you fail to provide certain information when requested either by law or under the terms of a contract we have with you, and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods).
6. SHARING YOUR INFORMATION
We may need to share your delivery details (name and address) with any of our product suppliers and the courier services we use to fulfil an order and ensure that you are kept informed of the delivery status and that products arrive at your delivery destination promptly.
Third-party providers include the following:
eKomi Customer Feedback
Paid on Results Affiliation
Sagepay, Worldpay, Stripe, ApplePay and PayPal Payment Processors
Royal Mail, DPD, DHL, Interparcel, FedEx, UPS) Delivery Couriers
We will disclose your information if we are required to do so by law. We may disclose your information to enforcement authorities if they ask us to, or to a third party in the context of actual or threatened legal proceedings, provided we could do so without breaching data protection laws.
If this business is sold or integrated with another business, your details may be disclosed to our advisers and any prospective buyer/s and their advisers and will be passed on to the new owners of the business. In this case, you will be informed of any change in ownership of our business.
7. PAYMENT PROCESSING
When you place an order with us, any data you provide is encrypted using a Secure Socket Layer (SSL) session. SSL is industry-standard and widely used as a measure to guard against Internet messages being intercepted. The use of older browsers do not use SSL; therefore, please use Netscape (version 4.05) or above, Microsoft Internet Explorer (version 4) or above, or any similar updated and modern browser, for example, Firefox or Opera.
We do not store or have access to full credit card details on our server. The card details we can view are the last four digits of your card and the fraud score generated by the associated third party card vendors. Credit and debit cards are processed in strict compliance by third-party vendors (depending on your chosen purchase transaction method). All payment vendors we use have the highest level of card data security (PCI DSS Level 1 compliant), and security and fraud reduction are two top priorities to keep your data secure, which is why thousands of businesses already entrust the security.
8. SITE VISITATION TRACKING
Google may also transfer this information to third parties required to do so by law or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. Google lists the cookies used by its analytics service on the following web page: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.
Using this Site, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
A “cookie” is a piece of information stored on your computer, tablet or phone to recognise your browser and records how you have used a website. This means that when you revisit that website, it can give you tailored options based on the information it has stored about your last visit. You can normally alter the settings of your browser to prevent it from accepting cookies.
The cookies we use are explained below:
9.2. NECESSARY COOKIES:
These are cookies that are required for the operation of our website and are completely anonymous. Below are examples of when or why we will use these cookies:
To help the website to function and enhance the look and feel of the website;
To ensure you are always provided with a quick and responsive browsing experience;
Our web servers respond to your actions on the website or browsing the website. The website would not be able to work without it; and
They also help to improve navigation around our website and allow you to return to pages you have previously visited.
9.3. FUNCTIONALITY COOKIES:
These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences. Below are examples of when we will use these cookies:
As soon as you visit the website, a cookie on your device will identify you have returned to the website and record your preferences;
Remembering your choice of language or region; and
When submitting a comment to one of our blogs, the information you enter is remembered to make it easier for you to comment next time.
9.4. THIRD-PARTY COOKIES:
Payment processors, which you access or use through the site to place an order with us, may also send cookies to your browser to properly track and identify you when you use their services. These cookies would only be used to ensure secure and reliable identification. At the same time, you follow any payment or money-related procedures or services and would always be deleted upon completing an order. Please check you agree with any such payment processor’s cookies policy if you are concerned.
10. HOW TO DISABLE COOKIES
If you do not wish to receive cookies that are not strictly necessary to perform our Site's basic features, you can set your browser to reject cookies or tell you when a website tries to put a cookie on your computer.
Most web browsers will accept cookies, but if you would rather that we did not collect data in this way, you can choose to accept all or some or reject cookies in your browser’s privacy settings. Rejecting all cookies means that certain features on the Site cannot then be provided to you, and accordingly, you may not be able to take full advantage of all our Site’s features. The “Help” menu in the bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. Additionally, you can disable or delete similar data used by browser add-ons, such as Flash cookies, by changing the add-on's settings or visiting its manufacturer's website.
10.1 FURTHER INFORMATION:
For more general information on cookies and how to disable them, please go to the Information Commissioner’s webpage on cookies: https://ico.org.uk/for-the-public/online/cookies.
11. SOCIAL MEDIA
Any social media posts or comments you make (on the Online Spy Shop Facebook page, for instance) will be shared under the terms of the relevant social media platform (e.g. Facebook / Twitter) on which they are written and could be made public.
Other people, not us, control these platforms. We are not responsible for this kind of sharing. We recommend reviewing the terms and conditions and privacy policies of the associated social media platforms you use. That way, you will understand how they will use your information, what information relating to you they will place in the public domain, and how you can stop them from doing so if you are unhappy about it.
Any review, post or comment you make about us, our products and services on any social media platform, or user community services will be shared with all other members of that service and the public at large. Any comments you make on these services and social media, in general, must be not offensive, insulting or defamatory. You are responsible for ensuring that any comments you make comply with any relevant policy on the acceptable use of those services.
Should you leave a comment on any post/s published on our blog, the details that you leave with your comment will be saved to this website’s database along with your computer IP address and the time and date you submitted the comment. This information is only used to identify you as a contributor to the comment section for the respective blog post and is not passed to any third party data processors. Only your name will be shown on the public-facing website.
Your comment and its associated personal data will remain on this site until we see fit to either remove the comment or remove the blog post. Should you wish to have the comment and its associated personal data deleted, please email us at [email protected].
If you are under the age of 16, you must obtain parental consent before posting a comment on our blog. Regardless of age, you should avoid entering personally identifiable information to the actual comment field of any blog post comment/s that you submit on this website.
13. LINKS TO THIRD PARTY WEBSITES
If we have included links on this site to any other sites, it is for your personal use and references only. We are not responsible for the privacy policies on these websites. Online Spy Shop has no control of any linked website's content and is not responsible for these websites or their content or availability. You should be aware that the privacy policies of these sites may differ from our own.
14. EMAIL NEWSLETTERS
If you choose to join our email newsletter, the email address submitted to us will be forwarded to Klaviyo who provide us with email marketing services. We consider Klaviyo to be a third party data processor. The email address submitted will not be stored within this website’s own database or in any of our internal computer systems.
Your email address will remain within Klaviyo’s database for as long as we continue to use Klaviyo’s services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links in any email newsletters we send you or requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.
If you are under 16 years of age, you must obtain parental consent before joining our email newsletter. While your email address remains within Klaviyo's database, you will receive periodic newsletter-style emails from us.
15. CUSTOMER FEEDBACK
If you choose to submit feedback about your experience using the Online Spy Shop website and/or products, the comments you leave are collected by eKomi and transparently displayed for other viewers to read on our website. eKomi is an independent feedback company and provider of transaction-based reviews and ratings. eKomi is a Google worldwide partner with over 250+ employees with headquarters in Berlin, Germany, Los Angeles, California, and offices in London, Paris, Madrid, and San Francisco.
eKomi receives no PII End customer information from the database of the company via the interface. Only an anonymous order transaction ID will be transmitted. In case that eKomi is providing the service of sending the review invitation email, the necessary personal information will be transmitted and used only for this exact purpose. After the expiry of the retention period set out in section 18, this data will be deleted.
16. LIVE CHAT
Our website will use a live chat service from time to time to provide you with relevant information about our products and/or services before purchasing or providing product support when requested. When the live chat is enabled, and you visit our website, we can view information relating to your navigation; however, we cannot identify you. A random Visitor ID is assigned to you that displays geographic location, web browser, duration, web page, referrer (e.g., Google) and the number of previous visits. Should you choose to correspond with us through the live chat, any correspondence between you and ourselves is temporally stored in the live chat history and erased after 7 days on a regular rolling basis.
17. PAID ON RESULTS
We use a third-party affiliation program to promote ourselves through verified and accepted businesses that sign up with Paid on Results. When a business/company explicitly signs up through the Paid on Results affiliation program and is then accepted by ourselves, that registered business/company then places graphic banners or URL links on their own website encouraging their customers to click through to our website to browse our product range and potentially make a purchase. Successful purchases result in a 5% commission of the overall sale value of the product/s (excluding VAT) to that associated affiliation business/company.
We do not collect or store any information on our servers from any business/company that signs up with the Paid on Results affiliation program; however, we can see the Order Number of any purchaser through the Paid on Results dashboard. This allows us to cross-reference with our customer database to verify the purchase was successful and that no returns have been requested to pay the commission.
Amazon Web Services (AWS) hosts this website within its cloud infrastructure to provide a secure, resizable compute capacity in the cloud and the broadest and deepest compute platform with the fastest processors and the most powerful GPU instances in any other cloud technology.
All traffic between this website and your browser is encrypted and delivered over HTTPS.
19. HOW LONG WE KEEP YOUR INFORMATION
To make sure we meet our legal data protection and privacy obligations, we only hold on to your information for as long as we actually need it for the purposes we acquired it for in the first place. This means we will keep your information for as long as you continue to use our services and provide customer support and a reasonable period of time afterwards if you stop doing so. After that, we will delete it other than where we lawfully can keep any data for audit or legal reasons.
We immediately delete all customer emails that notify us of your order and only keep customer email correspondences relating to the support of your product for 12 months. After 12 months, all customer emails relating to any correspondance with us are permanately deleted. If a cancellation request is made within 14 days after the day of receiving the product/s and a refund is issued, at that point we immediately delete all emails of correspondence.
We shall keep data on our prospect database for not longer than 3 years from receipt subject to an individual’s right to unsubscribe or to be forgotten at any time.
20. INDIVIDUAL’S RIGHTS
The personal information we hold about you must be accurate and current. Please keep us informed if your personal information changes during your business relationship with us.
Under certain circumstances, by law, you have the right to:
a) Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and check that we are lawfully processing it.
b) Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
c) Request erasure of your personal information. This enables you to delete or remove personal information where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
d) Object to processing your personal information where we rely on a legitimate interest (or those of a third party), and there is something about your particular situation that makes you want to object to processing on this ground. You also have the right to object to where we are processing your personal information for direct marketing purposes.
e) Request the restriction of processing your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.
f) Request the transfer of your personal information to another party.
g) If you want to review, verify, correct, or request erasure of your personal information, object to the processing of your personal data or request that we transfer a copy of your personal information to another party, please contact us at [email protected]. Please note, there are some specific circumstances where these rights do not apply, and we can refuse to deal with your request.
You will not have to pay a fee to access your personal information (or exercise any of the other rights). However, we may charge a reasonable fee if your access request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to confirm your identity and ensure your right to access the information (or exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
21. ACCESS TO YOUR INFORMATION
When opening a customer account with us, you have full access to your account at any time to keep track of your purchases; furthermore, you can anonymise data, request the information we hold about you, and delete your customer account. You can also email or write to us at any time to obtain details of the personal information we may hold about you. Please email: [email protected] or write to the Data Protection Officer, OSS Technology Ltd, Landmark House, Station Road, Cheadle Hulme, SK8 7BP.
22. DATA BREACHES
We will report any personal data breach, including any breach of this website’s database or the database(s) of any of our third-party data processors to affected data subjects and the ICO within 72 hours of the breach if it is apparent that there is a risk that data subject’s rights and freedoms have been affected.
Last updated: 07th January 2022.