Paxton & Whitfield “we” are committed to protecting and respecting your privacy. This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data and keep it safe.
We hope the following sections will answer any questions you have but if not, please do get in touch with us.
It’s likely that we’ll need to update this Privacy Notice from time to time so please come back and check it whenever you wish. By visiting www.paxtonandwhitfield.co.uk you are accepting and consenting to the practices described in this policy.
Paxton & Whitfield Ltd is the data controller.
Purpose of processing and legal basis
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
In specific situations, we can collect and process your data with your consent.
In certain circumstances, we need your personal data to comply with our contractual obligations.
If the law requires us to, we may need to collect and process your data.
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
When do we collect your personal data?
- When you visit our website
- When you pre-order some products or services in store or by phone (for example, Cheese Wedding Cakes, Advance Orders, Mail Orders)
- When you engage with us on social media
- When you contact us by any means with queries, thanks or complaints
- When you ask one of our team to email you information about a product or service
- When you enter a prize draw or competitions
- When you book to attend an event, tasting or training event
- When you fill in any form, for example, Cheese Society membership
What sort of personal data do we collect?
- If you have a web account with us: your name, title, billing/delivery address, orders and receipts, email and telephone number. We use Stripe and PayPal as our secure payment providers. Your credit card information is entered directly on their secure server and we do not record or hold these details
- If you place an order by phone or in store: your name, title, billing/delivery address, orders and receipts, email and telephone number. We store your credit card details securely until they are processed and then shred them.
- Details of your interactions with us by telephone or email.
- Copies of documents you provide to prove your age or identity where the law requires this.
- Details of your visits to our website and which site you came from to ours.
- To deliver the best possible web experience, we collect technical information about your internet connection and browser as well as the country and telephone code where your computer is located, the web pages viewed during your visit, and any search terms you entered.
- Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
This is a list of the main cookies set by the Paxton and Whitfield website, and what each is used for:
How and why do we use your personal data?
We want to give you the best possible customer experience. The data privacy law allows us to use your personal data as part of our legitimate interest in providing the highest levels of service.
If you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below.
Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for. The information that we collect and when we collect it is outlined above.
Sometimes, we’ll need to share your details with a third party who is providing a service (such as delivery couriers). We do so to complete our transaction with you. Without sharing your personal data, we’d be unable to fulfil your request.
We will use your personal data, to keep you informed by email (with your opt-in consent) and by post (based on 'legitimate interest'), about information on the cheese world and also relevant products and services including promotions, events and competitions. Of course, you are free to opt out of hearing from us at any time.
How we protect your personal data
We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
We secure access to all transactional areas of our website using ‘https’ technology.
Access to your personal data is password-protected, and sensitive data such as payment card information is either processed by a specialist third party SagePay who have the highest level of security compliance (PCI DSS Level 1) or physically locked away until it is needed.
We are compliant with Cyber Essentials a Government-backed, industry supported scheme to help organisations protect themselves against online threats.
How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Who do we share your personal data with?
We sometimes share your personal data with trusted third parties. We provide only the information they need to perform their specific services, for example couriers or IT companies who support our website and other business systems.
What are your rights over your personal data?
You have the right to request:
- Access to the personal data we hold about you, free of charge
- The correction of your personal data when incorrect, out of date or incomplete
- That we stop using your personal data for direct marketing
- Erasure of personal data that we hold on you
You can contact us to request to exercise these rights at any time:
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity. We must always comply with your request.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.