In May 2018, the regulations surrounding how companies and organisations can hold your personal data changes. This policy tells you how we handle your personal data and the rights you have, when we hold it. This policy is intended to comply with the provisions of the General Data Protection Regulation EU 2016/679 (GDPR) which governs how personal data is processed within the European Economic Area (EEA).
We are always happy to explain anything which this document does not make clear to you. You will find our contact details at the end of this document.
Who we are
The Glass Hub Ltd is a glass school providing tuition services in the form of glassmaking courses and private tuition. We also hire our equipment, our facilities and provide demonstrations and tuition at external events (both public and private). Our registered business address is: The Glass Hub, Stowford Manor Farm, Wingfield, Wiltshire BA14 9LH. Our company number is 08205492.
Kim Wood is the registered Data Protection Officer for The Glass Hub Ltd.
We are the “data controller” for the purposes of GDPR. This means that we decide how your Personal Data is processed and for what purposes.
Your Personal Data – what is it?
‘Personal Data’ is data that relates to a living individual who can be identified from that data. We might be able to identify you from the data itself or by linking that data to other information we have access to. GDPR tells us how we must process your Personal Data.
How do we collect Personal Data from you?
We collect information about you from you when you:
- purchase a product or service in person, by phone, online or by post;
- sell us a product or service;
- complete forms on or from our website;
- subscribe to our mailing list;
- contact us by phone, email, post or otherwise to make an enquiry about our products or services
- when you click links from or respond to our emails
If you give us somebody else’s Personal Data, for example, when registering another person onto a course, you warrant that you have obtained the express consent from the third party for the disclosure and use of their personal data.
What type of data do we collect from you?
The type of data that we collect will vary according to the nature of our contact with you and the information you provide. Here is a list of the types of data that we collect.
- When you make a purchase or booking, we collect your name, address, email and phone number. If you do this online then also your IP address and the time of transaction.
- We may collect your financial details such as your bank name, account number and sort code if we need to make a payment to you.
- When you subscribe to our newsletter, we collect your name, email address, IP address, time of consent and any marketing preferences.
- when you interact with marketing emails, your personal data may be automatically collected by our email platform MailChimp. This information includes but is not limited to: the device you have used; the location of the device; the mode of access – such as the type software or operating system used. It does not include your name, address, phone, email payment information or any other such sensitive personal data.
- In the event you contact us in person, by phone, email or post, we retain a record of your query along with any personal information that you provide.
Why do we hold your personal data?
Data protection laws state that we are only able to process personal data if we have valid reasons to do so. We collect and use personal data for the following purposes:
- To fulfil a contract of service. A contract of service is entered into when you purchase one or more of our products or services or we purchase a product or service from you.
- For customer service purposes such as to provide information about a product or service that you have requested or purchased or to share your contact details with officials and other authorised people and companies for the purpose of delivering the service we provide.
- To manage and process payments for the organisation we run.
- For any legal statutory or accounting purposes.
- For marketing purposes, to inform you of news, events, activities or services that you have expressed an interest in.
How do we process your Personal Data?
We comply with our obligations under GDPR in the following ways:
- by keeping Personal Data up to date;
- by collecting, storing and destroying it securely;
- by not collecting or retaining unnecessary or excessive amounts of data;
- by protecting Personal Data from loss, misuse, unauthorised access and disclosure.
What is the legal basis for processing your personal data?
You have entered into a contract with us for the provision of goods or services and have agreed to our terms and conditions of service. We need to keep certain information to adequately manage your purchase or booking.
- When you have provided goods or services to us we must hold your information to adequately process our transaction and for legal and accounting purposes.
- We have legal requirements to hold customer information for accounting purposes.
- You have given us explicit consent to hold and use your personal data.
Data Retention – How long do we keep your Personal Data?
Customer Service & Legal Obligations
If you purchased a course or voucher from us; hired equipment from us or contracted us for any other service, we will keep your Personal Data for as long as you are a customer of our organisation. After you leave, we will keep your information for no longer than we reasonably need, in accordance with applicable laws. Any Personal Data that we hold following the end of our contractual obligation to provide goods or services to you, will be for legal, accountancy or insurance purposes and not for any marketing purposes.
If you signed up for our newsletter or requested in writing to be on our mailing list, we will keep your personal data indefinitely or until you unsubscribe from our mailing list or request removal of your information from our marketing list.
Data that is automatically collected when you interact with our emails may be kept indefinitely. If you unsubscribe from our mailing list, any analytical data will become anonymous.
Access and Sharing your personal data
Your Personal Data will be treated as strictly confidential and will be shared only with organisations whose services are required in order to provide the services we offer such as courier services. We also use companies such as Google and PayPal to help us process your Personal Data.
Third parties we use may operate outside the EEA. In these cases, we will make sure that robust securities exist to protect your Personal Data.
When you give your consent to our holding of your Personal data you agree to us sharing your Personal Data (including special categories of Personal Data – where we have your explicit consent) with third party processors and sub-processors located both inside and outside the EEA.
All personal data we collect from you is stored in secured locations. Where your data is stored on company devices, these devices are password secured and running the latest security software that is regularly updated. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We store data on the Google cloud platform that is certified to ISO and SOC standards. Google’s security has independent verification and regularly undergoes audits of security, privacy, and compliance controls. Information is stored on secure servers in the EEA but may be transferred to and stored in a country outside the EEA in relation to provision of services to you. However, we will ensure that reasonable steps are taken to protect your data in accordance with data protection laws.
Any sensitive data (payment details for example) are encrypted and protected. We do not have access to your card details when you pay online. These are encrypted and processed by our third-party processors Stripe and PayPal. Both platforms are fully GDPR and PCI compliant.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping the password confidential. We ask you not to share a password with anyone.
We agree to take reasonable measures to protect your data in accordance with applicable laws and in accordance with our General Terms and Conditions
In the event of a data breach, we shall ensure that our obligations under applicable data protection laws are complied with where necessary.
Your rights and your Personal Data
Unless we have an exemption under GDPR, you have the following rights with respect to your Personal Data: –
- The right to request a copy of the Personal Data which we hold about you, without any charge.
- The right to request that we correct any Personal Data found to be inaccurate or out of date.
- The right to request that your Personal Data is erased where it is no longer necessary for us to keep it.
- The right to withdraw your consent to the processing we carry out at any time.
- The right to request that we provide you with your Personal Data and, where possible, to send that data directly to another data controller.
- The right, where there is a dispute in relation to the accuracy or processing of your Personal Data, to ask us to restrict further processing.
- The right to object to the processing of Personal Data.
- The right to lodge a complaint with the Information Commissioners Office and to seek legal recourse.
If we wish to use your Personal Data for a new purpose, not covered by this Notice, then we will provide you with a new notice explaining this new use. We will do this before we start processing for the new use. We will set out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Contact Details & Complaints
If you have a problem, complaint or, if there is something you don’t understand, please contact us using the following details:
Email: firstname.lastname@example.org / Tel: +44 (0)1225 768888 / Address: The Glass Hub, Stowford Manor Farm, Wingfield, Wiltshire BA14 9LH
You can also contact the Information Commissioners Office Tel: 0303 123 1113 Email: https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
Changes to this policy
Any changes we make to our policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our policy. This Policy Document was last updated on Thu 3 December 2020 by The Glass Hub.