The Quick Version
To the best of our knowledge and ability, we are protecting your data both here on the website and internally. Any data you pass to us will always be collected and used for valid, explicit and legitimate purposes. We don’t actively pass your data to any third-parties besides those required for promotions, processing payments or courier services and we also don’t store data offline on any unsecured computers or networks. Only trusted internal staff act as data processors and staff only ever handle data for the purposes of delivering our service to you.
Full Cookie, Privacy, and Security Statement
Who We Are
Billington’s of Lenzie LTD is a company registered in Scotland (registration number SC432742) whose registered office is 25 Sandyford Place, Glasgow, G3 7NJ.
We respect your right to privacy and will only process personal data you provide to us in accordance with the Data Protection Act 1998, the Privacy and Electronic Communications (EC Directive) Regulations 2003, General Data Protection Regulation (GDPR) 2018, as updated from time to time, and other applicable privacy laws.
If you have any questions about how we collect, store and use personal data, or if you have any other privacy-related questions, please contact us by the following means:
- Key contact: Mark Billington – Managing Director
- Telephone: 0141 776 8090;
- E-mail: firstname.lastname@example.org or
- Postal Address: Billington’s of Lenzie, 114 Kirkintilloch Road, Lenzie, Glasgow, G66 4LQ
When contacting us, please remember to quote your name and contact details along with any Billington’s of Lenzie correspondence reference you may have, as well as your query.
What Are Cookies
Cookies may be set by the site that you are visiting (known as first-party cookies), or by other websites who serve up content on that site (third-party cookies).
What Are Cookies Used For?
A cookie can, for example: enable a service to recognise your device so you don’t have to give the same information several times during one task; for example, remembering items you have saved to your basket on a previous visit to the website, including where the browser has been closed and a new session has begun; measuring how many people are using the site, to ensure there is enough capacity for the site to operate at a reasonable speed; completion and support of the current activity being undertaken by the user, for example previously viewed pages or products; and website and system administration, for example, tracking the number of website users for marketing purposes.
What Third-Party Cookies We Use
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website, where visitors have come from and the pages they have visited.
WordPress and WooCommerce
Registered Site members need a cookie to be able to log in. This is necessary to be able to use the site as WordPress won’t work without it, but only if you are a registered user who is logged in. Visitors who leave a comment on a blog post will also have a cookie set on their computer. However, registering as a user is not necessary for use of the site and you also don’t need to leave any comments.
Additionally, to keep track of cart data, WooCommerce makes use of three cookies. These cookies contain information about the cart as a whole and helps WooCommerce know when the cart data changes. These cookies also contain a unique code for each customer so that it knows where to find the cart data in the database for each customer. No personal information is stored within these cookies.
Cookie Information Collected
What Happens If I Disable Cookies?
This depends but in general, the site may not operate properly if cookies are switched off. The process of disabling cookies is different for each browser so please refer to your browser help or documentation for how to do this.
Data We Collect Via the Site
We collect and process the following data, which is voluntarily given, about you:
- Enquiry Details
- Order Details
As you can see, we do not collect or attempt to mine any overly sensitive data about you.
Why We Collect the Data
We only collect what data we need to fulfil our service to you through the enquiries or orders you make via the site. We also collect data to send you promotional emails, but only if you have opted-in to receive these voluntarily. When you opt-in you give us explicit permission to do this. We do not add you to our promotion emails without permission even if you have placed an order or made an enquiry via the site.
How Long We Hold Data
We only keep the data for as long as its intended necessary purpose. We delete all order information older than 27 months.
If you are a registered account holder we will maintain your account data indefinitely until you tell us to delete it from the system. Should you wish to make a purchase via the site after this you will have to register for a new account.
Who Do We Share Your Data With
Your data is never passed to anyone unless for legitimate reasons. The only third-parties who we share your data with are those we need to in order to fulfil our service to you. These include our payments processor, couriers and our e-newsletter marketing platform.
We use PayPal to process payments on the site. As such, your order data and card information will be passed to them. PayPal is a worldwide company and it is possible your data will be transferred internationally. For details on how they process, manage and protect your information please refer to this link: https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev.
Your address, email address and phone number maybe be passed onto our chosen courier service to ensure a successful delivery, and assist courier with efficiency service, enabling them to inform you of pending delivery. We would generally use Royal Mail or Post to Go.
To see how both companies process, manage and protect your data please refer to these links:
We use MailChimp to manage our e-newsletter marketing. We only pass your data to MailChimp if you have explicitly and voluntarily opted-in to receive marketing and promotional messages from us. MailChimp is based in America and your data will be transferred internationally. For details on how they process, manage and protect your information please refer to this link: https://mailchimp.com/legal/privacy/.
Site Security – How We Aim to Protect Your Data
We use Internet standard encryption technology (“SSL” or “Secure Socket Layer” technology) to encode personal data that you send to us when placing an order through the website. To check that you are in a secure area of the website before sending personal data to us, please look at the relevant area of your preferred website browser and check that it displays an image of a closed padlock or an unbroken key, or equivalent to signify a secure connection.
We also take measures to ensure our hosting server (based in the UK) is secure using website software that is compatible with the software of our server. Additionally, we conduct regular virus and malware scans to ensure the server is clear of any malicious software that could compromise the security of both our server and website. We scan the site for these too.
Furthermore, we always ensure WordPress and the site plugins are kept up to date at all times to incorporate the latest vulnerability fixes.
Additionally, to help us in our site security we use the most popular WordPress firewall & security scanner: Wordfence. Wordfence includes an endpoint firewall and malware scanner that were built from the ground up to protect WordPress. Their Threat Defence Feed arms Wordfence with the newest firewall rules, malware signatures and malicious IP addresses it needs to keep a website safe. Rounded out by a suite of additional features, Wordfence is the most comprehensive WordPress security solution available. Find out more information about Wordfence here: https://wordpress.org/plugins/wordfence/.
As part of its functions, Wordfence will occasionally transfer aggregated data to our servers for analysis when detecting spam, malware or attacks. This data can not be used to de-anonymize a site visitor or member.
However, please note that whilst we take appropriate technical and organisational measures to safeguard the personal data that you provide to us, no transmission over the Internet can ever be guaranteed secure. Consequently, please note that we cannot guarantee the security of any personal data that you transfer over the Internet to us.
If you are using a computer or terminal in a public location, we recommend that you always log out and close the website browser when you complete an online session for your security.
In the Event of a Data Breach
In the event of a data breach, all affected users will be notified within 72 hours of us first becoming aware of the breach. We will inform you of the of the nature of the breach, the information breached, what measures we have taken to stop further breaches from occurring, and what you may need to do to avoid further external breaches of your data.
Our employees are subject to a duty of confidentiality.
Under the GDPR regulations, you have the following rights:
- the right to ask what personal data that we hold about you at any time
- the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you
- the right to object our processing of your information based on grounds relating to your particular situation
- the right to erasure, i.e. request deletion or removal of all personal data where there is no compelling reason for its continued processing
- the right to complain to the Information Commissioner’s Office (ICO). If you want to make a complaint about the way we have processed your personal information. The ICO is the statutory body which oversees data protection law, see ico.org.uk/concerns
If you wish to exercise any of these rights, please do so by emailing email@example.com or by writing to Billington’s of Lenzie, 114 Kirkintilloch Road, Lenzie, Glasgow, G66 4LQ.
We will respond to all requests within 1 month and earlier where possible.
We will not charge for dealing with a request unless it is manifestly unfounded or excessive.