Privacy Notice

Version 3 - 29th May 2018

Boxshop Services Ltd trading as Red Box (“The Company”) collects data from visitors throughout the website experience. This is largely to provide interactive functionality that would otherwise be impossible without collecting the minimum amount of data. Some data is also used to analyse your experience anonymously to improve the website experience.

The Company respects your privacy so we will not sell your data to third parties, allow any access to the data that isn’t necessary to honour any other contracts we have in place or store excessive amounts of data we no longer need.

The Company will comply with the General Data Protection Regulation (GDPR) (EU May 25th 2018).

Definitions

Data Subject – any living person.

Third Party – another company who The Company works with to provide services to the Data Subject.

Personally Identifiable Information – data belonging to the Data Subject that can be used to uniquely identify them.

Data Controller – any organisation that stores Personally Identifiable Information, i.e. The Company.

Data Processor – any organisation that works on (processes) Personally Identifiable Information.

How we obtain your data

The Company collects data from the Data Subject during the usage of this website. Some of that data may be Personally Identifiable Information. This may be entered into web forms or provided to the website by the browser (such as IP address).

The Company may also obtain Personally Identifiable Information about the Data Subject from a Third Party as part of a contract to work with that data.

How we use your data

The Company primarily uses data from the Data Subject either to serve a contract between The Company and the Data Subject, or to provide necessary functionality on this website.

The Company may also collect additional data to satisfy other legal requirements, such as is required for e-commerce.

Third Parties which have access to the data collected

The Company works with several Third Parties to provide the service the Data Subject receives.

In all cases there is either an explicit contract in place between The Company and the Third Party, Terms and Conditions or another legally binding relationship.

The data will likely be shared with:

Alphabet Inc (Google) – a suite of Google Tools is used by The Company.

Intergage Ltd – website host/provider.

The data may be shared with:

Xero and Sage (Accounts) – accounting software used for tracking and invoicing customers.

The company’s external accountant

The data is also rarely shared with the following:

Our staff may enter your contact number into phones for the purpose of a discussion or meeting.

Marketing

The Company does not share your data with any Third Parties for marketing purposes unless the Data Subject has explicitly opted in.

Third Party Cookies

The Company can largely operate without the use of third party cookies. However, in many cases third party cookies improve the website experience.

The Company will not add social sharing buttons to the page unless the Data Subject has explicitly opted in to social cookies.

The Company will not include any tracking systems unless the Data Subject has explicitly opted in to tracking cookies.

The Company will allow Google Analytics to operate on this website in order to provide necessary anonymous analytical data. This may result in a small amount of Personally Identifiable Information being collected but this is only used as statistics and not for identification purposes.

Data Security and Storage

The Company will store data for only as long as necessary to fulfil the purpose for which it was obtained. Some data may be held for longer if it is either held on other systems that have not been updated, in backup data that has not expired or because of another lawful basis.

The Company takes security seriously and makes use of technology where feasible to secure data and protect against breaches.

Personal data protection principles

We adhere to the principles relating to processing of Personal Data set out in the GDPR (as follows) which require Personal Data to be:

(a)          processed lawfully, fairly and in a transparent manner (Lawfulness, Fairness and Transparency)

(b)          collected only for specified, explicit and legitimate purposes (Purpose Limitation)

(c)           adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (Data Minimisation)

(d)          accurate and where necessary kept up to date (Accuracy)

(e)          not kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is processed (Storage Limitation)

(f)           processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage (Security, Integrity and Confidentiality)

(g)          not transferred to another country without appropriate safeguards being in place (Transfer Limitation)

(h)          made available to Data Subjects and Data Subjects allowed to exercise certain rights in relation to their Personal Data (Data Subject's Rights and Requests).

Data Subject's rights and requests

Data Subjects have rights when it comes to how The Company handles their Personal Data. These include rights to: -

  1. withdraw consent to processing at any time
  2. receive certain information about the Data Controller's Processing activities
  3. request access to their personal data that we hold
  4. prevent our use of their personal data for direct marketing purposes
  5. ask us to erase personal data if it is no longer necessary in relation to the purposes for which it was collected or processed or to rectify inaccurate data or to complete incomplete data
  6. restrict processing in specific circumstances
  7. challenge processing which has been justified on the basis of our legitimate interests or in the public interest
  8. object to decisions based solely on automated processing, including profiling (ADM)
  9. prevent processing that is likely to cause damage or distress to the Data Subject or anyone else
  10. be notified of a personal data breach which is likely to result in high risk to their rights and freedoms
  11. make a complaint to the supervisory authority
  12. receive or ask for their personal data to be transferred to a third party in a structured, commonly used and machine-readable format.

Updates to our Privacy Notice

This Privacy Notice will be reviewed regularly and this page will be updated with changes.

Contacting the Data Protection Officer (DPO)

If you have any concerns about how Personally Identifiable Information is used by The Company please contact the Data Protection Officer: -

Clive Webb

Red Box Fire Control (Boxshop Services Ltd t/as)

3 The Cobden Centre, Hawksworth, Southmead Industrial Park, Didcot OX11 7HL

01235 810000

Update Your Marketing Preferences

How this information is used

  • Your data will not be shared with third parties
  • You will only be contacted via the channels you have opted in to
  • Your data will only be stored for these purposes
Necessary Cookies are required for the normal function of this website. These cookies can be disabled in the browser settings.
Enabling Analytical Cookies provides information that helps us to improve the website
Tracking Cookies allow us to understand your flow and interaction through the website so we can make improve navigation
Enabling Social Cookies turns on Social Sharing buttons throughout the site
one number to remember
Powered by Intergage