Barbary & Oak (we) are committed to protecting and respecting your privacy.
For the purpose of the Data Protection Act 1998, the General Data Protection Regulation, and any replacement or amending legislation of that legislation (altogether referred to as the “Legislation”),the data controller is R K Wholesale Limited, a company registered in England and Wales under company number 2784084, with its registered office at Sutton House Berry Hill Road, Fenton, Stoke On Trent, Staffordshire, ST4 2NL. We are a registered data controller with the Information Commissioner’s Office under number ZA312640.
If you have any questions or comments on the information contained in this document, please contact the Data Protection Officer using the address details given in section 7 below.
Over the course of your interaction with us via our website (barbaryandoak.co.uk) we will collect and process the following categories of data about you:
(a) Personal data you give us. This is data about you that you give us by filling in forms on the Sites. It includes:
- your name, address and telephone and email contact details;
- (when purchasing items) payment details, which vary according to your chosen payment method when purchasing with us; and
- your marketing preferences (if any).
You can access and alter the personal data that you give us in this way at any time via the links given on any emails that we may send or on the functionalities available on the website.
We do not require, and you should not send to us, special categories of (sensitive) personal data, such data being that which reveals sensitive information about you, such as your racial or ethnic origin, your political or religious beliefs, your health or other special categories of personal data. Any such sensitive personal data that we receive will be disposed of as soon as it is discovered.
(b) Personal data we collect about you. This is data that we collect automatically about your visit during your time on the Sites, or otherwise through your interaction with the Sites. This data helps us to provide you with a good experience when you browse the Sites, including more targeted advertising on the Sites, and also to indicate where the Sites might require improvement. It typically involves technical information, such as:
- IP address;
- browser preferences and settings;
- details of how you navigate to and around the Sites; and
- (if applicable) details of previous orders of products from us.
We collect this personal data using small data files called “cookies”.
(c) Personal data we receive from other sources. This is data that we receive about you from third parties, such as business partners, providers of technical services (e.g. analytics) or sub contractors.
Our business partners that may send us personal data about you include the following:
- order and payment information made via the online shop is provided by VisualSoft and PayPal;
- email marketing services are provided by PurePromoter Limited; and
- tracking and analytics services are provided by Facebook and Google.
All personal data about you that we collect or receive, whether of a personal or technical nature, may be used by us in the following ways:
Your data will most often be accessed and used by our staff, who are appropriately trained in how to handle personal data correctly and securely. Only those staff whose job require access to your data (e.g. those involved in sales and marketing or order delivery) will be granted such access, which shall be limited to that which is strictly necessary for the purposes of that role.
Occasionally, as stated above, selected third parties may also have access to some of your data in order to provide specific services to us as also identified above. These third parties will only have access to such data that is strictly necessary for the purposes of the service in question and are bound by legal and contractual data protection obligations.
Under the Legislation, we can only process personal data where there is a lawful basis for doing so. These bases are set out in the Legislation. Of relevance to us are the following:
Pursuant to one of the lawful bases set out in section 3 above, we may share your personal data with the following third parties:
In such circumstances, we will only share the minimum personal data necessary to achieve the purpose and only on terms that ensure the security and confidentiality of that data, and which comply with the Legislation generally.
Save for as set out above, we will not disclose any of your personal data to third parties without your consent, except that we may:
All third parties to whom we may disclose personal data are legally and contractually obliged to comply with the Legislation, to keep that personal data confidential and only to use such it as we may direct.
No disclosure or transfer of your personal data will be to persons or entities outside of the European Economic Area (EEA),or to countries that are not recognised by the European Commission (or similar body) as providing as adequate a level of protection of personal data in line with the Legislation as those countries within the EEA, without your prior consent.
We take appropriate technical and organisational measures in accordance with standard practice within the industry to protect your personal data, including (without limitation):
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet can never be completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Site at all times, and any transmission is at your own risk. Once we have received your data, we will use strict procedures and security features to try to prevent unauthorised access.
Should we suffer a data breach (i.e. unauthorised access to, or loss or corruption of, personal data),and that data breach is likely to result in a high risk of harm to your rights and freedoms, we will inform you and/or the Information Commissioner’s Office without delay, and in any event within 72 hours of becoming aware of it.
You have the following rights under the Legislation in respect of your personal data - please contact us or see the website of the Information Commissioner’s Office (https://ico.org.uk) for more information on any of these rights and how they apply to your personal data:
Should you wish to exercise any of these rights, you may do so at any time by writing to us at the address given in section 7 below. We will endeavour to respond to you as quickly as possible, and in any event within one month.
If you feel that your rights have been breached in any way, you should contact the Data Protection Officer at the address given below, or lodge an official complaint with the Information Commissioner’s Office.
The Sites may contain links to and from the websites of third parties, which may or may not be affiliated with us. If you follow a link to any of these websites, please note that these websites will have their own privacy policies and that we do not accept any responsibility or liability for personal data collected and processed by these third parties. You should check the privacy policies of these websites before you submit any personal data via them.