Privacy policy
Last updated: (31 December 2019)
This privacy policy sets out how Drift-In ("we", "our", "us"), trading as Drift-In, uses and protects the personal information you give us when you use this website. It also covers personal information provided to us through offline business dealings,
We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, and then you can be assured that it will only be used in accordance with this privacy statement.
We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
Information Collection And Use
Drift-In conducts business with a range of different 'customer types' listed below.
As a minimum, we will collect an individual's name, telephone number, e-mail address and home address for each customer type listed because there is a legitimate interest in holding this information in each instance, which we go on to explain below.
Log Data
We will only retain personal data for as long as is necessary. How long is necessary can depend on a variety of factors.
In order to successfully and informatively respond to any potential court or insurance claim arising from dealings with any of customer types, as a commercial interest we will retain data for at least six years from the end of our business relationship as this is the maximum period of time an individual or company can submit a monetary court claim. We may choose to hold the information for longer should we see fit, however.
In any case, Money Laundering Regulations 2017 state that we must retain the records of Purchasers, Vendors, Purchasers' Solicitors and Vendors' Solicitors for a period of five years.
Additionally, the Limitation Act 1980 states adults have 3 years from the date of an incident (children have 3 years from their 18th birthday) in order to bring a personal injury claim to light, so data is retained for this period of time partly due to this legal ruling.
Cookies
Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer's hard drive.
Like many sites, we use "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.
We use Google Analytics cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we hold. This includes secured web databases and electronic software, as well as locked files where paper-based documents may be held.
We may transfer data that we collect from you to locations outside of the European Economic Area for processing and storing. Also, it may be processed by staff operating outside the European Economic Area who works for us or for one of our suppliers. For example, such staff maybe engaged in the processing and concluding of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all reasonable steps to make sure that your data is treated securely and in agreement with this Privacy Policy.
Data that is provided to us is stored on our secure servers
Our servers that allow data capture use encrypted URLs with valid SSL certificates, meaning the data you share with us electronically is as safe as reasonably possible at the time of drafting this policy. Where we have given you (or where you have chosen) a password so that you can access certain parts of our site, you are responsible for keeping this password confidential.
Links to other websites
Our website may contain links to other websites. However, once you have used these links to leave our site, you should note that this privacy policy does not extend to any other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Individual rights
General Data Protection Regulations (GDPR) gives individuals the following rights;
- • The right to be informed
- • The right of access
- • The right to rectification
- • The right to erasure
- • The right to restrict processing
- • The right to data portability
- • The right to object
- • Rights in relation to automated decision making and profiling
You will find more information on your rights on the Information Commissioner's Office (ICO) website.
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to us or emailing our Data Protection Officer at info@drift-in.co.uk.
Under the Data Protection Act 1988 and General Data Protection Regulations you may request details of personal information which we hold about you by making a subject access request to our Data Protection Officer at info@drift-in.co.uk or by writing to us at Drift-In , 104 Salisbury Road, Cathays, Cardiff, CF24 4AE.
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
You may request that any information we hold about you is deleted and we will do so unless there is a legal basis for us to retain that information.