Security & Privacy

Introduction

The Website www.goshopdirect.co.uk is operated by Lancaster Holdings Ltd (we”, “us” or “our”) and we are a “data controller” for the purposes of the Data Protection Act 1998, the Data Protection Act 2018 and the EU General Data Protection Regulation 2016/679. This means that we are responsible for, and control the processing of, your personal information.

This privacy policy relates to your use of our website. A separate privacy policy applies in relation to the processing of personal data other than through or in addition to through our website.

We take your privacy very seriously and we ask that you read this Policy carefully as it contains important information on:

Information which we may collect

We collect personal information about you when you register with us online, contact us or when you submit a response to an online questionnaire on our website.

  1. full name
  2. postal address
  3. email address
  4. telephone number;
  5. mobile number;
  6. date of birth; and
  7. residence status

Please note that we do not collect any information in relation to your payment information, such as credit/debit card details.

We may also collect personal information about you from other sources (such as credit reference agencies), which we will add to the information we already hold about you in order to help us improve our products and services, and help us access the initial credit limit to be applied to your account and as part of our annual review of your credit status.

We operate CCTV at our sites; your image could be recorded by our security cameras. All footage is regularly deleted unless it is being used to investigate an alleged crime or incident. In cases of this nature it may be retained for up to 2 years following the end of the investigation. In serious cases the footage may be supplied by the UK Authorities at their request.

How we use your information

We will collect your personal information for the following purposes:

  1. to identify you and manage any accounts you hold with us;
  2. to process your order and obtain payment;
  3. to conduct research, statistical analysis and behavioural analysis;
  4. if you agree, let you know about other products or services that may be of interest to you—see ‘Marketing’ section below;
  5. to detect and prevent fraud;
  6. customise our website and its content to your particular preferences;
  7. notify you of any changes to our website or to our products services that may affect you;
  8. carry out security vetting;
  9. improve our product and services; and
  10. to give to companies and organisations whose products you purchase through the website.

Marketing

We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.

From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, SMS or other electronic messaging services, phone, fax or mail. We may use the information to customise the website according to your interests.

We will only send you marketing information when you tick the relevant boxes when you provide us with your personal information online. You can opt out at any time by sending an email to [email protected] or via the unsubscribe link at the bottom of emails we send to you. Please see ‘The right to ask us to stop contacting you with direct marketing’ below for further information.

How long we will keep your personal information

We shall retain your information whilst you remain a customer, should you not trade and there is no good business reason to retain your information we will delete your information one year after the month of the final sale or on receipt of your request to be deleted whichever is the sooner, unless we are required by law to retain your personal information for a longer period.

Our approach to information security

To protect your information, we have policies and procedures in place to make sure that only authorised personnel can access the information, that information is handled and stored in a secure and sensible manner and all systems that can access the information have the necessary security measures in place. To accomplish this, all employees, contractors and subcontractors have roles and responsibilities defined in those policies and procedures.

To make sure all employees, contractors and sub¬contractors understand these responsibilities they are provided with the necessary training and resources they need.

In addition to these operational measures, we also use a range of technologies and security systems to reinforce the policies.

To make sure that these measures are suitable, vulnerability tests are run regularly. Audits to identify areas of weakness and non-compliance are routinely scheduled. Additionally, all areas of the organisation are constantly monitored and measured to identify problems and issues before they arise.

Your rights

In order to process any of the requests listed below, we may need to verify your identity for your security. In such cases your response will be necessary for you to exercise this right.

The right to access information we hold about you

At any point you can contact us to request the information we hold about you as well as why we have that information, who has access to the information and where we got the information. Once we have received your request we will respond within 30 days.

In order to process your request we may need to verify your identity for your security. In such cases your response will be necessary to exercise this right.

The right to correct and update the information we hold about you

If the data we hold about you is out of date, incomplete or incorrect, you can inform us and we will ensure that it is updated. In order to process your request we may need to verify your identity for your security. In such cases your response will be necessary to exercise this right.

The right to have your information erased

If you feel that we should no longer be using your data or that we are illegally using your data, you can request that we erase the data we hold. When we receive your request, we will confirm whether the data has been deleted or tell you the reason why it cannot be deleted.

In order to process your request we may need to verify your identity for your security. In such cases your response will be necessary to exercise this right.

The right to object to processing of your data

You have the right to request that we stop processing your data. Upon receiving the request, we will contact you to tell you if we are able to comply or if we have legitimate grounds to continue. If data is no longer processed, we may continue to hold your data to comply with your other rights.

In order to process your request we may need to verify your identity for your security. In such cases your response will be necessary to exercise this right.

The right to ask us to stop contacting you with direct marketing

You have the right to request that we stop contacting you with direct marketing. You can click the unsubscribe button at the bottom of any of our marketing emails or you can email us [email protected]

The right to data portability

You have the right to request that we transfer your data to another controller. Once we have received your request, we will comply where it is feasible to do so.

In order to process your request we may need to verify your identity for your security. In such cases your response will be necessary to exercise this right.

Consent

In those cases where we need your consent to hold your information, we will ask you to check a box on any form requiring consent. By checking these boxes you are stating that you have been informed as to why we are collecting the information, how it will be used, for how long it will be kept, who else will have access to it and what your rights are as a data subject.

Sharing your information

Where necessary to fulfil our obligations to you, we may pass your details to third parties where this is necessary for the functioning of our business. These third parties include:

  1. Google

    We work with third party company Google to automatically collect information including: IP address; MAC (Media Access Control) address; unique identifier or other persistent or non-persistent device identifier; device software platform and firmware, mobile phone carrier and geo location data to help us understand your use of our app such as how often you return, what parts of the app you visit, how you use the app and how long you spend on the app. This third party provider is prohibited from using our data for any other purposes. Go to http://www.google.com/analytics/terms/us.html to read Google Analytics Privacy Policy. We use the data we collect about your use of our website to analyse trends across the data set of all customers worldwide, and to enable us to offer a better service to you.

Cookies and Tracking

In order to process any of the requests listed below, we may need to verify your identity for your security. In such cases your response will be necessary for you to exercise this right.

Use of cookies

A cookie is a small text file which is placed onto your computer (or other electronic device) when you access our website. We use cookies on this website to:

  1. recognise you whenever you visit this website (this speeds up your access to the website as you do not have to log in each time);
  2. obtain information about your preferences, online movements and use of the internet;
  3. carry out research and statistical analysis to help improve our content, products and services and to help us better understand our customer requirements and interests;
  4. target our marketing and advertising campaigns more effectively by providing interest-based advertisements that are personalised to your interests; and
  5. make your online experience more efficient and enjoyable.

In most cases we will need your consent in order to use cookies on this website. The exception is where the cookie is essential in order for us to provide you with a product or service you have requested.

Consent

If you visit our website when your browser is set to accept cookies, we will interpret this as an indication that you consent to our use of cookies and other similar technologies as described in this website cookie policy. If you change your mind in the future about letting us use cookies, you can modify the settings of your browser to reject cookies or disable cookies completely.

Description of cookies

The table below provides some information on the cookies which we use on our website

Cookie Name What it does Why is it used How long it lasts
_pack-a-pak_session Unique session key to identify you So we can make sure your visit on the site is not hijacked. Until the browser session closes
_gid Site analytics Used to distinguish users 24 hours
_ga Site analytics To visualize how the site is being used. Until the browser sessions closes
_gat Google Tag Manager Used to throttle request rate 1 minute
_cfduid Identifies a user to Cloudfare, our security provider. If Cloudfare challanges a user It stores the acknowledgement of that challenge in this. Persistent

How to turn off cookies

If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this website. For further information about cookies and how to disable them please go to the Information Commissioner’s webpage on cookies: https://ico.org.uk/for-the-public/online/cookies/.

Enquiries

When contacted with an enquiry, we will hold the entity name and contact details only for the purposes of handling the enquiry.

The online forms are subject to the same cookies and tracking as the rest of the website (see the above section “Cookies and Tracking” for more information).

Contact details

If you have any queries about this Policy, need further information or wish to lodge a complaint you can use the details below to contact [email protected]

Changes to this Privacy Policy

We may change this Policy from time to time. You should check this policy occasionally to ensure that you are aware of the most recent version that will apply each time you access the website.