Privacy Policy
Date 23.05.18. Effective from 25.05.18. Address updates 01.09.2020.
Overview
How We Use Your Data
ECS Enterprises Ltd t/a Direct Fabrics
Front Office, Unit 3 West Town Road, Backwell, BS48 3NN
To be able to make a purchase or an enquiry with Direct Fabrics, we will need to obtain personal information from you in order to process your order or communicate with you. This information may be obtained through contact forms including Contact Us, quick quotes, shopping cart transactions, telephone conversations and other communications. If you decide to submit an enquiry or purchase, we may obtain information including your name, billing and delivery address, contact details and payment information. Direct Fabrics will only ever use your data to enable us to complete your order or offer the best possible purchasing experience, unless you otherwise inform us.
We may use third party service providers to help us fulfil your order and support your post-purchase journey, including follow ups and general communication surrounding your purchase.
Your data will also be used for marketing and research where you have given consent to do so. Our marketing is structured to offer relevant products to existing customers or products that may be of interest based on products purchased. We only add you to our mailing list with your permission. You can opt out at any time by emailing the team or using the unsubscribe and preference links within our emails.
To improve user experience, we may use various third-party cookies to track data. This is stored in your browser software. Certain cookies are required for the operation of the website, for example the cookies used to keep you logged into your account or to retain the contents of your basket. If you wish to disable cookies, please use the settings within your browser.
As required by the General Data Protection Regulation (GDPR), Direct Fabrics will take all reasonable steps to keep your data safe and secure. You can contact our company at [email protected] if you have any questions about this policy or the functions of our website.
Third Parties
We occasionally share your data with trusted third parties to help us fulfil your order and improve your user experience. We will never sell your data to third parties. Here are some examples of why we may share your data:
Processing payments
To securely process your payment we use fully PCI-compliant third-party providers such as Sage Pay, Stripe or PayPal.
Suppliers
In some cases, your order will be fulfilled by one of our suppliers. To do this, we may need to share your contact details to enable them to make delivery.
Email marketing
We use email marketing platforms to enable us to efficiently send marketing emails to users who have opted in to our mailing list. These platforms are expected to be GDPR compliant and any data stored there is handled securely.
Market research
Occasionally we may ask you to take part in market research surveys. When we do, we may ask you to complete the research through a third-party website. We only use reputable organisations for this purpose.
Analysis
While you browse our website, we may use cookies to track behaviour. This helps us improve our website and your user experience. Where possible, data is anonymised and collated in systems such as Google Analytics. If you prefer not to accept non-essential cookies, you can manage them in your browser settings, although this may affect some website functionality.
Feedback
We may use third-party review platforms such as Reviews.co.uk and Trustpilot to gather feedback on our products and services. To do this, we may share your name, email address and order details with them.
Customer service
Some of our on-site widgets may be provided by third parties. If you use live chat or similar customer service features, any data provided through those tools may be stored securely by the relevant provider.
Data storage
Data may also be stored through our website hosting and infrastructure providers where necessary for the operation of the site.
Your Consent
We will only ever use your data with an appropriate legal basis. By supplying us with data for the purposes of placing your order, you are giving us the information necessary to process that order and, where needed, share it with relevant third-party suppliers or service providers.
We will only email you for marketing purposes if you have opted in to our mailing list.
You have the right to request access to the data we hold on you and, where applicable, request correction, restriction, deletion or transfer of that data. Please contact us and we will assist with your request.
Changes to This Policy
We reserve the right to change this policy at any time. Where appropriate, we may notify you by email if there are significant updates to the way we handle or process your data.
Privacy Policy Details
We are pleased that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of ECS Enterprises Ltd. The use of the Internet pages of ECS Enterprises Ltd is possible without any indication of personal data. However, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.
The processing of personal data, such as the name, address, email address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with country-specific data protection regulations applicable to ECS Enterprises Ltd. By means of this data protection declaration, our enterprise would like to inform the public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this declaration, of the rights to which they are entitled.
As controller, ECS Enterprises Ltd has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, for example by telephone.
1. Definitions
The data protection declaration of ECS Enterprises Ltd is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). To ensure this policy is legible and understandable, we explain the terminology used below.
a) Personal data
Personal data means any information relating to an identified or identifiable natural person.
b) Data subject
Data subject means any identified or identifiable natural person whose personal data is processed by the controller.
c) Processing
Processing means any operation or set of operations performed on personal data, whether or not by automated means.
d) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting processing in the future.
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person.
f) Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that it can no longer be attributed to a specific data subject without the use of additional information.
g) Controller
Controller means the natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of personal data.
h) Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i) Recipient
Recipient means a natural or legal person, public authority, agency or another body to which the personal data are disclosed.
j) Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
k) Consent
Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies agreement to the processing of personal data relating to him or her.
2. Name and Address of the Controller
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member States of the European Union and other provisions related to data protection is:
ECS Enterprises Ltd trading as Direct Fabrics
11a Meadow Close
Backwell, BS48 3HA
North Somerset
Phone: 0330 111 8995
Email: [email protected]
Website: www.direct-fabrics.co.uk
3. Cookies
The Internet pages of ECS Enterprises Ltd use cookies. Cookies are text files stored in a computer system via an Internet browser.
Many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie and allows websites and servers to assign the cookie to the specific browser.
Through the use of cookies, ECS Enterprises Ltd can provide users of this website with more user-friendly services that would not be possible without the cookie setting.
The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Already set cookies may also be deleted at any time via an Internet browser or other software. If cookies are disabled, not all functions of our website may be entirely usable.
4. Collection of General Data and Information
The website of ECS Enterprises Ltd collects a series of general data and information when a data subject or automated system calls up the website. This may include browser type, operating system, referrer, sub-pages visited, date and time of access, IP address, Internet service provider, and other similar data and information that may be used in the event of attacks on our systems.
When using these general data and information, ECS Enterprises Ltd does not draw conclusions about the data subject. Rather, this information is needed to correctly deliver the content of our website, optimise website performance, ensure system security, and provide law enforcement authorities with information necessary for criminal prosecution in the event of a cyber-attack.
5. Registration on Our Website
A data subject has the possibility to register on the website of the controller with the indication of personal data. Which personal data are transmitted to the controller is determined by the respective input mask.
By registering on the website of the controller, the IP address assigned by the Internet service provider, and the date and time of the registration, may also be stored. This storage takes place in order to prevent misuse of our services and, if necessary, to make investigation of committed offences possible.
Registered persons are free to change the personal data specified during registration at any time, or to request deletion of their data where legally possible.
6. Subscription to Our Newsletters
On the website of ECS Enterprises Ltd, users may subscribe to our newsletter. The input mask used for this purpose determines what personal data are transmitted and when the newsletter is ordered.
The enterprise newsletter may only be received by a data subject if the data subject has a valid email address and registers for newsletter delivery. A confirmation email may be sent for legal reasons in the double opt-in process.
During registration for the newsletter, we may also store the IP address assigned by the Internet service provider, together with the date and time of registration, in order to understand any possible misuse.
Personal data collected as part of registration for the newsletter will only be used to send our newsletter and provide related operational communications where necessary.
We may use a third-party provider such as Metrilo.com to deliver our e-newsletter and gather analytical insights. More information can be found in the provider’s own privacy policy.
Subscription to the newsletter may be terminated by the data subject at any time using the unsubscribe link in each newsletter or by contacting us directly.
7. Newsletter Tracking
Our newsletters may contain tracking pixels to allow statistical analysis of the success of email campaigns. This allows us to see if and when an email was opened and which links were clicked, helping us improve future communications. Data subjects are entitled to revoke the relevant consent at any time.
8. Contact Possibility via the Website
If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject are automatically stored for the purpose of processing the request or contacting the data subject.
9. Comments Function in the Blog
Where blog comments are enabled, comments made by a data subject may be stored and published together with the date of the comment and the user name or pseudonym chosen by the data subject. The IP address assigned by the Internet service provider may also be logged for security purposes.
11. Routine Erasure and Blocking of Personal Data
The controller shall process and store personal data only for the period necessary to achieve the purpose of storage, or as far as granted by the European legislator or other legislators in laws or regulations. If the storage purpose no longer applies, or if a statutory retention period expires, the personal data are routinely blocked or erased in accordance with legal requirements.
12. Rights of the Data Subject
a) Right of confirmation
Each data subject shall have the right to obtain from the controller confirmation as to whether personal data concerning him or her are being processed.
b) Right of access
Each data subject shall have the right to obtain free information about their personal data stored at any time and a copy of this information.
- the purposes of the processing
- the categories of personal data concerned
- the recipients or categories of recipients to whom the personal data have been or will be disclosed
- the envisaged period for which the personal data will be stored, where possible
- the existence of rights to rectification, erasure, restriction or objection
- the existence of the right to lodge a complaint with a supervisory authority
- where the personal data are not collected from the data subject, any available information as to their source
- the existence of automated decision-making, including profiling, where relevant
c) Right to rectification
Each data subject shall have the right to obtain without undue delay the rectification of inaccurate personal data concerning him or her.
d) Right to erasure (Right to be forgotten)
Each data subject shall have the right to obtain the erasure of personal data concerning him or her without undue delay where the legal conditions for erasure are met.
e) Right of restriction of processing
Each data subject shall have the right to obtain restriction of processing where one of the legal conditions applies.
f) Right to data portability
Each data subject shall have the right to receive personal data concerning him or her in a structured, commonly used and machine-readable format, subject to the legal conditions for portability.
g) Right to object
Each data subject shall have the right to object, on grounds relating to his or her particular situation, to processing of personal data concerning him or her where such right applies.
h) Automated individual decision-making, including profiling
Each data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects him or her, subject to the conditions and exceptions permitted by law.
i) Right to withdraw data protection consent
Each data subject shall have the right to withdraw consent to processing of personal data at any time.
13. Data Protection for Applications and Application Procedures
The controller may collect and process personal data of applicants for the purpose of processing an application procedure. If no employment contract is concluded, the application documents may be erased automatically after a reasonable period, provided there are no legitimate interests preventing erasure.
14. Facebook
This website may integrate Facebook components. If a Facebook component is active on a page, Facebook may receive information about the visited page and, where relevant, associate this with the user’s Facebook account.
15. Google Analytics
This website may use Google Analytics with anonymisation functions to analyse website traffic and usage behaviour. Data subjects may prevent the use of Google Analytics through browser settings or relevant browser add-ons.
16. Google Remarketing
This website may use Google Remarketing services to display relevant advertising to users who have previously visited the site.
18. Google Ads
This website may use Google Ads, including conversion tracking, to help measure advertising effectiveness and optimise campaigns.
20. LinkedIn
This website may integrate LinkedIn components. If a LinkedIn component is active, LinkedIn may receive information about the specific sub-page visited and may associate this with the user’s LinkedIn account where relevant.
YouTube
This website may integrate YouTube videos. If a YouTube component is active, YouTube and Google may receive information about the relevant page visit and may associate this with a logged-in user where applicable.
Payment Processors
PayPal
If the data subject chooses PayPal as the payment option during the ordering process, personal data necessary for payment processing may be transmitted to PayPal.
Stripe
This website may also use Stripe to process payments for goods and services ordered from us. This is necessary to perform a contract entered into with you and for the payment provider’s legitimate interest in processing the transaction.
Other Advertising, Analytics and Client Management Tools
We may use third-party tools including:
- WhatConverts
- Google Analytics
- Google Ads
- HubSpot CRM
- Intercom Chat
- Reviews.co.uk
- Trustpilot
- YouTube
- Metrilo.com
These tools may be used for advertising, analytical purposes, customer management, research and better understanding customer behaviour in order to tailor products and services more effectively.
Legal Basis for Processing
Article 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent. If processing of personal data is necessary for the performance of a contract, the processing is based on Article 6(1)(b) GDPR. Where processing is required to comply with a legal obligation, it is based on Article 6(1)(c) GDPR. In rare cases, processing may be necessary to protect vital interests under Article 6(1)(d) GDPR. Finally, processing may also be based on Article 6(1)(f) GDPR where legitimate interests are pursued, provided those interests are not overridden by the interests or rights of the data subject.
Legitimate Interests
Where processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is to carry out our business operations effectively and responsibly.
Retention Period
The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiry of that period, the corresponding data is routinely deleted, provided it is no longer necessary for fulfilment of the contract or the initiation of a contract.
Provision of Personal Data
We clarify that provision of personal data may be partly required by law, may arise from contractual provisions, or may be necessary in order to enter into a contract. In some cases, failure to provide such personal data may mean that a contract cannot be concluded.
Contact
Direct Fabrics
Privacy enquiries: [email protected]
Telephone: 0330 111 8995