We only collect, keep, use or share your information for genuine business purposes, when you've approved us to do so, or when we're obliged to legally. There are a few reasons why we use your personal details:
For us to process your personal data, we must have a legal basis for the processing. The data protection legislation sets out what these bases are. We have described below the different bases that we rely on and provided examples of the processing.
There are some contractual reasons why we have to process your personal data. When you buy a product on our website, it creates a contract between us. We need to process the personal data that you provide in order to fulfil our part of the contract. If you do not provide your details we won't be able to complete your order.
Sometimes we are required to process the personal data that we hold about you for legal reasons - for example, if there is a product recall.
We also rely on being able to process your personal data on the basis that it is in our legitimate interests. When we do this we will always consider your interests and balance any positive or negative impact relating to such processing and your legal rights relating to data protection.
If you do not want us to process any of the personal data we have listed as being processed for legitimate purposes, you have the right to object. For more information see the section below relating to your rights. Please note that if you object we may still continue to process your personal data in certain circumstances. Please also remember that if we can't process your personal data for these purposes your customer experience may not be as enjoyable.
Our legitimate interests include:
In some cases, we will ask whether you would like us to process your personal data. For example, if you would like us to notify you when an out of stock item becomes available or if you enter into a competition. If you provide us with consent, you may withdraw it at any time by contacting us.
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at firstname.lastname@example.org or mailing us at: CareCo Unit C, Hubert Road, Brentwood, Essex, CM14 4JE, United Kingdom. Alternatively, you can log in to the careco.co.uk website and change your consent to opt into marketing in the account section.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So, if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored in multiple layers for added security. We use 256 bit database encryption, AES-256 encryption and 2048 bit public/private keys to secure your data. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
We may share your details with other carefully selected retail companies and charities who we feel may be of interest to you. We also work with Epsilon Abacus (registered as Epsilon International UK Ltd), a company that manages the Abacus Alliance on behalf of UK retailers. The participating retailers are active in the following product categories: clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors. They share information on what their customers buy. Epsilon Abacus analyses this pooled information to help retailers understand consumers' wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy.
Please note that Epsilon Abacus may transfer data outside the EEA. The transfer will take place in the presence of appropriate safeguards, including standard data protection clauses adopted by the EU Commission. If you would like more information, please call us on 01277 237020, write to us at our address below or email us at email@example.com.
If you do not wish us to share this information please tick the appropriate box when ordering or to update this preference at any time call us on 01277 237020, write to us at the address below or go to www.careco.co.uk, login to your account and follow the steps to amend your preferences.
If you would like to stop all unsolicited postal communications, we suggest that you register with the Mailing Preference Service (MPS). MPS is a free service set up in 1983 and funded by the direct mail industry to enable consumers to have their names and home addresses in the UK removed from lists used by the industry. It is actively supported by the Royal Mail and all directly involved trade associations and fully supported by The Information Commissioners Office (ICO). For more information or if you wish to register with the MPS please visit their website www.mpsonline.org.uk.
We work with the following data processors in order to carry out our direct marketing activities.
Epsilon Abacus (registered as Epsilon International UK Ltd): They process name, address, mailing preferences and purchase history for the purpose of sharing in the Abacus Alliance. For more information on how Epsilon Abacus use the data see above.
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at firstname.lastname@example.org or by mail at CareCo.
[Re: Privacy Compliance Officer]
Hubert Road, Brentwood, Essex, CM14 4JE, United Kingdom