Last updated: 24th May 2018
Torch Direct Limited are committed to protecting and respecting your privacy. We will process your personal data in accordance with the law. For the purposes of data protection legislation, we are the data controller and we will process your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 and national laws which relate to the processing of personal data.
This policy explains what personal data we collect from you, or that you provide to us and how it will be processed by us. Please read the following information carefully regarding your personal data and how we will treat it.
For the purpose of the data protection legislation, the data controller is:
Torch Direct Limited
Registered in England and Wales with company number 8737876. ICO registration reference: ZA118736.
Information we may collect from you
You may give us information about you by filling in forms on our website or by corresponding with us by telephone, email or otherwise. This includes information you provide when you place an order on our website or enter a competition or promotion. The information you give us may include your name, address, telephone number, email address and payment details.
With regard to each of your visits to our website we may automatically collect the following information, internet protocol (IP) address used to connect your computer to the internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page and any phone number used to call our customer service telephone number.
We work closely with third parties (including, for example, sub-contractors in technical, payment and delivery services, analytics providers and search information providers) and may receive information about you from them.
Your data will not be transferred outside the European Economic Area (EEA) unless that country or territory also ensures your personal data is protected under applicable laws such as the European Commission Data Adequacy or they are certified with the international Privacy Shield Framework and the third party provider is compliant with the General Data Protection Regulation (EU) 2016/679.
We use Google Analytics on our website to understand how you engage and interact with it. For information on how Google Analytics collects and processes data using cookies, please visit www.google.com/policies/privacy/partners/. You can opt out of Google Analytics tracking by visiting: tools.google.com/dlpage/gaoptout
Uses made of the information
Information you give to us
Information we collect about you
Disclosure of your information
We may share your personal information with suppliers and sub-contractors for the performance of any contract we enter into with you and analytics and search engine providers that assist us in the improvement and optimisation of our website.
Where we store your personal data
All information you provide to us is stored on secure third party provider servers using SSL encryption for transmission of data. In the case of payment information the servers are those of our secure payment providers, we use Stripe, SagePay and Paypal which all meet PCI DSS v3.2 Level 1 compliance and also use SSL encryption for transmission of data.
Where you have chosen a password to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
You have the right to ask us not to process your personal data for marketing purposes. Our marketing emails are opt-in only, so you will never receive these types of emails without your consent via a double opt-in proceedure. You can also opt-out again at any time. You can also exercise the right at any time by contacting us by email to firstname.lastname@example.org.
How long we retain your personal information
Your personal data is retained for as long as is necessary in order to provide the services agreed with you. Other types of data, for example, order data, may be retained for differing periods of time, including following the termination of our services. Legal and Statutory requirements determine how long we are required to retain certain types of data. Broadly, these include:
In the absence of any legal requirements, personal data will only be retained as long as is necessary to provide you with the agreed services. Data will be erased if you withdraw consent to the data being processed or held and request it be erased, except where any data may be required to be held for Statutory, Historical or Statistical purposes.
From time to time during the retention period, the need to retain identified data will be reviewed. In particular, the type of data and its purpose for processing will be re-considered and whether there remain lawful grounds for its continued processing. Out of date information will be archived.
Following the expiration of the applicable retention period, personal data may not necessarily be completely erased, if it is considered sufficient to anonymise the data. This may, for example, be achieved by means of:
Erasure of any unique identifier which enables the allocation of particular data to an individual person
If no fixed retention period has been determined, because of the limited amount of personal data retained, we will provide the criteria used to determine the rationale for retention of any particular data, upon request.
Access to information
You have the right to access information held about you. Your right of access can be exercised in accordance with the GDPR act. Any access request may be subject to a small fee to meet our costs in providing you with details of the information we hold about you. If lawful to do so, we will delete information or correct any inaccuracies for no charge as soon as you make the request.