What information do we collect about you?
As part of the buying and selling process, we collect the personal information that you give to us when you register online, purchase something from any of our webstores, purchase over the telephone or enter our competitions and surveys. This includes;
- Your full name and personal details including home address, email address, telephone and mobile numbers
- We may send your details to, and also use information from credit reference agencies and fraud prevention agencies to prevent fraud and to verify your identity.
- Business details including company name, shipping and billing address, telephone and mobile numbers and email address
- When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
We use this information to manage your account, support and process your order, authentication, processing of payments and marketing (unless you have opted out).
How long do we keep it for?
The periods for which we keep your information depends on the purpose for which your information was collected and used. We will not keep your personal information for longer than is necessary for our business purposes or for legal requirements.
In all cases, our need to use your personal information will be reassessed on a regular basis, and information which is no longer required for any purposes will be disposed of.
Who do we share it with?
We share your information will the following business partners. They will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
- Our IT service providers when it is necessary for them to support our internal IT issues.
- Our CRM Business Software provider – to enable us to process your orders and manage your account
- Couriers to help deliver our products to you.
- E-commerce platform providers which allow you to place orders and make payments online
- Anyone else where you have given consent for or as required by Regulators and the law
Whilst we will take all reasonable steps to protect and secure your personal data, we cannot guarantee the confidentiality of any messages transmitted between you and us via email as these are potentially accessible by others. We will not be liable to you or anyone else for any loss relating to any email message sent by you to us or by us to you.
We know how much trust you place in us when you share your personal data. Because of that we place great importance on the security of your personal information and will always take appropriate precautions to protect it.
This website and the "checkout" pages on our webstores use industry standard software protection for secure financial transactions. Your personal information such as your credit card number, name, and address, is securely encrypted so that it cannot be read as the information travels over the Internet. We never hold your credit card details on our website or in our own records.
Even with all these precautions, no data transmission over the internet can be guaranteed to be 100% secure. So, whilst we strive to protect your personal information, we cannot guarantee the security of any information which you disclose to us online and you must understand that you do so at your own risk.
We take care to protect your personal information. We take steps to ensure that access to personal information is restricted to employees who need it and that all employees who handle personal information are fully trained and kept up-to-date on our data management, security and privacy practices. Our employees are notified and reminded about the importance we place on privacy, and what they can do to ensure your information is protected
How do we protect your Information across borders?
The internet works as a global environment. This means that using it to collect and process personal data often involves the international transmission of data including outside of the European Economic Area (EEA)
Our third-party service providers, such as payment gateways and other payment transaction processors, are located in or have facilities that are located in a different country or territory to the UK. If you elect to proceed with a transaction that involves the services of one of our third-party service providers, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
Your personal data is protected under applicable laws such as the European Commission Data Adequacy or they are certified with the international Privacy Shield Framework.
Your Rights under applicable Data Protection Law
You retain all rights to your Personal Information and can request access to it at any time (please note that these rights don’t apply in all circumstances and that the date portability is only relevant from May 2018)
- The right to be informed about the processing of your personal data
- The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed
- The right to object to the processing of your personal data if there are compelling legitimate grounds. You may also object to your use of personal data for marketing purposes using the process set out in the section headed “Marketing”
- The right to restrict processing of your personal data
- The right to have your personal data erased (the “right to be forgotten”)
- The right to request access to your personal data and information about how we process it
- The right to move, copy or transfer your personal data (“data portability”), and,
- Rights in relation to automated decision making including profiling - In the unlikely circumstances that we process information about you on a purely automated basis that has a significant impact on you, we shall give you the opportunity to discuss the output of such processing before making those decisions (save to the extent otherwise permitted under applicable law).
Subject Access Request
If you would like a copy of some or all of your personal information, please email or write to us at the following address;
Whitby & Co (UK) Ltd
Data Protection Enquiries
Canal Head North
On receipt of a Subject Access Request, we may require additional documentation or information from you to verify that the Personal Information you are requesting does relate to you. Once we have verified your identity, we will provide you with the information we hold about you within 30 calendar days.
A cookie is a small amount of data, which may include a unique identifier. Cookies are sent to your browser from a website and stored on your device, enabling companies to recognise your device across websites. Among other things, these store your preferences and settings; enable you to sign-in; provide interest-based advertising; combat fraud; and analyse how our websites and online services are performing.
For further information visit www.allaboutcookies.org
Personal Data Breach
In the case of a personal data breach (including electronic media, paper records and inappropriate access to information), where personal data is lost, compromised, misdirected or stolen, we will contact you without undue delay to explain what went wrong and what actions have been taken to fix it.
Provided you have given us consent, we would like to send you information about products and services which may be of interest to you.
In addition to this site Whitby & Company (UK) Limited operates the following websites in the UK:-
The brands listed above within Whitby & Company (UK) Limited may send you marketing messages by email, SMS, social media and post; about us and our products; where you have not unsubscribed and where you have purchased similar products and/or services from that brand or entity, or where you have otherwise signed up, or consented, to receive marketing messages from a brand or entity.
If after you have “opted – in”, you change your mind, want to change your preferences or want to unsubscribe at any time, please contact us by email or by writing to us at;
Whitby & Co (UK) Ltd
Canal Head North
In the case of social media messages, you can manage these via the social media platform.
We do not and will never share, disclose, sell, rent or otherwise provide personal Information to other companies for the marketing of their own products or services.
GDPR is effective from 25th May 2018.
Got a Question?
If you have a question please contact us by;
- Or write to us at:
Whitby & Co (UK) Ltd,
Data Protection Enquiries,
Canal Head North,
Got a Complaint?
You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law. Further information is available at www.ico.org.uk