0 x item(s)
2. Who we are
For the purpose of the Data Protection Act 1998 the data controller is Ceci Paolo Limited, a company registered in England and Wales, whose registered office is at 21 High Street, Ledbury, Herefordshire HR8 1DS. Company registration number is 04160704.
3. When and how do we collect your personal data?
We have held a customer database on our Cybertill system since 2006. The only customers on this database are those who have registered on our website www.cecipaolo.com or who actively submitted their contact details to us because they wanted to join our loyalty scheme and/or expressed a desire to be informed regularly about our activities.
Generally, we collect your information when you decide to interact with us. We collect information in a number of ways which are listed below:
4. What types of information we collect
Information provided directly by you
We only collect the information that’s necessary to carry out our business, to process your orders, to provide the particular service you’ve requested, to keep you up to date about our news and to provide you with the best possible service. The type of information we collect about you includes:
*When visiting our website we may collect an automatically populated IP address. An IP address is a unique number which allows a computer, group of computers or other internet connected device (such as your mobile or tablet) to browse the internet. We may also record the time and date of your visit, the pages that were requested, the referring website (if provided) and your internet browser version.
Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or Twitter, you may give us permission to access information from those accounts or services.
Information available publicly
We may include information found in places such as Companies House and information that has been published in, for example articles, newspapers, online.
5. Why we use your personal data
In order for our use of your personal information to comply with applicable data protection law, that use by us needs to fall under at least one of the specific lawful reasons that are set out in applicable data protection law. These lawful reasons include:
Contractual obligations. In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you order an item from us for home delivery, we’ll collect your address details to deliver your purchase, and pass them to our courier.
Legal compliance. If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity affecting us to law enforcement.
Legitimate interest. In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our retail business and which does not materially impact your rights, freedom or interests. We want to give you the best possible customer experience. One way to achieve that is to get the richest picture we can of who you are through the personal data we hold. We can then use this to offer you promotions, products and services that are most likely to interest you. In the case of loyalty scheme members, we’ll also offer you relevant rewards.
6. How we’ll use your personal data in accordance with the lawful bases above.
7. How we protect your personal data
We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
Your personal data is located in the Customer Database incorporated in the Ceci Paolo Retail Store EPoS system supplied by Cybertill. Access to your personal data on this system is password-protected. Cybertill’s hosting partner is Amazon Web Services, the world’s largest hosting company. All data is held in the strongest and safest possible environments and held in multiple high availability data centres – all within the EU.
Customers signing up for an account in store provide their details to a member of staff who inputs the information onto the Cybertill system. At the time of signing up to our customer data base you will have the opportunity to answer yes or no to accepting marketing emails, accepting third party emails and accepting post mailshots. Credit card payments made in store are processed on secure PDQ machines with encrypted receipts. Information is stored remotely by WorldPay and American Express.
8. How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.***
*** This facility will be added to Cybertill by the end of June 2018
Some examples of customer data retention periods are:
When you place an order, we’ll keep the personal data you give us for seven years so we can comply with our legal and contractual obligations. In the case of certain products, such as electrical items, we’ll keep the data for 10 years.
If you’ve not used your account for more than five years, we’ll close the account and delete or anonymise the personal data associated with it.
If your order included a warranty, the associated personal data will be kept until the end of the warranty.
Generally CCTV remains on our surveillence equipment for a maximum of 45 days after which it is overwritten. In the event that an incident has occurred during this period, images may be copied and provided to third parties such as the constabulary who may retain them in accordance with their own time policies.
9. Who do we share your personal data with?
We have a firm policy that we will not release your Personal Information to any company outside of Ceci Paolo Limited for mailing or marketing purposes. However, we sometimes have to share your personal data with trusted third parties. For example, IT companies who support our website and other business systems, delivery couriers, for fraud management and to handle complaints. We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. In all such circumstances we provide only the information they need to perform their specific services.
10. What are your rights over your personal data?
An overview of your different rights
You have the right to request:
If we choose not to action your request we will explain to you the reasons for our refusal.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
11. How can you stop the use of your personal data for direct marketing?
There are several ways you can stop direct marketing communications from us:
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
12. Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113.
Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can't be responsible for the content of external websites).
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.
13. Any questions?
If you have any questions that haven’t been covered, please contact us through the Website or
Ceci Paolo Limited
21 High Street
Herefordshire HR8 1DJ