0 x item(s)

Choose a category...

PRIVACY POLICY

1. Introduction

Ceci Paolo Limited is committed to protecting your personal information.  Our Privacy Policy gives you detailed information about when, how, what and why we collect your personal information, how we use it and how we keep it secure. This Policy also sets out your right to request that we delete, update, transfer or provide you with access to your personal information. This Policy should be read alongside our Terms & Conditions

2. Who we are

For the purpose of the Data Protection Act 1998 the data controller is Ceci Paolo Limited, a company registered in England and Wales, whose registered office is at 21 High Street, Ledbury, Herefordshire HR8 1DS. Company registration number is 04160704. 

3. When and how do we collect your personal data?

We have held a customer database on our Cybertill system since 2006. The only customers on this database are those who have registered on our website www.cecipaolo.com or who actively submitted their contact details to us because they wanted to join our loyalty scheme and/or expressed a desire to be informed regularly about our activities.  

Generally, we collect your information when you decide to interact with us. We collect information in a number of ways which are listed below:

  • •  When you register and create an account with us on cecipaolo.com (the "Website")
  • •  When you visit the Website, and use your account to buy product.
  • •  When you make an online purchase and check out as a guest (in which case we just collect transaction-based data). 
  • •  When you purchase a product in store or by phone but don’t have (or don’t use) an account. 
  • •  When you contact Ceci Paolo by telephone or email.
  • •  When you join our loyalty scheme.
  • •  When you engage with us on social media. 
  • •  When you contact us by any means with queries, complaints etc.
  • •  When you ask us to email you information about a product.
  • •  When you enter prize draws or competitions run by Ceci Paolo.
  • •  When you book to attend an event.
  • •  When you fill in any forms for transactional, employment or other purposes.
  • •  When you use our shop which has CCTV systems operated for the security of both customers and staff. These systems may record your image during your visit.
  • •  When you visit the Website we may use cookies to help make the experience of using it better and to personalise the service you receive from us. This means we will remember your previous visits and track the Website pages that you visit. For more information please see our Cookie Policy. When you visit www.cecipaolo.com our web server may automatically record your public internet protocol ('IP') address.

4. What types of information we collect

Information provided directly by you

We only collect the information that’s necessary to carry out our business, to process your orders, to provide the particular service you’ve requested, to keep you up to date about our news and to provide you with the best possible service.  The type of information we collect about you includes:

  • •  Title
  • •  Name and Surname
  • •  Gender (optional)
  • •  Email address
  • •  Password (For your security, your login password will be kept encrypted.)
  • •  Delivery address
  • •  Billing address
  • •  Contact telephone number(s)
  • •  Date of Birth (optional)
  • •  Credit/debit card or other payment details (stored securely by our secure server, Pay360 by Capita)
  • •  Purchase information
  • •  Product selections
  • •  Details of your interactions with us in store or online.
  • •  Copies of documents you may provide to prove your age or identity where the law requires this (including your passport and driver's licence).
  • •  Attendance at events
  • •  Personal details which help us to recommend items of interest, eg your clothing size. 
  • •  Alterations and repair requests
  • •  Your image may be recorded on CCTV when you visit our shop.
  • •  Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
  • •  Automatically populated IP address*
  • •  Information gathered by the use of cookies in your web browser ** 

*When visiting our website we may collect an automatically populated IP address. An IP address is a unique number which allows a computer, group of computers or other internet connected device (such as your mobile or tablet) to browse the internet. We may also record the time and date of your visit, the pages that were requested, the referring website (if provided) and your internet browser version.

**For more details about cookies and how we use them on our website, please see our Cookie Policy

Social Media

Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or Twitter, you may give us permission to access information from those accounts or services.

Information available publicly

We may include information found in places such as Companies House and information that has been published in, for example articles, newspapers, online.

5. Why we use your personal data

In order for our use of your personal information to comply with applicable data protection law, that use by us needs to fall under at least one of the specific lawful reasons that are set out in applicable data protection law. These lawful reasons include:

Contractual obligations.  In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you order an item from us for home delivery, we’ll collect your address details to deliver your purchase, and pass them to our courier.

Legal compliance.  If the law requires us to, we may need to collect and process your data.  For example, we can pass on details of people involved in fraud or other criminal activity affecting us to law enforcement.

Legitimate interest.  In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our retail business and which does not materially impact your rights, freedom or interests.  We want to give you the best possible customer experience. One way to achieve that is to get the richest picture we can of who you are through the personal data we hold. We can then use this to offer you promotions, products and services that are most likely to interest you. In the case of loyalty scheme members, we’ll also offer you relevant rewards.  

6. How we’ll use your personal data in accordance with the lawful bases above.

  • •  To process any orders that you make by using our website or in store.
  • •  To respond to your queries, refund requests and complaints.
  • •  To protect our business and your account from fraud and other illegal activities.
  • •  To protect our customers, premises, assets and staff from crime, we operate CCTV systems in our store which record images for security.
  • •  To process payments and to prevent fraudulent transactions.
  • •  With your consent, we will use your personal data, preferences and details of your transactions to keep you informed by email, web, text and telephone about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on.  You are free to opt out of hearing from us by any of these channels at any time.
  • •  To send you relevant, personalised communications by post in relation to updates, offers, services and products. You are free to opt out of hearing from us by post at any time.
  • •  To send you communications required by law or that may be necessary to inform you, such as product recall notices.
  • •  To administer any of our prize draws or competitions which you enter, based on your consent given at the time of entering.
  • •  Sometimes, we’ll need to share your details with a third party who is providing a service (such as delivery couriers).

 

7. How we protect your personal data

We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.

Your personal data is located in the Customer Database incorporated in the Ceci Paolo Retail Store EPoS system supplied by Cybertill.  Access to your personal data on this system is password-protected. Cybertill’s hosting partner is Amazon Web Services, the world’s largest hosting company.  All data is held in the strongest and safest possible environments and held in multiple high availability data centres – all within the EU.

When you create a shopping account while ordering online you will submit your personal data to register on the Website or to proceed as a Guest.  Your password will be encrypted by the system and will only be accessible to yourself.  Read Cybertill’s Privacy Policy.

When you make a purchase on the Website, you are taken to a secure site using ‘https’ technology operated by Pay360 by Capita.  Your credit card information will be stored securely by Pay360 by Capita.  Read Pay360 by Capita’s Privacy Policy. 

Customers signing up for an account in store provide their details to a member of staff who inputs the information onto the Cybertill system. At the time of signing up to our customer data base you will have the opportunity to answer yes or no to accepting marketing emails, accepting third party emails and accepting post mailshots. Credit card payments made in store are processed on secure PDQ machines with encrypted receipts. Information is stored remotely by WorldPay and American Express.

8. How long will we keep your personal data?

Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. 

At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.***

*** This facility will be added to Cybertill by the end of August 2018

Some examples of customer data retention periods are:

Orders
When you place an order, we’ll keep the personal data you give us for seven years so we can comply with our legal and contractual obligations. In the case of certain products, such as electrical items, we’ll keep the data for 10 years.

Inactive accounts
If you’ve not used your account for more than five years, we’ll close the account and delete or anonymise the personal data associated with it. 

Warranties
If your order included a warranty, the associated personal data will be kept until the end of the warranty.

CCTV

Generally CCTV remains on our surveillence equipment for a maximum of 45 days after which it is overwritten. In the event that an incident has occurred during this period, images may be copied and provided to third parties such as the constabulary who may retain them in accordance with their own time policies.

9. Who do we share your personal data with?

We have a firm policy that we will not release your Personal Information to any company outside of Ceci Paolo Limited for mailing or marketing purposes.  However, we sometimes have to share your personal data with trusted third parties.  For example, IT companies who support our website and other business systems, delivery couriers, for fraud management and to handle complaints. We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so.   In all such circumstances we provide only the information they need to perform their specific services. 

We may, from time to time, expand, reduce or sell Ceci Paolo and this may involve the transfer of the business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Policy.

10. What are your rights over your personal data?

An overview of your different rights

You have the right to request:

  • •  Access to the personal data we hold about you, free of charge in most cases.
  • •  The correction of your personal data when incorrect, out of date or incomplete.
  • •  That we stop using your personal data for direct marketing (either through specific channels, or all channels).
  • •  That we stop any consent-based processing of your personal data after you withdraw that consent.


If we choose not to action your request we will explain to you the reasons for our refusal. 

Your right to withdraw consent

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

Where we rely on our legitimate interest

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. 

We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

Direct marketing

You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.

Checking your identity

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Policy. 

If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

11. How can you stop the use of your personal data for direct marketing?

There are several ways you can stop direct marketing communications from us:

  • •  Reply to any email communication that we send you with UNSUBSCRIBE as the subject line. We will then stop any further emails from us.
  • •  If you have a cecipaolo.com account, log in to your account, visit the ‘Edit Account Details’ area where you can change your preferences.
  • •  Write to Managing Director, Ceci Paolo Limited, 21 High Street, Ledbury. Herefordshire HR8 1DJ

Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.

12. Contacting the Regulator

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

You can contact them by calling 0303 123 1113.

Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can't be responsible for the content of external websites).

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.

It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.

13. Any questions?

We hope this Privacy Policy has been helpful in setting out the way we handle your personal data and your rights to control it.

If you have any questions that haven’t been covered, please contact us through the Website or

  • •  Email us on patriciaharrison@cecipaolo.com
  • •  Write to us at

Managing Director
Ceci Paolo Limited
21 High Street
Ledbury
Herefordshire HR8 1DJ