Your Business

Platform

Services

Resources

About Us



Book a Demo



Our Privacy Policy

At CTRL Commerce, we are fully committed to ensuring that your data is protected and your privacy is respected.

CTRL Commerce ("CTRL Commerce", "we" or "us") is responsible for the personal data collected on this site www.ctrl-commerce.com ("site") and is the controller of that data. We are a company registered in the United Kingdom with company number 14493495 and a registered office at Unit 4, Perrywood Business Park, Honeycrock Lane, Redhill, RH1 5DZ. We have a Data Protection Officer, who you can contact using the details set out at the end of this policy.

What is this policy for?

This policy will inform you about what personal data we collect through this site as well as your other interactions with us. It will tell you why we collect your data, how we use it, who we share it with, and what rights you have in relation to it. Nothing in this privacy policy shall limit your legal rights in relation to your personal data.

It is important that you read this policy together with any other privacy notice or fair processing notice we may provide at the point of collecting or processing your personal data. This policy supplements those notices and is not intended to override them. However, it does supersede earlier versions of this policy.

This site includes links to websites which may allow third parties to collect or share your personal data. We cannot control their use of your data and are not responsible for it. Those third parties will have their own privacy policies, and we encourage you to read them before sharing any of your personal data with them.

What data do we collect about you?

Personal data includes any information about an individual from which that person can be identified. This does not include data where the individual's identity has been removed, such as statistical data about the use of our site. We may collect, use, store, and transfer the following types of personal data:

Contact: Name, email addresses, postal addresses, phone numbers, and other details you provide when you contact us or submit a form.
Profile: Your preferences, interests, feedback, survey responses, and other data you provide when engaging with our site.
Technical: IP address, operating system and platform, browser type and version, time zone setting, location data, device cookie and identification, and other identifying information required for your device to communicate with our site.
Marketing and Communications: Your preferences for receiving marketing communications and your communication preferences.

We do not intend to collect any 'special categories of personal data' (i.e., information about your race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic or biometric data).

How is your personal data collected?

We collect your personal data through a number of sources. For example:

You may give us your personal data directly when you: submit information to us through our site (e.g., by filling in forms); when you order goods or services from us; when you correspond with us by post, phone, email, or otherwise; contact us by social media; request information from us; subscribe to any publications that we offer; request marketing to be sent to you; enter a competition, promotion, or survey or provide feedback.
We may also get the following data about you from third parties: providers of payment services.
We may get the following data about you from publicly available sources: such as Companies House, the Electoral Register, and the Bankruptcy or Insolvency Register.
We may automatically collect data from or about you or your device, including technical data about your device and browsing, and profile data collected using cookies, online identifiers, or other similar technologies. Please see our cookie policy for more information.

How do we use your personal data?

We will only use your information where we have a lawful basis to do so. Below we have set out how we plan to use the personal data we hold about you and explained the lawful basis for each:

Purpose

Types of Data Processed

Lawful Basis

Communicating with you (other than for direct marketing purposes)

Contact, Profile, and Marketing data

Necessary for the performance of a contract or potential contract with you

Processing and fulfilling your requests

Contact, Profile, and Transactional data

Necessary for the performance of a contract with you

Verifying your identity, preventing fraud, and complying with legal obligations

Contact, Technical, and Transactional data

Necessary to comply with legal obligations

Managing our relationship with you

Contact and Marketing data

Necessary for our legitimate interests of operating our business effectively

Providing you with support and resolving complaints

Contact and Transactional data

Necessary for the performance of a contract with you

Delivering relevant advertisements and providing information about goods or services you may be interested in

Contact, Profile, Technical, and Marketing data

Necessary for our legitimate interests of improving our services and informing marketing strategy

Administering and protecting our site

Contact, Technical, and Transactional data

Necessary for our legitimate interests in running our site effectively

We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. If you need details about the specific legal ground we are relying on to process your personal data, please contact us.

If we need to process your personal data for a different purpose that is not compatible with the original purpose, then we will let you know.

Please note that we may also process your personal data for a different purpose than listed above and without your consent where it is necessary for us to comply with our legal obligations.

How can you opt out of marketing?

We only directly market to you by email where it is legally allowed, for example, where you have consented, where you have purchased from us, or if you have provided us with a business email address. You can opt-out of marketing at any time by:

Selecting the opt-out link on any marketing message sent to you;
Contacting us using the details in the "How to Contact Us?" section at the end of this policy.

Please note that if you opt-out of marketing, we may still need to contact you for other reasons, such as updates regarding your order or important changes to our terms.

How do we keep your data secure?

We understand the importance of keeping your data secure. We take all reasonably necessary steps to ensure that your data is treated securely, in accordance with this policy, in order to prevent your data being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. For example, we limit the access to our customer's data and place confidentiality obligations on those who have access to it. If we become aware of a data breach we will notify the Information Commissioner's Office in a timely manner. We may also notify you in accordance with our legal requirements if we believe the breach is serious.

How long do we keep your data for?

We only hold your personal data for as long as is necessary in order to comply with the purposes for which we collected it.

When we are determining the appropriate retention periods for your personal data, we take into consideration a number of factors including what personal data we are processing, the risk of harm from any unauthorised disclosure, why we are processing your personal data and whether we can achieve this outcome by other means without having to process it.

Occasionally we may anonymise data which means that it is no longer associated with you. We do this for statistical or research purposes so we can improve the services we offer to you. We can use anonymous data indefinitely without further notice to you.

Please contact us if you would like more information about our data retention policy.

Who do we share your personal data with?

We may share your personal data with the following third parties for the purposes set out in the table above:

Suppliers so that they can fulfil any order or request you make with us;
Financial or payment processors where you are trying to arrange a payment to or from us;
Service providers who provide database, IT and system administration services (such as Salesforce which is based in the USA);
Credit reference agencies and banks that perform credit checks in order to determine your credit worthiness when you apply to open a credit facility with us;
Courts, regulatory bodies or law enforcement agencies if required;
If we refer any dispute between us to the ODR Platform, and/or we agree to engage in any alternative dispute resolution (ADR) procedure with you through the Platform, then to the extent that your personal data is relevant to the dispute we may disclose it to the European Commission, as operator of the ODR Platform, and to any ADR provider appointed to deal with the dispute; and
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice. These parties may be based outside of the EEA.

These third parties are required to respect the security of your personal data and treat it in accordance with the law. We do not allow them to use your personal data for their own purposes unless it is incidental to the services they are providing to you on our request.

Transfers outside of the European Economic Area (EEA)

When we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded, for example by ensuring that country has been deemed to provide an adequate level of protection for personal data by the European Commission, using specific contracts approved by the European Commission, or where appropriate ensuring that they are part of the Privacy Shield (in the USA).

We outsource our technical development to a global technology services company. We allow their employees and contractors located in and out of the EEA have access to the personal data we hold so they can provide technical support services to us. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Credit checks

If you apply for a credit facility with us, we will usually instruct a credit reference agency to conduct a search to determine your creditworthiness. We provide your personal data to them so that they can carry out these checks and they provide the results directly to us. We use the results of the credit check to determine whether or not to grant you a credit facility.

We may use Equifax Limited, Experian Limited or Creditsafe Business Solutions Limited to conduct the credit checks. You can find out more about each of them by visiting their websites. For information about how they share personal data they receive about you and/or your business here: www.equifax.co.uk/privacy-hub/crain. Please note that when credit reference agencies perform a credit check, a footprint may be left on your credit file which may be seen by other people viewing your file, such as other lenders. More information about each of the companies can be found here:

We also use Creditsafe Business Solutions Limited to perform credit checks. A link to their GDPR compliance can be found here: https://www.creditsafe.com/gb/en/more/about/gdpr.html.

Credit searches are a form of automated decision-making. Individuals have the right to ask that we do not make decisions that have a legal or significant effect on them using solely automated means, and object to an automated decision and ask that a person reviews the decision. If you would like to exercise these rights, please contact us using the details in the 'How can you contact us?' section. You can read more about your rights below.

What legal rights do you have?

Subject to certain legal conditions, individuals have the right to:

Request details of the personal data we hold and process about you (this is usually called a subject access request); Request that any inaccurate information we hold about you is corrected;
Request that we delete the personal data we hold about you in certain situations;
Request that we stop using your personal data for certain purposes;
Request that we do not make decisions about you that produces legal or other significant effects on you using completely automated means;
Request that personal data we hold about you is given to you, or a third party chosen by you (where technically feasible), in a commonly used, machine-readable format;
Prevent the use of your personal data for marketing purposes by using any of the steps at the 'How do I opt-out?' section; and/or
Withdraw your consent where you have provided it.

To exercise any of the rights set out above, please contact us using the details at the end of this policy. If you do so, please provide us with as much information as you can about the request you want to make in order to help us respond as soon as we can. You might need to provide us with proof of identity (for example a passport or driving licence) before we can fully respond, as we need to be sure we are giving the correct personal data to the correct individual.

We will usually respond to a request from you to exercise your rights within 1 month of receipt, but it might take longer if your request is particularly complex or if you have made a number of requests. Please note that the rights listed above may not apply in certain circumstances or specific exemptions may apply, and so we may not always be able or required to comply with your request to exercise these rights. You will not usually have to pay a fee to exercise these rights, but we reserve the right to if your request is clearly unfounded, repetitive or excessive, alternatively we may refuse to comply with your request.

For more information on these rights please see: https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/. Please be aware that we may need to process your personal data and/or request specific information from you to help us comply with your request.

You also have the right to complain to the Information Commissioner's Office, the UK supervisory authority for data protection issues. Before exercising this right, we encourage you to contact us first to resolve any complaint you may have, although this is not legally required. More details can be found here: www.ico.org.uk. You can write to them at Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or call them on 0303 123 1113.

What about changes to this policy?

This policy was last amended on 2nd August 2018 and supersedes any earlier versions.

We reserve the right to update this policy to reflect any changes to the way in which we collect, process or share your personal data, or to reflect any legal requirements. When we make any changes, we will upload the new version to our site. The new version will take effect as soon as it is uploaded.

How do you contact us?

If you have any questions about this policy or would like to exercise any of the rights mentioned, you can either:

Email us: info@ctrl-commerce.com;
Write to us: at Data Protection Officer, Euroffice Limited, Unit 4, Perrywood Business Park, Honeycrock Lane, Redhill, RH1 5DZ; or
Contact us: using the options included in this link: https://ctrl-commerce.com/about/contact

contact



Unit 4, Perrywood Business Park, Honeycrock Lane, Redhill, RH1 5DZ



Telephone House, 69-77, Paul Street, London, EC2A 4NW



info@ctrl-commerce.com



020 6548 7899

member of