Privacy Policy
We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or the applicable supervisory authority in the event you have a complaint.
WHO WE ARE
Soane Limited (“Soane”, “Soane Britain”, “us”, “we”, or “our”) sells its products through www.soane.co.uk / www.soane.com (the “Soane Websites”).
Soane is the controller of your personal data and is a company registered under number 03360853 and whose VAT number is 707047549.
We collect, use and are responsible for certain personal data about you. When we do so we are subject to UK data protection laws. If you are located in the European Economic Area (EEA), we are also subject to the EU General Data Protection Regulation (EU GDPR) and other local laws in relation to goods and services we offer to individuals in the EEA.
If you want to know what personal data we collect and hold about you, or to exercise any of your rights as set out below, please email us at [email protected].
PERSONAL DATA COLLECTED
The personal data we collect about you depends on the purpose for which you engage with us. This information includes the following:
Identity data: first name and last name;
Contact data: including your email address, telephone number and address;
Usage data: we may also collect data on how our websites are accessed and used. This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our websites that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, cookie information and other diagnostic data;
Profile Data: your username and password and our internal record of orders made by you, your interests and preferences;
Financial Data: payment card details;
Transaction Data: details about payments to and from you and other details of products you have purchased from us; and
Marketing and communications data: including your preferences for receiving marketing communications from us.
CHILDREN’S PRIVACY
Our websites are not aimed at anyone under the age of 13 (“Children”).
We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your Children have provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.
HOW WE COLLECT YOUR PERSONAL DATA
You may provide us with your personal data in a number of ways, for example through the following direct interactions with us:
- By supplying us with the data as listed above, when registering for an account with us, making a purchase or subscribing to receive updates or offers from us.
- By corresponding with us by email, in which case we may retain the content of your email messages together with your email address and our responses.
We may also obtain your personal data indirectly, such as:
- Your browsing activity while on our website which we may obtain from third party cookie providers – see further information on Cookies below.
- Your identity data and information about your directorships or shareholdings, from third party publicly available sites such as Companies House, for the purpose of approving a trade account for your company.
IF YOU FAIL TO PROVIDE YOUR PERSONAL DATA
Where we need to collect personal data in order to perform a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
COOKIES
We may use cookies and similar tracking technologies to track your activity on the Soane Websites.
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Examples of tracking technologies are beacons, tags, and scripts to collect and track information and to improve and analyse our websites.
THE LEGAL BASIS FOR PROCESSING YOUR DATA
Under data protection law, we can only use your personal data if we have a legal basis for doing so, for example:
Consent: where you have given us clear consent for us to process your personal data for a specific purpose, for example in the context of direct marketing;
Contract: where our use of your personal data is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract;
Legal obligation: where our use of your personal data is necessary for us to comply with the law (not including contractual obligations); or
Legitimate interests: where our use of your personal data is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal data which overrides our legitimate interests).
USE OF DATA
Soane uses the collected data for various purposes:
Purpose/Activity | Type of data | Legal basis for processing including basis of legitimate interest |
---|---|---|
To provide products and services to you. | (a) Identity (b) Contact (c) Profile (d) Transaction (e) Financial | (a) Performance of a contract with you. (b) Necessary for our legitimate interests (to facilitate the operation of our online business). |
To process customer payment information and provide invoices and/or order confirmations. | (a) Identity (b) Contact (c) Profile (d) Transaction (e) Financial | Performance of a contract with you. |
To arrange order shipping. | (a) Identity (b) Contact (c) Transaction (d) Profile | Performance of a contract with you. |
To notify you about changes to our products and services. | (a) Identity (b) Contact | (a) Performance of a contract with you. (b) Necessary for our legitimate interests (to ensure our customers are kept informed of any required website alterations). |
To allow you to participate in interactive features of our websites when you choose to do so. | (a) Identity (b) Contact (c) Usage | Performance of a contract with you. |
To provide customer support. | (a) Identity (b) Contact (c) Profile | (a) Performance of a contract with you. (b) Necessary for our legitimate interests (to ensure our customers are provided with assistance & support when using our websites). |
To gather analysis or valuable information so that we can improve our websites. | (a) Identity (b) Contact (c) Profile (d) Usage | Necessary for our legitimate interests (to enable us to continually improve our websites in order to remain competitive). |
To monitor the usage of our websites. | (a) Identity (b) Contact (c) Profile (d) Usage | Necessary for our legitimate interests (to study how customers use our websites, to grow our business and to inform our marketing strategy). |
To detect, prevent and address technical issues. | (a) Usage (b) Profile | Necessary for our legitimate interests (to promptly rectify any issues or faults with our websites). |
To screen orders for potential risk or fraud. | (a) Identity (b) Contact (c) Profile (d) Transaction (e) Financial | Necessary for our legitimate interests (to protect ourselves against financial loss). |
To provide you with news, special offers and general information about other goods, services and events which we offer. | (a) Identity (b) Contact (c) Profile (d) Marketing and Communications | Necessary for our legitimate interests (to promote and grow our business). OR Consent |
DISCLOSURE OF DATA
SERVICE PROVIDERS
We employ third party companies and individuals to facilitate our websites (“Service Providers”). These third parties are engaged to assist us in running our business and making our websites, products and services available to you. For example, we use:
- IT service providers such as:
- CRM systems and IT infrastructure companies
- Email logistics and automation providers
- Marketing and brand design agencies
- Payment Service Providers
- Delivery Service Providers
We only allow our Service Providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We impose contractual obligations on Service Providers to ensure they can only use your personal data to provide services to us and to you.
DISCLOSURE REQUIRED BY LAW
Under certain circumstances, Soane may be required to disclose your personal data if required to do so to defend a legal claim, to comply with a legal obligation or in response to valid requests by public authorities (e.g. a court or a government agency).
DISCLOSURE FOR A BUSINESS REORGANISATION OR BUSINESS PURCHASE
We may also need to share some personal information with other parties, such as potential purchasers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
TRANSFER OF DATA OUTSIDE OF THE UK AND EEA
Your personal data, may be transferred to — and maintained on — servers located outside of the UK and EEA by our third party service providers, where the data protection laws may differ from those within the UK and EEA.
We will always ensure that any transfer of your personal data outside of the UK and EEA is done in accordance with applicable data protection laws. Under data protection law, we can only transfer your personal data to a country or international organisation outside the UK or EEA where:
- the UK government or European Commission (as applicable) have decided the particular country or international organisation ensures an adequate level of protection of personal data (known as an ‘adequacy decision’);
- there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects (an example of this is using standard data transfer clauses); or
- a specific exception applies under data protection law.
MARKETING
We may use your personal data to send you updates (by email or post) about our products, including exclusive offers, promotions or new products. Where we have your consent or it is in our legitimate interests to do so.
We will always treat your personal data with the utmost respect and never sell it to other organisations for marketing purposes.
If you have given your consent to receive marketing communications, or it is in our legitimate interests to send them because you are not a consumer or you are a consumer that has previous purchased similar products from us, you always have the right to opt out of receiving further promotional communications by:
- contacting us at: [email protected]
- using the ‘unsubscribe’ link in emails
We may ask you to confirm or update your marketing preferences if there are changes in the law, regulation, or the structure of our business.
Please note that we may also send you other communications in relation to your purchase of products or in order to respond to queries you have raised, such communications are service communications and are not a form of marketing.
RETENTION OF DATA
Soane will retain your personal data only for as long as is necessary for the purposes set out in this privacy policy. We will retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
Soane will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our websites, or we are legally obligated to retain this data for longer time periods.
In certain circumstances, once we have deleted or anonymised some of your data, we may still need to retain other parts of it (for example, your email address), in order to comply with our obligations under applicable data protection laws or other legislation, or for fraud detection purposes.
SECURITY OF DATA
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
YOUR RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
Whenever made possible, you can update your personal data directly within your account settings section. If you are unable to change your personal data, please contact us to make the required changes.
You have the following rights, which you can exercise free of charge:
- To access and receive a copy of the personal data we hold about you;
- To rectify any personal data held about you that is inaccurate;
- To request the deletion of personal data held about you;
- To require us to restrict processing of your personal data—in certain circumstances, e.g. if you contest the accuracy of the data;
- To data portability for the information you provide to Soane. You can request to obtain a copy of your personal data in a commonly used electronic format so that you can manage and move it;
- To object to your personal data being processed for direct marketing purposes (including profiling) and in certain situations have the right to object to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests, unless we can establish that our legitimate interests override your rights and freedoms; and
- Not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
To the extent that we are processing your personal data based on your consent, you have the right to withdraw your consent at any time. For example, in respect of marketing that we carry out on the basis of your consent, you can do this by unsubscribing via the link provided in any direct marketing communication or contacting us.
You can exercise any of the above rights by contacting us using the details set out below.
Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
Please note that we may ask you to verify your identity before responding to such requests.
CHANGES TO THIS PRIVACY POLICY
This privacy policy was last updated in July 2023. We keep our privacy policy under regular review to make sure it is up to date and accurate. If we change our privacy policy from time to time, we will post the details of any changes on the Soane Websites as necessary. We may also take reasonable steps to notify you if such changes affect how your personal data is processed.
CONTACT US
If you have any questions about this Privacy Policy or exercising your legal rights, please contact us by visiting our contact page on the Soane website or at [email protected].
MAKING A COMPLAINT
If you are unhappy about our use of your Information, you can contact us using the details set out above. You are also entitled to lodge a complaint with the UK Information Commissioner’s Office (ICO) or any relevant European data protection supervisory authority. The ICO can be contacted using the below contact methods:
Telephone: 0303 123 1113
Website: https://ico.org.uk/concerns/