Our website address is: https://spencerthorn.com
Our shop address is: Spencer Thorn Ltd, Belle Vue, Bude, Cornwall, EX23 8JS
Our telephone number is: 01288 352518
Our company registration number is: 08011892
Our VAT registration number is: GB 143 9277 52
This Notice explains in detail the types of personal data Spencer Thorn may collect about you when you interact with us. It also explains how we’ll use, store and handle that data, and how we keep it safe – and how you can check it, amend it, and delete it if you wish.
Who are we?
Spencer Thorn is a family-run book and gift shop. The business was launched more than 50 years ago in Bude, north Cornwall, and is owned and run by Chris and Sarah Pringle. We sell to members of the public from our lovely little shop in Bude, and also online.
If you have any questions regarding this Privacy Notice, please do get in touch. For Data Protection purposes Spencer Thorn adheres to the principles of the General Data Protection Regulations (GDPR) and understands best practice for managing information.
The law on data protection requires us to explain the legal justification we have for collecting and processing your personal data. Spencer Thorn relies on the following bases:
• Consent – When you opt in to receive email newsletters, special offers or other Spencer Thorn marketing material. You can withdraw this consent at any time either by contacting us or by “unsubscribing” from any of the email messages we send you.
• Contractual obligations – When you order from us, you are asked to accept our Terms and Conditions, which establishes a contract between you and Spencer Thorn. We need to pack and deliver the goods you have ordered online, and so we need a delivery address, a means of communicating with you electronically (phone or email or both), and payment for the goods.
• Legal compliance – For example, when we make a sale we have to raise a VAT invoice for the transaction which will have your name and address on it. We are obliged to keep this accounting information for up to six years after the date of the sale. We do not hold credit card or Paypal details. Instead, when you place your order, this information goes directly to the payment services provider (PSP) (in our case Paypal) who transfer money from your account to ours. We never see this information – except when you place an order by phone, and on these occasions card details are not noted down in any way.
• Legitimate interest – Under certain circumstances businesses may send marketing information or offers to previous customers provided the goods being promoted are similar in nature to those previously purchased and that such communications do not materially impact the rights, freedom or interests of the recipients.
Please note, in the case of email marketing, businesses have to give customers the opportunity to actively opt in to any such marketing activity. Therefore, when you place an order with Spencer Thorn and we ask for your email address, you will see a tick box and an explanation that if you tick the box we will send you marketing newsletters and/or offers. If you do not wish to be tempted by our future promotions, just leave the box blank and you will be left in peace!
When do we collect your personal data?
We only collect personal data from you when you give it to us by interacting with our website (www.spencerthorn.com), when you engage with us on social media or by speaking to us on the telephone.
Here are some examples of when we might collect personal data from you.
• When you create an online account with us
• When placing an order online using an account or as a guest
• When you sign up for our newsletter
• When you contact us by any means with queries, complaints etc
• When you enter prize draws or competitions
• When you comment on or review our products and services
Additionally, if you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you don’t have to fill in your details again when you leave another comment. These cookies will last for one year.
And if you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
When visitors leave comments or product reviews on our website, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
What sort of personal data do we ask you for?
• Your name & address details
• Your email address.
• Optionally, your landline or mobile phone number if you choose to give it to us.
What additional data do we collect from you?
• We collect technical information about your internet connection and the browser you use, the pages you visited while on our site and the search terms you used. This helps us to improve our site in order to give the best possible online experience to all our users.
• Your social media username if you interact with us through those channels and this allows us to respond to your comments, questions and feedback.
• Tracking your movements when using our website and how you react to our marketing emails.
• Buying information such as order value and products purchased.
How do we use your personal data?
The personal data we ask you for is primarily used to fulfil our contract with you so we can deliver the goods you have ordered from us. We ask you for your name, home address and email so we can deliver your order to you, check payment methods to prevent fraud, create a purchase record for tax and VAT purposes, get in touch with you about your order. As an option, we ask you for your phone number, which allows us to stay in touch about your order and ask the delivery service to send you SMS messages, for example. If you sign up for our newsletter and/or marketing emails, we will use your email address only for that purpose, and you will have the opportunity to unsubscribe at any time.
Who has access?
Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access order information such as what was purchased, when it was purchased and where it should be sent, and also customer information – your name, email address, and billing and shipping information. Our team members have access to this information to help fulfil orders, process refunds and support you.
How we protect your personal data
We will treat your data with the utmost of care. We secure access to all transactional areas of our website using ‘https’ technology. Access to your personal data is password-protected, and sensitive data such as payment card information is secured by SSL encryption when it is sent to our Payment Service Providers. Our network partners regularly monitor our IT systems for possible vulnerabilities and attacks.
How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. At the end of that retention period, your data will either be deleted completely or rendered anonymous so that it can be used in a non-identifiable way for statistical analysis and business planning. For example, when you place an order we’ll keep the personal data you give us for up to six years so we can comply with HMRC tax and VAT obligations. Email addresses will cease to be used for marketing purposes two years after your last interaction with us or earlier if you choose to unsubscribe, which you can do at any time.
If you leave a comment/review on our website, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue. For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Who do we share your personal data with?
We may have to pass your personal data to trusted third parties but only for the purposes of processing your order (fulfilling our contract with you), keeping in touch with you by direct marketing or providing you with additional facilities on our website.
We never sell, rent or pass your data to other companies for their marketing purposes. The only exception to this rule is if you enter a competition organised by us and the prize is offered by another company, that company may expect to have access to your information for marketing purposes and to fulfil the prize. In this case you will be specifically informed at the time you enter the competition.
Where we need to share your data with other companies (such as delivery couriers and IT companies that support the website) we only provide them with the personal information they need to carry out specific services, and we ensure that they comply with GDPR requirements.
What rights do you have over your personal data held by Spencer Thorn?
You have the right to request:
• access to the personal data we hold about you
• the correction of your personal data when incorrect, out of date or incomplete
• the deletion of any personal data we hold about you provided we do not need it for other legitimate purpose eg. tax and VAT purposes
• that we stop using your personal data for direct marketing
• the withdrawal of any consent you may have previously given us to use or process your personal data
If you have an account with us, or have left comments on our site, you can ask to receive an exported file of the personal data we hold about you. You can also request that we erase any personal data we hold about you. (This does not include any data we are obliged to keep for administrative, legal, or security purposes).
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make regarding your personal data.
If, in the highly unlikely event you should feel that your personal data has not been handled correctly by Spencer Thorn, you can lodge a formal complaint with the Information Commissioner’s Office (ICO) whose website can be found at www.ico.org.uk.