CENTRAL TRADING is fully committed to protecting the privacy of our visitors and customers. We fully appreciate and respect the importance of privacy on the Internet. We will not disclose information about our customers to third parties except where it is part of providing a service to you – e.g. arranging for a product to be sent to you, carrying out credit and other security checks and for the purposes of customer research and profiling or where we have your express permission to do so.
We will not sell your name, address, e-mail address, credit card information or personal information to any third party without your permission, but we cannot be responsible or held liable for the actions of third party sites from which you may have linked or been directed to the website.
Communication & Marketing
If you have made a purchase from our store we may occasionally update you on our latest products, news and special offers via e-mail, post & telephone. All of our customers have the option to opt-out of receiving marketing communications from us and/or selected third parties. If you do not wish to continue to receive marketing from us and/or selected third parties you can click on the “unsubscribe” link in any email communications which we might send you.
The General Data Protection Regulation (GDPR) protects the rights of individuals by setting out certain rules as to what organisations can and cannot do with information about people. A key element to this is the principle to process individuals’ data lawfully and fairly. In order to meet the fairness part of this we need to provide information on how we process personal data.
This Fair Processing Notice satisfies this element of legislation and is designed to highlight the areas of Data Protection which may be of particular concern to customers and others using our publicly accessible website at [INSERT WEBSITE] ; helping those people understand how information about them will be used. It will also provide guidance on your individual rights and how to make a complaint to the Information Commissioner’s Office (ICO), the regulator for data protection in the UK.
For the purpose of your data protection, Central Trading is the recognised ‘controller’ of your data. Our Data Protection Officer is available to you, who can be contacted about any of the content held herein via:
Data Protection Officer
Watermans Business Park,
Contact number: 03301330815
The legal basis by which we will process and may have already processed data about you:
When we collect or process data about you, we have to observe the requirements of the General Data Protection Regulation (GDPR).
Under the General Data Protection Regulation our legal bases for processing this information about you as a customer will be that processing is necessary:
- “For the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.” This means the information is needed for the delivery of [INSERT SERVICE OR PRODUCT].
- “For compliance with a legal obligation.” This means Central Trading may be legally required to share some information about you, for example with local law enforcement in the case of an investigation into suspected fraud.
If you gave Central Trading data via its publicly accessible website before May 25th 2018 (the date on which GDPR came into effect), it is important for you to remember that your personal data was already protected another way, by way of The Data Protection Act (The DPA). The DPA established a framework within which information about living individuals can be legally gathered, stored, used and disseminated. At its core were eight Data Protection Principles, which Central Trading and other organisations needed to abide by. These specified that personal information must be:
- Processed fairly and lawfully, and only if certain conditions are met
- Obtained for specified and lawful purposes, and not used for purposes other than those for which it was gathered
- Adequate, relevant and not excessive
- Accurate and where necessary kept up to date
- Kept for no longer than necessary
- Processed in accordance with individuals’ rights
- Kept secure
- Not transferred outside the European Economic Area unless certain conditions are met
GDPR builds on these requirements and states that from 25 May 2018 information must be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals;
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
GDPR also requires that:
- “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”
These protections apply to information in electronic form and also many types of data in paper form. Further information about the Data Protection Act and the General Data Protection Regulation is available from the Information Commissioner’s Office at www.ico.org.uk.
How and why does Central Trading use personal data?
The largest volume of personal data Central Trading processes on its public facing website is in relation to customer accounts and orders. The primary purposes we process information about these individuals include:
- to enable us to collect billing and delivery details for orders placed.
- to enable us to communicate marketing and operational messages to you via multiple platforms including social media, email and SMS;
- to monitor, develop and update Central Trading systems to ensure they continue to operate effectively and securely;
- to gather feedback from customers.
What personal data does Central Trading collect?
Central Trading collects personal data from customers at various stages. The volume and nature of the personal data collected is outlined below:
- Details collected by way of our customer order / account registration processes:
- name and address
- contact details (telephone number, email address)
- Details collected by way of our newsletter subscription:
- contact details (email address)
Sharing of personal data
Where Central Trading is required to share personal data with certain organisations in order to meet statutory requirements or to provide services, sharing will always be undertaken in line with the requirements of data protection law, either through the consent of the individual, or another relevant legal gateway. The personal data that is actually shared will always be limited precisely to what the other organisation needs to meet its requirements or deliver its services.
The information below outlines the key partners with whom Central Trading shares personal data about customers with:
- National/Local Government Departments and other public bodies:
- the courts, the police and other organisations with a crime prevention or law enforcement function (subject to the proper entitlements);
- Communications Platforms to facilitate marketing and communications of Central Trading services (governed by GDPR compliant data sharing agreements):
- Facebook for re-marketing of Central Trading services to you via its channels;
- Mailchimp for campaign and email services.
- MailGun for transactional email services.
- Delivery Providers to facilitate the delivery of goods.
- B2C Europe
How long does Central Trading keep personal data?
Central Trading takes its obligations under GDPR very seriously in terms of not holding onto personal data for any longer than is necessary. Central Trading has a retention schedule in place for the different categories of data it holds.
- to deal with customer enquiries relating to their account or past orders
- 2 years
- to communicate future offers and promotions
- Until notified otherwise by the customer
What are my rights regarding the personal data you hold relating to me?
An individual has the right to be informed about data collection via a Fair Processing Notice. This is that notice.
An individual has the right to ask Central Trading what personal data we hold about them, and to ask for a copy of that information. This is called making a Data Protection Subject Access Request. A Subject Access Request should be submitted in writing via email to the Data Protection Officer or in hard copy to the postal address provided above. Central Trading reserves the right to ask you to provide proof of identification and for you to clarify your request if it is unclear in the first instance. You will receive a reply no longer than 30 calendar days from the date you make the request in writing.
If you are unhappy with the initial response you can ask Central Trading to undertake a further search if there is specific information you have good reason to believe exists but that hasn’t been
You have the right to rectify data that is incorrect. If you believe Central Trading holds information about you that is factually incorrect please email our Data Protection Officer, and Central Trading should update it within one month.
You have the right to be forgotten. Where there is not a legal / statutory obligation for Central Trading to hold data about you, you have the right to be forgotten. To exercise this right, please email our Data Protection Officer and Central Trading will respond to you within one month.
You also have the right to object / withdraw consent from the processing of your personal data by Central Trading at any time, if your consent was sought initially to use your personal data.
To exercise any of these rights, please contact Central Trading’s Data Officer.
You also have the right to complain to the UK Regulator the Information Commissioner’s Office (ICO’s) if you believe you request has not been dealt with properly or you have a complaint to raise against Central Trading for any other data protection related issue. A complaint can be raised via the ICO’s website or write to the following address:
The Office of the Information Commissioner
Our website and your privacy
We have structured our website so that you can visit the website without identifying yourself or revealing any personal information about yourself to Central Trading or any third party. Once you choose to provide us with any information by which you can be identified then you can be assured that it will only be used in accordance with this Fair Processing Notice until and unless notified separately.
Protecting your security
We may use personal information provided by you in order to conduct appropriate anti-fraud checks. Personal information that you provide may be disclosed to a credit reference or fraud prevention agency, which may keep a record of that information. This is done only to confirm your identity – a credit check is not performed and your credit rating is unaffected.
Transfers of your Information
Unfortunately, the transmission of information via the Internet is not completely secure. We will do our best to protect your personal data, but cannot guarantee the security of data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Disclosures of your information
We may disclose your personal information to any of our group of companies. We may also disclose your personal information to third parties:
- in the event that CENTRAL TRADING sells or buys any business or assets;
- if CENTRAL TRADING or substantially all of its assets are acquired by a third party, in which case personal data which we hold about our customers may be one of the transferred assets;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of; or to protect the rights, property, or safety of CENTRAL TRADING, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Third party sites
Our site may contain links to and from the websites of our partner networks, advertisers and other third parties. If you follow a link to any of these websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Checking your Details
If you wish to verify the details you have submitted to CENTRAL TRADING you may do so by contacting us via the e-mail address or address given below. Our security procedures mean that we may request proof of identity before we reveal information. This proof of identity will take the form of your e-mail address and password submitted upon registration. You must therefore keep this information safe as you will be responsible for any action which we take in response to a request from someone using your e-mail and password. We would strongly recommend that you do not use the browser’s password memory function as that would permit other people using your terminal to access your personal information.
CENTRAL TRADING is the data controller for the purpose of the Data Protection Act 1998 (the Act).
You have the right to access the information which CENTRAL TRADING holds about you and your right of access can be exercised in accordance with the Act. You may lodge an access request for free, but depending upon the personal information you request, we may impose a charge to recover our costs in providing you with details of the information we hold about you. We will notify you of any such change upon receiving your access request, and confirm whether you wish to proceed and pay such charge.
We are always pleased to hear from our customers (even if it is a complaint!). We are always grateful for any time you spend providing us with the knowledge we need to ensure our customers are completely satisfied – we want you to return to the site and to recommend us to your friends and family. If you have any questions or feedback about this statement, or if you would like us to stop processing your information, please do not hesitate to contact a customer service member of the CENTRAL TRADING team, who will be delighted to answer any questions you may have. You may find our contact details on the contact-us page.
We do not store or process any customer credit details. All payments are conducted by our third party payment provider.