1. Introduction

Protecting the security and privacy of your personal data is important to The Wand Company. This Privacy Policy explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe. Furthermore, you will find information about your rights, which is based on the GDPR (General Data Protection Regulation).

Please take a moment to familiarise yourself with our privacy practices and you can find below our contact details and communicate with us if you have any questions about this policy.

2. Lawful basis for Processing Data

Under the following legal conditions, GDPR allows us to collect your personal data e.g. first or last name, telephone number, addresses and email addresses as outlined further below.

(a) Consent

In some cases, we can collect and process your data with your consent. For example, if you buy any items from The Wand Company’s online shop and/or create an account on The Wand Company website. If we collect your data, we will always inform you about it.

(b) Contractual obligations

We are collecting your personal data in certain situations like contractual obligations. For example, for your order to be processed we need your postal address as well as other necessary personal data.

(c) Legitimate interest

We may process personal data for certain legitimate interests, for example to understand how people interact with our website, to determine the effectiveness of promotional campaigns and advertising, or to use your purchase history to send you personalised offers.

3. When do we collect your personal data?

For example:

– When you visit our website
– When you create an account with us
– When you engage with us on social media
– When you make an online purchase for products and services
– When you get in touch with us for any request or complaint
– If you apply to work at The Wand Company

4. What kind of personal data do we collect?

Depending on how you contact us, we may collect Personally Identifiable Information (PII) including first and last name, gender, date of birth, billing/delivery address, orders and receipts, email address, telephone number, voice recording (if you call us), cookies etc. For your security, we’ll also keep an encrypted record of your login password if you create an account on our website. If you apply for a job at The Wand Company, we may keep a copy of your CV.

If you make a payment on our website, we do NOT store your credit card details or other sensitive payment details. Your payment is handled by Sage Pay, our payment service provided (PSP), and you can read their security policy at https://www.sagepay.co.uk/policies/security-policy.

5. How and why do we use your personal data?

We use your personal data to give you the best customer service or inform you about our new products or services. If you order any products or services from us, then we need your personal data to get in touch with you and to provide after-sales support.

We may use your non-sensitive personal data to register you as a new customer, manage payment, collect and recover monies owed to us, to manage our relationship with you, or to send you details of our goods and services.

Our legal grounds for processing your data are in relation to the points above that are for the performance of a contract with you, or are necessary for our legitimate interests to develop our products/services and to grow our business.

We will NOT share your details with third parties for marketing purposes except with your express consent.

6. To whom do we disclose your personal data?

We may have to share your personal data with:

– Service providers who provide IT and system administration support
– Operational companies such as delivery couriers.
– Direct marketing companies who help us manage our electronic communications with you.
– Google to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites. See our Cookies Notice for details.
– Professional advisors including lawyers, bankers, auditors and insurers HMRC and other regulatory authorities
– Third parties to whom we might sell, transfer or merge parts of our business

We require all of these third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. They are only allowed to process your personal data on our instructions.

7. International transfers

We may use third-party providers which are businesses outside of the EEA in countries that do not always offer the same levels of protection for your personal data. If so, we will do our best to provide a similar degree of security by ensuring that contracts, code of conduct or certification are in place which gives your personal data the same protection it has within Europe. If we are not able to do so, we will request your explicit consent to the transfer and you can withdraw this consent at any time.

8. How long will we keep your personal data?

Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.

At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

9. How we protect your personal data

Protecting your data is important to us and we have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breaches and we will notify you and any applicable regulator of a breach where we are legally required to do so.

We may anonymise your personal data (so that you can no longer be identified from such data) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

10. Your rights in respect of your personal data

(a) Right of access by the individual

Under the GDPR “right of access” you have the right to request from us (free of charge in most cases) the following information about the processing of your personal data:

– the purposes of the processing;
– the categories of personal data concerned;
– to whom the personal data have been or will be disclosed (for example, to business partners, third countries or international organisations);
– where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
– deletion of the personal data, restriction of processing, or to withdraw your consent;
– the right to lodge a complaint with a supervisory authority;
– where the personal data are not collected from the individuals, any available information as to their source;
– the existence of automated decision-making, including profiling;

(b) Right to erasure (‘right to be forgotten’)

You have the right to request deletion of your personal data. In this case, we will delete your personal data without undue delay. This will be done providing there is no legal obligation or legitimate interest to retain the data.

(c) Right to restriction of processing

In the following circumstances you have the right to request the restriction of processing:

– the correction of your personal data when incorrect, out of date or incomplete;
– the data has been unlawfully processed and you oppose erasure of your data but request restriction instead;
– we no longer need your personal data but you need us to keep it in order to establish, exercise or defend a legal claim;

(d) Right to withdraw consent

You have the right to withdraw any consents at any time, which you have given us to processing your personal data. For example, to stop the use of your personal data for direct marketing activity or any processing of your personal data

11. Contacting the supervising authority

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. You can contact them by calling 0303 123 1113, or by clicking the following link: https://ico.org.uk/concerns

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.

12. How our website uses Cookies

Like most websites, we use cookies to make our site run more smoothly and to personalise your experience.

Cookies are harmless text files designed to make your online life easier, usually by remembering details such as whether you’ve visited a site before, what content you may have viewed and what you’ve placed in your online shopping basket. This data is completely anonymous, containing simply a website name and unique user ID.

Cookies are also used to collect anonymous data about how visitors use a website, such as how long is spent on each page. This allows companies to work out which parts of their websites are most popular, and which sections might need improving to give visitors a better experience of using the site.

None of the cookies we use collect personal information about you; they are simply used to give us anonymous data that allows our website to work properly and help us see where we can improve.

Our website may uses anonymised cookies to serve the following functions:

– Adding products to your shopping basket – this allows you to move from one page to another without losing anything that you’ve put in your online shopping basket.

– Count visitor numbers, pages viewed and other anonymous data on our website usage.

– Google Analytics tracking: this gives us aggregated data on how visitors use our website, allowing us to see information such as which are our most popular pages, and how long visitors spend on different parts of our site. We use this anonymous data (which is linked only to your IP address, not to any personally identifying information) to identify parts of the site that may need redesigning or rewriting to make them easier to use.

– Other third-party analytics tracking: from time to time, we may also make use of other third-party analytics tracking, which again would be linked only to your IP address and not to any personal information.

If you’d rather not have cookies on your computer, you can disable them quickly and easily in your browser settings. Instructions for doing this will vary from browser to browser, but will usually be in the ‘privacy’ section of your browser settings or preferences. You’ll also be able to delete any cookies already on your computer, as well as blocking cookies from other sites.

Disabling cookies in your browser may result in some aspects of The Wand Company website not functioning correctly. For example, the products you put in your shopping basket may disappear if you move to another page. We therefore recommend keeping cookies enabled to ensure you get the most from our site.

For further information about cookies and how to disable them in different browsers, the Information Commissioner’s Office offers this comprehensive guide to cookies: https://ico.org.uk/for-the-public/online/cookies/