Privacy Policy – Who am I?

My website address is: https://www.electricalironmongery.co.uk

My name is: Chris Barstow

A physical address for any written communication is 6 Brookside, Bickington, Devon, EX31 2JX

My telephone number is 01271 320644

What personal data this website collects and why it does so:

In order to process transactions I require some personal data, such as name, address, email address and telephone number.

I need to collect this information in order to fulfil your order request, supply an invoice, deliver your goods and correspond with digital invoicing and order status update information. A telephone number is requested in order to relay any relevant parcel tracking information to you.

I will not use this information for any marketing purposes.

Contact forms:

If you submit a contact form through the website I will use your submitted email address in order to send a reply. I may keep contact form submissions for a certain period for customer service purposes, but I do not use the information submitted for marketing purposes.

Cookies:

If you have an account and you log in to this site, the website will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, it will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Analytics:

This website uses a 3rd party plugin called ‘Google Analytics for WordPress by MonsterInsights’ which relays some site user information to Google Analytics. There is currently a feature enabled which will anonymise the IP addresses of site visitors in Google Analytics by removing the last octet of the IP address prior to its storage.

You can click the link below to opt out of anonymous tracking by Google Analytics on your next visit

Click here to opt out of anonymous tracking on your next visit

Who your data is shared with:

Your order data is automatically exported using an API (application program interface) to Royal Mail where it is used to apply postage through my Royal Mail business account.

Your order data is automatically exported using an API (application program interface) to Quickbooks Online (UK) where it is entered as a sales record and used for accounting purposes. My accountant will have once yearly access to these accounts in order to complete an annual UK Tax Return on my behalf.

Your order data is automatically exported using an API (application program interface) to PayPal where it is used for accounting purposes.

Your order data may also be manually inputted to Parcelforce Worldwide to facilitate the provision of parcel postage and tracking.

How long your data is retained:

As a UK tax registered Sole Trader, financial transaction record form part of my taxable income. I will retain financial sales records for a minimum of 7 years in line with UK HMRC Tax & Self Assessment Guidelines.

For users that register on this website, it also stores the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data:

If you have an account on this site, you can request to receive an exported file of the personal data this site holds about you, including any data you have provided to us. You can also request the erasure of any personal data held about you. This does not include any data we are obliged to keep for administrative, tax or any other purpose which would be necessary to comply with UK and EU law.

Where your data may be sent:

This website is hosted by a data server located in the USA. This means that information contained within the front and back end of this website is sent back and forth to a location outside of European Union territory.

European data protection law requires data about European residents which is transferred outside the European Union to be safeguarded to the same standards as if the data was in Europe. The USA and EU have an agreement which covers regulation on this subject called the EU-US Privacy Shield. The EU-US Privacy Shield replaces the Safe Harbor framework. It is a binding legal instrument under European law which can be used as a legal basis for transferring personal data to the US. The host server provider for this website conforms to the regulations set out in the above agreement.

Financial transaction data:

All financial transactions, including credit card payments but excluding direct bank transfers are handled externally by PayPal. This website has no facility to store or view credit card details.

PayPal’s Privacy Policy can be viewed here.

Any direct bank transfers (BACS payments) will appear as a credit in my Company bank account but will not contain any other personal data other than the payment reference you supply.

Physical Data Storage:

I retain a carbon paper copy of your invoice which I hold on recored for a minimum of 7 years, as a physical paper back up of a sales record.

All paper records are kept at a secure locked storage facility which is manned 24 hours per day and is monitored by 24 hour CCTV.

Contact information:

If you would like to contact me about anything associated with this Privacy Policy, then I (Chris Barstow) act as the Data Compliance Officer for this website and can be contacted via email on chris@electricalironmongery.co.uk

How this website protects your data:

This website uses an endpoint firewall and malware scanner. It has protection from brute force attacks by limiting login attempts, enforcing strong passwords and other login security measures. The malware scanner checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections.

Data breach procedures:

In the unlikely event of a data breach, any data taken by criminal and illegal activity will be assessed and all those concerned will be contacted as soon as possible to be notified.