2 Collection of personal data. We collect your personal information within the terms of the Data Protection Act 1998 and the European General Data Protection Regulation. Via your order we collect your name, telephone numbers, email address, billing and delivery addresses and your willingness for your data to be shared with the Abacus Alliance (see para 4). We collect and retain fraud score information about your payment card. We do not collect payment card numbers on our own server. If you choose to save your card data when checking out, it is stored by our payment processor, Stripe. We do not have access to it although we are able to make an add-on charge (or refund you) if your order is amended. We cannot read your password for our website, although if we created it on your behalf during a telephone order, you would need to update it to be sure it was private. You can do this in the My Account section of our site. We urge you not to use the same password as you use for websites that need to be super-secure, such as financial sites.
3 How we use this data in connection with your orders. We use this data to process your order including phoning, emailing and sometimes texting you if we have any queries. We keep the data after fulfilling your order to help both you and us should you place a further order. All data is routinely updated either by you or by us at your request. We also use your data for marketing purposes. For instance we know from what you have ordered which kinds of fish you prefer and we might use this data to make special offers to you. We keep data on your communications preferences – for instance if you don’t want us to phone you with special offers, we make a record of this.
6 Access by other companies. We pass your address and phone number to a courier company so it can deliver your parcel including calling you if necessary. We reserve the right to share your data with any reputable service provider for the purpose of promoting our objective of supplying you with our products.
8 In relation to the General Data Protection Regulation: We are The Fish Society and you can contact us at firstname.lastname@example.org or on +44 1428 687768. Our Data Protection Officer is Alistair Blair. We have no joint controllers. We retain data in electronic form on the following categories: customers, employees, investors and other parties we may deal with such as suppliers. We maintain and process data in order to run the business efficiently and for no other purpose. The categories of personal data we process are described above as are the recipients. Data which we share with internet companies might be maintained by them outside the EEA. We would not work with any organisation that did not seem to have a good reputation and we would assume that its data processing was compliant with EU legislation. We have never experienced the need for an exceptional transfer of data and cannot envisage such a need. We review the personal data we hold every 5-10 years, at which time we would normally delete all data relating to customers we have not dealt with over the previous ten years. Our company security is intended to be comply with the Payment Card Industry Data Security Standard. Sensitive data processed on our website is encrypted. Staff are routinely reminded of the need to protect your personal data. All PCs and key systems such as email and our administration website are protected by passwords. We do not receive data on customers from third parties other than fraud evaluations on card transactions and data from the Abacus Alliance. We do not believe any of our activities creates a high level of risk to our data subjects.