At Oxnorth we are committed to protecting and respecting your privacy.
What establishes our data protection obligations to you?
Oxnorth is required to process your personal data in accordance with the law. The Data Protection Act 1998 (DPA) implements the EU Data Protection Directive 1995 (EU Directive 95/46/EC). From 25 May 2018, the General Data Protection Regulation 2016 (EU Regulation 2016/679) will come into force; it replaces the DPA.
Who is the Data Controller for Oxnorth?
A data controller is a person or persons who determine the purposes for which and means by which personal data is processed. In other words, at Oxnorth, we are a data controller and we require information about you in order to do business.
How does Oxnorth collect this personal data?
Information that you give to us, this is the personal data that you provide to us, for example by filling in forms on our website https://oxnorth.co.uk or by corresponding with us by phone, e-mail, post, social media or otherwise.This personal data would relate to the purchase of goods from Oxnorth.
Information we collect when visiting our website
In line with our information security standards, we monitor website behaviour through Google Analytics. We collect information about how each visitor uses our site. These are then used to compile reports and to help us improve our site. Information is collected in an anonymous form. Oxnorth wants to provide you with the best possible service. We are always looking for ways to improve. This includes improving our website so that it provides the information that you need, on a regularly updated basis and in an easily accessible way.
For what purposes does Oxnorth collect and use your personal data? Oxnorth processes the personal data held about you in the following ways
To help us deliver your goods to manage your purchases to manage any refunds to provide you with updates and alerts, such as the estimated time for the delivery of your orders to monitor our work and maintain our records to administer and improve our website and other communications with you to enable compliance with statutory and legal obligations to detect and prevent fraud to respond to any complaint that you might make to answer general enquiries that you may make
OXNORTH will not process your personal data
To conduct market research (unless required by a regulatory body such, or where we have your permission or are permitted to do so by law) or for marketing purposes to pass it to a third party for that party’s or any other party’s purposes to sell it to a third party
When does Oxnorth disclose personal data?
It may be necessary for Oxnorth to share your personal data with others, including:our third party business partners, suppliers, analytics providers that assist us with improvement of our website credit reference agencies and other companies and organisations for the purpose of fraud prevention and credit risk reduction, government agencies and independent regulatory bodies and as might be required by law, including compliance with any court order or legal obligation.In the event that Oxnorth (or substantially all of its assets) were to be acquired by or merged with a third party, the personal data held by us about our customers would be included amongst the assets transferred or shared. If we were to sell or buy any business or assets, we may disclose personal data held by us to the prospective seller or buyer under strict confidentiality terms.When entering into any agreements that involve the sharing or disclosure of personal data, Oxnorth requires that these third parties comply with our data protection and information security policies or have substantially similar policies of their own in place.
Where does Oxnorth store your personal data?
Oxnorth has put in place appropriate technical and organisational measures to prevent accidental loss, damage or destruction of your personal data, and to protect your personal data against unauthorised, or unlawful use or theft. We put in place strict confidentiality agreements, including data protection obligations, with our third party service providers and data processors.Your personal data may be transferred outside the European Economic Area (EEA), where processing activities such as technical support, storage and backup may be provided. When this data is sent outside the EEA, we shall ensure its secure transfer and that appropriate safeguards are in place for the processing of your personal data in accordance with this policy and the requirements set out in the GDPR.
What are your rights?
The GDPR provides you with a number of rights in relation to your personal data. These include rights to the rectification or erasure of your personal data, and to restrict or object to its processing.
If you find that any of the personal data that we hold about you is inaccurate, incomplete or contains errors, please notify us in writing and we shall undertake to make the appropriate corrections at the earliest opportunity.
Should you wish to have some or all of your personal data erased, we will endeavour to do so although there may be instances where legitimate interests or the performance of our statutory obligations prevent us from doing so. The erasure of your personal data could result in an inability to provide you with some or all of our services.
Restriction or Objection
If you wish to object to or restrict how your personal data is processed by us, you can do so by writing to us. Please see our contact us page. Please be aware that such requests could result in an inability to provide you with some or all of our services.You also have the right to data portability and to make a data subject access request.
You may request that Oxnorth provide the personal data that we hold about you to another data controller in a structured, commonly used and machine-readable format.
You may request to be told whether or not personal data about you is being processed by Oxnorth. If your personal data is being processed, you are entitled to receive a response from us that provides you with a description of that personal data, the purpose for which it is processed, the recipients or category of recipients to whom that data is disclosed (including any recipients located outside the EEA), the source of the personal data, and information about its retention and storage. A copy of the personal data that is undergoing processing shall be provided to you.