Our goal is that you have a safe shopping experience on-line and we protect the personal data you entrust with us to the highest standard. For all our services we act as the Data Controller for you and we are responsible for keeping your data safe.
Security and privacy of your personal data is our commitment to you.
We will store all the personal information you provide on the secure servers of our web service provider. All electronic transactions you make to or receive from us will be encrypted using SSL technology and we will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information while it is in our care. We cannot guarantee the safety of data transferred by you over the Internet. You personally are responsible for keeping your personal access details safe.
Aim at all times to be clear about how we use your data.
Personal data submitted on this website will be used for the purposes specified below; data will not be passed used for or passed on to third parties for direct marketing unless we have your expressed consent.
Lawful Basis for Processing
As per Article 6 of the GDPR the Lawful Bases for Processing are:
- Consent – we have been given clear consent/permission for processing your personal data. .
- Contract – it is necessary for us to process your personal data as part of a contract or following specific steps before entering a contract. .
- Legal Obligation – we need to process your personal data to comply with the law. .
- Vital Interests – it is necessary to process personal data to protect someone’s life. .
- Public Task – it is in the public interest for us to process your personal data and the processing has a clear basis in law.
- Legitimate Interests – the processing is necessary for our legitimate interests as a company or a third party unless there is a good reason to protect your personal data that overrides these legitimate interests.
How we use your name, address, email address and telephone number to contact you.
We need your contact details so that we can provide our services to you for the purposes below:
|To send you goods purchased via the website.||We need your name and contact details to fulfil our contract with you and so we can send you goods.|
|To send order confirmations and invoices to you.||We need your name and contact details to fulfil our contract with you so that you have the correct information about your order.|
|For internal record keeping.||We need to keep records of your orders so that we can fulfill your orders and provide you with customer service as part of our contract.|
|To improve our products and services.||So that you can provide on-line reviews on items you buy on the website in order to improve our service and products either directly with ourselves or a third party review site, but you only if you want to!|
|To send you commercial communications.||Our newsletter includes discounts, special offers and product launches. You can give us your email address for this but only if you're interested and give us permission to do this!|
|To deal with enquiries and complaints made by you relating to our service and website.||We need your name and contact details in order to communicate with you if you have any enquiries or complaints, so that we can give you good customer service as part of our contract.|
|To deal with any other enquiries or complaints made by you as a prospective customer or any other interested party.||We need your name and contact details in order to communicate with you if you have any enquiries and complaints as part of our interests as a business and to protect your interests.|
|To send you marketing information with your express permission via email, post and SMS and select any or all of these channels. You have the right to terminate marketing communications at any point.||We need your name and contact details to send you marketing information but only if you give us permission to do this. If you have consented to marketing we will promote discounted brands that you have expressed an interest in within your basket selection.|
|To fulfil Subject Access Requests made by you.||We need your name and contact details in order to fulfil any Subject Access Requests made by you as part of our legal obligations under Data Protection Law.|
|To follow up if you have purchased products from our website as part of our customer care procedures.||We need your contact details to follow up on purchases as it is in our interest is to see you get a great service.|
|To provide a search of your town and postcode to enable quicker entry of your address details during purchasing.||This data is provided to a postcode and address matching service to enable quicker entry of address during checkout process as it is in our interests to provide you with a quick checkout service and save you time. Customers also have the option to enter the address manually.|
How we use your payment information.
We do not retain your full payment card data after the transaction and only collect your payment information for the purposes below:
|Take payment and give refunds.||So that you can pay for your goods and fulfill your contract with us. For card payments we take your card details and billing address.|
|To detect and prevent fraud.||To protect yourself and Drome against fraud. In both our interests to have a safe shopping experience and prevent crime!|
How we use information about your use of our website.
|Improve your personal experience by personalising the website.||Making it easier for you to look at products you are interested in based on your previous use of the website. It is in our interest to see that you have a great shopping experience!|
|To provide third parties with statistical information about our users.||So that we can get information about browser types, geographical location, referral source from our affiliate program and length of stay and pages visited as it is in our interest that you find it easy to use and improve our web service.|
|To track shopping basket use so that we can offer you discounts.||We track selections in your basket that may be eligible for discounts during your purchasing journey. It is in our interest that you get the best deal!|
Focused on your rights to keep control of your data.
- We will keep you up to date in how we process your information through Privacy Notices like this one.
- You can access your information and receive information about how we use your information and the lawful basis for its use. You can also receive your information in an electronic portable format such as a CSV or PDF file.
- You can request correction of your information if it is found to be inaccurate, where possible we will enable you to do this for yourself to give you greater control. For example, if you have an account with us you can probably sign in under your account and correct some of this for yourself.
- You can request that your information is removed or for us to stop processing or collecting your information in some circumstances.
- Where you have given us permission to use your information you can change your mind at any time to either restrict the use of the information or remove the information. Particularly if you no longer wish us to send you marketing updates. See Stop Marketing Updates and Updating your Marketing Preferences.
- The right to complain to the Information Commissioner’s Office (the ICO) if you feel your information has been misused: https://ico.org.uk/concerns/handling/ or telephone the ICO on 0303 123 1113. Please raise any concern with us in the first instance, as they will usually ask you to get in touch with us first.
To contact us on any of the above, please contact our customer service team.
Our contact details are within the Data Access Requests and Raising Concerns section of this policy.
Ensure that we do not keep your data any longer than we need to.
We only keep your personal information for as long as we need it, either for the lifetime of your account or for the purposes of providing customer service to you. We may also retain some personal information after the lifetime of your account for legal and regulatory purposes, for the purposes of recording disputes, fraud prevention or for terms and conditions we have agreed with you. In these cases, we will seek to minimise the amount of personal information we hold to ensure that we only retain the personal information we require to meet these obligations.
Data Access Requests and Raising Concerns.
Data Access Requests
You are entitled to request a copy of personal data held about you, the reasons why we process your personal data and the lawful basis for processing your personal data see Your Rights above. This is known as a Subject Access Request (SAR). To obtain a copy please either write to us:
DROME Customer Services, Sandbrook House, Sandbrook Park, Sandbrook Way, Rochdale, OL11 1RY
Or phone Customer Services on: 01706 714229
Or email: Customer Services at: firstname.lastname@example.org
In the subject line of your email please entitle it: Data Access Request
You are entitled to receive this information in a portable format such as a CSV or PDF file. We will respond within 1 calendar month.
Exceptions - If the request is complex then we will be in touch with you to agree an extension to fulfil your request in full. If the request is deemed to be ‘excessive’ or ‘unfounded’ as defined within GDPR we can refuse to process the SAR or charge a reasonable admin fee. We will inform you of any exceptions if this is the case and you have the right to appeal to the ICO.
The Information Commissioner’s contact details are:
The ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF. They can also be contacted via their helpline on 0303 123 1113 or via their website at https://ico.org.uk/make-a-complaint
If you have any concerns about how DROMEs are processing your personal data then please contact the customer services team with the contact details above. If using email, please entitle the subject line: Information Rights Concern
Additional Processing and Sharing with Third Parties.
We use third parties to provide supporting services for Footasylum plc. These enable us to provide the web and ecommerce service so that you can purchase goods.
- Web Hosting Service Provider providing web hosting service for this website.
- Web Developers.
- Network Service Providers.
- IT Service Providers.
- Email Service Providers.
- On-line review sites (these act as Joint Data Controllers). Please read the privacy and cookie policies of these sites.
We use third parties who act as data processors for DROME. We share some aspects of your personal data with these organisations.
- Courier companies who need your name and address details so that we can deliver our goods to your address, these also provide a tracking service where you can keep track of your deliveries.
- Postcode and address finder service company who will enable quicker completion of the order checkout process.
- Payment Service Providers who need to process credit/debit card payments in order for you to purchase goods and services from DROME.
- Credit Reference, Law Enforcement and Fraud Prevention agencies for the purposes of preventing fraud and cyber crime.
- See Other Parties for linked sites below.
Transfers of your personal data.
We share some or all of your personal data, depending on the requirement of the service provided by third parties listed above in Additional Processing and Sharing with Third Parties.
We do not transfer your personal data outside the EU/EEA. We do not sell your personal data to third parties.
Our Approach with services outside the EU/EEA
In the future if we seek to transfer personal data or use services which host personal data outside the EU/EEA, we will only transfer to entities that provide contractual guarantees (standard contract clauses) or who are located in countries who have an adequacy arrangement with the EU to protect your data with the same level of privacy as entities within the EU/EEA. We will perform the necessary due diligence to safeguard your personal data with these organisations. Either one or all of these approaches will be reviewed in line with CJEU rulings to ensure compliance with GDPR if necessary.
We will update our Privacy Notice in this event to ensure that you are kept informed.
Keeping you up to date.
We will make changes to the Privacy Notice from time to time, in line with any new legal requirements or any changes we make within the business regarding the processing of your personal data. This version of the Privacy Notice includes processing of personal data for competition entries, updated guidance for third country processing and processors and controllers was published in July 2019.
Cookies (collection of Anonymous Data).
A cookie is a small text file stored by your web browser on your computer or mobile phone's hard drive. Some cookies are essential for the website to work for example to remember what you have added to your basket while you browse the site. They are useful because they help us to provide you with relevant information, such as remembering what you have in your wish list or basket when you return to our site. They also allow us to recognise your computer (but not specifically who is using it) when you access our website and to improve the usability and performance of our website.
Stop Marketing Updates.
You can stop your marketing updates by selecting the Unsubscribe link at the bottom of each email as illustrated below:
Or by Updating Your Preferences here:
Or by contacting our Customer Service Team in writing:
DROME Customer Services, Sandbrook House, Sandbrook Park, Sandbrook Way, Rochdale, OL11 1RY
Please be aware that you may receive one or two emails between the time we receive your request and the time we stop the marketing updates.
Updating your Marketing Preferences.
You can control your marketing preferences via your Account page and choose whether you wish to receive updates via email, SMS or direct mail (post).
We also give you control over your marketing preferences during the checkout process as follows:
[ ] By Email [ ] By SMS [ ] By Post [ ] All
Consent – One of the Lawful Basis for Processing personal data. You (the Data Subject) should be provided with the opportunity to give informed and explicit consent for data processing which is deemed to have a high impact.
CJEU – Court of Justice of the European Union.
CSV File – Comma Separated Values file. This is a portable format for electronic data which can be transferred to different computing platforms.
Data Controller – Usually the company who you directly provide your personal data to.
Data Processor – A company that the Data Controller passes personal data to for processing under the instructions of the Data Controller. Data Controllers can also be Data Processors.
Data Subject – You. The individual which personal data identifies.
Data Transfers – Sharing or moving personal data to a third party. As a Data Controller we must ensure that your personal data is transferred securely and is provided by the same level of privacy as our own controls and in compliance with GDPR.
GDPR – The General Data Protection Regulation enforced from 25th May 2018 which replaces the Data Protection Act 1998, bringing Data Protection up to date and strengthening Data Subject’s rights.
Information Commissioner’s Office – The ICO is the supervisory authority for the United Kingdom and enforce data protection law.
Joint Data Controllers – A relationship where two or more Data Controllers may collect information from you and process personal data for their own purposes. You are advised to read the Privacy Policies of these sites.
Lawful Basis – Companies require a lawful basis to process your personal data. You (Data Subject) have the right to know what lawful basis a company is using to process your personal data.
Personal Data – Information that can uniquely identify an individual. Loss of this can have an impact to an individual which is the reason why it must be protected.
PDF File – Portable Document Format file. This is a portable and easily readable format for electronic data which can be transferred to different computing platforms.
Provider – An external company who provide a service to the company who is processing your personal data, these may also be data processors.
SSL Technology – A form of encryption over public networks such as the Internet. This protects the data sent between your browser and our web server. Although known as SSL technology this has been largely superseded by TLS (Transport Layer Security).
Subject Access Request – A request from a Data Subject to provide information on the personal data processed by the Data Controller and Data Processor (if applicable).
Third Party – An external company or party who we may transfer data to or who may have an impact on the privacy of your data. As a Data Controller we must take appropriate technical and organisational measures to protect the privacy of your data.
Web Developers – An internal or external team who write and maintain the code for the web application.
Web Hosting – A service provider who provides a web server or environment for a web server as a service to a company.