Information we collect and how we collect it
The information we gather on our site falls into two categories: (1) personal data you supply when you become a member, order, complete a survey, post in a discussion forum, post news articles, or provide your email address, and (2) tracking information collected as you navigate through loftleaf.co.uk or another website we operate (‘Website’).
When you make a purchase, subscribe to our marketing messages, or become a registered user, we collect personal data about you such as your name, mailing address, e-mail address, telephone number, user name, and password. We may ask you for personal data when you place an order for products or complete a survey. We use this information to process your order, perform, and market the survey, respond to your request or to help improve our site.
When this type of personal data is collected, you will know because you will have to fill out a form of some sort or otherwise provide the personal data to us, for example in email or messages about your order.
If you access the Website through a social networking profile, we may collect, store and use the details of that social networking profile and any information contained therein in order to populate any forms you might wish to complete on the Website. We may also ask you to complete surveys and give feedback that we use for research purposes, although you do not have to respond to them.
When you use our site, we may collect tracking information such as your browser type, the type of operating system you use, the domain name of your Internet service provider, and pages visited on the site. None of this information identifies you personally; we collect it for aggregate reporting on-site activity.
How we use your personal data
Marketing - We may contact you with promotions we think might interest you, as part of our market research, either by mail or email. If you are at a legal entity such as a company, the legal basis for this processing is our legitimate interests. If you are an individual, our legal basis is also our legitimate interests if you are an existing customer or provided your details while negotiating to become a customer, otherwise the legal basis will be your prior consent.
Our Providers - We may also pass information about you to the service providers we use to carry out our services. In each case, we will have a written processing agreement providing appropriate and required safeguards for your personal data. Again, the legal basis here is our legitimate interest in providing a quality service to you.
If all or part of our business is acquired by or merged with another company, we may share your personal data with the potential or new owners. If we do, we will ensure that we only share the minimum necessary and appropriate safeguards are in place.
How and where we store your personal data
Our company is hosted on the Wix.com platform. Wix.com provides us with an online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases, and general Wix.com applications. They store your data on secure servers behind a firewall.
All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
We take the security of your personal data very seriously. In particular, we ensure that appropriate security measures are in place to protect your personal data. Unfortunately, the transmission of information via the internet is not completely secure and so we cannot guarantee the security of your data transmitted through the internet including through the Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Do we share personal information with third parties?
Your personal information will be made available for the purposes mentioned above (or as otherwise notified to you from time to time), on a ‘need-to-know’ basis and only to responsible management, human resources, accounting, legal, logistics, audit, compliance, information technology, and other corporate staff who properly need to know these details for their function. Please note that certain individuals who will see your personal information may not be based at our company or in your country (please see below).
We may share personal information as needed for reasonable management, analysis, planning and decision making, including in relation to taking decisions regarding the expansion and promotion of our product and service offering, order or customer request fulfilment and for use by those companies for the other purposes described in this Policy.
Your personal information may also be made available to third parties (within or outside the company) providing relevant services under contract to the company such as credit card processors, auditors and compliance managers, provider or call centers, and IT hosting and IT maintenance providers. These companies may use information about you to perform their functions on our behalf. We have put in place various security and data privacy measures, including with such third parties, in order to protect personal information and shall seek to comply with applicable legal requirements.
We will not sell your personal information to any third party other than as part of any restructuring of the company.
Will your personal information be transferred abroad?
You have the right to know if we process any personal data about you and, if we are, with certain limitations, to a copy of that personal data. You also have the right to ask us to remove or correct any of that personal data that is inaccurate, to object to certain processing, and to withdraw any consent you may have given us for any processing of your personal data. You also have the right to ask us to restrict processing certain of your personal data, to erase your personal data, and to ‘port’ certain of your personal data to you or another provider, provided in each case that we have such data and certain conditions are met.
You have the right, at any time, to object to the processing of your personal data for direct marketing.
Our communications are designed to tell you about the benefits we can offer so that you have access to our best deals. We use the information we have about you to tailor the content and try to ensure that the offers are as relevant to you as possible. Under the Data Protection Legislation, this might qualify as profiling and you have the right to object to this.
You also have the right, at all times, to notify a complaint to any regulator such as the UK Information Commissioner, although we would welcome the opportunity to discuss and resolve any complaint with you first. To exercise any of your rights, please contact us via the details on this page.
To protect your privacy and security, we may also verify your identity before granting access or making corrections.
As a default position, we will only retain personal data for any statutory retention period, then a reasonable period (if any) for the above purposes. This is subject, for example, to any valid opt-out or withdrawal of consent where processing is based on consent or other valid exercises of your data subject rights.
How to contact us