VIGOUR & SKILLS LIMITED a company incorporated under the laws of England and Wales with registered number SC513447 whose registered office is at Hillside, Albion Street, Chipping Norton, Oxfordshire, United Kingdom, OX7 5BH (‘V&S’ ‘Us’, ‘Our’ or ‘We’) have created this privacy statement (‘Statement’) in order to reflect the transparency requirements expected of Us by law and Our own ethics. In this Statement, references to ‘You’, ‘Your’ and ‘Customer’ are references to the artisan member Customers who use the V&S Marketplace Platform.
Your privacy is extremely important and We are only too happy to comply with the law and provide You with clear and transparent information about how We use Your Personal Data (‘PD’). We only process it for the purposes outlined and We process as little of it as possible. Our aim is not to be intrusive and We undertake not to ask You irrelevant or unnecessary questions. We will try Our best to keep Your PD accurate and up-to-date but do try to help Us with this too please!
We also have robust measures and procedures in place to minimise the risk of unauthorised access and to keep it secure. Also, We only share it with third parties where We have a right to do so and where we are satisfied that the third party shall treat it with the same or higher levels of respect.
This document outlines how We process Your PD when You use the V&S Marketplace Platform or otherwise communicate with us including by email or telephone. We are committed to respecting Your privacy and protecting Your PD. For the purpose of the Data Protection Legislation, We are the Data Controller (ICO registration number: CSN7207355).
For all matters relating to privacy and data protection, please contact Data Protection Manager (DPM) by email to privacy@vigourandskills.com.
This Statement incorporates Our Cookie Policy and Customer Terms as applicable by this reference. Unless otherwise stated, any defined terms in here shall have the meaning set out in the Customer Terms.
We might make changes to this Statement but if We do, We will, where appropriate, notify You by email, or, when You next log in, the amended version (and specific terms) will be displayed on-screen and You may be required to read and accept them to continue.
● How do We process Your Personal Data?
● How do We use Your Personal Data to communicate with You?
● Who has access to Your Personal Data and where is it stored?
● What are Your rights under Data Protection Legislation?
● How can You submit a query or a complaint?
● Definitions & Interpretations
1. HOW DO WE PROCESS YOUR PERSONAL DATA?
1.1 PERSONAL DATA YOU PROVIDE TO US VOLUNTARILY: In order for Us to provide You with Our Services, We need to process some of Your PD. We understand that Your PD belongs to You and You provide it to Us on trust that We will use it lawfully i.e. appropriately, proportionately, only in respect of the stated purpose and We will only hold on to it for as short a time as possible. Most important of all, We must have a valid lawful basis for processing Your PD. Rather than have lots of paragraphs of text where all these transparency requirements are scattered throughout this Statement, We hope You find having most of it all in one eyeshot in Our tables easier to navigate:
|
Personal Data (‘PD’) |
Source |
Purpose |
Lawful Basis for general processing |
Retention |
|
Information that You give Us to contract with Us to make a purchase, including: – Your contact details including: Your name, address, email address. – The details You provide to open an online account with Us. – The things that Supplier has provided, or, You have purchased from the Supplier. – Your payment details i.e. what You paid, how and when.
|
Customer |
We use this information, including to:
– Provide Supplier’s Products. – Manage and administer Our V&S Services. – Process Your Order; – Take payment from, or, give You a refund. – On-board You as a Customer. – Help Us to ensure that Our Customers are genuine and to prevent fraud. – Provide an electronic copy of Your Order and/or receipt. – Ask for Order fulfilment information and/ or feedback on Your recent purchase(s). |
For Processing this PD, We rely on the fact that You have a Contract with Us. |
6 years from the end of the relevant tax year after You close Your Customer account with Us. |
|
Information that You give Us to receive marketing communication, including: – Your contact details including: Your name, email address; – Postcode/ Region
|
Prospective Customer |
We use this information, including to:
– Send You marketing communications via email.
|
For Processing this PD, We rely on the fact that You have Consented to receive marketing communications from Us. |
We will keep Your PD for as long as You are subscribed to our email communications. You are welcome to unsubscribe at any time from Our marketing communications. |
|
Technical information about the way You use Our Services including: – Whether You have opened Electronic Mail from Us (and clicked on links in them). – Your purchasing activity. – Your marketing preferences. |
Customer |
We use this information, including to:
– monitor the effectiveness of the Site and Our Marketing Communications/ Non-Marketing Communications. – Develop new V&S Services based on what We learn from Your activity and the activity of other Customers. – Improve Our V&S Services and efficiency of Supplier fulfilment services to help Us and Supplier to meet Your needs and expectations. – Identify Products and marketing that may be of interest to You. – Personalise Our V&S Service to You: to provide You with, make available, and show You more of the things which interest You, based on Your shopping and viewing activity and feedback (where permitted) – Statistical analysis and research with the purpose of allowing Us to better understand the breakdown of Our Customers, the Products being bought, the demographics of those buying Our Products, what attracts Our Customers to Our Products, where Our Customers have come from online (such as from links on other websites or advertising banners), and the way in which Our V&S Marketplace Platform is used by different users groups. |
For Processing this PD, We rely on Our legitimate interests of Our business. |
6 years from the end of the relevant tax year after You close Your Customer account with Us. |
|
Financial/ Accounting Transactions |
Customer |
To record sales/ purchases made in the business |
For Processing this PD, We rely on the fact that We have a legal or statutory obligation |
6 years from the end of the relevant tax year |
|
Information when You communicate with Us whether in person, via the V&S Marketplace Platform or via email, over the phone, through social media or via any other medium, including: – Your contact details (this may include Your social media account if that’s the way you communicate with Us). – The details of Your communications with Us (including when You sent it, when We received it and where You sent it from (such as Our V&S Marketplace Platform, via email, through social media)). – The details of Our messages to You. |
Customer |
We may use this information, to: – Answer any issues or concerns. – Monitor Customer communications for quality and training purposes. – Develop new V&S Services which is based on the information You provide. – Improve Our V&S Services based on the information and feedback You provide and the information and feedback provided by others which is similar to Your information and feedback. – Personalise Our V&S Services to You to take account of the information and feedback You have provided. |
For Processing this PD, We rely on the fact that You have a Contract with Us. |
6 years from the end of the relevant tax year after You close Your Customer account with Us. |
|
Information provided as part of Your online account including: – Your username. – Your password. – Your account settings. – Your account preferences. – Your email address. – Your marketing preferences. |
Customer |
We use this information, including to:
– Provide Our V&S Services; – Manage and administer Our systems. – Identify how You’d like to use Your account. – To communicate with You regarding Your account and Our V&S Services. |
For Processing this PD, We rely on the fact that You have a Contract with Us. |
6 years from the end of the relevant tax year after You close Your Customer account with Us. |
1.2 We are a growing artisan marketplace and We do want to be of value to You during Our relationship so if We ever require further PD from You or if We would like to use Your PD for a different purpose, then We will always provide You with additional information about this at the point that You are invited to make use of these additional services.
1.3 OUR RETENTION RIGHTS: How long We keep Your PD depends on the context in which You provide it and the purpose for which We use it. See the last column in the table above. Do note that We need to retain sufficient information about You in compliance with certain legal or statutory requirements, for example, in the event of a legal or insurance claim in the future so that We can identify You.
1.4 Where We state that We rely on consent to process Your PD for a particular purpose, You have the right to withdraw Your consent at any time. This will not affect the lawfulness of processing carried out by Us which was based on consent before its withdrawal.
1.5 PERSONAL DATA WE PROCESS AUTOMATICALLY WHEN YOU USE OUR SERVICES: This typically relates to technical data involving the use of cookies and other technologies. This data is typically processed via the use of first party cookies or third party cookies (e.g. where We use third party services by way of plugins or other software licensed to Us by a third party e.g. analytics related to the use of Our own Site OR cookies set by operators of a third party service such as social media and file sharing networks e.g. Twitter and Facebook). The types of data obtained about You may include Your e.g. visits to V&S Marketplace Platform; page views, downloads, navigation and exit; IP address; geographical location; browser type and version; operating system; referral source; length of Your visit (‘Technical Data’). This enables Your online activity to be tracked and for advertisements to be targeted to You (subject to Your cookie consent management preference settings). To learn more, please see Our Cookie Policy.
2. HOW DO WE USE YOUR PERSONAL DATA TO COMMUNICATE WITH YOU?
2.1 NON-MARKETING COMMUNICATIONS: You acknowledge that, Your PD may be used by Us (or a Service Provider on Our behalf) to contact You when necessary in connection with Your use of V&S Marketplace Platform and to access Our Services as follows:
|
Non-Marketing Communication? |
Method of receipt |
Lawful Basis for general processing |
|
Order Acknowledgements and Dispatch Confirmations or requests for information or other customer service/ administrative communications e.g. organising Order cancellations, collections, returns etc” |
telephone, email, text |
For Processing this PD, We rely on the fact that You have a Contract with Us. |
2.2 MARKETING COMMUNICATIONS: From time to time and with Your lawful (express or implied) permission, We (or a Service Provider on Our behalf) send you Marketing Communications (and monitor whether You have opened the communication and clicked on any included links which will enable Us to understand Your level of engagement/ interest in the communication We are sending to You). We want to keep You interested!
|
Marketing Communication? |
Method of receipt |
Lawful Basis for general processing |
How can you opt out? |
|
Newsletter with/ or information or offers regarding upcoming promotions, services or surveys etc |
|
For Processing this PD, We rely on Your consent where You have signed-up to receive Our newsletter on the V&S Marketplace Platform or otherwise (or We may rely on legitimate interests where You make a purchase or discuss making a potential purchase with Us and You do not subsequently opt out of receiving Marketing Communications at check-out). |
You will be able to log in to Your account at any time to amend Your preference. You can also amend Your preference by clicking on the link at the bottom of any email Marketing Communication. |
2.3 MARKETING COMMUNICATIONS FROM V&S: If You agree to receiving any of the above Marketing Communications but later change Your mind, You can opt out at any point, by amending Your account preferences on the V&S Marketplace Platform. Alternatively, You can use the ‘unsubscribe’ link at the end of any Electronic Mail received. If you opt out, We will retain Your PD on our suppression list so that We comply with Your wishes not to be contacted again.
2.4 LEGITIMATE INTERESTS TO PROCESS YOUR PERSONAL DATA: We may process PD about You where We rely on “legitimate interests” as Our lawful basis. Where this is the case, We will have carried out an assessment to determine that We have valid and lawful rights to do so. Despite this, if it bothers You, You have the right to object to any of the processing We undertake by completing Our Data Subject Rights Request Form.
2.5 RESEARCH & STATISTICS: We may use communications information to compile anonymous statistical reports showing information like the number and type of query and how each has been resolved. Occasionally We will use information provided to develop case studies for learning and development purposes. We will be very careful to ensure that any information that could re-identify a person is removed or changed to preserve anonymity.
2.6 OTHER WEBSITES OR APPLICATIONS & THEIR POLICIES: V&S Marketplace Platform may contain links to other websites or applications. We are not responsible for the privacy practices or policies or for the content of such websites or applications of such third parties, so You should be careful to read and understand those policies independently.
2.7 SOCIAL MEDIA:
►Social media plugins: On Our Site, We have included social media plugins that You can use to share certain content over social networks. To protect Your privacy, We offer You these social plugins as so-called “2-click buttons.” The “2-click solution” prevents data (e.g. Your IP address) from being transmitted to social networks such as Facebook or Twitter as soon as You open Our Site. For this purpose, the buttons are deactivated by default and are only activated by clicking the social plugins for the first time. After activation, the plugins also collect PD such as Your IP address and send it to the servers of the respective provider where it is stored. In addition, activated social plugins set a cookie with a unique identifier when loading the relevant website. This also allows providers to create profiles of Your usage behaviour. The data will be used to show You personalised advertising, as well as for market and opinion research purposes. PD transfer is independent of whether You have an account with the plugin provider and are logged in there. If You are logged in with the plugin provider, Your data collected with Us will be assigned to Your existing account with the plugin provider. We have no exact information about the concrete use of the data nor about the storage period. Please read the privacy policy of the respective providers. We have integrated the plugins of the following providers on Our Site:
- Facebook (Facebook Inc., USA, Data protection declaration: https://www.facebook.com/policy.php)
- Twitter (Twitter Inc., USA; Data protection declaration: https://twitter.com/privacy/)
- Pinterest (Pinterest Inc., USA; Data protection declaration: https://help.pinterest.com/en/data-protection-officer-contact-form).
- Instagram (Instagram Inc., USA Data protection declaration; https://help.instagram.com/519…
- LinkedIn (LinkedIn Ireland Unlimited Company; https://www.linkedin.com/legal…)
3. WHO HAS ACCESS TO YOUR DATA & WHERE IS IT STORED?
3.1 THIRD PARTIES:
We may engage or collaborate with a Third Party for a variety of different reasons. This may be in relation to the performance of Our business and daily operational functions on Our behalf to enable Us to fulfil Our Services only (including making improvements to Our Services). Where it is necessary to share Your PD, We will limit the PD that We share to the minimum required to provide the Service and the Data Processor (or Data Controller) will only be able to use it for the specific purposes for which it was shared. If We stop using the service of a Data Processor, We ensure Your PD is deleted or securely returned to Us.
From time to time, We may transfer Your PD to a related company, agent or contractor (also known as an independent Data Controller) e.g. where We introduce You to a complimentary service.
From time to time, We may transfer Your PD to a related company, agent or contractor (also known as a Joint Data Controller) e.g. where We collaborate on a joint project together.
The last column relates to where the PD goes and what safeguards are in place in the recipient territory where it is transferred/ stored. It will be one or more of the following:
WHERE? |
INFO AROUND SAFEGUARDS |
United Kingdom |
We may store some or all of the PD in the United Kingdom only. Should We need to transfer Your PD outside of the UK or EEA in the future, it will be in compliance with the GDPR requirements for external transfer and all details will be added to Our Statement. |
Within the EEA |
We may store some or all of the PD in the EEA. Should We need to transfer Your PD outside of the EEA in the future, it will be in compliance with the GDPR requirements for external transfer and all details will be added to Our Statement. |
Outside EEA |
We may store some or all of the PD in a country outside of the UK and EEA. We will not transfer Your PD to any Third Parties based in other countries outside the EEA unless there is a European Commission adequacy decision, the EU-US Privacy Shield Certification or the EU Commission approved Standard Contractual Clauses are in place. |
If You would like more information about any of the transfer safeguards We implement please contact Us using the details as set out at Clause 5 of this Statement.
|
What type of PD is shared with Third Parties by Us? |
What is Our role? DC or DP |
What is the Third Party’s specific name? OR category of Third Parties? |
Third Party Role: JDC or IDC or DP |
What is the Purpose of sharing the PD? |
What Lawful Basis do We rely on to transfer the PD? |
Where is the PD transferred to? What safeguards are in place? |
|
All PD related to the purpose |
DC |
DP |
To host V&S Marketplace Platform |
Contract |
This third party participates in and has certified its compliance with the EU-US Privacy Shield Certificationhttps://www.endurance.com/priv… |
|
|
All PD related to the purpose |
DC |
DP |
To store documents |
Contract |
This third party participates in and has certified its compliance with the EU-US Privacy Shield Certificationhttps://www.dropbox.com/privac… |
|
|
All PD related to the purpose |
DC |
DC |
To manage the business accounts |
Contract |
https://www.xero.com/uk/about/… |
|
|
All PD related to the purpose |
DC |
Legal Advisors & Legal Authorities/ Enforcement bodies |
DC |
to enforce the terms under which You transact or communicate with Us/ to assist law enforcement |
Legal/ Statutory obligation & Contract |
Unknown but are (or will be UK based) |
|
All PD related to the purpose |
DC |
Microsoft Inc |
DP |
To use Outlook email/ store documents on OneDrive |
Contract |
This third party participates in and has certified its compliance with the EU-US Privacy Shield Certification |
|
All PD related to the purpose |
DC |
Google LLC |
DP |
To store documents in GoogleDrive |
Contract |
This third party participates in and has certified its compliance with the EU-US Privacy Shield Certificationhttps://policies.google.com/pr… |
|
Name and email |
DC |
Rocket Science Group LLC |
DP |
Direct electronic mailings & consent management including creation of suppression lists to ensure a Customer who objects to processing is excluded in the future. |
Legal/ Statutory obligation Consent/ Legitimate Interests |
This third party participates in and has certified its compliance with the EU-US Privacy Shield Certification |
|
Name, contact details and any other PD that is placed on Facebook by You and made accessible to Us |
DC |
JDC |
So that the Data Subject can be a part of the Facebook Page community. More information can be found on Facebook here. |
Consent |
This third party participates in and has certified its compliance with the EU-US Privacy Shield Certificationhttps://www.facebook.com/about… |
3.2 Transfer of Personal Data in the Event of the Sale of Vigour & Skills Limited or its Assets
In the event that Vigour & Skills Limited is sold or transfers some of its assets to another party, Your PD could be one of the transferred assets. If Your PD is transferred, its use will remain subject to this Statement. Your PD will be passed on to a successor in the event of a liquidation or administration.
4. WHAT ARE YOUR RIGHTS UNDER DATA PROTECTION LEGISLATION?
4.1 You have a number of rights that You can exercise free of charge and on request in certain circumstances, however, if Your requests are obviously unfounded or excessive, We reserve the right to charge a reasonable fee or to refuse to act. You have the right:
- to be informed about the collection and use of Your PD. This is what this Statement fulfils;
- to access Your PD and supplementary information (‘DSAR’);
- to have inaccurate PD corrected, or completed (if it is incomplete);
- to have Your PD erased;
- to restrict Our processing of Your PD;
- to receive a copy of any PD You have provided to Us, in a machine-readable format, or have this information ported to a third party;
- to object AT ANY TIME to processing of Your PD for direct marketing purposes;
- to object in certain other situations to the continued processing of Your PD.
For more information on these rights and when you can exercise them, see the Information Commissioner’s Guide
4.2 If You wish to exercise any of these rights, please complete Our Data Subject Rights Request Form. We will respond to You within one month from when We receive Your request, unless the complexity and number of requests We receive means that we need more time. If We do need more time (up to two further months), We will tell You why within the first month.
5. HOW CAN YOU SUBMIT A QUERY OR A COMPLAINT?
QUERY: We are happy to provide any additional information or explanation needed in respect of Our processing activities upon request. For all matters relating to privacy and data protection, please contact Our DPM.
COMPLAINT: We try to meet the highest standards when processing Your PD. For this reason, We take any complaints We receive about this very seriously and We encourage You to bring it to Our attention. While We hope to be able to resolve any concerns You have about the way that We are processing Your PD, You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) (or with the supervisory authority of the European Member State where You work, normally live or where the alleged infringement of data protection laws occurred) if You believe that Your PD has been processed in a way that does not comply with the Data Protection Legislation or have any wider concerns about Our compliance. You can do so by calling the ICO helpline on 0303 123 1113 or via their website here.
6. DO WE USE COOKIES?
For information about cookies and how they are used on V&S Marketplace Platform, please visit Our Cookie Consent Preference Management Centre accompanied by Our Cookie Policy.
7. CHANGES TO THIS STATEMENT
We keep Our Statement under regular review. This Statement was last updated on 01st March 2020.
8. DEFINITIONS & INTERPRETATIONS
Data Controller or DC or JDC or IDC: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of PD (Article 4(7));
Data Processor or DP: means a natural or legal person, public authority, agency or other body which Processes PD on behalf of the Data Controller (Article 4(8));
Data Protection Manager (DPM): privacy@vigourandskills.com
DSAR: refers to right of access to data by a data subject as further described in Clause 4.
EEA: refers to the European Economic Area which consists of all EU member states, plus Norway, Iceland, Liechtenstein.
Electronic Mail: includes but is not limited to email, text, video, voicemail, picture and answerphone messages (including push notifications).
Marketing Communication(s): refers to any communication whether by an Electronic Mail method or otherwise that We send to You (either directly or via a Service Provider) which may include but are not necessarily limited to relevant newsletters and magazines, information about opportunities, products, services and events and relevant information.
Non-Marketing Communication(s): refers to any communication which is functional/ administrative only as distinct from Marketing Communications.
Service Provider(s): refers to a Third Party with whom We work with from time to time as a necessary part of providing Our Services and with whom We may need to share Your PD.
Technical Data: refers to that at Clause 1.5 which is capable of being considered PD.
Third Party: refers to a Data Processor or Data Controller with whom We may need to share Your PD. This includes Service Providers as applicable.
V&S Services: refers to the services We may provide to You.
Contains public sector information from https://ico.org.uk licensed under the Open Government Licence v3.0 [[http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/]].