Welcome to Replacement Keys. This is our Privacy Notice. We ask that you read this notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
It also contains details regarding our passing of your email address to our review processing partner, reviews.co.uk.
This privacy notice is divided into the following sections:
This website is operated by Replacement Keys Ltd. We are a limited company registered under company number 11908101 in England and Wales. We collect, use and are responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union and the United Kingdom and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
This privacy notice relates to your use of our website, replacementkeys.co.uk, and any orders you place with us.
We have set out below a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. The key below the table provides more information about the legal basis for processing your data. Where applicable we have identified what our legitimate interests are in relation to the processing of your data.
|When information is collected||What information we collect||How and why we use your information|
|When you place an order with us||Information provided at the checkout||
We collect this:
The legal bases we may rely on include:
We share your email address and username with our email service providers, Google Suite and Amazon SES.
Stripe or PayPal will collect your payment information for the purposes of processing your payments for keys.
We will share your email address with Royal Mail for the purposes of allowing you to receive tracking notifications when a tracked delivery option is used.
Some of those third party recipients may be based outside the European Economic Area — for further information including on how we safeguard your personal data when this occurs, see Transfer of your information out of the EEA.
We will share personal information with law enforcement or other authorities if requested in accordance with applicable law.
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
If we sell our business or substantially all of its assets are acquired by a third party, personal data held by us about our customers will be one of the transferred assets.
We may be under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply and other agreements; or to protect the rights, property, or safety of our business, our customers, or others.
We may transfer your personal information to the following which are located outside the European Economic Area (EEA) as follows:
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
Except for key codes (which we delete no later than two weeks from confirmation of your order) we will keep this information in accordance with a data retention schedule designed to ensure that we only retain your data for as long as necessary for the purposes described in the table above.
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
This privacy notice was last updated on 25/07/2019.
We may change this privacy notice from time to time, when we do, we will inform you via email, where appropriate.
Please contact us at email@example.com if you have any questions about this privacy notice or the information we hold about you.