Welcome to Replacement Keys. This is our Privacy Notice. We ask that you read this notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
It also contains details regarding our passing of your email address to our review processing partner, reviews.co.uk.
This privacy notice is divided into the following sections:
This website is operated by Replacement Keys Ltd. We are a limited company registered under company number 11908101 in England and Wales. We collect, use and are responsible for certain personal information about you. We are responsible as ‘controller’ of that personal information for the purposes of applicable laws.
This privacy notice relates to your use of our website, replacementkeys.co.uk, and any orders you place with us.
From time to time you may provide to us personal data. This may be because:
All personal data that you provide to us must be true, complete and accurate.
When you contact us by email or post, we may keep a record of the correspondence and we may also record any telephone call we have with you.
We may collect, use, store and transfer different kinds of personal data about you:
When you use our website, we may automatically collect and store information about your Technical Data and Usage Data. Some of this information is collected using cookies and similar tracking technologies. If you want to find out more about the types of cookies we use, why, and how you can control them, please see our Cookies Policy.
We have set out below a description of all the ways we plan to use your personal data, and which of the legal basis we rely on to do so. The key below the table provides more information about the legal basis for processing your data. Where applicable we have identified what our legitimate interests are in relation to the processing of your data.
The legal basis we may rely on include:
|Purpose/Activity||Basis||Lawful basis for processing your information|
|To process your order and any returns||Contact Identity||Performance of a contract with you|
|To comply with our tax and legal obligations||Contact Identity||Necessary to comply with a legal obligation|
|To use data analytics to improve our website, products/services, marketing, customer relationships and experiences||Technical Usage||Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|To administer and protect our business and this website (including improving and fixing our service, analysis, testing, system maintenance, support, reporting and hosting of data,)||Technical Usage||Necessary for our legitimate interests (for running our business security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)Necessary to comply with a legal obligation|
|To send you marketing information||Contact IdentityMarketing Usage||ConsentNecessary for our legitimate interests|
We share your email address and username with our email service providers
Our payment service provides will collect your payment information for the purposes of processing your payments for keys.
We will share your personal details with companies we engage to deliver products for the purposes of allowing you to receive tracking notifications when a tracked delivery option is used.
Some of those third party recipients may be based outside the United Kingdom — for further information including on how we safeguard your personal data when this occurs, see Transfer of your information out of the UK.
We will share personal information with law enforcement or other authorities if requested in accordance with applicable law.
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
If we sell our business or substantially all of its assets are acquired by a third party, personal data held by us about our customers will be one of the transferred assets.
We may be under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply and other agreements; or to protect the rights, property, or safety of our business, our customers, or others.
Some or all of your personal data may be stored or transferred outside of the United Kingdom for any reason, including for example, if our email server is located in a country outside the United Kingdom or if any of our service providers are based outside of the United Kingdom.
Where your personal data is transferred outside the United Kingdom, it will only be transferred to countries that have been identified as providing adequate protection for personal data or to a third party where we have approved transfer mechanisms in place to protect your personal data.
For further information on cookies generally visit About Cookies or All About Cookies.
Under the Data Protection Act 2018 you have a number of important rights free of charge. Some of these rights are complex, and not all of the details have been included below. Further information can be found here
In summary, those include rights to:
If you would like to exercise any of those rights, please:
Except for key codes (which we delete no later than two weeks from confirmation of your order) we will keep this information in accordance with a data retention schedule designed to ensure that we only retain your data for as long as necessary for the purposes described in the table above.
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
You may consent to receive marketing or we may rely on our legitimate interest to send you email messages from us about our website and our services. You can choose to no longer receive marketing emails from us by contacting us or clicking unsubscribe from a marketing email. Please note that it may take us a few days to update our records to reflect your request.
We may also be required to retain personal data for a particular period of time to comply with legal, auditory or statutory requirements, including requirements of HMRC in respect of financial documents and in order to deal with any dispute you might raise. To determine the appropriate retention period for personal data, we consider the type of the personal data, the potential risk of harm from unauthorised use or disclosure of the personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means.
Where we have no legal basis for continuing to process your personal data, we shall either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
For the avoidance of doubt, we may use anonymous data, such as usage data for research or statistical purposes indefinitely without further notice to you.
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
This privacy notice was last updated on 3rd March 2023
We may change this privacy notice from time to time, when we do, we will inform you via email, where appropriate.
Please contact us at firstname.lastname@example.org if you have any questions about this privacy notice or the information we hold about you.