SPIO, Inc. has created this privacy statement in order to demonstrate our firm commitment to the protection of your privacy. The following discloses our information gathering and dissemination practices. We abide by and are compliant with the Data Protection Act 1998 (herein referred to as “The DPA”) and the General Data Protection Regulation (herein referred to as “The GDPR”) which went into effect on 25th May 2018. We are committed to keeping buyers’ personal information secure and confidential.
Lawful Basis for Processing Personal Data
For the purposes of The GDPR, we are the “Controller” and process all personal data lawfully, fairly and in a transparent manner. Under Article 6 of The GDPR, the lawful basis on which we process personal data received is that of “Contract” - whereby processing is necessary in order to fulfill buyer orders and inquiries. We retain information provided, such as transaction information for internal financial accounting purposes. It is a legal requirement to retain this information for a period of 7 years.
Data We Receive: Personal Identifiable Information
We receive personal identifiable information only when it is voluntarily submitted by buyers when placing an on-line, email or phone order. The data we receive includes: name, billing address, delivery name, delivery address, e-mail address (in encrypted format), telephone number, date of order, items ordered, value of items ordered, chosen method of delivery and payment information. A third-party intermediary is used to manage credit card or payment transfers processing. These intermediaries are not permitted to store, retain, or use your billing information for any purpose except for payment processing on our behalf. We do not sell or rent personal identifiable information to any third party for any purpose.
How we use buyers’ personal information
We may use any personal buyer information to:
· process and dispatch buyers’ order/s
· carry out regulatory checks to meet our legal obligations
· prevent and detect crime
· develop and improve our products
· undertake anonymized statistical analysis (we won’t be able to identify individuals from this data)
We treat all information we hold about buyers as private and confidential. We will not reveal any personal details or details concerning buyers’ orders to anyone not connected with us, unless:
· a buyer asks us to reveal the information, or we have a buyer’s permission to do so
· we are required or permitted to do so by law
· it is required by law enforcement, fraud prevention or credit reference agencies
We may share buyer personal information with our suppliers, service providers and other contractors only to fulfill orders buyers place with us.
Data Subject Access Requests
Under The GDPR buyers are entitled to obtain from us (the Data Processor for the purposes of The GDPR) a copy of the data held concerning them and to have any inaccuracies in the data rectified. We are obliged to provide this data to within 1 calendar month of the request and free of charge. However we have the right to refuse or charge for requests that are manifestly unfounded or excessive and repetitive.