Who we are
Woodmansterne Publications Ltd (“We” “Us”), registered company number 927578 is a publisher of greetings cards & social stationary which also includes the publishing divisions of “Cardmix” and “The Proper Mail Company”. It also contains its printing division, “The Croxley Press”, its fulfilment and distribution division, “MrPickwick.com” and its Retail Display Planning, Merchandising and Brokerage division “Woodmansterne Retailer Services”.
What Personal Data we collect
- We may collect personal contact details such as full name and title, telephone numbers, addresses and email addresses.
- We record details of order history, and records of any services we provide.
- Records of contact we have with customers, such as complaints, queries or information requests.
- Visitors to any of our sites may have their image recorded on CCTV, which could also include a car number plate to manage parking restrictions.
- Details of visits to our website in the form of cookies, which can contain personal information.
When Personal Data is collected
- Personal data may be collected when a retailer or supplier account is opened with us. We can collect personal information regarding sole traders from credit reference agencies when opening a credit account.
- Additional data such as updated contact details can be collected when customers phone us, or when we have meetings with them. We also record information such as bank details when arranging payment to suppliers.
- Email addresses, which can be in addition to ones held in our main contact files are used when opening and accessing accounts on our online stores.
- When services are provided together with a business partner and the business partner collects information in order for us to provide the service (e.g. a courier collecting a signature for proof of delivery).
What we use the data for
- To fulfil our contractual obligations. This includes:
- To provide goods and services we offer to our customers. This is (e.g. accepting and delivering an order for goods).
- Processing new account applications
- All activities relevant to managing an account to provide or receive a good or service.
- Where it is necessary to serve our legitimate interests. Examples include:
- To perform essential business functions to enable us to operate our business and make informed decisions and report on performance of our business.
- Improve our websites and online stores by monitoring its use.
- For research and analysis of product, company, and market performance.
- To supply retailers and buyers updates of our product and service range through the supply of appropriate material such as catalogues, marketing material and product information.
Who we share information with
- Third party companies and vendors who perform a verity of functions in order for us to operate our business. For example, name and address information will be passed to our courier partners so that an order can be delivered correctly.
- Information may be passed onto a credit protection agency in result of non-payment of services.
- In the result of needing to fulfil a legal request. For example, the handing over of CCTV records to the police to investigate a crime.
Protecting personal data
- We use a variety of technologies to keep personal data safe on our servers, including, but not limited to, up to date encryption, secure data networks, and multi-level anti-virus, anti-ransomware protection.
- Data stored away from our servers is fully encrypted in accordance with GDPR requirements.
- We have a range of appropriate organisational measures to protect any non-digital personal data such as letters or signing in documents.
How long is data held for
- For as long as we have reasonable business needs, such as managing an account, relationship or our essential business operations.
- Retention periods in line with legal and regulatory requirements or guidance.
Provision and consent
- Certain information is essential for us to provide goods and services. We are unable to provide goods and services without this necessary information.
- Whenever consent to use personal data has been given, it can also be withdrawn at any time.
- Any individual can request:
- access to the personal information we hold about them
- The correction of personal data when incorrect, out of date, or incomplete
- That we stop using personal data for any type of marketing.
- The erasure of their personal information in certain situations.
- object to our processing of personal information concerning you for marketing purposes.
- object to our processing where we process your personal information based on legitimate interest.
- otherwise restrict our processing of your personal information in certain circumstances.
Further information on each of those rights, including the circumstances in which they apply, guidance can be found from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of these rights, please contact our Data Protection Officer at: firstname.lastname@example.org and let us have:
- enough information to identify you (eg full name, company name, user name or registration details);
- proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- enough information to understand what your request relates to.
Please note that regardless of your communication settings we will continue to communicate with you in the ordinary course of business for the purposes of performing our contractual or legal obligations.
Changes to this policy
24 May 2018