We take great care with your personal information and do not sell it or
share it with any other person, company or organisation unless required to
do so for legal reasons.
We collect your personal information so that we can successfully deliver
your timpani sticks to you.
Other information which you provide about your timpani stick choice,
specifications, etc. is used for the purpose of maintaining records about
your purchases in order to give you exceptional
service in the future.
The lawful basis for collecting your information is our contract with you
when you place an order.
Our website is protected by a secure SSL Certificate for your confidence in
submitting information.
Any card details you input on our web site are not seen or held by us. They
are transmitted directly to Worldpay through a secure SSL connection.
We are fully compliant with PCI DSS card industry
standards.
David Morbey Timpani & Percussion is registered with the UK Data
Protection Registrar in accordance with the provisions of the UK Data
Protection Act 2018.
You have a legal right to see the information we hold about you, to ask us
to correct any errors and to request the removal of your information.
You can read the full Privacy Policy below.
David Morbey Timpani & Percussion Privacy Policy
This policy describes how we will use your personal data when you use our
website at www.timpanisticks.com (the “site”) or use or buy our products
and services.
We have provided this policy to ensure that you understand what personal
data we may collect and hold about you, what we may use it for and how we
keep it safe. You have legal rights to access the personal data that we hold
about you and to control how we use it which are also explained.
Who we are and how you can contact us
We are David Morbey Timpani & Percussion, also known as David Morbey
Timpani Sticks. Our office address is at 55 Braemar Place, Aberdeen,
AB10 6EQ, Scotland, UK. The Data Controller is David Morbey.
You can contact us in writing at the above address or by emailing david@timpanisticks.com
Personal data we collect about you
We may collect:
Personal data you provide to us. You may give us information about yourself
by filling in forms on our web site or by corresponding with us by phone,
fax, e-mail, social media or otherwise. This includes information you
provide when you register and use a David Morbey Timpani & Percussion
account, purchase products, participate in forums or other social media
functions, and if you report a problem with the site or our timpani sticks.
The information you provide may include your name, address, e-mail address,
phone numbers, timpani stick preferences and financial and credit card
information.
Personal data we collect when you use our site
We may collect:
Technical information, including the Internet protocol (IP) address used to
connect your computer or mobile device to the Internet, your login
information, browser type and version, devices used or which connect to your
network from time to time, time zone setting, browser plug-in types and
versions, operating system and platform;
Information about your visit, including the full Uniform Resource Locators
(URL) clickstream to, through and from the site (including date and time);
products you viewed or searched for; page response times, download errors,
length of visits to certain pages, page interaction information (such as
scrolling, clicks, and mouse-overs), and methods used to browse away from
the page.
Personal data we receive from other sources
We may work with third parties (including, for example, analytics providers,
search information providers, credit reference agencies) and may receive
information about you from them.
The information that we collect about you as described above falls into two
broad categories:
Personally Identifiable Information which is information that can be used to
identify you as an individual.
Non-Personally Identifiable Information which is information that cannot be
used to identify you as an individual. In general, information listed under
the headings “Personal data you provide to us” and “Personal data we
receive from other sources” will be personally identifiable whilst
“Personal data we collect when you use our site” will be Non-Personally
identifiable.
What we use your personal data for
We use your personal data in the following ways:
1. Personal data you provide to us and the personal data we receive
from other sources
We will use this information:
to provide you with the information and timpani sticks that you request;
to provide you with excellent service and technical information about your
previous timpani sticks when you re-order.
to notify you about changes to our products or to our services or terms;
to manage and administer our business;
2. Personal data we collect when you use our site
We will use this information:
to understand how the site is accessed and used;
to administer the site and for internal operations, including
troubleshooting, data analysis and testing;
to improve the site to ensure that content is presented in the most
effective manner for users;
as part of our efforts to keep the site safe and secure;
When we need your consent to use your personal data
Whilst we always want you to be aware of how we are using your personal
data, this does not necessarily mean that we are required to ask for your
consent before we can use it. In the day to day running of our business we
may use your personal data without asking for your consent because:
we are entering into and carrying out our obligations under a contract with
you;
we need to use your personal data for our own legitimate purposes (such as
the administration and management of our business and the improvement of our
timpani sticks) and our doing so will not interfere with your privacy
rights.
Personal data you are legally obliged to provide
You are not under a legal obligation to provide us with any of your personal
data but please note that if you elect not to provide us with your personal
data we may be unable to provide our timpani sticks to you.
We would appreciate you keeping us informed about your current contact
details so that our records are up to date.
Your rights to know what personal data we hold and to control how we use
it
You have a legal right to know what personal data we hold about you - this
is called the right of subject access. You can exercise this right by
sending us a written request at any time. Please mark your correspondence
“Subject Access Request” and send it to us by post or email using the
details in the “Who we are and how you can contact us” section.
You also have rights to:
prevent your personal data being used for marketing purposes (see “How we
use your personal data for marketing” for further details);
have inaccurate personal data corrected, blocked or erased;
object to decisions being made about you by automated means or to your
personal data being used for profiling purposes (see “Automated decision
making and profiling”);
object to our using your personal data in ways that are likely to cause you
damage or distress;
restrict our use of your personal data;
require that we delete your personal data;
require that we provide you, or anyone that you nominate, with a copy of any
personal data you have given us in a structured electronic form such as a
CSV file.
You will not have to pay a fee to access your personal data (or to exercise
any of the other rights). However, we may charge a reasonable admin fee if
your request is clearly unfounded, repetitive or excessive. Alternatively,
we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your
identity and ensure your right to access your personal data (or to exercise
any of your other rights). This is a security measure to ensure that
personal data is not disclosed to any person who has no right to receive it.
We may also contact you to ask you for further information in relation to
your request to speed up our response.
We will try to respond to all legitimate requests within one month.
Occasionally it may take us longer than a month if your request is
particularly complex or you have made a number of requests. In this case, we
will notify you and keep you updated.
You can find full details of your personal data rights and the circumstances
in which you are able to exercise them on the Information Commissioner’s
Office website at www.ico.org.uk.
Automated decision making and profiling
We do not make use of automated decision making or profiling.
When we will share your personal data with others
We do not share your data with any other companies or third parties or
individuals except exceptionally with third parties on a one-off basis, for
example:
If David Morbey Timpani & Percussion or substantially all of its assets
are acquired by a third party, in which case personal data held by us about
our customers will be one of the transferred assets;
if we are under a duty to disclose or share your personal data in order to
comply with any legal obligation or in order to enforce or apply our terms
and conditions and other agreements entered into with you or to protect the
rights, property, or safety of David Morbey Timpani & Percussion, our
customers or others. This includes exchanging information with other
companies and organisations for the purposes of fraud protection and credit
risk reduction.
When we share your information with a third party it will be for a specific
purpose which has been expressly agreed between us and the third party. We
do not permit third parties to use your information for any purpose other
than the purpose specifically agreed between us and them.
How we keep your personal data safe
We take every care to ensure that your personal data is kept secure. The
security measures we take include:
Our primary electronic database is not connected to the internet;
Storing your personal data on our secure servers;
Using specialist third party payment providers to process payments made
through our site (see the section on “Making payments through our
site”);
Keeping paper records stored in our locked offices;
Maintaining up to date firewalls and anti-virus software to minimise the
risk of unauthorised access to our systems;
Please remember that if you have registered an account you are responsible
for keeping your passwords secure. If you have chosen a password which
enables you to access certain parts of our website (or log in to your
account), you are responsible for keeping this password confidential. Please
do not to share your passwords with anyone.
Unfortunately, sending information via the internet is not completely
secure, but we use an SSL secure connection with a trusted security
certificate for the whole site to minimize your risk. Although we will
do our best to protect your personal data, we cannot guarantee the security
of personal data sent to our website; you send us personal data at your own
risk. Once we have received your personal data, we will use procedures and
security features to try to prevent unauthorised access.
Making payments through our site
All our payments are made through third party payment processors over a
secure connection. Only the payment processors store your full payment card
number or account information. During the order process you will be directed
on to pages hosted by our payment processor. Such pages will have the
trademark of the payment processor displayed (Currently “Worldpay”).
How we use your personal data for marketing
We do not share your personal data with third parties for marketing
purposes.
We do not send out direct marketing.
Accessing and managing your data and preferences through your account
You can view and update your personal data through your account and we
encourage you to take the time to log in to your account periodically for
this purpose. If you have any questions about how to manage your data and
settings through your account please contact us using the details set out in
the “who we are and how to contact us” section of this policy.
When we will send your personal data to other countries
Your personal data may be transferred to, and stored at, a destination
outside the European Economic Area ("EEA") by us or by our
sub-contractors. Where we, or our sub-contractors, use IT systems or
software that is provided by non-UK companies, your personal data may be
stored on the servers of these non-UK companies outside the EEA. We will
take all steps reasonably necessary to ensure that your data is treated
securely and in accordance with this privacy policy.
How long we keep your personal data
Many of our customers re-order timpani sticks many years after the original
date of making and find it useful that we maintain records of their previous
purchases and timpani stick specifications. We therefore keep
your personal data indefinitely to ensure this service is available for your
future requests. If you do not wish your personal data to be stored
indefinitely, then please let us know at the time of ordering your timpani
sticks or contact us using the details set out in the “who we are and how
to contact us” section of this policy. In this case your personal
data will be deleted from our records after a period of six years from the
date of your last order or the closure of your web based account (whichever
is later) except when we still need the data to continue to provide you with
services you have requested from us, comply with our legal obligations,
resolve disputes or enforce agreements.
Please note that we may anonymise your personal data or use it for
statistical purposes. We keep anonymised and statistical data indefinitely
but we take care to ensure that such data can no longer identify or be
connected to any individual.
Cookies
Our web site uses cookies to distinguish you from other users of the site
and may use web beacons to assess which pages you access when browsing the
site. This helps us to provide you with a good experience when you browse
the site and also allows us to improve the site. We also allow selected
third parties to use cookies and web beacons on the site for analytical
purposes only.
Links to third party sites
Our web site may, from time to time, contain links to and from websites we
consider may be of interest to you. If you follow a link to any of these
websites, please note that these websites have their own privacy policies
and that we do not accept any responsibility or liability for these
policies. Please check these policies before you submit any personal data to
these websites.
How you can make a complaint
If you are unhappy with the way we have used your personal data please
contact us to discuss this using the contact details set out in the “Who
we are and how to contact us” section of this policy.
You are also entitled to make a complaint to the Information
Commissioner’s Office which you can do by visiting www.ico.org.uk. Whilst
you are not required to do so, we encourage you to contact us directly to
discuss any concerns that you may have and to allow us an opportunity to
address these before you contact the Information Commissioner’s Office.
How we keep this policy up to date
We will review and update this policy from time to time. This may be to
reflect a change in the products we offer or to our internal procedures or
it may be to reflect a change in the law.
The easiest way to check for updates is by looking for the latest version of
this policy on our web site.
Each time we update our policy we will update the policy version number
shown at the end of the policy and the date on which that version of the
policy came into force.
This is policy version 2018-05, which came into effect on 25 May 2018.
|