Privacy Policy

We collect your personal information so that we can successfully deliver your timpani sticks to you.

Other information which you provide about your timpani stick choice, specifications, etc. is used for the purpose of maintaining records about your purchases in order to give you exceptional
service in the future.


The lawful basis for collecting your information is our contract with you when you place an order.

We take great care with your personal information and do not sell it or share it with any other person, company or organisation unless required to do so for legal reasons.

Our website is protected by a secure SSL Certificate for your confidence in submitting information. 

Any card details you input on our web site are not seen or held by us. They are transmitted directly to Worldpay through a secure SSL connection.  We are fully compliant with PCI DSS card industry
standards.

David Morbey Timpani & Percussion is registered with the UK Data Protection Registrar in accordance with the provisions of the UK Data Protection Act 2018.

You have a legal right to see the information we hold about you, to ask us to correct any errors and to request the removal of your information.

You can read the full Privacy Policy below.


David Morbey Timpani & Percussion Privacy Policy


This policy describes how we will use your personal data when you use our website at www.timpanisticks.com (the “site”) or use or buy our products and services.

We have provided this policy to ensure that you understand what personal data we may collect and hold about you, what we may use it for and how we keep it safe. You have legal rights to access the personal data that we hold about you and to control how we use it which are also explained.

 
Who we are and how you can contact us

We are David Morbey Timpani & Percussion, also known as David Morbey Timpani Sticks.  Our office address is at 55 Braemar Place, Aberdeen, AB10 6EQ, Scotland, UK.  The Data Controller is David Morbey.

You can contact us in writing at the above address or by emailing david@timpanisticks.com

Personal data we collect about you

We may collect:
Personal data you provide to us. You may give us information about yourself by filling in forms on our web site or by corresponding with us by phone, fax, e-mail, social media or otherwise. This includes information you provide when you register and use a David Morbey Timpani & Percussion account, purchase products, participate in forums or other social media functions, and if you report a problem with the site or our timpani sticks. The information you provide may include your name, address, e-mail address, phone numbers, timpani stick preferences and financial and credit card information.

Personal data we collect when you use our site

We may collect:
Technical information, including the Internet protocol (IP) address used to connect your computer or mobile device to the Internet, your login information, browser type and version, devices used or which connect to your network from time to time, time zone setting, browser plug-in types and versions, operating system and platform;
Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from the site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

Personal data we receive from other sources

We may work with third parties (including, for example, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
The information that we collect about you as described above falls into two broad categories:
Personally Identifiable Information which is information that can be used to identify you as an individual.
Non-Personally Identifiable Information which is information that cannot be used to identify you as an individual. In general, information listed under the headings “Personal data you provide to us” and “Personal data we receive from other sources” will be personally identifiable whilst “Personal data we collect when you use our site” will be Non-Personally identifiable.

What we use your personal data for

We use your personal data in the following ways:

1.  Personal data you provide to us and the personal data we receive from other sources
We will use this information: 
to provide you with the information and timpani sticks that you request;
to provide you with excellent service and technical information about your previous timpani sticks when you re-order.
to notify you about changes to our products or to our services or terms;
to manage and administer our business;

2.  Personal data we collect when you use our site
We will use this information:
to understand how the site is accessed and used;
to administer the site and for internal operations, including troubleshooting, data analysis and testing;
to improve the site to ensure that content is presented in the most effective manner for users;
as part of our efforts to keep the site safe and secure;

When we need your consent to use your personal data

Whilst we always want you to be aware of how we are using your personal data, this does not necessarily mean that we are required to ask for your consent before we can use it. In the day to day running of our business we may use your personal data without asking for your consent because:

we are entering into and carrying out our obligations under a contract with you;
we need to use your personal data for our own legitimate purposes (such as the administration and management of our business and the improvement of our timpani sticks) and our doing so will not interfere with your privacy rights.

Personal data you are legally obliged to provide

You are not under a legal obligation to provide us with any of your personal data but please note that if you elect not to provide us with your personal data we may be unable to provide our timpani sticks to you.

We would appreciate you keeping us informed about your current contact details so that our records are up to date.

Your rights to know what personal data we hold and to control how we use it

You have a legal right to know what personal data we hold about you - this is called the right of subject access. You can exercise this right by sending us a written request at any time. Please mark your correspondence “Subject Access Request” and send it to us by post or email using the details in the “Who we are and how you can contact us” section.

You also have rights to: 
prevent your personal data being used for marketing purposes (see “How we use your personal data for marketing” for further details);
have inaccurate personal data corrected, blocked or erased;
object to decisions being made about you by automated means or to your personal data being used for profiling purposes (see “Automated decision making and profiling”);
object to our using your personal data in ways that are likely to cause you damage or distress;
restrict our use of your personal data;
require that we delete your personal data;
require that we provide you, or anyone that you nominate, with a copy of any personal data you have given us in a structured electronic form such as a CSV file.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable admin fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You can find full details of your personal data rights and the circumstances in which you are able to exercise them on the Information Commissioner’s Office website at www.ico.org.uk.

Automated decision making and profiling

We do not make use of automated decision making or profiling.

When we will share your personal data with others

We do not share your data with any other companies or third parties or individuals except exceptionally with third parties on a one-off basis, for example: 
If David Morbey Timpani & Percussion or substantially all of its assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets;
if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or in order to enforce or apply our terms and conditions and other agreements entered into with you or to protect the rights, property, or safety of David Morbey Timpani & Percussion, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

When we share your information with a third party it will be for a specific purpose which has been expressly agreed between us and the third party. We do not permit third parties to use your information for any purpose other than the purpose specifically agreed between us and them.

How we keep your personal data safe

We take every care to ensure that your personal data is kept secure. The security measures we take include:

Our primary electronic database is not connected to the internet;
Storing your personal data on our secure servers;
Using specialist third party payment providers to process payments made through our site (see the section on “Making payments through our site”);
Keeping paper records stored in our locked offices;
Maintaining up to date firewalls and anti-virus software to minimise the risk of unauthorised access to our systems;

Please remember that if you have registered an account you are responsible for keeping your passwords secure. If you have chosen a password which enables you to access certain parts of our website (or log in to your account), you are responsible for keeping this password confidential. Please do not to share your passwords with anyone.

Unfortunately, sending information via the internet is not completely secure, but we use an SSL secure connection with a trusted security certificate for the whole site to minimize your risk.  Although we will do our best to protect your personal data, we cannot guarantee the security of personal data sent to our website; you send us personal data at your own risk. Once we have received your personal data, we will use procedures and security features to try to prevent unauthorised access.

Making payments through our site

All our payments are made through third party payment processors over a secure connection. Only the payment processors store your full payment card number or account information. During the order process you will be directed on to pages hosted by our payment processor. Such pages will have the trademark of the payment processor displayed (Currently “Worldpay”).

How we use your personal data for marketing

We do not share your personal data with third parties for marketing purposes.
We do not send out direct marketing.

Accessing and managing your data and preferences through your account

You can view and update your personal data through your account and we encourage you to take the time to log in to your account periodically for this purpose. If you have any questions about how to manage your data and settings through your account please contact us using the details set out in the “who we are and how to contact us” section of this policy.

When we will send your personal data to other countries

Your personal data may be transferred to, and stored at, a destination outside the European Economic Area ("EEA") by us or by our sub-contractors. Where we, or our sub-contractors, use IT systems or software that is provided by non-UK companies, your personal data may be stored on the servers of these non-UK companies outside the EEA. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

How long we keep your personal data

Many of our customers re-order timpani sticks many years after the original date of making and find it useful that we maintain records of their previous purchases and timpani stick specifications.   We therefore keep your personal data indefinitely to ensure this service is available for your future requests.  If you do not wish your personal data to be stored indefinitely, then please let us know at the time of ordering your timpani sticks or contact us using the details set out in the “who we are and how to contact us” section of this policy.  In this case your personal data will be deleted from our records after a period of six years from the date of your last order or the closure of your web based account (whichever is later) except when we still need the data to continue to provide you with services you have requested from us, comply with our legal obligations, resolve disputes or enforce agreements.

Please note that we may anonymise your personal data or use it for statistical purposes. We keep anonymised and statistical data indefinitely but we take care to ensure that such data can no longer identify or be connected to any individual.

Cookies

Our web site uses cookies to distinguish you from other users of the site and may use web beacons to assess which pages you access when browsing the site. This helps us to provide you with a good experience when you browse the site and also allows us to improve the site. We also allow selected third parties to use cookies and web beacons on the site for analytical purposes only.

Links to third party sites

Our web site may, from time to time, contain links to and from websites we consider may be of interest to you. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

How you can make a complaint

If you are unhappy with the way we have used your personal data please contact us to discuss this using the contact details set out in the “Who we are and how to contact us” section of this policy.

You are also entitled to make a complaint to the Information Commissioner’s Office which you can do by visiting www.ico.org.uk. Whilst you are not required to do so, we encourage you to contact us directly to discuss any concerns that you may have and to allow us an opportunity to address these before you contact the Information Commissioner’s Office.

How we keep this policy up to date

We will review and update this policy from time to time. This may be to reflect a change in the products we offer or to our internal procedures or it may be to reflect a change in the law.

The easiest way to check for updates is by looking for the latest version of this policy on our web site.

Each time we update our policy we will update the policy version number shown at the end of the policy and the date on which that version of the policy came into force.

This is policy version 2018-05, which came into effect on 25 May 2018.