Privacy Notice - Online Orders

Document Reference PIMS12.02

Scope 

All data subjects whose data is processed by TEPE Holdings Group. TEPE Holdings Group includes Clarkeprint Ltd, Clarkeprint FM Ltd and Waveney Publishing Ltd trading as WavePrint. 

Responsibilities 

The Data Protection Officer and GDPR Owner are responsible for ensuring that this notice is placed in front of potential data subjects prior to TEPE Holdings Group collecting/processing their personal data. 

All Employees/Staff of TEPE Holdings Group who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and their consent to the processing of their data is secured. 

Procedure Statement  

The personal data we collect from you will be used for the following purposes: 

  • To process your order 
  • To provide updates relating to your order and to deliver the products ordered 
  • In order to collect your order information we will share your data with SurveyMonkey Inc, trading as Wufoo 
  • In processing your data Wufoo may transfer your data outside of the EU, you can find full details of their Privacy Shield Policy here https://www.surveymonkey.com/mp/policy/privacy-policy/  
  • To process payment for your order by sharing your data with Stripe Payments Europe Limited who process payments on our behalf 
  • In processing your data Stripe Payments Europe will transfer your data outside of the EU, you can find full details of their Privacy Shield Policy here https://stripe.com/privacy-shield-policy  

By consenting to this, you are giving us permission to perform those actions. 

You may withdraw consent at any time by writing to the Data Protection Officer at dpo@clarkeprint.co.uk or TEPE Holdings Ltd, 45-47 Stour Street, Birmingham, B18 7AJ. Please quote PIMS12.01 in your message to enable us to locate your personal data and end processing in the most expedient manner possible. 

What is Personal Data? 

Under the EU’s General Data Protection Regulation:  

Personal Data is defined as “any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”. 

Special Categories of Personal Data 

Certain data are classified under the Regulation as "special categories": 

  • Racial 
  • Ethnic origin 
  • Political Opinions 
  • Religious Beliefs  
  • Trade-union membership 
  • Genetic Data 
  • Biometric Data 
  • Health Data 
  • Data concerning a natural person's sex life 
  • Sexual orientation 
  • Other 

Consent is required for TEPE Holdings Group to process both types of personal data, but it must be explicitly given. Where we are asking you for sensitive personal data we will always tell you why and how the information will be used. 

Why does TEPE Holdings Group need to collect and store personal data? 

In order for us to provide you with the information and services that you have requested we need to collect personal data for correspondence purposes and/or detailed service provision. In any event, we are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy. We may pass your personal data on to our service providers who are contracted to TEPE Holdings Group during dealing with you. Our contractors are obliged to keep your details securely, and use them only to fulfil the service they provide you on our behalf. Once your service need has been satisfied or the case has been closed, they will dispose of the details in line with TEPE Holdings Group’s procedures. If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your consent, unless we are legally required to do so. 

How TEPE Holdings Group uses your information 

TEPE Holdings Group will process – that means collect, store and use – the information you provide in a manner that is compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary. In some instances, the law sets the length of time information has to be kept, but in most cases TEPE Holdings Group will use its discretion to ensure that we do not keep records outside of our normal business requirements. 

Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure. 

Document Management 

This document is valid as of 23/02/2018. 

This document is reviewed periodically and at least annually to ensure compliance with the following prescribed criteria. 

  • General Data Protection Regulation 
  • Legislative requirements defined by law, where appropriate