OUR PRIVACY POLICY

Privacy Policy

Here at In The Oaks we are committed to safeguarding your privacy and following General Data Protection Regulations (GDPR).  This policy explains how we collect, protect and treat any information you give us. 

OUR POLICY COVERS

• Valuing your privacy
• How and why we collect your information
• How we store your information
• How we delete your information
• How we use your information 
• Who has access to your information
• How we keep your information safe
• Changes to this policy
• Your rights 
• How to manage your data or make a complaint

VALUING YOUR PRIVACY

We very much value your privacy so are committed to keeping your personal and business data safe.  We only ask for the minimum information required to respond to your enquiries (your consent), to process transactions (contractual obligation) or legal requirement (legal obligation).  Unless legally obliged, we never use your data for anything other than this intention nor pass it on to a third party without prior consent.  

HOW AND WHY WE COLLECT YOUR INFORMATION

Any personal data you provide to us is collected to:

• Respond to enquiries:  We ask for contact information including your name, email address, postal address, telephone number and social media account identification so that we can reply to your enquiry.  If you are a company, we may also ask for your company details. 
• Newsletter sign-ups:  When signing up, we only ask for your email address which we will then ask you to verify via a link in a follow up email. 
• Processing transactions:  We may ask for information in order to process transactions you enter into with us through, including purchases of goods and services.  This can include your name, contact details, delivery contact/address, payment card/payment details and transaction detail.  All financial transactions are processed securely through our relevant payment services providers: Starling, Square, PayPal and Stripe.  If you are a business, we will also collect your business name, bank details (when relevant) and keep a record of invoices sent and payments received.    
• Social media accounts:  When logging on to our website using a social media account, we obtain only relevant contact data from the social media account provider.
• Third parties:  Occasionally we may receive personal information from third parties.  In this case, we will protect it in exactly the same manner as if given to us directly.

Our website does not use cookies or scripts designed to track the use of the website and services.  We do not use Google Analytics or any other analytics tracking systems. 

HOW WE STORE YOUR INFORMATION 

We take great care in the storage of your personal data:

• Operational data:  Any personal data collected is stored securely within our protected in-house Customer Relationship Management (CRM) systems. 
• Newsletters:  If you sign up for a newsletter, your email address is stored directly with the online marketing platform, MailChimp.
• Transactional data:  Relevant data is stored directly with the associated payment service provider bar key information required for invoicing, internal accounting and compliance which is stored within our protected in-house accounting software.

HOW WE DELETE YOUR INFORMATION 

All personal data in our care is stored securely and once processed, will not be retained for any longer than is necessary for the purpose for which you provided it.  The only data we retain for longer is where there is a need for compliance with a legal obligation.

• Paper documents and confidential waste:  All paper documents are stored in a locked cabinet and then disposed of by shredding in-house.
• Electronic:  All information no longer required will be deleted.  Any hardware no longer required will be wiped, degaussed and securely destructed with appropriate audit checks and destruction certificate.

HOW WE USE YOUR INFORMATION 

We may use your personal data for:

• Operations:  To operate our website, process and fulfil orders, provide services, supply goods, generate invoices and other payment-related documents and credit control.  
• Communications:  To manage our relationship, communicate with you, provide support and handle any complaints.
• Direct marketing:  To share details of our products and services.   If we do, you have the right to opt-out and we will immediately remove your details from our marketing database. 
• Record keeping:  To create and maintain our databases, back-up copies of our databases and for business records generally. 
• Legalities:  For the establishment, exercise or defence of legal claims.  We may also use your personal data when necessary for compliance with legal obligations.
• Financial transactions:  To complete transactions relating to our website, goods and services.  These are handled by our payment services providers: Square, PayPal and Stripe.   We will only provide the minimum data necessary to process payments and refunds and to deal with any complaints/queries relating to such transactions.

WHO HAS ACCESS TO YOUR INFORMATION

Our management team has access to all data you have provided but individual employees are restricted to only the data they need to complete their job.

HOW WE KEEP YOUR INFORMATION SAFE

Controlled access:  Access to all systems/devices (internal and external) is restricted to only those who require access to complete their job. 

Password manager:  All passwords are computer generated and stored securely in our encrypted password manager:  LastPass.  A different randomised password is issued for each system/user and updated on a regular basis. 

Two-stage login:  Where available, two-step logins are used by default. 

Biometric security:  Where available, biometric recognition is used by default.  

Inactivity:  Where available, devices automatically log off at three minutes of inactivity.       

CHANGES TO THIS POLICY

We may update this policy from time to time by publishing a new version on our website.

YOUR RIGHTS

We totally respect your rights.  Under data protection law you have the right to:

• ask us for copies of your personal information
• ask us to rectify personal information you think is inaccurate and complete information you think is incomplete 
• ask us to erase your personal information in certain circumstances
• ask us to restrict the processing of your personal information
• object to the processing of your personal information in certain circumstances
• ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances

You are not required to pay for exercising your rights.  If you make a request, we have one month to respond to you.  Please contact the Data Protection Officer (details below) if you wish to make a request.

You can learn more about the rights of data subjects by visiting:

https://edpb.europa.eu/our-work-tools/general-guidance/gdpr-guidelines-recommendations-best-practices_en

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

HOW TO MANAGE YOUR DATA OR MAKE A COMPLAINT

We handle your privacy carefully and as such take requests and complaints seriously.  If you have any concerns, our Data Protection Officer is responsible for the security of your information and can be contacted: 

• by email - data@intheoaks.uk
• by telephone - 01252 845 082
• by post - Oakview Studio, Cricket Green, Hartley Wintney, Hampshire RG27 8PZ
• via website contact form - contact form

Alternatively, you can contact the ICO if you are unhappy with the way we have used your data:

• by post - Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
• via their helpline - 0303 123 1113
• via their website - www.ico.org.uk

Last updated: 02/07/21

This website is owned and operated by In The Oaks Limited.  Registered in England and Wales under Registration Number 13518423 and Registered Address is Oakview, Cricket Green, Hartley Wintney, Hampshire RG27 8PZ