JustDucks Limited a company incorporated in England and Wales whose registered office
is at 1 Beauchamp Court Victors Way, Barnet, Herts EN5 5TZUK registered number
07041818) (“we/us/our”) holds personal data about our employees, clients, suppliers and
other individuals for a variety of business purposes. We will always abide by applicable data
protection and privacy laws and are committed to your privacy.
This privacy and cookie policy gives you the details of how we (including all our staff) collect
and process your personal data and it applies to all products and services provided by us to
you which includes any information that you may provide to us through our website when
you purchase a product or service or sign up to our newsletter and sets out how we seek to
protect personal data.
Please read this Policy together with our Terms & Conditions of Use.
You give us your information either through this website or by any other means. Any and all
personal data passed to us by any third party will be treated in accordance with this policy.
Our Data Compliance Officer has overall responsibility for the day-to-day implementation of
this policy.
1.What We Do To Protect Your Data
1.1 How We Process Data
We will always seek to process personal data fairly and lawfully in accordance with your
rights. So, this means that we will not process personal data unless the individual whose
details we are processing has consented to this happening or it is a legitimate interest to do
so. We ensure that the processing of all data will be(i) necessary to deliver our services and
the services that we deliver on behalf of our clients; (ii) in our legitimate interests and not
unduly prejudice the individual’s privacy and (iii) in most cases this provision will apply to
routine business data processing activities.
1.2 Sensitive personal data
Generally, we do not collect sensitive data but in the unusual situation where we collect and
process sensitive personal data we will require the individual’s explicit consent to do this
unless exceptional circumstances apply or we are required to do this by law (e.g. to comply
with legal obligations to ensure health and safety at work). Any such consent will need to
clearly identify what the relevant data is, why it is being processed and to whom it will be
disclosed.
1.3 Your personal data
You are responsible to ensure that your personal data is accurate and up to date. So, if your
personal circumstances change, please inform the Data Compliance Officer so that we can
update your records.
1.4 Keeping your Data secure
We keep personal data secure against loss or misuse. We are committed to protecting the
confidentiality and security of your information and we have taken all reasonable measures
to secure your information, including encryption, third party audits, access controls and
security testing. We limit access to your personal data to those employees, agents,
contractors and other third parties who have a business need to know the data.
We will always keep our security measures up to date and under constant review to protect
personal data.
Data that is stored on a computer will be protected by strong passwords and our Data
Compliance Officer will approve all data stored in the cloud.
Our servers containing personal data will be kept in a secure location, away from general
office space and back-ups will be regularly made in line with company procedures. Servers
containing sensitive data will be approved and protected by security software and strong
firewalls.
Data will never be saved directly to mobile devices such as laptops, tablets or smartphones
In cases when data is stored on printed paper, it will be kept in a secure place where
unauthorised personnel cannot access it and printed data will be shredded when no longer
needed.
Where other organisations process personal data as a service on our behalf, our Data
Compliance Officer will establish what, if any, additional specific data security arrangements
need to be implemented in contracts with those third party organisations.
2. How we collect data and what we will do with it:
We will always be transparent and provide information to individuals about how we will use
their personal data.
2.1 The information that we collect is:
– Identity Data including – Full name, marital status, title, date of birth and gender
– Contact Data including – billing address, delivery address, email address and
telephone numbers
– Financial Data including – your bank account and payment card details
– Transaction Data including – details about payment between us and other details of
purchase made by you
– Technical data including – login data, internet protocol addresses, browser type and
version, browser plug-in types and version, times zone setting and location, operating
and platform and other technology on the devices that you use to access this site
– Profile Data including – username and password, purchase orders, your interests,
preferences, feedback and survey responses
– Usage Data including – information about how you use our website, products and
services
– Marketing and Communications Data including – your preferences in receiving
marketing communications from us and your communication preferences
2.2 We collect data:
– When we meet you in person at an exhibition or otherwise
– When we speak to you by telephone
– When you correspond with us by email
– When you fill in forms and questionnaires or give us your business card
– When you visit our website, or create an account with us
– When you order our products or services
– When you download or install our app
– When you subscribe to our services or publications
– We may receive personal data about you from a third party in a legitimate manner eg
a financial provider
– When we request/receive trade references
2.3 Use of data:
We use the information we collect in order to fulfil our contractual obligations with you and
understand your needs and provide you with a better service and in particular for the
following purposes:
– In connection with good and services offered by our business including on this
website and to carry out our obligations arising out from any contracts entered into
between you and us which includes providing quotes prior to a contract being in
place but following an enquiry from you
– To respond to and fulfil your requests
– Where it is necessary for our legitimate interest as long as it does not override your
interests
– Where we need to comply with a legal or regulatory obligation and general good
practice
– To communicate with you to enable you to access the benefits and services of this
website/ our products and services
– To allow you to participate in interactive features of our service, when you choose to
do so
– To notify you of changes to our service and to improve our services through
knowledge of what is used and how
– Internal record keeping
– To improve our products and services; provide relevant offers and fulfil transactions
– Protect you, provide you with customer service, prevent fraud, operate this website
on your behalf and respond to your requests
– To understand the visiting patterns to our online site and please see our Cookie
Policy for further information on this.
– For operational reasons, such as recording transactions, training and quality control,
ensuring the confidentiality of commercially sensitive information, security vetting,
credit scoring
– To send promotional emails and updates about new products, special offers or other
information we may think is of interest to you
– To contact you for market research purposes, we may contact you by email, phone or
mail and we may use the information to customise the website according to your
interests
– To check references, ensure safe working practices, monitoring and managing staff
access to systems and facilities and staff absences, administration and assessments
and to monitor staff conduct and carry out disciplinary matters
– To ensure business policies are adhered to (such as policies covering email and
internet use)
– To gather information as part of investigations by regulatory bodies or in connection
with legal proceedings or requests and to investigate any complaints
Performance of a Contract
If you register as a new customer or place an order with us, you are providing us with a
lawful basis to process your data necessary for the performance of a contract, including
processing and delivering to you and contacting you about the order.
Legitimate Interest
The personal data that we collect and process under the legitimate interest basis is done so
in the commercial interest of the business and we will use this basis especially in connection
with the business eg debt recovery, business management/ growth e.g. to improve our
website, products/services and customer relationships and to send you our Surveys,
Newsletters, Events and other marketing literature. We will process information in a targeted,
proportionate way, which would be reasonably expected for that data and has a minimal
privacy impact in accordance with our Legitimate Interest Assessment. As regards direct
marketing, you have an absolute right to object to this processing and if you wish to exercise
this right contact the Data Compliance Officer, at which time we will stop processing your
data.
Consent
Where we rely on consent to process your personal data it will be subject to active consent
properly obtained and given by you to us directly or by virtue of us fulfilling our role as a
Fulfilment Partner of a third party. This consent can be revoked at any time by contacting our
Data Compliance Officer.
2.4 Purpose for Use of Data:
We will only use your personal data for the purposes for which we have collected it, unless
we reasonably consider that we need to use it for another reason and that reason is
compatible with the original purpose. If we need to use your personal data for a reason that it
was not originally collected for, we will notify you and explain the legal grounds of
processing.
2.5 Who will your information be shared with?
Your personal data is an important part of our business. We do not sell your information to
third parties. We will only share your information as set out below as necessary or with your
express consent where appropriate. All information sharing is only done on the basis of
being necessary and to fulfil legitimate business purposes. For example:
– Payment card information may be shared with payment processors to facilitate card
transactions
– Bank account information may be shared with our bank to facilitate payment into your
account
– Information may be shared with third parties to fulfil transactions including passing
your delivery address and contact details to our delivery partners; payment
information, shipping, and other personal information may be required to fulfil the
transaction.
– Service providers e.g. who provide IT and systems administration services or
Professional Advisers eg law firms, bankers, auditors, insurance companies.
– Public Authorities e.g. HM Revenue & Customs or other regulators and authorities
who require us to report to them
– Details may be shared with marketing platforms e.g. Mailchimp
If further consent is required to pass your personal data to third parties, you may be
contacted in order to give your positive consent for this purpose
We may disclose your personal information to third parties in limited circumstances as
follows:
– Where we engage the business services of a third party to provide services directly
to us. We will carry out the necessary due diligence on any third party that we use to
ensure that they fully comply with data protection regulations. Any third party will be
engaged for a specific purpose and they will be strictly prohibited from using your
personal data for any other purposes. For example, we will need to pass your details
to delivery companies in order to deliver your products as part of our fulfilment of our
business contract with you. If we do share your personal information we will contact
you, where necessary and appropriate, to inform you of the identity of that third party
and to gain positive consent to pass your personal data to the third party specified.
– If we are under a duty to disclose or share your personal data in order to comply with
any legal obligation or in order to enforce or apply our terms of use on this website
and other agreements
– In the event that we sell or buy any business or assets, in which case we may
disclose your personal data to the prospective seller or buyer of such business or
assets
2.6 Use of Data Processors
We will usually be the Data Controller. Data Processors are third parties who may provide
elements of our business service for us. We have contracts in place with our data
processors and/or sub data processors so that we control your personal data and they
cannot do anything unless we have instructed them to do it. They will not share your
personal information with any organisation unless they have our explicit permission or where
there is a legal obligation to do so. They will hold it securely and retain it for the period that
we instruct.
2.7 We will hold your data for:
We will retain personal data for no longer than is necessary and in any event no longer than
10 years from the date of last usage. What is necessary will depend on the circumstances
of each case, taking into account the reasons that the personal data was obtained, but will
be determined in a manner consistent with our data retention guidelines.
We will also need to take into consideration satisfying any legal, accounting or reporting
requirements and any regulations that we must fulfil, for example for auditing purposes or for
legitimate business purposes and may retain your information after your relationship with us
has ended.
By law we have to keep basic information about our customers for six years after they cease
being customers for tax purposes and any other legal obligations.
2.8 Transferring data internationally
There are restrictions on international transfers of personal data. Your personal data will not
be transferred anywhere outside the UK without first consulting the Data Compliance
Officer. Where we do transfer your personal data outside the European Economic Area
(EEA) we will do our best to ensure a similar degree of security of data by transferring to
countries with a similar degree of protection for your personal data, or, we may use specific
contracts or codes of conduct or certification which gives personal data the same protection
as it has in Europe.
3. Training
New staff will receive training as part of the induction process. Further training will be
provided whenever there is a substantial change in the law or our policy and procedure.
4. Marketing
We will abide by any request from an individual not to use their personal data for direct
marketing purposes and notify the Data Compliance Officer about any such request.
We will not send direct marketing material to anyone electronically (e.g. via email) unless
they have given us positive consent to receiving our marketing material and that consent will
be recorded and stored, or if it is in our legitimate interest to do so.
Existing Customers
We would like to send you information, from time to time about our products and services but
will only do so where you have requested information from us or purchased goods or
services from us and where you have not opted-out of receiving that marketing. Where we
use the legitimate interest basis to send you marketing communications, you can object to at
any time by emailing the Data Compliance Officer.
Where you opt-out of receiving our marketing communications we will cease immediately
from sending you any marketing communications as specified by you.
Prospects
Where we wish to promote our services, we may purchase databases of business contacts
within our target sectors. These contacts will only be bought from credible sources, who we
have checked for validity. Additionally, we may combine these records with publicly available
information. Our primary market is business to business and therefore where we email or
call prospects, we will only do so where there is evidenced consent or a legitimate interest to
do so. If we are considering legitimate interest as grounds for processing, we will carry out
our Legitimate Interest Assessment to ensure that the process is valid and that our interest
does not outweigh the individual’s right to privacy.
5. Your Legal Rights
5.1 Access your data
You have the right to access information held about you. If you would like a copy of your
personal data, please contact the Data Compliance Officer which we will supply free of
charge.
You can ask us to correct any inaccurate data held about you.
5.2 Accuracy and relevance
We will seek to ensure that any personal data we process is accurate, adequate, relevant
and not excessive, given the purpose for which it was obtained. We will not process personal
data obtained for one purpose for any unconnected purpose unless you have agreed to this
or would otherwise reasonably expect this.
Individuals may ask that we correct inaccurate personal data relating to them. If you believe
that information is inaccurate you must inform the Data Compliance Officer.
5.3 Data portability
Upon request, you will have the right to receive a copy of your data in a structured format.
These requests will be processed within one month, provided there is no undue burden and
it does not compromise the privacy of other individuals. You may also request that your data
is transferred directly to another system. This will be done for free.
5.4 Right to be forgotten
You may request that any information held on you is deleted or removed, and any third
parties who process or use that data will also comply with the request. An erasure request
can only be refused if an exemption applies. We will respond to any request within one
month.
6. Privacy by design and default
We will always ensure that privacy and data protection is at the heart of everything that we
do and so compliance is considered right from the outset of every project. Our Data
Compliance Officer will conduct any Privacy Impact Assessments and ensure that all IT
projects have a privacy plan in mind. In some circumstances we may anonymise your
personal data (so that it can no longer be associated with you) for research or statistical
purposes in which case we may use this information indefinitely without further notice to you.
When relevant, and when it does not have a negative impact on the data subject, privacy
settings will be set to the most private by default.
7. Cookies
Cookies help us to provide you with a good user experience when you browse our website.
If you have registered on our website we record the pages you visit. This allows us to see
which products are most popular, and also to provide assistance in the event of problems.
We do not share this data with anyone else. This data is retained for a maximum of 3 years,
but usually deleted after 18 months.
We use website “cookies” to facilitate the smooth working of this website. Cookies are small
files which are sent to your browser when you visit our website, and allow us to distinguish
you from other visitors, although they do not personally identify you if you have not actually
registered on our website. If you do not wish to accept these cookies you can delete them
and/or block them in your browser. All the major browsers have options in their security
settings to allow you to do this. However, parts of our website will then not work as expected
and you will not be able to place an order.
We only use “first party” cookies, in other words, cookies set by us for direct operation of our
website. We do not use “third party” cookies which could allow your details to be passed to
third party marketing organisations. The names of the cookies we use are as follows:
Analytics Cookies
Analytics are persistent cookies that allow us to recognise, count the number of visitors, and
provide anonymous data about how our visitors use our websites.
Using analytics cookies helps us improve the way our websites work and navigate, ensuring
that users are able to find what they are looking for without difficulty. No personally
identifiable data is collected about you.
We use Google Analytical Cookies ending with:
_utma
_utmb
_utmc
_utmz
For further information please click
here https://support.google.com/analytics/answer/6004245.
Default Cookies
Our website is hosted on an industry-standard Microsoft webserver, which issues a default
cookie called asp.net_sessionid. This cookie is set as soon as you visit our site but expires
automatically after you leave it.
Some of our pages include plug-ins from social networking sites such as Facebook and
Twitter, and these sites may also set or retrieve cookies on your browser, if your browser is
already signed-in to them. These social networking cookies are exchanged between your
browser and the social networking sites you belong to, they are not accessible by us.
You can find out more about cookies and how to manage them on this Wikipedia article.
8. Monitoring
Although we take every reasonable step to protect the information that you provide, we
cannot guarantee the security or accuracy of the information that we gather. Please be
assured that all our staff must observe this policy. The Data Compliance Officer has overall
responsibility for this policy. They will monitor it regularly to make sure it is being adhered to.
If you have any questions or concerns about anything in this policy, do not hesitate to
contact the Data Compliance Officer.
9. Complaints
If you have a complaint as to how your data is being collected or used, please contact our
Data Compliance Officer in the first instance. If you are still not happy with the way your data
is being collected and used, you have the right to complain to the UK Supervisory Authority,
the ICO (www.ico.org.uk).
10. Links to other websites
Links on this website may take you to a third-party website. At the point you enter the third-
party website, the privacy and cookie policy of the third party will apply to any and all
information that you provide. It is important to read the third party’s privacy and cookie policy.
11. Notification of changes to this policy
Our privacy and cookie policy will be reviewed and enhanced from time to time. Please
check our website or contact us for a copy of the current privacy and cookie policy. If you
are not happy with the conditions of a revised privacy and cookie policy you may opt out by
contacting us.
12. Contact Us
If you have any concerns about our privacy policy please contact us at:
Post:
JustDucks Ltd
Dutch Barn 16,
Orwell Road,
Barrington, Cambridge
CB22 7SE
UK
Email: sales@justducks.co.uk (Data Compliance Officer); Telephone: 07710 490170
Updated: October 2024