Privacy Policy for Cosyfeet – Healthcare Professional Data
Cosyfeet is a trading name of Foot Shop Ltd whose registered address is The Tanyard, Leigh Road, STREET, Somerset, BA16 0HR. Company Registration number 1686089. VAT registration number 436 9410 41.
You can trust Cosyfeet to ensure we keep your data safe because your privacy and security is extremely important to us. All information that you share with us will only be used in accordance with this privacy policy and we will share with you all data held if you request that of us. We may process your personal information for carefully considered and specific purposes which are in our interest and enable us to enhance the services we provide, but which we believe also benefit our customers. See below for more details.
Under the GDPR definition, Cosyfeet uses “Legitimate Business Use” as the basis for processing your data. This does not affect any of your rights under the regulation and you have the right to object to us processing your data in this way.
General Data Protection Regulation and What It Means To You
The GDPR (EU) 2016/679 (or ‘GDPR’) will ensure that you have right on how and with whom your data is used and stored. Under GDPR you will have fundamental right to:
- be processed lawfully, fairly and in a transparent manner
- be forgotten
- not be profiled or to limit profiling
- not have your data passed to someone else
- see a copy of all data stored by us
- object
- data portability
- lodge a complaint with a supervisory authority by contacting the Information Commissioner’s Office (ICO)
We will comply with all the above rights. Please note that should you decide to purchase goods from us our general privacy policy applies.
What data do we collect about you?
- We collect your personal data such as your name, address, telephone number, email address and profession.
- We also store details of resources you have requested from us.
- Online we also collect information about visitors to our website via e-mails, online forms and contact us pages, as well as some tracking information (please see ‘Use of Cookies’).
How do we ensure your data is safe?
PCI DSS 3.2 Compliance |
Our systems are secured by firewalls and other security measures that meet accepted industry standards and are regularly tested to ensure they meet standards set by the PCI DSS Security Council. Our websites & external internet connections are tested monthly by Trustwave Holdings, Inc., an Approved Scanning Vendor (ASV) and Qualified Security Assessor Company (QSA-C). |
https://www.trustwave.com |
SSL |
All connections to our web sites are encrypted and are verified by Cloudflare. We do not store any payment card information online beyond that which is permitted under the PCI DSS 3.2. |
https://www.Cloudflare.com |
NCSC Cyber Essentials |
Cosyfeet is working towards Cyber Essentials accreditation from the UK National Cyber Security Centre. |
https://www.ncsc.gov.uk/cyberessentials/overview |
Why we collect this data and what we do with it
We use the data to contact you via our mailing and email programmes and to keep you up to date on our product range, competitions and prize draws that we run from time to time. We may also send you information via SMS.
We will profile your data by using your name, address and request history to keep our communications relevant to you and your requirements.
If you do not wish us to profile your data please let us know.
We use the following criteria to categorise your purchase behaviour to add you to an appropriate mailing cell.
Unless you specifically request otherwise, we will keep your data for 7 years after your last interaction with us, after this point it will be deleted.
Data Backups
Cosyfeet uses industry standard backup technologies to protect sensitive customer data against loss, theft or disaster.
All data backups are stored within the European Economic Area & are retained for 30 days.
Who do we pass your data to?
We do not pass on or sell details of healthcare professionals on our database.
Which Third Parties do we share data with and what data do we share?
Other companies that we send data to produce mailings, emails, offer data cleansing services and to gather feedback. All these companies do not pass your data to anyone else and will delete your data once processed.
Company | Reason |
CustomerKnect Registered Address: CustomerKnect, Unit 6, Fox Cover Enterprise Park, Admiralty Way, Seaham, SR7 7DN |
Mailing Production Catalogue Request Mailing Follow-Up Mailings |
Sunline Direct Mail Limited Registered Address: Cotton Way, Weldon Rd Industrial Estate, Loughborough, Leicestershire. LE11 5FJ |
Mailing Production |
dotdigital Limited Registered Address: No. 1 London Bridge, London, SE1 9BG |
Email Marketing, abandoned cart & Processing |
AFD Registered Address: Mountain View Innovation Centre, Jurby Road, Lezayre, Ramsey, ISLE OF MAN, IM7 2DZ |
Address Cleansing, Deduplication & Suppression |
Edit Agency T/A Wood for Trees Limited Registered Address: 20 Manvers Street, Bath, BA1 1JW Web: https://edit.co.uk/ |
Data Profiling & Processing Off-site Disaster Recovery |
Sub2Tech Registered Address: Sub2 Technologies, 115 Baker St, London, W1U 6RT |
Data Profiling & Advertising |
Adalyser Registered Address: Manchester Business Park, 3000 Aviator Way, Manchester, M22 5TG |
An analytics platform that is used to measure response to TV advertising. |
The Pixel Registered Address: Unit 5.19 Paintworks, Bath Road, Bristol, BS4 3EH |
Website development, hosting & management |
We share relevant personal data with the following delivery and fulfilment partners (where appropriate) to ensure you receive our products and services:
- Parcel Force - https://www.parcelforce.com/
- Royal Mail - https://www.royalmail.com/
- DPD (UK) - https://www.dpd.co.uk/
- UPS - https://www.ups.com/gb/en/Home.page
Disclosures
We will only disclose data when obliged to disclose personal data by law, or the disclosure is ‘necessary’ for purposes of national security, taxation and criminal investigation, or we have your consent, and to the following:
- Other companies within our Group of companies.
- Suppliers we engage to process data on our behalf: Epsilon Abacus, Wood for Trees Ltd
- Successors in title to our business.
Use of Personal Information
We process personal information collected via our websites and mail order for the purposes of:
- Providing information about products and services
- Providing and personalising our services
- Dealing with your enquiries and requests
Data Capture Information
We will send you information according to the preferences you submitted via our order form/data capture form/contact us page.
If you would like to change these preferences at any point, please contact us using the details at the end of this document.
Other Websites
Our website may contain links to other websites that are outside our control and are not covered by this Privacy Policy. If you access other sites using the links provided, the operators of these sites may collect information from you that will be used by them in accordance with their privacy policy, which may differ from ours.
Subject Access Requests
You have the right to see what personal data we hold about you.
To obtain a copy of the personal information we hold about you, please write to our Data Officer using the details at the end of this document.
The Right to be Forgotten
Under the EU GDPR, you have a right to request to be forgotten.
We will endeavour to honour this request as quickly as possible. If we are not able to satisfy the request to be forgotten for legitimate business reasons, we will notify you in writing.
Data will be removed from our Live database(s) as soon as possible. It will also leave our system backup rotation within 30 days.
Please note that exercising your ‘Right to be Forgotten’ will void your entitlement to our ‘No Quibble Guarantee’ unless you can provide proof of purchase.
Internet-based Transfers
Given that the Internet is a global environment, using it to collect and process personal data necessarily involves the transmission of data on an international basis. This means for instance that data you pass to us may be processed outside the European Economic Area, although the data will always be held securely and in line with the requirements of UK data protection legislation. By communicating electronically with us, you acknowledge and agree to our processing of personal data in this way.
Use of Cookies
A cookie is a small piece of information sent by a web server to a web browser, which enables the server to collect information from the browser.
Find out more about cookies on www.allaboutcookies.org.
We use cookies to identify you when you visit this website and to keep track of your browsing patterns and build up a demographic profile.
Our use of cookies also allows registered users to be presented with a personalised version of the site, carry out e-commerce transactions and have access to information about their account.
Most browsers will allow you to turn off cookies. If you want to know how to do this, please see your browser help documents or follow instructions on www.allaboutcookies.org.
Please note, turning off certain cookies means you won’t be able to access your account or checkout. You will need to call us on 01458 447275 to place your order.
We use the following cookies on our site:
Cookie | Who owns this data | How long this data is kept for | Is this a 1st party or a 3rd party cookie? | Data collected by the cookie |
__ar_v4 | .www.cosyfeet.com | 6 Years 9 Months | 1st | Unspecified |
_te_ | .www.cosyfeet.com | 1 Year | 1st | Unspecified |
currency | .www.cosyfeet.com | 1 Month | 1st | Remembers currency selected |
frontend_cid | .www.cosyfeet.com | 1 Month | 1st | Magento preset cookie |
nocache | .www.cosyfeet.com | 1 Month | 1st | Unspecified |
_ga | .cosyfeet.com | 2 years | 1st Party | Google analytics |
_gid | .cosyfeet.com | 1 day | 1st Party | Google analytics |
civicCookieControl | .cosyfeet.com | 0 seconds | 1st Party | Used to control the 'Cookie Control' banner |
_uetsid | .cosyfeet.com | 30 minutes | 1st Party | Unspecified |
__atuvc | www.cosyfeet.com | 2 years | 1st Party | Unspecified |
__atuvs | www.cosyfeet.com | 30 minutes | 1st Party | Unspecified |
civicCookieControl | www.cosyfeet.com | 3 months | 1st Party | Unspecified |
civicCookieControl | .cosyfeet.com | 0 seconds | 1st Party | Used to control the 'Cookie Control' banner |
loc | .addthis.com | 2 years | 3rd Party | Geolocation, used to help publishers know approximately where people sharing information are located. (State level) |
di2 | .addthis.com | 2 years | 3rd Party | Maintenance cookies that help manage expiration for other cookies |
ssc | .addthis.com | 2 years | 3rd Party | Recording user sharing and social activity |
uvc | .addthis.com | 2 years | 3rd Party | Recording user sharing and social activity |
uid | .addthis.com | 2 years | 3rd Party | Uniquely assigned machine-generated user ID |
bt2 | .addthis.com | 8 months 13 days | 3rd Party | User interest modeling |
um | .addthis.com | 2 years | 3rd Party | Unspecified |
vc | .addthis.com | 2 years | 3rd Party | Unspecified |
MR | .bat.bing.com | 6 months 3 days | 3rd Party | Bing tracking cookie |
MUID | .bing.com | 13 months | 3rd Party | Bing tracking cookie |
IDE | .doubleclick.net | 2 years | 3rd Party | Google Ads tracking cookie |
id | .doubleclick.net | 2 years | 3rd Party | Google Ads tracking cookie |
test_cookie | .doubleclick.net | 1 hour 15 minutes | 3rd Party | Google Ads tracking cookie |
_ga | .feefo.com | 2 years | 3rd Party | Feefo Google analytics |
_gid | .feefo.com | 2 years 1 day | 3rd Party | Feefo Google analytics |
APISID | .google.co.uk | 2 years | 3rd Party | Unspecified |
CONSENT | .google.co.uk | 21 years | 3rd Party | Unspecified |
HSID | .google.co.uk | 2 years | 3rd Party | Unspecified |
NID | .google.co.uk | 6 months | 3rd Party | Unspecified |
SAPISID | .google.co.uk | 2 years | 3rd Party | Unspecified |
SID | .google.co.uk | 2 years | 3rd Party | Unspecified |
SSID | .google.co.uk | 2 years | 3rd Party | Unspecified |
NID | .google.com | 6 months 3 days | 3rd Party | Unspecified |
AID | .googleadservices.com | 18 months | 3rd Party | Google Ads tracking cookie |
MUIDB | bat.bing.com | 2 years | 3rd Party | Unspecified |
ups | s7.addthis.com | 2 years | 3rd Party | Unspecified |
DV | www.google.co.uk | 10 minutes | 3rd Party | Unspecified |
OTZ | www.google.com | 0 seconds | 3rd Party | Unspecified |
aw_pop*. | www.cosyfeet.com | 1 hour | 1st Party | Used when visiting the website to control alerts |
aw_popup_closed_* | www.cosyfeet.com | When the browsing session ends | 1st Party | |
current_popid | www.cosyfeet.com | When the browsing session ends | 1st Party | |
firstvisittime | www.cosyfeet.com | 99 years | 1st Party | |
session-set | www.cosyfeet.com | 20 years | 1st Party | |
__adal_ca | www.adalyser.com | 6 months | 1st Party | Traffic source / campaign data - Store which advertising campaign drove a user to visit |
__adal_cw | www.adalyser.com | 7 days | 1st Party | Visit timestamp - Tie back conversion events to earlier visits |
__adal_id | www.adalyser.com | 2 Years | 1st Party | Uniquely identify a device |
Contacting Us Regarding this Privacy Policy
You may ask us at any point not to share your information with 3rd Parties, by contacting us by email at comfort@cosyfeet.com
If you wish to speak to someone over the phone regarding any issues, concerns or comments about this document, please call us on 01458 447275.
Alternatively, you can also write to our Data Officer at:
Nick Brine, Data Officer,
Cosyfeet,
Unit 5, The Tanyard,
Leigh Road,
Street,
Somerset
BA16 0HR.
Amendments
Please note that this privacy policy is subject to change from time to time.
It was last updated on 23/08/2023.