Your basket: 0 items
- Home >
- Security & Privacy
- Home >
- Security & Privacy
Under the GDPR definition, Cosyfeet uses “Legitimate Business Use” as the basis for processing your data. This does not affect any of your rights under the regulation and you have the right to object to us processing your data in this way.
General Data Protection Regulation and What It Means To You
The GDPR (EU) 2016/679 (or ‘GDPR’) will ensure that you have right on how and with whom your data is used and stored. Under GDPR you will have fundamental right to:
- 1. be processed lawfully, fairly and in a transparent manner
- 2. be forgotten
- 3. not be profiled or to limit profiling
- 4. not have your data passed to someone else
- 5. see a copy of all data stored by us
- 6. object
- 7. data portability
We will comply with all the above rights but please note that if you have claimed VAT relief on your purchases we are required to keep this information for 7 years after the purchase to comply with HMRC VAT regulations. In addition to this, other data relating to financial transactions may need to be held to comply with financial regulations.
Under these circumstances your data will be moved to a separate part of our customer database, obfuscated (if appropriate) and will not be available to marketing or customer services.
You will be informed of any instances where we have not been able to comply with a specific data request and why.
What data do we collect about you?
- We collect your personal data such as your name, address, your date of birth (if you want to give it to us), telephone number and email address.
- We will ask if you are the end user, a relative or a carer for the end user.
- We also store details of what you have purchased from us, goods you have returned to us and whether you are entitled to VAT relief, which will also contain the medical reason for allowing VAT relief.
- All payment card details are encrypted ahead of transmission to payment processors.
- The last 4 digits of your PAN and the card expiry date are visible within our system, which is allowed under the PCI DSS 3.2 (Please see the section on Payment Processing for more information).
How do we ensure your data is safe?
Cosyfeet follows industry best practices with our customer cardholder data, using technologies such as strong encryption, payment card tokenisation & obfuscation.
Please Note: Cosyfeet does not operate any of the stores in our stockist network (https://www.cosyfeet.com/stockists) and is not liable for the security of their systems or processing practices.
Why we collect this data and what we do with it
We use the data to contact you via our mailing and email programmes and to keep you up to date on new products, competitions and prize draws that we run from time to time.
We will profile your data by using your name, address and purchasing history to keep our offers and mailings relevant to you and your requirements.
If you do not wish us to profile your data, we will not be able to add you to our marketing programme.
We use the following criteria to categorise your purchase behaviour to add you to an appropriate mailing cell.
- Catalogue requested 0-6 months = Enquirer
- Last purchased 0-18 months = Active customer
- Last purchased 18-36 months = Lapsing customer
- Last purchased over 36 months = Lapsed customer
How long do we keep this data?
Data from Enquirers who do not go on to purchase will be removed from our systems 6 months after their most recent catalogue request.
Data from Active, Lapsing and Lapsed customers will be kept indefinitely, to honour our ‘No Quibble Guarantee’ (https://www.cosyfeet.com/guarantee).
Cosyfeet uses industry standard backup technologies to protect sensitive customer data against loss, theft or disaster.
All data backups are stored within the European Economic Area & are retained for 30 days.
Who do we pass your data to?
We will pass your data to 3rd parties that we think will be of interest to you.
We will only do this if you have given us permission to do so or for the explicit means of getting our products to you.
Which Third Parties do we share data with and what data do we share?
We share your full name, address, last purchase date and order value with:
Epsilon Abacus (registered as Epsilon International UK Ltd)
67 Broad Street, Teddington, Middlesex, TW11 8QZ
The above may share your information with companies who offer products or services that they have identified as likely to be of interest to you. These companies may contact you via postal mail only.
Epsilon Abacus manage the Abacus Alliance on behalf of UK retailers. The participating retailers are active in the clothing, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors categories. They share information on what their customers have purchased.
Epsilon Abacus pools and analyses this data to understand what consumers like to buy. Based on the resultant insights, retailers can tailor their communications, sending offers by post that should be of interest to the individual.
Other companies that we send data to produce mailings, emails, offer data cleansing services and to gather feedback. All these companies do not pass your data to anyone else and will delete your data once processed.
We share relevant personal data with the following delivery and fulfilment partners (where appropriate) to ensure you receive our products and services:
- Parcel Force - https://www.parcelforce.com/
- Royal Mail - https://www.royalmail.com/
- DPD (UK) - http://www.dpd.co.uk/
- UPS - https://www.ups.com/gb/en/Home.page
- Home Supplies - http://www.homesupplies-direct.co.uk/
- TOPRO - http://www.topro.co.uk/
- The Helping Hand Company - http://www.helpinghand.co.uk/
- Foam for Home - https://www.foamforhome.co.uk/
We will only disclose data when obliged to disclose personal data by law, or the disclosure is ‘necessary’ for purposes of national security, taxation and criminal investigation, or we have your consent, and to the following:
- Other companies within our Group of companies: Walktall (https://www.walktall.co.uk/)
- Suppliers we engage to process data on our behalf: Epsilon Abacus, Wood for Trees Ltd
- Successors in title to our business.
Use of Personal Information
We process personal information collected via our websites and mail order for the purposes of:
- Providing information about products and services
- Providing and personalising our services
- Dealing with your enquiries and requests
- Administering orders and accounts relating to our suppliers or customers
- Trading in personal information (selling, hiring or exchanging information) - Abacus UK
- Conducting market research
Data Capture Information
We will send you information according to the preferences you submitted via our order form/data capture form/contact us page.
If you would like to change these preferences at any point, please contact us using the details at the end of this document.
Subject Access Requests
You have the right to see what personal data we hold about you.
To obtain a copy of the personal information we hold about you, please write to our Data Officer using the details at the end of this document.
The Right to be Forgotten
Under the EU GDPR, you have a right to request to be forgotten.
We will endeavour to honour this request as quickly as possible. If we are not able to satisfy the request to be forgotten for legitimate business reasons, we will notify you in writing.
Data will be removed from our Live database(s) as soon as possible. It will also leave our system backup rotation within 30 days.
Please note that exercising your ‘Right to be Forgotten’ will void your entitlement to our ‘No Quibble Guarantee’ unless you can provide proof of purchase.
Given that the Internet is a global environment, using it to collect and process personal data necessarily involves the transmission of data on an international basis. This means for instance that data you pass to us may be processed outside the European Economic Area, although the data will always be held securely and in line with the requirements of UK data protection legislation. By communicating electronically with us, you acknowledge and agree to our processing of personal data in this way.
A cookie is a small piece of information sent by a web server to a web browser, which enables the server to collect information from the browser.
Find out more about cookies on www.allaboutcookies.org.
Most browsers will allow you to turn off cookies. If you want to know how to do this, please see your browser help documents or follow instructions on www.allaboutcookies.org.
Please note, turning off certain cookies means you won’t be able to access your account or checkout. You will need to call us on 01458 447275 to place your order.
We use the following cookies on our site:
You may ask us at any point not to share your information with 3rd Parties, by contacting us by email at email@example.com
If you wish to speak to someone over the phone regarding any issues, concerns or comments about this document, please call us on 01458 447275.
Alternatively, you can also write to our Data Officer at:
Jackie Bemmer, Data Officer,
Unit 5, The Tanyard,
It was last updated on 29/05/2018.