Here at The Scent Shop we’re 100% committed to protecting your privacy and security.
We promise to:
- Only use the information you give us to improve the service we deliver
- Protect your data like it’s our own
- Make this policy easy to understand so you are clear on what data we collect and use.
- Give you the power to decide what and how you hear from us
- Delete your information as soon as we no longer need it
Who is the Data Controller?
The Scent Shop UK is the “controller” for the purposes of data protection law. This means that we are responsible for deciding how we hold and use personal data about you.
So what is personal data?
Personal data means any information relating to a living individual who can be identified (directly or indirectly) using the information you give us (e.g. name, email address, home address, contact telephone number). It can be factual (e.g. contact details or date of birth), or an opinion about an individual’s actions or behaviour.
Data protection law divides personal data into two categories: ordinary personal data and special category data. Any personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, sexual life or sexual orientation, or biometric or genetic data that is used to identify an individual is known as special category data. (The rest is ordinary personal data). But don’t worry; we don’t collect special category data from our customers!
What type of ordinary personal data do we hold about you and why?
We collect, hold and use the following types of ordinary personal data about you:
- Data including; name, address, email address, contact number and payment information.
We hold and use this personal data so that we can:
- Process your order and correspond with you about it, including payment information.
- Make sure you are receiving the quality of service you expect.
What are our legal grounds for using your ordinary personal data?
Under General Data Protection Regulations, there are specific reasons by which we can process this information about you.
When we ask you for your details, we will use one or more of the following reasons as to why we are asking for it:
- We need it to take steps (at your request) in order to enter into a contract with you.
- We need it to comply with a legal obligation, e.g. the obligation to provide the goods you have purchased.
- It is necessary for our legitimate interests (or those of a third party) and your interests and your rights (which are covered later in this policy) do not override those interests (legitimate interest).
How do we collect your data?
You provide us with most of the personal data about you that we hold and use when you make a purchase through our website.
Who do we share your personal data with?
We may share some of your data with the following people, the types of data and our legal grounds for doing so are detailed below:
- All purchases made through our website are processed by Sage Pay. We are satisfied that Sage Pay have taken all reasonable measures to ensure the security of your data when purchasing our products. This is in our legitimate interest to manage the payment transactions this way.
- We share some of your personal data with the Royal Mail in order to get your items to you. This is in order to fulfil the contract that we have entered into with you.
Consequences of not providing personal data
If you do not wish to provide us with your information, that’s entirely your choice. Please bear in mind that if you don’t provide us with the information we require for the reasons we have stated, we may not be able to complete your order.
How long will we keep your personal data?
We’ll only hold onto your information for as long as it’s needed to be able to fulfil our contract to supply you with your products.
If we think it’s reasonably necessary or if we’re required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions, we may also keep hold of some of your information as required even after you have made your order.
The new regulations set out the rights that everyone has if a business is processing data about you, they are:
- The right to make a subject access request. This enables you to receive certain information about how we use your data, as well as to receive a copy of the personal data we hold about you and to check that we are doing exactly what we say we are doing!
- The right to request that we correct incomplete or inaccurate personal data that we hold about you. This speaks for itself, if we have the wrong email address or phone number, you have the right to tell us to make it right!
- The right to request that we delete or remove personal data that we hold about you where we don’t have a good reason for keeping hold of it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- The right to object to our processing your personal data where we are relying on our legitimate interest (or those of a third party), where we cannot give a good reason for processing the data about you.
- The right to request that we restrict our processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to tell you how accurate the information is or you want to know why we are asking for this information.
- The right to withdraw your consent to us using your personal data. Alongside this, you also have the right to request that we delete or remove that data, if we do not have another good reason to continue using it.
- The right to request that we transfer your personal data to another party, in respect of data that you have provided where our legal ground for using the data is that it is necessary for the performance of a contract or that you have consented to us using it (this is known as the right to “data portability”).
If, for whatever reason, you want to exercise any of these rights, please contact us on email@example.com. Please be aware that these rights are not concrete and in some circumstances we may be entitled to refuse some or all of your request.
Contact forms and email links
Should you choose to contact us using the contact form on our Contact us page or via email links, none of the data that you supply will be stored by this website or passed to/be processed by any of the third party data processors. Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices.
If you have any questions or concerns about how your personal data is being used by us, you can contact us at firstname.lastname@example.org. If you aren’t happy with how GAP are processing your data, you also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Details of how to contact the ICO can be found on their website: