What information do we collect
- Information you have provided to us such as Forename,
Surname, Delivery address, Billing address, Email address and Contact
phone number.
- Information relating to payment transactions processed
as part of placing an order with northeastguitar such as payment
provider (Visa, MasterCard, PayPal, Amazon, Bank Transfer, V12 Finance),
transaction reference and status. Please note we do not store your
credit card details.
- If you have signed up for a User Account we store your User Name and an encrypted version of your Password.
- If you contact us (either via our Contact Us page, direct email or via post) we may keep a copy of that correspondence
- If you have placed an order and respond to a Service or
Product Review request from one of our third party providers (TrustPilot
or Google Reviews) we may store your review and comments.
- General website analytics information relating to how
users arrive at our site, how long they stay on the site, pages visited,
how our site search is used etc. Please review our full Cookie Policy
- If you visit any of our retail premises your image may
be recorded and stored for a short time in our CCTV system for security
purposes only.
Why we collect this information and How we use it
We collect personal information from you so we can process
orders placed and keep you updated on their progress. Only where you
have given specific consent will we use any information collected to
contact or update you with marketing communications relating to products
or services. When you submit an order with us your personal details may
be shared internally with our sales staff, customer service staff and
warehouse staff and to fulfil the delivery of your order your personal
details may be shared with any relevant third-party courier companies
(Fedex, DPD, UK Mail, DHL or Royal Mail) or product
suppliers/distributors.
Where you have given consent to join our email marketing
list your personal details will be shared with our third party email
service provider Mailchimp. When you consent to receive email marketing
from northeastguitar in the form of newsletters, product updates and
information, promotional offers and discounts etc we will not share your
email address with any other third parties for marketing purposes.
Our legal basis for collecting and processing your
personal information is generally that we either have your explicit
consent, that we require this information in order to perform a contract
with you or that we have a legitimate business interest to do so.
How long we store the information we collect
We will securely store your information as long as is
necessary for warranty, financial and tax storage requirements. Once we
no longer have a legitimate business need to store or process your
personal information we will delete or remove it at the earliest
opportunity.
The information we collect may be stored and processed in
various locations, this will not include locations outside the European
Economic Area (EEA).
Who we may Share your personal information with
In order to fully process and deliver orders placed we
will share relevant personal information with third parties where
required and where opt-in consent has been given we will share relevant
personal information with third parties for marketing purposes.
You personal information may be shared with:
- Delivery and logistics partners to facilitate the delivery of your goods.
- Email service providers that enable us to send relevant marketing email communications.
- Server management and data storage providers that host and manage our secure website and business software applications.
- Payment service providers that enable payments online through our website, payment links or over the phone.
- Suppliers and/or Distributors to facilitate direct shipment of goods from third party warehouses to customers.
Any of our business partners mentioned above may have a
legitimate business need to store your personal information for a period
of time. We recommend that you review their privacy policies, where
requested we will assist in accessing copies of any third party Privacy
Policy.
Your rights under Data Protection Law
Under the General Data Protection Regulation (GDPR) you have the following rights as an individual:
- The right to be informed - you have the right to be
informed about the collection and use of your personal data, the purpose
of processing your data, the retention of your data and who it may be
shared with.
- The right of access - you have the right to be told what
personal data we hold about you on our database and how we process that
data. You also have the right to be provided with a copy of all
personal data we hold (in a format and time frame that is reasonable to
request, not exceeding 1 month), we will not charge for providing this
information.
- The right to rectification - you have the right to have any inaccurate personal data rectified or completed if incomplete.
- The right to erasure - you have the right to have
personal data erased, also known as the ‘right to be forgotten’. Where
appropriate requests have been made, deletion of personal data will be
processed within 1 month.
- The right to restrict processing - you have the right to
request restriction or suppression of you personal data although this
only applies in certain circumstances.
- The right to data portability - you have the right to
obtain and reuse the personal data we hold for your own purposes across
different services. This would generally involve a copy or transfer of
the personal data we hold in an electronic format from one IT
environment to another.
- The right to object - you have the right to object to
processing based on legitimate interests or the performance of a task in
the public interest/exercise of official authority (including
profiling), direct marketing (including profiling) and processing for
purposes of scientific/historical research and statistics.
- Rights related to automated decision making including profiling.