Last updated: August 2022
Your privacy is important to us. Here, we’ll explain how we use your personal information.
Company name: Penny Black Glasgow Ltd
Email address: customerservice@penny-black.co.uk
Phone number: 03301239750
Registered address: 721-723 Great Western Road, Glasgow, G12 8QX, Scotland.
Personal data means any information capable of identifying an individual – it doesn’t include anonymised data.
We might process certain types of personal data about you, like:
We might also process anonymised aggregated data – this doesn’t reveal your identity, and isn’t classed as personal data.
We don’t collect any sensitive data about you. Sensitive data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We don’t collect any information about criminal convictions and offences either.
Sometimes we need to collect personal data by law, or under the terms of the contract. If you don’t give us that data, we might not be able to perform the contract – for example, to deliver something to you. If we don’t have the data we need, we might have to cancel a product or service you’ve requested – in which case we’d let you know.
The way we collect data about you can include:
We only use your personal data if legally allowed. The most common instances are when we need the data to perform the contract between us, where it’s needed for legitimate interests for us or a third party, or where we need to comply with a legal or regulatory obligation.
You can withdraw consent to marketing at any time, just email us at customerservice@penny-black.co.uk or click the unsubscribe link in any of our marketing emails.
We only process your personal data for the reason it was collected – like when you opt in to marketing communications from us – unless we reasonably consider we need to use it for another reason. But that always has to be compatible with the original purpose. If you want to find out more, email us at customerservice@penny-black.co.uk.
Sometimes have to share your personal data to a secure third party, likely to:
Countries outside of the European Economic Area (EEA) don’t always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA – unless the transfer meets certain criteria.
When we transfer your personal data out of the EEA, we aim for a similar degree of security by ensuring at least one of the following safeguards is implemented:
If none of the above safeguards are available, we might ask for your explicit consent to the transfer. You’ll have the right to withdraw this consent at any time.
Our security measures prevent your personal data from being accidentally lost, used in an unauthorised way, altered or disclosed. We limit access to your personal data to employees, agents, contractors and other third parties who have a business need-to-know – and they’re subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected personal data breach, and will let you – and any applicable regulator – know if this happens.
We only keep your personal data long enough to fulfil the purposes we collected it for, including legal, accounting, or reporting needs. In some cases, this is an indefinite period.
By law, we have to keep basic information about our customers (contact, identity, financial and transaction data) for six years – this is for tax purposes. In some cases, you can ask for your data to be deleted.
Sometimes, we’ll anonymise your personal data to use for research or statistical purposes. That information can be kept indefinitely, and doesn’t give away your identity.
Under data protection laws, you have the right to:
Find out more about these rights on the ICO website. To exercise any of these rights, email us at customerservice@penny-black.co.uk.
Our site might include links to third-party websites, plug-ins and applications. Clicking on those links, or enabling those connections, might give third parties access to data about you. We encourage you to read the privacy notice of every website you visit.
You can set your browser to refuse all or some browser cookies, or to let you know when websites set or access them. If you disable or refuse cookies, some parts of our website might become inaccessible or not function properly. Check our cookies policy for more.
All Penny Black employees get data protection awareness training and are regularly tested on compliance with data protection processes.
We take all measures possible to protect your data. In the unlikely event that there’s a security breach, we’ll get started on fixing the situation immediately. If a customer is affected by a breach of data security, we’ll let them know as soon as possible.
If we start a new method of data processing, we’ll carry out a Data Protection Impact Assessment, in conjunction with the guidelines set out by the Information Commissioner’s Office.
Our policy is often reviewed and updated to ensure compliance with changes in the law. If you have any queries, email customerservice@penny-black.co.uk.
We hold customer names, postal addresses, email addresses and telephone numbers. In some instances, we might have information on gender and date of birth.
We get this information from different places, mainly:
When you sign up to our newsletter, your email address is added to our mailing list software (currently Omnisend), and you’ll receive the odd email from us. We use explicit opt-in only forms to ensure you agree to subscribing. We might use your date of birth and gender information for targeted marketing. We don’t actively use postal addresses or telephone numbers. The lawful basis for holding this data is consent.
If you place an order, we store your name, postal address, email address and telephone number automatically within our EPOS system. It’s only used to fulfil the order you’ve placed with us – we don’t hold gender information. The lawful basis for holding this data is contract.
If you sign up to our pennypals rewards programme, we store your name, email address and date of birth(if provided). You’ll be asked to explicitly consent, with a check box, to receive online marketing from us. The lawful basis for holding this data is consent.
If you signed up to our rewards programme before May 2018, we’ll have taken your name and email address – input into our EPOS system. In some instances, we might also have your postal address, date of birth, and gender. This information was given verbally in-store and entered into the EPOS system by a member of staff. The lawful basis for holding this data is consent.
Information is securely stored on our EPOS system, provided by Shopify, and is accessible only by authorised staff members. If you’ve actively opted in to our email newsletter, your data is securely stored on Omnisend– password protected and accessed only by members of staff responsible for marketing. If you signed up for our rewards programme pennypals, your data is securely stored on Smile - password protected and accessed only by members of staff responsible for marketing.
This information is held indefinitely.
You can easily request a copy of information we hold about you – and it’s free. Find out more by emailing customerservice@penny-black.co.uk or writing to Penny Black Glasgow Ltd, 721-723 Great Western Road, Glasgow, G12 8QX.
You can request that we delete the information we hold about you at any time. You can also request that the processing of the data we hold be restricted. Find out more by emailing customerservice@penny-black.co.uk or writing to Penny Black Glasgow Ltd, 721-723 Great Western Road, Glasgow, G12 8QX.
Read every word, but want to know more about how we use your data? Write to us at the postal or email address above.
If you’re not happy with the way we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).