FREE delivery over £20 | Same day dispatch | Next Day Delivery available

FREE delivery over £20 | Same day dispatch | Next Day Delivery available

Search

This section doesn’t currently include any content. Add content to this section using the sidebar.

Image caption appears here

Add your deal, information or promotional text

Privacy policy

Last updated: August 2022

 

Your privacy is important to us. Here, we’ll explain how we use your personal information.

Who we are

Company name: Penny Black Glasgow Ltd

Email address: customerservice@penny-black.co.uk

Phone number: 03301239750

Registered address: 721-723 Great Western Road, Glasgow, G12 8QX, Scotland.

 

Personal data we might collect

Personal data means any information capable of identifying an individual – it doesn’t include anonymised data.

We might process certain types of personal data about you, like:

  • Identity: first name, maiden name, last name, username, marital status, title, date of birth and gender.
  • Contact: billing address, delivery address, email address and telephone numbers.
  • Financial: bank account and payment card details.
  • Transaction: details about payments and other purchases made by you.
  • Technical: login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
  • Profile: username and password, purchases or orders, your interests, preferences, feedback and survey responses.
  • Usage: information on how you use this site, products and services.
  • Marketing and communications data: your preferences in receiving marketing communications from us and any third parties.

We might also process anonymised aggregated data – this doesn’t reveal your identity, and isn’t classed as personal data.

Sensitive data

We don’t collect any sensitive data about you. Sensitive data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We don’t collect any information about criminal convictions and offences either.

Sometimes we need to collect personal data by law, or under the terms of the contract. If you don’t give us that data, we might not be able to perform the contract – for example, to deliver something to you. If we don’t have the data we need, we might have to cancel a product or service you’ve requested – in which case we’d let you know.

How we collect your personal data

The way we collect data about you can include:

  • Direct interactions: gathered when you fill in forms and interact with us online, in-store, by post, phone or email.
  • Automated technologies or interactions: as you use this site, we might automatically collect technical data through cookies.
  • Third parties or publicly available sources: we might get personal data about you from various third parties and public sources, like Companies House.

How we use that data

We only use your personal data if legally allowed. The most common instances are when we need the data to perform the contract between us, where it’s needed for legitimate interests for us or a third party, or where we need to comply with a legal or regulatory obligation.

You can withdraw consent to marketing at any time, just email us at customerservice@penny-black.co.uk or click the unsubscribe link in any of our marketing emails.

Why process personal data?

We only process your personal data for the reason it was collected – like when you opt in to marketing communications from us – unless we reasonably consider we need to use it for another reason. But that always has to be compatible with the original purpose. If you want to find out more, email us at customerservice@penny-black.co.uk.

Sharing personal data

Sometimes have to share your personal data to a secure third party, likely to:

  • Outsourced team members, including website designers and software providers.
  • Service providers who provide IT and system administration services.
  • Professional advisers, including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
  • HMRC, regulators and other authorities based in the UK (or other relevant jurisdictions) who ask for reporting of processing activities in certain circumstances.
  • Third parties that we may sell, transfer or merge parts of our business or assets to.
  • Applications and third-party tools – like social media and mailing platforms – that we use to run our business..

International transfers

Countries outside of the European Economic Area (EEA) don’t always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA – unless the transfer meets certain criteria.

When we transfer your personal data out of the EEA, we aim for a similar degree of security by ensuring at least one of the following safeguards is implemented:

  • The country provides an adequate level of protection for personal data, deemed by the European Commission.
  • The use of specific contracts, codes of conduct, or certification mechanisms approved by the European Commission, giving personal data the same protection it has in Europe.
  • Use of the EU-US Privacy Shield if transferring data to the US.

If none of the above safeguards are available, we might ask for your explicit consent to the transfer. You’ll have the right to withdraw this consent at any time.

Data security

Our security measures prevent your personal data from being accidentally lost, used in an unauthorised way, altered or disclosed. We limit access to your personal data to employees, agents, contractors and other third parties who have a business need-to-know – and they’re subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected personal data breach, and will let you – and any applicable regulator – know if this happens.

Data retention

We only keep your personal data long enough to fulfil the purposes we collected it for, including legal, accounting, or reporting needs. In some cases, this is an indefinite period. 

By law, we have to keep basic information about our customers (contact, identity, financial and transaction data) for six years – this is for tax purposes. In some cases, you can ask for your data to be deleted.

Sometimes, we’ll anonymise your personal data to use for research or statistical purposes. That information can be kept indefinitely, and doesn’t give away your identity.

Your legal rights

Under data protection laws, you have the right to:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Withdraw consent.

Find out more about these rights on the ICO website. To exercise any of these rights, email us at customerservice@penny-black.co.uk.

Third-party links

Our site might include links to third-party websites, plug-ins and applications. Clicking on those links, or enabling those connections, might give third parties access to data about you. We encourage you to read the privacy notice of every website you visit.

Cookies

You can set your browser to refuse all or some browser cookies, or to let you know when websites set or access them. If you disable or refuse cookies, some parts of our website might become inaccessible or not function properly. Check our cookies policy for more.

Our staff and data protection

All Penny Black employees get data protection awareness training and are regularly tested on compliance with data protection processes. 

Data protection breaches

We take all measures possible to protect your data. In the unlikely event that there’s a security breach, we’ll get started on fixing the situation immediately. If a customer is affected by a breach of data security, we’ll let them know as soon as possible.

Data protection impact assessment

If we start a new method of data processing, we’ll carry out a Data Protection Impact Assessment, in conjunction with the guidelines set out by the Information Commissioner’s Office.

Policy review

Our policy is often reviewed and updated to ensure compliance with changes in the law. If you have any queries, email customerservice@penny-black.co.uk.

What personal information is held?

We hold customer names, postal addresses, email addresses and telephone numbers. In some instances, we might have information on gender and date of birth.

How is this information gathered?

We get this information from different places, mainly:

  • When you sign up for our email newsletter.
  • When you place an order.
  • When you sign up to our rewards programme.

What happens with my information?

When you sign up to our newsletter, your email address is added to our mailing list software (currently Omnisend), and you’ll receive the odd email from us. We use explicit opt-in only forms to ensure you agree to subscribing. We might use your date of birth and gender information for targeted marketing. We don’t actively use postal addresses or telephone numbers. The lawful basis for holding this data is consent.

If you place an order, we store your name, postal address, email address and telephone number automatically within our EPOS system. It’s only used to fulfil the order you’ve placed with us – we don’t hold gender information. The lawful basis for holding this data is contract. 

If you sign up to our pennypals rewards programme, we store your name, email address and date of birth(if provided). You’ll be asked to explicitly consent, with a check box, to receive online marketing from us. The lawful basis for holding this data is consent.

If you signed up to our rewards programme before May 2018, we’ll have taken your name and email address – input into our EPOS system. In some instances, we might also have your postal address, date of birth, and gender. This information was given verbally in-store and entered into the EPOS system by a member of staff. The lawful basis for holding this data is consent.

Where is this information stored?

Information is securely stored on our EPOS system, provided by Shopify, and is accessible only by authorised staff members. If you’ve actively opted in to our email newsletter, your data is securely stored on Omnisend– password protected and accessed only by members of staff responsible for marketing. If you signed up for our rewards programme pennypals, your data is securely stored on Smile - password protected and accessed only by members of staff responsible for marketing.

How long is this information kept?

This information is held indefinitely.

How do I find out what information you have about me?

You can easily request a copy of information we hold about you – and it’s free. Find out more by emailing customerservice@penny-black.co.uk or writing to Penny Black Glasgow Ltd, 721-723 Great Western Road, Glasgow, G12 8QX.

How can I request that you delete my data?

You can request that we delete the information we hold about you at any time. You can also request that the processing of the data we hold be restricted. Find out more by emailing customerservice@penny-black.co.uk or writing to Penny Black Glasgow Ltd, 721-723 Great Western Road, Glasgow, G12 8QX.

Complaints and enquiries

Read every word, but want to know more about how we use your data? Write to us at the postal or email address above.

 

If you’re not happy with the way we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

 

Search