Joyce Young Collections
By Storm Ltd and Joyce Young Collections takes your data privacy seriously. In order to provide you with our services we collect and use personal data which means that we are a ‘Data Controller’ and we are responsible for complying with Data Protection Laws and the General Data Protection Regulations (GDPR).
In this Privacy Notice, we want to inform you what information we collect, how we use it and what rights individuals have in relation to the collection and processing of their personal data.
Our Contact Details
Unit 1A, 1987 Maryhill Road
Tel: 0141 942 8900
If you have any questions in respect of this Privacy Notice or how we manage your personal data, please contact us at any time using the details above.
What personal data we collect and process
We collect the following types of data when you make an enquiry or purchase goods from us:
- General contact details such as your Name, Address, email address, Telephone number
- Details of goods purchased
- General communications between us
- Your payment or bank details
- Your account registration details
- Your marketing preferences
To provide you with our Services, we require you make payments through Worldpay. On the payment page you are asked to provide information such as your credit card type, credit card information, your full name, and card address details. This information is required to process your payments in exchange for the Services provided through Worldpay, however, we ourselves do not access or store your Payment Information.
All your card details are passed from your browser using the highest levels of PCI and SSL encryption and you can view the Worldpay privacy information here: https://online.worldpay.com/terms/privacy
Special Categories of Personal Data that we collect:
We do not collect special categories of data
How we collect your information
In most cases / We collect your data directly from you. We collect data and process it when you
- Register an account or subscribe to our mailing list on our Website
- Make a purchase via our shop / website
- Complete an online ‘contact us’ form
- Speak to us on the telephone to discuss or use our products
- Email or write to us to enquire about or use our products
We also receive your data indirectly from the following sources:
- Social Media Sites
- Public sources – demographic data, Market Research
Why we do we collect your information?
Where we collect and process personal data, we need to make sure we can identify both the purpose and our legal basis for doing so. There are 6 possible legal bases which are:
Consent – where we have consent from you to the processing your personal data for one or more specific purpose
Contract – where the processing is necessary for the performance of or negotiating a contract of sale with you
Legal Obligation – The processing is necessary for us to comply with our own legal obligations
Vital Interests – Where the processing is necessary in order to protect the vital interests someone
Public Interest – Where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
Legitimate Interests – Where the processing is necessary for the purposes of our legitimate interests pursued by the us, except where those interests are overridden by your interests or fundamental rights and freedoms.
Our purposes and legal basis for the information we collect are detailed below:
|Our Purpose||Our Legal Basis|
|To understand your requirements prior to making a sale with you||The processing is necessary for the performance of an anticipated Contract|
|To understand your requirements to ensure that any purchase meets your needs||The processing is necessary for the performance of a Contract with you|
|To fulfil your contract of sale and provide you with the service you expect||The processing is necessary for the performance of our Contract with you|
|To manage our business operations and comply with any internal policies and procedures||It is in our legitimate interests to use your personal information to ensure that we provide and adapt our services|
|To notify registered users / existing customers about changes to our service||It is in our Legitimate Interests to use your personal information to keep you informed about any changes that may affect you|
|For Marketing of similar products to existing or previous customers or enquirers||It is in our legitimate interests to use your personal information for marketing purposes where the services being marketed are similar and relevant to you.|
|For electronic Marketing of services to new customers||We rely on Consent for direct marketing potential new customers|
|To comply with our legal obligations, law enforcement, court and regulatory bodies requirements||To comply with our Legal Obligations|
|To identify and prevent fraud||It is in our Legitimate Interests to act as a responsible business|
Where we rely on your consent you have the right to withdraw this consent at any time by contacting us. Full contact details can be found at the beginning of this notice.
Legitimate Interests – Where the processing of personal data is based on our Legitimate Interests, it is to improve on our service, security and prevent fraud or illegal activity in favour of the wellbeing of our customers, employees and shareholders.
We may send you details of similar products to those you have enquired about or purchased from us previously. You can opt out of receiving this information from us at any time by contacting us using the above details or clicking ‘unsubscribe’ on any messages you may receive.
We will never share or sell your information to any other party for marketing purposes.
Who we share your information with?
From time to time we may share your personal information with other companies in the By Storm Ltd Group or with the following third parties for the purposes set out above:
- Other third parties who process data on our behalf such as Payment Services Providers
- Accountants, Auditors or Solicitors
- Software and Cloud Services
- Specialist Experts for example website operators, Marketing Companies
- Fraud detection Agencies
- Police and Law Enforcement agencies where reasonably necessary for the prevention or detection of a crime
- Debt Collection Agencies or Credit Reference Agencies only where necessary
- Selected Third Parties in connection with the sale, transfer or disposal of our business
International data transfers
Whilst we do not process your data outside of the UK, in today’s world with the use of cloud software and service or payment providers, your data can be transferred out with the UK.
Where this is the case, we ensure that appropriate safeguards are in place including ensuring that those countries have Adequacy decisions in relation to GDPR or that Standard Contract Clauses have been put in place to protect your data.
Automated decision-making or Profiling
We do not process personal data for automated decision making or profiling
How Long do we keep personal data for?
The following details the criteria used to establish the retention period set out within our policy.
Where it is still necessary for the provision of our Services
This includes the duration of any contract for products we have sold to you and for a period of 24 months after the end of any subscription or contract of sale with a view to maintaining and improving the performance of our products, keeping our systems secure, and maintaining appropriate business and financial records. Most of our retention periods are determined on the basis of this general rule.
Where required by Statutory, contractual or other similar obligations
Corresponding storage obligations may arise, for example, from laws or regulation. It may also be necessary to store personal data with regard to pending or future legal disputes. Personal data contained in contracts, notifications and business letters may be subject to statutory storage obligations depending on national law.
Your Rights as a data subject
As a data subject, you have rights in relation to your personal data. These are:
The Right to Access – You have the right to request details of personal information held or processed and to copies of this data. We do not usually charge for this service.
The Right to Rectification – You have the right to request that any information be corrected that you believe is inaccurate or to complete any information that you believe is incomplete.
The Right to Erasure – You have the right to request that we erase your personal information under certain conditions
The Right to Restrict Processing – You have the right to request that we restrict the processing of your personal data under certain circumstances
The Right to Object to Processing – You have the right to object to our processing of your data, under certain conditions.
The Right to Data Portability – You have the right to request that we transfer the data that we have collected to another organisation or directly to you, under certain conditions.
You also have the Right to Withdraw Consent where you have previously provided this at any time. To do so, please contact: Name, address to withdraw consent.
To exercise any of these rights, please contact:
You also have the right to complain to the Supervisory Authority. Where you wish to report a complaint or feel that we have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office at:
Information Commissioners Office
Helpline: 0303 123 1113
Online Enquiries: https://ico.org.uk/global/contact-us/
Contractual Obligations and Consequences
In some circumstances, the provision of personal data is partly required by law (for example, tax regulations, legal obligations) or can also result from contractual provisions. This means that it may sometimes be necessary to conclude or fulfil a contract, that the personal data be provided. In those circumstances where the data is not provided or where certain rights are exercised, (Erasure, Object) there is a possible consequence that the contract of sale could not be fulfilled or concluded and may be cancelled. In such an event refunds would not usually be provided.
Cookies & Similar Technologies
Please remember: when clicking on external links via our website or in this notice, or where you find us via social media platforms, we have no control over the privacy settings on these websites, so please remember to review the privacy information on those sites and set your preferences in line with their own policies and cookie controls separately.
We aim to protect your personal data through technical and organisational security measures to minimise risks associated with data loss, misuse, unauthorised access and unauthorised disclosure and alteration.
We store customer records with secure, controlled and restricted access. We operate organisational policies which detail electronic and physical security, security monitoring, access control and password security measures. We also maintain and use anti-virus and malware software and firewalls at all times.
Changes to our Privacy Notice
All businesses change from time to time. By Storm Ltd keep our Privacy Notice under regular review. This Privacy Notice was last updated on 1st September 2021.
If you have any questions in respect of this Privacy Notice or how we manage your personal data, please contact us using the details at the beginning of this notice.