General Data Protection Regulations (GDPR)
PRIVACY STATEMENT FOR Stramash Games Limited
New regulations are coming into place on 25 May 2018 around how organisations record, store and use your personal data. This legislation is the General Data Protection Regulation (GDPR), which is designed to give you full control over your personal data.
Stramash Games Limited respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you are using the Stramash Games Limited website or are a customer of Stramash Games Limited directly for the purchase of a game. It also tells you about your privacy rights and how the law protects you.
All data subjects whose personal data is collected, in line with the requirements of the GDPR.
2.1 Tony Mitchell, Data Compliance Officer is responsible for ensuring that this notice is made available to data subjects prior to Stramash Games Limited collecting/processing their personal data.
2.2 All Employees/Staff of Stramash Games Limited who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and their consent to the processing of their data is secured
3. Who we are:
Stramash Games Ltd is the company that has created and sells The Original Stramash – The Scottish Board Game.
4. The data we collect about you:
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
(a) Identity Data includes first name and last name.
(b) Contact Data includes billing and delivery address, email address, phone numbers
(c) Transaction data – details of payments between us
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
4.1 If you fail to provide personal data:
Where we need to collect personal data by law, or under the terms of an agreement we have with you and you fail to provide that data when requested, we may not be able to perform the agreement we have or are trying to enter into with you. In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
5. How is your personal data collected:
We use different methods to collect data from and about you including through:
· Direct interactions. You may give us your data by filling in forms or by corresponding with us by post, phone, email, the Stramash Games Limited website, Facebook site or otherwise.
6. How we will use your personal data:
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
· Where we need to perform the agreement we are about to enter into or have entered into with you (e.g. – contract of sale)
· Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
· Where we ask for your explicit opt in consent for contact for marketing and promotional purposes.
7. Purposes for which we will use your data:
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact Tony Mitchell if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|Purpose||Type of Data||Lawful Basis|
|Create an account on the site
|(a ) Identity
(b ) Contact
|Legitimate interest – to facilitate an efficient buying process and create customer order history|
|Sign up for mailing list||(b ) Contact||Consent – to enable us to keep in touch with you about improvements to the product or special offers|
|Order products or services
|(a ) Identity
(b ) Contact
|Contract – allow us to fulfil our contractual obligations and satisfy the order placed on the Stramash Games Limited website|
|Provide reporting and sales information||(c ) Transaction data||Legitimate interest – to assist with the efficient management of ordering and fulfilment. To be used internally for management accounting purposes.|
If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact Tony Mitchell.
If we need to us
8. Change of purpose:
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason ie your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
9. Disclosures of your personal data:
We may have to share your personal data with the parties set out below for the purposes set out in the table in section 7 above.
Stramash Games Limited may share your data with external third parties when there is a legitimate or lawful reason to do so. These third-parties may include:
· Paypal Limited
· myHermes Limited
· NOP Commerce
Stramash Games Limited may transfer your data to countries outside the European Economic Area, however, adequate safeguard arrangements will be in place in the receiving country.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
10. Data Retention:
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
11. Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
· Right of access – you have the right to request a copy of the information that we hold about you. Under the GDPR, there is no longer a charge for a Subject Access Request. Please put all requests in writing to firstname.lastname@example.org
· Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
· Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
· Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
· Right of portability – you have the right to have the data we hold about you transferred to another organisation.
· Right to object – you have the right to object to certain types of processing such as direct marketing.
· Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
· Right to judicial review: in the event that Stramash Games Limited refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in clause 12.
Stramash Games Limited is the controller and responsible for collecting your personal data. Our Data Compliance contact can be reached here:
Contact: Tony Mitchell, Managing Director
Tel: 07720 349433
In the event that you wish to make a complaint about how your personal data is being processed by LBC, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority, The Information Commissioners Office in the United Kingdom (available at www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.