Privacy

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Cookies allow web applications to respond to you as an individual.

We use traffic log cookies to identify which pages are being used. We only use this information for statistical analysis purposes. Once this work is complete the data is removed from the system.

Most web browsers automatically accept cookies, but you should be able to modify your browser setting to decline cookies if you prefer.

In addition, we use Google Analytics, which automatically collects and stores the following information about your visit: the internet domain and IP address from where you access our website; the type of browser software and operating system used to access our website; the date and time you access our website; the pages you enter, visit and exit our website from; and if you linked to our website from another website, the address of that website.

Our website may contain links to other websites of interest. Once you have used these links to leave the Artisans of Devizes site we cannot be responsible for the protection and privacy of any information which you provide whilst visiting any other website.

Please note that other websites have their own privacy policy, which you should read.

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. You may request details of personal information which we hold about you under the Data Protection Act 1998.

If you would like a copy of the information held on you contact Artisans of Devizes. If you believe that any information we are holding on you is incorrect or incomplete, please contact Artisans of Devizes.

Artisans of Devizes, Ca’Peitra and Stoneworth Warehouse (trading names of Sarsen Stone Group Limited; “we”, “our” and “us” in this policy) recognise the importance of respecting and protecting your personal data (information) and yet in order to be able to continue to provide you with the level of service you have come to expect from us we need to collect, process and share a certain amount of information about you. In this document, we explain what information we’re likely to hold, how we collect it and how we will use or share it. It also explains your rights and how to contact us or the ICO in the event you have a complaint. Our commitment to you is that we will continue to treat your personal data fairly and legally and with the same discretion and respect as we have always applied.

Sarsen Stone Group Limited is the data controller of your information. This means that we exercise some judgment in determining how and why to process the information you share with us. We may share your information with the other members of our group of companies. If you have questions about how we process your information that aren’t answered in this policy, we invite you to get in touch with us at marketing@sarsenstonegroup.com. This policy applies to all your information however captured, including through our website or via our office and showroom.

We incorporate your marketing preferences in our CRM system, which affects how we will process your information. On our website, when you contact us, request a brochure or sample, you can tell us your marketing preferences, you can specify whether you would like to receive direct marketing communications and limit the use of your information. You can update your marketing preferences by emailing marketing@sarsenstonegroup.com.

Here we summarise the information we collect, why and how we use it and who we share it with.  We will keep your data secure and won’t sell your personal data to third parties – ever. We only use your personal data to help us provide you with a great service, and tailor the information we share with you to help make it relevant, useful and timely. We will only share your personal data with organisations involved in fulfilling our role as your wine merchant, such as delivery or storage companies.

All your information falls into one or more of the following categories:

We may process any of your information identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.

In addition to the specific disclosures of your information set out in this Section 3, we may disclose your information with law enforcement and fraud prevention agencies, so we can help tackle fraud or where such disclosure is necessary for compliance with a legal obligation to which we are subject, in order to protect your vital interests or the vital interests of another natural person, or in connection with the establishment, exercise or defence of legal claims, whether in court or not.

We may also process any of your information where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.

Our websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

By interacting with us on social media (such as joining or following our official group or page, liking or retweeting), you are consenting to our interaction with you on social media and the processing of your information accessed on social media. Your name, user profile, age, preferences, choices and opinions in relation to the topic or subject matter of the relevant social media page, your photos and other images and your videos may be collected when you interact with us on social media. Please email marketing@sarsenstonegroup.com if at any time you wish us to stop interacting with you on social media or using any of your information obtained from social media.

Please do not supply us with any other person’s personal information, unless we prompt you to do so. If you do share other people’s details with us, please ensure you have their prior authorisation.

The information you share with us is stored and hosted in the European Economic Area (EEA). We will only transfer your personal data to a country outside the list of countries approved by the EU Commission as having appropriate safeguards for data transfers where you the supplier of the product you have requested from us is based in such a country and you have confirmed to us that you require delivery of the product direct to from that supplier.

If we need to make an international transfer of information for such purposes, we will use standard data protection contract clauses which have been approved by the European Commission. These are designed to re-create protections equivalent to those we enjoy in the EEA.

We only hold on to information for as long as we need to. How long will depend on the kind of information it is and why we need it.

To determine the appropriate retention period for information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of your information, the purposes for which we process the information and whether we can achieve those purposes through other means, and the applicable legal requirements.

Where the lawful basis of our processing is based on your consent we will retain the personal data for as long as we have your consent to do so.

For example, if you have registered on our website but not purchased from us, the length of time we will hold on to your information is dependent on whether you have opted into our marketing communications. If you have opted in, we will hold on to your information for [5 years] from registration; if you have not opted in, we will retain your information for [3 years] from registration.

Whilst you are an active customer (which means you have purchased from us) we will hold on to your information for as long as needed to give you the best possible customer service; financial information we will hold for 7 years.

In certain circumstances we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, to resolve disputes and enforce our agreements.

Access

You have the right to request a copy of the personal data we hold about you, but we will not include anything that compromise another person’s confidentiality or intellectual property. We’ll aim to send this to you within 1 month of your request. If we can’t do this, we’ll let you know within the 1 month

To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. At any time you can amend your marketing preferences to reduce, remove or increase the amount we contact you with marketing messages. You can do this by contacting us at marketing@sarsenstonegroup.com.

Rectification

You have the right to ask us to correct any mistakes in your personal data

To be forgotten

You have the right to require us to delete your personal data in certain situations

Restriction of processing

You have the right to require us to restrict processing of your personal data in certain circumstances for example, if you don’t think it’s accurate

Data portability

You have the right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain situations

To object

The right to object:

• at any time to your personal data being processed for direct marketing (including profiling) by emailing marketing@sarsenstonegroup.com

in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests

Automated decision-making

You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

Right to complain

In the event that you wish to make a complaint about how we process your personal information, please contact us in the first instance at marketing@sarsenstonegroup.com and we will endeavour to resolve your query as soon as possible. If you consider that our processing of your personal information infringes data protection laws, you have a legal right to complain to a supervisory authority which in the UK is the Information Commissioner’s Office. You can contact them on https://ico.org.uk/.

At Sarsen Stone Group Limited, most of the information we hold is stored on our own secure servers located in the UK or in the cloud. The key solutions we use are well- known, global businesses that are GDPR compliant and secure. We may use other smaller, local service providers from time to time and in these cases, will ensure that they are bound by the GDPR and obligations of confidentiality.

We have put in place appropriate security measures [as well as a security policy] to ensure that everyone does their bit to keep all data – not just personal data, secure and confidential. Despite this, nothing can be 100% secure and we will notify you and the ICO of a suspected data security breach where we are legally required to do so.

This privacy notice was published on 23rd June 2018.

We may change this privacy notice from time to time. Where these changes are substantial or have an impact to your rights, we will let you know. You should check this page occasionally to ensure that you are happy with any changes to this policy.