WHEN DO WE COLLECT INFORMATION ABOUT YOU?
- When you place an online order and check out as a guest.
- When you place an order by phone but don’t have an account.
- When you create an account with us.
- When you visit our website, and use your account to buy products online or on the phone.
- When you engage with us on social media.
- When you contact us by any means with queries, complaints etc.
- When you comment on or review our products on our website.
- When you fill in any forms. For example, our contact form or our cancellation form.
- When you’ve given a third party permission to share with us the information they hold about you.
- When you visit our shop which has a CCTV system operated for the security of both customers and employees. This system may record your image during your visit.
WHAT INFORMATION DO WE COLLECT ABOUT YOU?
As part of our business of selling products, we collect the personal information that you give to us when you register for an account online, place an order on our website or over the phone. This includes:
- Your full name and personal details including home address, email address, telephone and mobile numbers.
- Date of birth and/or age to make sure that you’re eligible to purchase age restricted products. We may send your details to, and also use information from credit reference agencies and fraud prevention agencies to prevent fraud and to verify your identity.
- When you browse our website, we may collect data about the type of device you use, your device’s unique identifier, the IP address of your device, your operating system, the type of Internet browser that you use, usage information, diagnostic information, and location information from or about the computers, phones, or other devices on access our website.
We use this information to manage your account, support and process your order, authentication and processing of payments.
HOW DO WE USE YOUR INFORMATION?
We may use your information for the following:
- To allow us to handle your orders, deliver products and process your payments and refunds.
- To let you know about your orders.
- To update our records and generally maintain your account with us.
- To keep a record of when and why you contact us and to keep your contact details up to date.
- For statistical, analytical or survey purposes – so we can improve our website and our service to you.
- To prevent or detect fraud or abuses of our website. Also to enable third parties to carry out technical, logistical or other functions on our behalf.
- So we can personalise your shopping experience on our website.
WHO DO WE SHARE YOUR INFORMATION WITH?
We may share your information with the following business partners who operate elements of our service and process data on our behalf. They’ll only collect, use and disclose your information as necessary to allow them to perform the services they provide to us and are carried out in accordance with the requirements of UK data protection laws:
- Technology services such as hosting for our servers and email distribution.
- Couriers to help deliver our products to you.
- Our e-commerce platform provider which allows you to place orders online.
- Worldpay payment gateway which allows you to make payments online. Your card details will be stored and processed by WorldPay. Johnny’s Tobacconist doesn’t handle or store your card details. In line with standard payment card industry procedures, WorldPay provides Johnny’s Tobacconist with the last 4 digits and the expiry date of the payment card but not the full card number, name on the card or CVC number.
- Various credit reference agencies, electoral role and other sources of data/agencies to ensure we comply with our legal and regulatory obligations.
- Anyone else where you’ve given consent for or as required if we’re under a duty to do so in order to comply with any legal obligation, or in order to enforce or protect any of our rights, property or safety (or those of our customers).
HOW LONG DO WE KEEP YOUR INFORMATION FOR?
The periods for which we keep your information depends on the purpose for which your information was collected and used. We won’t keep your personal information for longer than is necessary for our business purposes or for legal requirements.
In all cases, our need to use your personal information will be reassessed on a regular basis, and information which is no longer required for any purposes will be disposed of.
HOW DO WE PROTECT YOUR INFORMATION?
We know how much trust you place in us when you share your personal data. Because of that we place great importance on the security of your personal information and we’ll always take appropriate precautions to protect it.
Access to personal information is restricted to employees who need it and all employees who handle personal information are fully trained and kept up-to-date on our data management, security and privacy practices. Our employees are notified and reminded about the importance we place on privacy, and what they can do to ensure your information is protected.
Our security measures include:
- Use of Secure Sockets Layer (SSL) software which encrypts all information you input before it’s sent to us. We may vary this in the future if we feel you’ll benefit from greater security whilst using our website.
- Security procedures in the storage and disclosure of information which you’ve given us, to prevent unauthorised access. Security procedures mean that we may request proof of identity before we’re able to disclose sensitive information to you.
- Automatic website monitoring and regular website updates and backups to ensure that website uptime, functionality and performance are always up to standard.
- Regular security scanning to check our website for malware or other harmful viruses.
- Encryption and password protection for the CCTV used in our shop.
- Alarm system to protect our shop.
Whilst we’ll take all reasonable steps to protect and secure your personal data, we can’t guarantee the confidentiality of any messages transmitted between you and us via email as these are potentially accessible by others. We won’t be liable to you or anyone else for any loss relating to any email message sent by you to us or by us to you.
Personal data breach
In the case of a personal data breach (including electronic media, paper records and inappropriate access to information), where personal data is lost, compromised, misdirected or stolen, we’ll contact you without undue delay to explain what went wrong and what actions we’ve taken to fix it.
Please note that no data transmission over the internet can be guaranteed to be 100% secure. So, whilst we strive to protect your personal information, we can’t guarantee the security of any information which you disclose to us online and you must understand that you do so at your own risk.
What’s a Cookie?
Cookies are text files containing small amounts of information which are downloaded to your device (computer, laptop, mobile phone, etc) when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, enabling you to sign-in, providing interest-based advertising and generally improving the user experience as well as combatting fraud and analysing how websites and online services are performing.
The cookies used on this website have been categorised based on the categories found in the ICC UK Cookie guide.
Category 1: Strictly Necessary Cookies
By using our website, you agree that we can place these types of cookies on your device.
Category 2: Performance Cookies
These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identify a visitor. All information these cookies collect is aggregated and therefore anonymous. It’s only used to improve how a website works.
By using our website, you agree that we can place these types of cookies on your device.
Category 3: Functionality Cookies
These cookies allow the website to remember choices you make (such as your user name, language or the region you’re in) and provide enhanced, more personal features. For instance, a website may be able to provide you with local weather reports or traffic news by storing in a cookie the region in which you’re currently located. These cookies can also be used to remember changes you’ve made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you’ve asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymised and they can’t track your browsing activity on other websites.
By using our website, you agree that we can place these type of cookies on your device. For further information visit www.allaboutcookies.org
Disabling / Enabling Cookies
You can accept or decline ‘cookies’ by modifying the setting in your browser. Please note that if you disable ‘cookies’ you may not be able to use all the features of our website.
LEGAL BASIS FOR PROCESSING CUSTOMER PERSONAL DATA
Johnny’s Tobacconist collects and uses customers’ personal data because it’s necessary for:
- The pursuit of our legitimate interests (as set out below).
- The purposes of complying with our duties and exercising our rights under a contract for the sale of goods to a customer or complying with our legal obligations.
In general, we’ll only rely on consent as a legal basis for processing in relation to sending direct marketing communications to customers via email.
Customers have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we’ll cease to process data after consent is withdrawn.
Our legitimate interests
The normal legal basis for processing customer data, is that it’s necessary for the legitimate interests of Johnny’s Tobacconist, including:
- Selling and supplying goods to our customers.
- Protecting customers, employees and other individuals and maintaining their safety, health and welfare.
- Understanding our customers’ behaviour, activities, preferences and needs.
- Complying with our legal and regulatory obligations.
- Preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies.
- Handling customer contacts, queries, complaints or disputes.
- Protecting Johnny’s Tobacconist, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations.
- Effectively handling any legal claims or regulatory enforcement actions taken against Johnny’s Tobacconist.
- Promoting, marketing and advertising our products.
- Fulfilling our duties to our customers and colleagues.
WHAT CAN YOU DO TO PROTECT YOUR DATA?
Johnny’s Tobacconist will never ask you to confirm any bank account or credit card details via email. If you receive an email claiming to be from Johnny’s Tobacconist asking you to do so, please ignore it and don’t respond.
If you’re using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session.
In addition, we recommend that you take the following security measures to enhance your online safety both in relation to Johnny’s Tobacconist and more generally:
- Keep your account passwords private. Remember, anybody who knows your password may be able to access your account.
- When creating a password, use at least 8 characters. A combination of letters and numbers is best. Don’t use dictionary words, your name, email address, or other personal data that can be easily obtained. We also recommend that you frequently change your password. You can do this accessing your account and clicking ‘account details’.
- Avoid using the same password for multiple online accounts.
YOUR RIGHTS UNDER APPLICABLE DATA PROTECTION LAW
You have the following rights:
- The right to ask what personal data that we hold about you at any time, subject to a fee specified by law (currently £10).
- The right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you free of charge.
- The right to opt out of any marketing communications that we may send you.
If you wish to exercise any of the above rights, please contact us using the contact details set out below.
If you’ve got any questions about how Johnny’s Tobacconist uses your personal data that aren’t answered here, or if you want to exercise your rights regarding your personal data, please contact us by any of the following means:
- Email us at: firstname.lastname@example.org.
- Phone us on: 01637 859 375.
- Write to us at: Johnny’s Tobacconist, 54 Bank Street, Newquay, Cornwall, TR7 1AX.
You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at https://ico.org.uk.