JONDO UK Ltd (“We”) are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. For the purpose of the Data Protection Act 1998 (the Act) and General Data Protection Regulation (the “GDPR”) the data controller is JONDO UK Ltd of 9 Springlakes Estate, Deadbrook Lane, Aldershot, Hants, GU12 4UH.
We may collect and process the following data about you:
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
Data controller – A controller determines the purposes and means of processing personal data.
Data processor – A processor is responsible for processing personal data on behalf of a controller.
Data subject – Natural person
Categories of data: Personal data and special categories of personal data
Personal data – The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.
Special categories personal data – The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
We use your personal data for the following purposes:
To process your customer’s orders and deliver it to the given address submitted in the order data:
With reference to the categories of personal data described in the definitions section, we process the following categories of your data:
a) Personal data (article 6 of GDPR)
Our lawful basis for processing your general personal data:
Article 61b: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
Taking into account the state of technical development and the nature of Processing, JONDO (and appointed third party software company) shall implement and maintain the following technical and organisational measures to protect the Protected Data against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access, including:
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006. We may disclose your personal information to third parties:
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
Personal Data is kept securely (encrypted) for 12 months. Artwork / images are kept securely (encrypted) for 3 months. After which, data and artwork / images will be erased.
Should a brand receive a request to erase Personal Data prior to the 12-month period, the brand (or order submitter) must make a HTTP POST via the API, which will trigger the erasure of Personal Data attached to that order (provided the order has been Shipped or Cancelled). For information regarding the HTTP address, please contact the JONDO UK Integration Team.
Personal data will be treated as strictly confidential, stored securely (encrypted) and will be shared only with our designated courier services.
We do not transfer personal data outside of the EEA.
We do not use any form of automated decision making in our business.
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.
To exercise all relevant rights, queries or complaints please in the first instance contact our Data Protection Officer, David Bowdery at firstname.lastname@example.org
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.