Aggregated Data

We may also collect, use and share some Aggregated Data about our customers' behaviour patterns and browsing actions. This data may be derived from your personal information but it does not identify you as an individual so is not considered personal data in law. For example, we may aggregate Usage Data to calculate the number of users visiting a specific website location. Should we combine Aggregated Data with your personal data so that it can identify you as an individual then we treat the combined data as personal data and subject to the provisions of this privacy policy.

​

Special Category (Sensitive) and Criminal Offence Data

We do collect any Special Category Data or Sensitive Personal Data about you (such as your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation. However, this is purely optional and is collected by our feedback form. However, we do not collect any Criminal Offence Data about criminal convictions and offences, medical history or any other sensitive data that has not been set out in this policy.

​

The only exception to the above is for those attending organised courses or in-store events. When registering to attend we will ask you to voluntarily disclose any pre-existing medical conditions or allergies we should be aware of so that we can best prepare for and ensure the safety of your visit.

​

If you fail to provide personal information

Where we need to collect personal information, either by law or under the terms of a contract we have with you, and you fail to provide the information upon request, we may not be able to fulfil the contract we have or are trying to enter into with you. For example, to deliver an order to you. This may lead to the cancellation of the contract between us. However, if this is the case we will notify you accordingly.

​

Personal identification documents

Where the law requires or we deem it necessary to prevent fraudulent activity we may ask you to provide proof of age or identity (including your passport and driver’s licence). For example, when purchasing an age restricted item or applying for a credit facility with us. This will include details of your full name, address, date of birth and facial image. A passport will also include your place of birth, gender and nationality. All data provided in this way will be treated as personal data and used in accordance with this Privacy Policy.

​

How we collect your data

We collect different information about you in a number of ways:

​

Information you give us

When you create an account, make a purchase, sign up to our newsletter, register for an event, request marketing materials or give us feedback, we will store the personal information you give us such as your name, email address, postal address, telephone number and card details (encrypted in the form of an authorisation token). We will also keep a record of your purchases and any communications you have with us.

​

Automated technologies or interactions

As you interact with our website, we may automatically collect Technical Data about your equipment and Usage Data regarding your browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. For more information on cookies, please see our Cookie Policy.

​

Information from third parties

We do not seek to obtain, have never and will never purchase personal information about you from third parties.

​

However we do use Aggregated Data sources from third parties to improve the systems, services and products we provide to you and generally make informed business decisions as set out below:

• Analytics information from providers such as Google

• Advertising network performance such as Facebook and Google AdWords

• Search information providers such as Google

​

This third party Aggregated Data often relies on your use of cookies. For more information on cookies, please see our Cookie Policy.

​

In some specific situations such as fraud prevention, we may seek to access and use information about you that is placed in the public domain.

​

How we may use your information

We have set out in the following table all the ways in which we use your personal information. We will only use your information when the law allows us to, and the legal bases on which we rely upon to do so are also included in the table. In some instances, depending on the specific purpose for which we are using your data, there may be more than one lawful ground for processing your information. 

​

Please click the button below to view the table.

​

​

​

​

​

​

Marketing communications

We aim to communicate with you about the products and services we provide in a way that you find relevant, timely, respectful and never excessive. To do this we use data we have collected and stored about you as a result of our contractual obligations in conjunction with any contact preferences you have told us about.

​

We only send marketing based communications by email where you have given us explicit consent; for example, by ticking the box to opt in during registration or guest checkout on our website. We use legitimate interest as the legal basis for communications by mail. In both instances you have the right to opt out of receiving these at any time either by contacting us or by updating your direct marketing preferences.

​

As part of our service to you, we may contact you by email or telephone to provide essential information related to your purchase or visit.

​

Online advertising

To keep you up-to-date with our brand and help you see and find products we believe are relevant to you, we use our legitimate interests to engage in online advertising.

We target banners and adverts to you when you are on other websites and apps using a variety of digital marketing networks and ad exchanges. These adverts use a number of different technologies such as pixels, ad tags, cookies and mobile identifiers as well as specific services offered by some sites and social networks such as Facebook’s Custom Audience service.

The banners and ads you see will be based on information we hold about you and/or your previous use of our website such as your search history and the products you have looked at or added to your basket.

​

For more information on cookies, including how you can control what cookies are used, please see our Cookie Policy.

​

How is my personal data shared?

We do not and will not sell any of your personal data to any third party for any purpose.

​

However, we sometimes share your personal data with trusted third parties as an essential part of providing our services to you as set out in this statement.

​

Information we share with third parties

We share information with trusted third parties according to the following rules:

• We provide only the information they need

• They may only use your data for the exact purpose we specify

• We work closely with them to ensure your privacy is respected and protected

• If we stop using their services, any of your data held by them will either be deleted or rendered anonymous

 

Example third party companies we work with

Where necessary we share your data with the following example categories of companies:

• Companies that enable us to get your purchases to you, such as payment service providers, warehouses, order packers, drop ship providers and delivery companies.

• Professional service providers, such as marketing agencies, advertising partners, IT companies and website hosts who help us run our business.

• Credit reference agencies, law enforcement and fraud prevention agencies, so we can protect against fraud.

• Companies approved by you, such as social media sites (if you choose to link your accounts to us) or payment providers (e.g. Amazon Pay or PayPal) where you choose to use their payment service. Your use of these services is subject to the terms and conditions and privacy policies of the respective services.

• Advertising platforms such as Google and Facebook to show you products that might be of interest to you whilst browsing the internet. Please see our Cookie Policy.

• Direct marketing companies who help us manage our communications with you.

• Data insight companies to ensure your details are up-to-date and accurate.

• Professional advisors such as our auditors, regulators, external legal and financial advisors.

 

Sharing your data with third parties for their own purposes

In very specific circumstances we will share your information with third parties for their own purposes.

​

• Fraud management companies may use the information we provide them for analysis and risk profiling. We may also be required to share data about individuals with law enforcement bodies.

• Where required by law we may disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. Individual requests are assessed on a case-by-case basis.

• Where applicable we may opt your product purchase into a relevant warranty scheme in order to ensure your purchases are protected. In these instances, we use our legitimate interests as a legal basis and both the security and privacy of your personal data is our utmost priority. This does not include permission to send marketing communications.

• Our suppliers, in the event of a product recall or in relation to resolving a product issue you have raised.

 

To help personalise your experience on our website we currently use the following companies who in specific scenarios will process your personal data as part of their contract with us:

• Google

• Facebook

• Instagram

• X / Twitter

• TrustPilot (Service reviews)

• Microsoft (Behaviour analytics tools)

• Freshworks (Email and helpdesk)

• WIX (Email marketing and customer engagement)

 

You have the right to object to any of this processing at any time. If you wish to do this, please contact us using the details at the end of this policy.

​

Microsoft

We partner with Microsoft to provide our online systems, such as customer management, bookings and transaction history. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

​

Freshworks

We use Freshworks Inc. to operate our email system and helpdesk services. Freshworks processes data on our behalf in accordance with their privacy policy. The information they process can include: your name, email address, phone number and any attachments you send via email. Yotpo privacy policy.

​

WIX

We use WIX to host our website and provide our forms on our website. By submitting a form, you agree to WIX processing your data on our behalf.  Emarsys privacy policy.

 

How we protect your personal data

We understand how important data security is to you and therefore take all appropriate steps to safeguard the collection, transmission and storage of the data we collect.

​

All areas of our website are protected with secure connections over “https” technology. Access to your personal data is password protected and we use secure server technology that implements Transport Layer Security (TLS) encryption to protect your sensitive data.

​

If you use your credit or debit card to purchase from us, we will ensure that this is carried out securely. We give the option for you to store your card details safely online for future transactions. We do this by generating an authorisation token in a way that means none of our staff members can see your full card number.

​

We also generate authorisation tokens when you place an order with us using a credit or debit card. Only we can use the authorisation token generated and since we only charge your card on dispatch, it is necessary in instances where part shipment of items is required e.g. to fulfil backorders. We never store your card details or security code in plain text.

​

Our systems are monitored for possible vulnerabilities and attacks, and we are continually looking to identify ways to further strengthen security in line with new technological advances and best practices.

​

Where your personal data may be processed

We store your data on secure servers in the European Economic Area (EEA). However, sometimes we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA); for example, when placing an international order we’ll need to transfer your personal data between countries to enable us to supply the goods or services you’ve requested. If we do this, our contracts stipulate the standards they must follow at all times and we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA.

​

International Orders

By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf within the UK. You have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.

Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Policy.

​

Your rights over your personal data

If you choose to share personal data with Harry Mercer Services, you have rights relating to your personal information. You have the right to request:

​

• Information about the collection and use of your personal data (as outlined in this Privacy Policy or by contacting us).

• Access to the personal data we hold about you, free of charge, in most cases.

• The correction of inaccurate, out of date or incomplete personal data held about you.

• Your personal information to be erased, not processed or collected where there is no good reason for us to continue processing it. Otherwise known as `the right to be forgotten`.

• We stop using your personal data for direct marketing (either through select or all channels).

• We stop any content based processing of your personal data after you have withdrawn your consent.

• We transfer or port elements of your data either to you or another service provider.

• A review of any decision made based solely on automatic processing of your data.

• Complain to the data protection regulator (see contacting the regulator).

If we choose not to action your request we will explain to you our reasons for refusal.

​

Checking your identity

We may need to request specific information from you as a security measure. This is to confirm your identity and prevent personal information being disclosed to any person who has no right to receive it.

​

Time limit to respond

We aim to respond to all legitimate requests within one month. Occasionally it may take us longer if your particular request is complex or you have made a number of requests.

​

Updating your direct marketing preferences

There are several ways you can stop direct marketing communications from us:

• Click the unsubscribe or edit preferences link in any email

• If you have an account, sign in and visit the My Account area

• With a direct request, by email, telephone or in-store. See Contact Us.

 

When editing your preferences you will have the option to select the types of marketing you receive and by what means. You can of course opt to unsubscribe from all direct marketing communications. Please note there may be a small delay in updating your preferences until our systems fully update.

​

Deleting information and deactivation of accounts

You may request that your account is deleted by contacting us. Once deleted, your data, including previous order history, cannot be reinstated.

​

Retention of information

When we collect or process your personal information we will only keep it for as long as it is necessary to provide our services to you and to comply with our legal and contractual obligations.

At the end of that retention period, your data will be either deleted or anonymised. In the latter scenario the data will be used in a non-identifiable way for statistical and business planning purposes.

​

Example retention periods

For purposes such as tax, accounting and warranty we will keep a record of all orders placed with us for the legally required duration of seven years.

​

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Policy. You should exercise caution and look at the privacy statement applicable to the website in question.

​

Contacting the regulator

If you wish to make a complaint about the way we handle your personal data, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you may contact the Information Commissioner’s Office by calling 0303 1231113 or contacting them via their website: ico.org.uk

 

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.

​

Contact us

If you have any questions about this Privacy Policy, please contact our Data Protection Officer who will be pleased to help you.

​

Call us

0118 981 2959

​

Email us

dataprotection@harrysrestorations.co.uk

 

Write to us

Data Protection Officer
Harry’s Salvage and Restoration,
30 Almswood Road,
Tadley,
RG26 4QG,
United Kingdom.

​

Customers in the EU

We have appointed IT Governance Europe Limited to act as our EU Representative. If you wish to exercise your rights under the EU General Data Protection Regulation (GDPR), or have any queries in relation to your rights or privacy matters generally please email our Representative at eurep@itgovernance.eu or post your request or query to:

​

EU Representative, IT Governance Europe,
Third Floor, The Boyne Tower, Bull Ring,
Co. Louth, Ireland
A92 F682

​

When contacting our Representative please ensure you include our company name ‘Harry Mercer Services’ in any correspondence.

​

​

Last updated: Monday 01st July 2024