The Policy

This privacy policy is for this website www.barnetsshoes.co.uk and served by Gold Brothers, 234/242 High Street, Kirkcaldy, KY1 1JT and governs the privacy of its users who choose to use it. It explains how we comply with the GDPR (General Data Protection Regulation), the DPA (Data Protection Act) [pre-GDPR enforcement] and the PECR (Privacy and Electronic Communications Regulations).

This policy will explain areas of this website that may affect your privacy and personal details, how we process, collect, manage and store those details and how your rights under the GDPR, DPA & PECR are adhered to. Additionally, it will explain the use of cookies or software, advertising or commercial sponsorship from third parties and the download of any documents, files or software made available to you (if any) on this website. Further explanations may be provided for specific pages or features of this website in order to help you understand how we, this website and its third parties (if any) interact with you and your computer/device in order to serve it to you.

You have a right to request a copy of any personal data held by Barnets Shoes at any time, in order to check its accuracy. If you wish to do this, please write (explaining that your interest is in personal data maintained by Barnets Shoes to:

Data Protection Officer
dpo@goldbros.com

The DPA & GDPR May 2018

We and this website complies to the DPA (Data Protection Act 1998) and already complies to the GDPR (General Data Protection Regulation) which comes into affect from May 2018. We will update this policy accordingly after the completion of the UK's exit from the European Union.

How is your personal data collected?

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, e-mail or otherwise. This includes personal data you provide when you:

• buy or express an interest in our products or services, in-store or on our website;
• create an account on our website;
• subscribe to our newsletter;
• request that we send marketing materials to you;
• enter a competition, promotion or survey;
• take part in a Barnets Shoes event;
• submit a product review;
• speak to customer services.

Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs, and other similar technologies.

How we use your personal data?

USE OF PERSONAL DATA

If you shop in the Barnets Shoes online-shop, then the following person-related data about you can be acquired, processed and used to be able to process your order:

• Last name,
• First name,
• Title,
• Invoice and delivery address,
• Email address,
• Phone number (optional),
• Customer number,
• Payment data

When transmitting your data to us, your data will be encrypted using state-of-the-art technical safety standard, a so-called SSL 256-bit encryption (SSL = Secure Socket Layer). The safety certificate used is issued by one of the world market leaders, DigiCert Inc. (RapidSSL RSA CA 2018). 

USE OF PAYMENT METHODS DATA

As part of the payment in our online shop, we acquire certain person-related data about you to be able to process the payment.

In addition to the purchase on account, for which we will send an invoice to the contact address provided by you, we offer additional payment method to be able to execute the purchase in our online shop as comfortable as possible.

Our Payment Service Provider is Sage Pay (formerly Protx) – the largest independent payment service provider (PSP) in the UK and Ireland.

Sage Pay provides a secure payment gateway (Level 1 PCI DSS), processing payments for thousands of online businesses, including ours. It is Sage Pay’s utmost priority to ensure that transaction data is handled in a safe and secure way.

Sage Pay uses a range of secure methods such as fraud screening, I.P address blocking, and 3D secure. Once on the Sage Pay systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards.

Sage Pay is PCI DSS (Payment Card Industry Data Security Standard) compliant to the highest level and maintains regular security audits. They are also regularly audited by the banks and banking authorities to ensure that their systems are impenetrable.

Sage Pay is an active member of the PCI Security Standards Council (PCI SSC) that defines card industry global regulation.

In addition, you know that your session is in a secure encrypted environment when you see https:// in the web address, and/or when you see the locked padlock symbol alongside the URL.

So when buying through our site, you can be sure that you are completely protected.

For more information see the Sage Pay Data Privacy regulations. 

Website Visitor Tracking

USE OF COOKIES

This website uses cookies to better the users experience while visiting the website. As required by legislation, where applicable this website uses a cookie control system, allowing the user to give explicit permission or to deny the use of / saving of cookies on their computer/device.

What are cookies? Cookies are small files saved to the user's computers hard drive that track, save and store information about the user's interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors or use the cookie control system if available upon their first visit.

You will find how to clear Cookies for the respective browser under the following links but please pay attention that with the non-acceptance of cookies the functionality of our website may be limited.

Internet Explorer | Firefox | Chrome | Safari | Opera

TRACKING SOFTWARE

This website uses tracking software to monitor its visitors to better understand how they use it. The software will save a cookie to your computers hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information.

We do have relationships with carefully-selected suppliers who may also set cookies during your visit:

Google Analytics 
Cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Analytics retains user data 26 months before automatically deleting it. For more information see the Google Privacy Policy.

Google AdWords Conversion Tracking
We use Google Adwords Conversion tracker which uses cookies to help us determine how many people who clicked on our Google Ads end up contacting us through the website. This tracking cookie is set on your browser only when you click on a Google Ad and these cookies help us increase the website’s effectiveness for our visitors.
These cookies expire within 60 days and do not contain information that can identify you personally. Please refer to the Google Advertising Privacy Notice for more information about Google Conversion Tracking and the ability to opt out.

Google AdWords Remarketing
We use Google AdWords Remarketing which uses cookies to help us deliver targeted online adverts based on past visits to our website.
Google uses this information to carefully display CloudApps adverts on various third-party websites across the internet. These cookies are set to expire and do not contain information that can identify you personally.
Please refer to the Google Advertising Privacy Notice for more information about the ability to opt out.

Criteo
We further use the Criteo service on our site. With the help of this tool, users who have already visited our website once before and were interested in our offers are specifically offered advertisements on websites, which also use the Criteo service (re-marketing). This advertising is faded in based on information about the visit to the respective websites, which among others are stored in cookies on your computer. These text files are read out within the scope of subsequent website visits for specific product recommendations. For this purpose, an accidentally generated identification number is stored in the cookies. Neither this number nor the information about your visits to the websites can be allocated to you personally.

The cookie is, as a rule, stored for a maximum period of one year and will subsequently be deleted automatically. You can always prevent the storage and use of information by the service. For more information see the Criteo Privacy Policy.

Downloads & Media Files

Any downloadable documents, files or media made available on this website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available users are advised to verify their authenticity using third-party anti-virus software or similar applications.
We accept no responsibility for third party downloads and downloads provided by external third party websites and advise users to verify their authenticity using third-party anti-virus software or similar applications.

Email Mailing List & Marketing Messages

We operate an email mailing list program, used to inform subscribers about products, services and/or news we supply/publish. Users can subscribe through an online automated process where they have given their explicit permission. Subscriber personal details are collected, processed, managed and stored in accordance with the regulations named in 'The policy' above. Subscribers can unsubscribe at any time through an automated online service, or if not available, other means as detailed in the footer of sent marketing messages. The type and content of marketing messages subscribers receive, and if it may contain third party content, is clearly outlined at the point of subscription.

Email marketing messages may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of subscriber data relating to engagement, geographic, demographics and already stored subscriber data.

Our EMS (email marketing service) provider is Mailchimp. For more information see the Mailchimp Privacy Policy.

External Website Links & Third Parties

Although we only look to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website. External links are clickable text / banner / image links to other websites.

Shortened URL's; URL shortening is a technique used on the web to shorten URL's (Uniform Resource Locators) to something substantially shorter. This technique is especially used in social media and looks similar to this (example: http://bit.ly/zyVUBo). Users should take caution before clicking on shortened URL links and verify their authenticity before proceeding.

We cannot guarantee or verify the contents of any externally linked website despite our best efforts. Users should, therefore, note they click on external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Social Media Policy & Usage

We adopt a Social Media Policy to ensure our business and our staff conduct themselves accordingly online. While we may have official profiles on social media platforms users are advised to verify the authenticity of such profiles before engaging with, or sharing information with such profiles. We will never ask for user passwords or personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media.

There may be instances where our website features social sharing buttons, which help share web content directly from web pages to the respective social media platforms. You use social sharing buttons at your own discretion and accept that doing so may publish content to your social media profile feed or page.

Rights of affected persons

You can assert your data privacy rights against us under certain conditions:

• Right to withdraw consent: If you have consented to certain types of processing activities, you can withdraw your consent at any time with future effect. However, please note that this withdrawal does not affect the legitimacy of the processing activities that took place before you withdrew your consent, or if the processing can be justified on the grounds of another legal basis.

• Right to access: You have the right to request information about your data that is stored at our company according to the provisions of Art. 15 GDPR (restrictions may apply pursuant to sec. 34 BDSG).

• Right to correction: At your request, we will correct the data that is stored about you according to Art. 16 GDPR if the data is incorrect or contains errors.

• Right to erasure: At your request, we will delete your data according to the principles of Art. 17 GDPR as long as this is not opposed by other statutory provisions (e.g. statutory retention obligations or the restrictions pursuant to sec. 35 BDSG) or an overriding interest on our part (e.g. to defend our rights and claims).

• Right to restrict processing: Taking into account the requirements of Art. 18 GDPR, you can request that the processing of your data is restricted.

• Right to object: You can also object to the processing of your data in accordance with Art. 21 GDPR. This right to object exists if there are certain reasons that arise from your special situation, and only for data processing the legitimacy of which is based on a consideration of the various interests, which relates to profiling or that is carried out for the purpose of direct advertising. In this case, your data will no longer be processed unless we are legally entitled to decline your objection. We must, however, comply with an objection against direct marketing, including profiling, and we may no longer process your data for these purposes.
You must withdraw your consent if you have previously consented to direct advertising and no longer wish to receive direct advertising.

• Right to data transferability: In accordance with the regulatory requirements of Art. 20 GDPR, you also have the right to receive your data in a structured, popular and machine-readable format, or to have the same transmitted to a third party.

• Complaint submitted to the data privacy authority: You also have the right to submit a complaint to a data privacy supervisory authority in charge (Art. 77 GDPR). However, we recommend that a complaint is always first submitted to our Data Protection Officer so that we can address your concerns as quickly and customer-focused as possible.

To ensure that your request is processed promptly, please direct your submissions regarding the exercise of your rights to the address below or directly to our Data Protection Officer in writing.

Data Protection Officer
dpo@goldbros.com
Gold Brothers – Edinburgh Office
1 East Hermiston, Calder Road
Edinburgh, EH14 4AJ
United Kingdom 

Other

Automated decision-making in an individual case (including profiling)
We do not use purely automated decision-making processes pursuant to Art. 22 GDPR. If such processes are used in isolated cases in the future, you will be informed separately, if this is required by law.

Extent of your obligations to provide your data to us
You only have to provide the data that is required to initiate and implement the contractual relationship or for a pre-contractual relationship, or that we are legally required to collect. Without this data, we will normally be unable to conclude or further implement the contract. This may also relate to data that is required at a later time in the context of the contractual relationship. If we request additional data, you will be informed about the voluntary nature of this information.

Forwarding to third parties
Barnets Shoes can only access your data as is required to achieve the purposes in accordance with the internal division of tasks. To this end, only those departments and employees who are required to access your data will be granted access to this data internally.

Service providers: We have involved service providers that have access to your data in their capacity as a contract processor, and who process this data for the purposes specifically defined by us. These contract processors may be marketing services providers, website hosting service providers, IT support services providers or website analysis service providers.

Other third parties: We may also be required to forward certain data to third parties in cases where this is required by law or under the legislation. Such parties may include government authorities, external advisors, business partners, courts, experts as well as internal company committees and control instances if required.
International data transmission: Even though all recipients are currently based in the EU/EEA, it is possible that in the future recipients may be based in a country outside of the EU/EEA that does not offer a standard of data privacy that is comparable to the European data privacy standard. In particular, such service providers may be located in the US in the future. In this case, Barnets Shoes will either select service providers that have been certified under the US-EU Privacy Shield Program (Art. 45 para. 1 GDPR), or that arrange the EU standard contract clauses, such as those approved by the EU Commission, with Barnets Shoes (Art. 46 para. 2 (c) or (d) GDPR).

Version
This data privacy information was most recently updated on 25 May 2018. Barnets Shoes reserves the right to update this data privacy information from time to time.