Tibard is committed to ensuring the security of your information. To prevent unauthorised access, maintain data accuracy and ensure the appropriate use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect.
*Personal data means any information that may be used to identify an individual. This includes (although is not limited to) names, addresses, email addresses or other contact information.
You may provide us with personal data on an order form, online or over the telephone. This may include your name, address, email, telephone number and payment instructions. We use this information in order to manage your orders and purchase activity. We may also keep information contained in any correspondence with us, for example by email or post.
This provision of personal data is essential for us to be able to administer your account, for example to collect payments for your purchases and verify your identity when you contact us.
When you use our websites, we may collect, store and use the following kinds of data:
- information about your PC and your visits to this website such as your IP address, geographical location, browser type, referral source, length of visit and number of pages viewed.
- information relating to any transactions carried out between you and Tibard on or in relation to our websites, including information relating to any purchases you make of our goods and/or services.
- information that you provide to us for the purpose of registering with us and allowing us to send you email notifications and/or newsletters.
Tibard would like to emphasise that information of this nature is used only to enhance the customer shopping experience of the website.
Using Your Personal Information
Personal data submitted to us will be used (by Tibard as the controller and processor) for the purposes specified in this section or as found elsewhere in the relevant parts of the website. We may use your personal information to:
- administer the website and your account
- improve your browsing experience by developing and improving the design and layout of the website, through monitoring of your usage
- process your orders
- provide you with information such as news regarding the website, new services and special offers or promotions that may be of interest to you, with your consent (see also 'Keeping In Touch With You')
Tibard use SSL-128bit encryption Secure Server Technology to ensure that all of your personal and transactional information is protected to the highest standards. We never make your personal details available to companies other than Tibard for marketing purposes (see also ‘Third Parties’). ‘Tibard Limited’ is registered with the Information Commissioners Office as a Data Controller. We will comply with the standard, procedures and requirements as laid down in the General Data Protection Regulation 2018 and Data Protection Acts 1984 and 1998 to ensure that your personal data is kept secure and processed lawfully. Our full Data Protection policy can be found below.
The table below lists the cookies we collect and what information they store.
|COOKIE name||COOKIE Description|
|CART||The association with your shopping cart.|
|CATEGORY_INFO||Stores the category info on the page, that allows to display pages more quickly.|
|COMPARE||The items that you have in the Compare Products list.|
|CURRENCY||Your preferred currency|
|CUSTOMER||An encrypted version of your customer id with the store.|
|CUSTOMER_AUTH||An indicator if you are currently logged into the store.|
|CUSTOMER_INFO||An encrypted version of the customer group you belong to.|
|CUSTOMER_SEGMENT_IDS||Stores the Customer Segment ID|
|EXTERNAL_NO_CACHE||A flag, which indicates whether caching is disabled or not.|
|FRONTEND||You sesssion ID on the server.|
|GUEST-VIEW||Allows guests to edit their orders.|
|LAST_CATEGORY||The last category you visited.|
|LAST_PRODUCT||The most recent product you have viewed.|
|NEWMESSAGE||Indicates whether a new message has been received.|
|NO_CACHE||Indicates whether it is allowed to use cache.|
|PERSISTENT_SHOPPING_CART||A link to information about your cart and viewing history if you have asked the site.|
|POLL||The ID of any polls you have recently voted in.|
|POLLN||Information on what polls you have voted on.|
|RECENTLYCOMPARED||The items that you have recently compared.|
|STF||Information on products you have emailed to friends.|
|STORE||The store view or language you have selected.|
|VIEWED_PRODUCT_IDS||The products that you have recently viewed.
Keeping In Touch With You
With your consent, we would like to keep you up to date with key information about new ranges, promotional offers and what's coming soon to the Tibard website. We may also use your details to send you information about other goods and services we sell or for our research purposes. If you have registered to receive email newsletters from us, you can remove your email address from our list by using the 'unsubscribe' links in the emails we send you.
The UK Data Protection Act and consumer legislation requires that we do not release your personal information to any external company for mailing or marketing purposes unless we have your prior approval. We will only disclose your information with other third parties with your express consent with the exception of the following categories of third parties:
- couriers so as to complete delivery of orders as per the contract entered into at the point of sale
- (for example FedEx and Royal Mail)
- reviewing companies in order to provide the customer with a method of giving company feedback
- regulatory authorities, to comply with any legal and regulatory issues and disclosures
- insurance companies / loss assessors / fraud prevention agencies for the purposes of fraud prevention
- mailing / printing agents and contractors / advisors that provide a service to us (on the understanding that they keep the information confidential)
- anyone to whom we may transfer our rights and duties under any agreement we have with you
- legal / crime prevention agencies to satisfy any regulatory request (including recognised practitioner bodies) if we have a duty to do so or if the law allows us to do so.
Transfer of personal data outside of the European Economic Area (EEA)
We do not currently transfer your personal data outside the EEA. In accordance with the terms of this Policy, if in the future we transfer your personal data outside of the EEA we will make sure that the receiver agrees to provide the same or similar protection as we do and that they will only use your personal data in accordance with our instructions.
Retaining personal data information
Retention periods are in line with the length of time we need to keep personal data information in order to manage and administer your account. This may include any claims or requests for assistance made to us and takes into account our need to meet any legal, statutory and regulatory obligations. Our need to use your personal data information will be reassessed on a regular basis; information no longer required will be disposed of.
Links to External Websites
Within our site there are links to third party websites which we feel may be relevant and interesting to our customers. Following these links will take you to external websites which Tibard do not have any control over. For this reason we cannot be held responsible or liable for any content on these sites.
Credit Card Security
Tibard accepts major credit and debit cards, including Visa and MasterCard, through our payment service provider SagePay. All credit card details are secured with 128bit encrypted sessions and all sensitive information is stored on a heavily encrypted database that is protected by multiple government approved firewalls.
Data subject rights
Subject access requests
The General Data Protection Regulation (GDPR) grants you (the "data subject") the right to access particular personal data held about you. This is known as a ‘subject access request’. We shall respond promptly, certainly within one month from the point of receiving the request and any necessary information from you. Our formal response shall include details of the personal data we hold about you, including the purpose for processing the personal data and the person or entity we may be sharing the information with.
Right to rectification
The data subject has the right to obtain the rectification of inaccurate personal data we may hold concerning them, without undue delay. The data subject has the right to have incomplete personal data completed, taking into account the purposes of the processing.
Right to erasure
The data subject has the right to obtain the erasure of personal data concerning them in certain circumstances (for example where the data held is no longer required for the purposes for which it was collected), without undue delay. (Please note that this may affect future product warranty rights if we are not able to verify the authenticity of a possible future claim).
Right to restriction of processing
The data subject has the right to obtain restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject
- (and personal data is restricted until the accuracy has been verified)
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead
- the personal data is required by the data subject for a potential legal claims but is no longer required by us for the purposes of processing
- the data subject has objected to processing of their personal data, pending verification of whether there are legitimate grounds for us to override these objections.
We shall communicate any rectification, erasure or restriction of processing of personal data (as described above) to each recipient to whom the personal data has been disclosed, unless this proves impossible or requests are manifestly unfounded or excessive. The data subject shall be provided with information about these recipients if they request it.
Right to data portability
The data subject has the right to receive the personal data they have provided to us in a machine-readable format (for example CSV) and can request the transfer of this data to another controller.
Right to object
The data subject has the right to object, on grounds relating to their particular situation, to the processing of their personal data including any personal profiling, unless the processing is necessary for the performance of a task carried out in the public interest or exercise of official authority vested in us. There must be demonstrable compelling legitimate grounds to override the interests, rights and freedoms of the data subject, or for the establishment / exercise / defence of potential legal claims.
Right to not be subject to decisions based solely on automated processing
The data subject has the right not to be subject to automated processing based on their personal data and be able to obtain human intervention, express their point of view, obtain an explanation of the decision and challenge it.
Invoking your rights
Please contact us at firstname.lastname@example.org or write to us at Tibard House, Globe Lane Industrial Estate, Broadway, Dukinfield, SK16 4UU if you would like to invoke any of the data subject rights with us.
Accuracy of information
Please help us to maintain accurate records by informing us if changes occur, for example with names and addresses. We need to keep accurate personal data in order to provide a high level of customer service and reasonable steps are taken to ensure the accuracy of any personal data or sensitive information obtained. The source of any personal data or sensitive information should be clear and any challenges to the accuracy of the information will be carefully considered.
If you have any complaints regarding the use of your personal data, please email email@example.com and we will try to resolve the issue. If you are unsatisfied with the outcome of your complaint, you can make a formal complaint to the Information Commissioner’s Office (ICO) by phone on 01625 545745 or 0303 123 1113.
We reserve the right, at all times, to update, modify or amend our Policies. Please check and review this Privacy and Cookies Policy from time to time to ensure you are aware of any changes we may have made.
Data Protection Policy – GDPR
The General Data Protection Regulation (GDPR), effective May 25th 2018, is the latest EU privacy framework. The regulation builds on existing privacy law such as the Data Protection Act 1998, and aims to give EU individuals greater control over their personal data and subsequently increase confidence in how personal data is used.
This policy document has been produced to inform individuals about the data that Tibard processes and on which grounds. Through this, we aim to eliminate doubt regarding safety of personal details and to show our commitment to GDPR compliancy.
Tibard will continue to follow industry-standard procedures to maintain the privacy and security of your data. Where necessary, we have been actively assessing and improving our procedures in data processing to eliminate excess data handling, as well as considering privacy for each aspect of processing.
If you have any questions regarding the information in this policy please email firstname.lastname@example.org
- Personal Data – “information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”
- Processing – “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”
- Restriction of processing – “the marking of stored personal data with the aim of limiting their processing in the future”
- Profiling – “any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements”
- Pseudonymisation – “the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person”
- Controller – “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law”
- Processor – “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”
- Recipient – “a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing”
- Third party – “a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data”
- Consent – “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”
How We Process Your Data
Tibard acts as the data controller for all data processing carried out by Tibard. This includes, but is not limited to: customer, supplier, employee and applicant data processing. Examples of data processors used by Tibard have been provided below.
Commercial Data Processes
Your name, company name and address details will be used to complete delivery. This data is shared with our couriers (for example FedEx, Parcelforce, Royal Mail).
We may contact you (for example by telephone or email) to provide order updates or to contact you for additional information relating to an order.
We may attempt to verify your age using date of birth data when purchasing age-restricted items.
If you have consented to receive news, special offers and discounts from Tibard, your email address will be shared with a third party marketing service (for example MailChimp) to receive content from Tibard. Consent can be withdrawn at any time by clicking the unsubscribe links provided at the bottom of an email.
We will process your card details to take payment and share them with a payment card service provider (for example SagePay). This data is not stored after payment is complete. Card details provided on a mail order form are transferred to the Payment Card service provider by entry of details into software via authorised personnel. The physical copy of card details on the order form is destroyed securely once transferred.
Characteristic data may be processed such as clothing size for the purpose of providing the correct products.
Professional data such as job title may be processed if requested for embroidery on garments or for name badges.
The following data is collected during website use: transaction history, user account details, abandoned basket data, ‘ordered with’ sales data, stock request data, IP data in logs, rejected order table.
CCTV footage is recorded onsite at Tibard
Applicant CVs containing personal data may be received and processed by Tibard. The personal data contained in a CV may include, but is not limited to: name, date of birth, address, phone number, email address, qualifications, job history and any other data that an applicant may willingly provide.
The following processes are carried out on the basis of legitimate business interest:
- Contact by telephone or email to request further order details or to provide order updates.
- Contact by direct mail.
- Contact by a third party to leave a service review.
- Processing of characteristics and professional data to ensure orders are personalised.
- Processing of CVs and applicant data.
- Processing of data collected whilst browsing the Tibard website.
Your details will be retained for as long as you have your account with Tibard, or for as long as is necessary to provide services to you. We may hold data after an account is closed if it is necessary to meet legal or regulatory requirements, prevent fraud, or resolve disputes.
Contact details with no transaction history within the ERP software will be anonymised or deleted after 7 years.
When an online transaction occurs, website data is collected and retained for a period of 30 days before being anonymised. After 90 days the data is deleted. During website browsing without a transaction occurring, the data is collected and then deleted after 30 days.
Applicant CVs may be retained for a period of up to 2 years after the position has been filled if the application is unsuccessful.
Legal Basis for Processing
The above processing procedures are carried out under the following legal bases: performance of contract, legitimate business interest, consent, and legal obligation.
We reserve the right, at all times, to update, modify or amend our Policies. Please check and review this Data Protection Policy from time to time to ensure you are aware of any changes we may have made.