iWoodesign (iWD) is committed to protecting your privacy and security. We understand that when you shop online your name, address, credit card details and other personal information are kept safe and secure. We respect this and promise not to pass on any of your personal details to a third party. For some deliveries, your telephone number may need to be given to our couriers for ease of delivery.
Once you place an order your name, telephone number, email, address, delivery address and credit/debit card details allow us to process, fulfill your order and notify you on its status. We only make your details available to personnel at iWD, who work in a password protected environment, in order for them to perform their duties. Please note that we shall not be storing financial details relating to payments received via credit or debit card as they are processed and stored via PayPal and WorldPay, as trusted third party service providers.
All online payments will be conducted in accordance with Payment Card Industry (PCI) data security standards and your billing information (which is only used by these payment processors for the purpose of performing fraud protection) is encrypted before being communicated to them. Your credit card details are communicated directly from your browser to these payment processors. iWD never sees your full Permanent Account Number (PAN). This means that the payment form is either off-site or displayed in a frame on the payment page.
When you place orders or access your personal information, we offer the use of a secure server. All sensitive/credit information you supply is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our databases to be only accessed as stated above.
If the General Data Protection Regulation applies to you because you are in the European Union, you have rights under data protection laws in relation to your personal data:
- The right to be informed, that is an obligation on us to inform you how we use your personal data;
- The right of access, that is a right to make what is known as a data subject access request for a copy of the personal data we hold about you;
- The right to rectification, that is a right to make us correct personal data about you that may be incomplete or inaccurate;
- The right to erasure where in certain circumstances you can ask us to delete the personal data we have about you (unless there is an overriding legal reason we need to keep it);
- The right to restrict processing, that is a right for you in certain circumstances to ask us to suspend processing personal data;
- The right to data portability, that is a right for you to ask us for a copy of your personal data in a common format (for example, a .csv file);
- The right to object, that is a right for you to object to us processing your personal data (for example, if you object to us processing your data for direct marketing); and
- Rights in relation to automated decision making and profiling. that is a right you have for us to be transparent about any profiling we do, or any automated decision making.
These rights are subject to certain rules around when you can exercise them. You can see a lot more information on them, if you are interested, on the UK Information Commissioner is Office website.
If you wish to exercise any of the rights set out above, please contact us (see How to contact iWD about privacy).
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
It is important that the personal data we hold about you is accurate and current. We thank you in advance for keeping us informed if your personal data changes during your relationship with us. You can do this by updating your account.