Here at Drum Depot Ltd (‘Drum Depot’) we are committed to protecting and respecting the privacy of your personal data. This privacy notice explains how your data is collected, used, transferred and disclosed by Drum Depot. It applies to data collected when you use our website, when you interact with us through social media, email, or phone, or when you participate in our competitions or events. It covers:
- Our commitment to you
- How we keep your data safe and secure
- The personal data we collect
- How we collect your data
- How we use your data
- Marketing preferences, adverts and cookies
- Links to other websites and third parties
- How we share your data
- Your rights
- Changes to this privacy notice
- How to contact us
Our commitment to you
We take the protection of your personal data seriously and will process your personal data fairly, lawfully and transparently. This privacy notice describes the personal data we are collecting about you and how it is used.
We will only collect and use your personal data for the following purposes, to:
- fulfil your order(s)
- keep you up to date with the latest offers and trends
- give you a better shopping experience
- help us to make our marketing more relevant to you and your interests
- improve our services
- meet our legal responsibilities
How we keep your data safe and secure
We have appropriate organisational safeguards and security measures in place to protect your data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
The communication between your browser and our website uses a secure encrypted connection wherever your personal data is involved. We encrypt your data and store it on secure servers hidden behind a firewall.
In the unfortunate event of a personal data breach, we will notify you and any applicable regulator when we are legally required to do so.
The personal data we collect
Personal data means any information about an individual from which that person can be identified. It does not include anonymous data, where the identity and identifying information has been removed.
The following groups of personal data are collected:
- Identity Data includes information such as: first name, last name and title.
- Contact Data includes information such as: email address, billing address, delivery address, location, country and contact telephone number.
- Transaction Data includes information such as: details of your purchases and the fulfilment of your orders (such as basket number, order number, subtotal, title, currency, discounts, shipping, number of items, product number, single item price, category, tax etc.); payments to and from you and details of other products and services you have obtained from us, correspondence or communications with you in respect of your orders, and details of any rewards and bonuses awarded.
- Technical Data includes information such as: details of the device(s) you use to access our services, your internet protocol (IP) address, login data, your username and password, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform.
- Profile Data includes information such as: purchases or orders made by you, and preferences.
- Marketing and Communications Data includes information such as: your preferences in receiving marketing from and your communication preferences.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
How we collect your data
We may collect personal data about you in the following ways:
- Direct interactions– you may give us your Identity, Contact, Financial, Transaction, Profile, and Marketing and Communications data (as described above) by filling in forms, entering information online or by corresponding with us by post, phone, email, telephone or otherwise. This includes personal data you provide, for example, when you:
- Create an account or purchase products on our website;
- Subscribe to our newsletter;
- Enter a competition;
- Or contact us with an enquiry or to report a problem (by phone, email, social media, or messaging service).
- Automated technologies or interactions– as you interact with our website, we may automatically collect the following types of data (all as described above): Technical Data about your equipment, Usage Data about your browsing actions and patterns, and Contact Data where tasks carried out via our website remain uncompleted, such as incomplete orders or abandoned baskets. We collect this data by using cookies, server logs and other similar technologies.
How we use your data
1. The legal basis for processing your personal data
We will only collect and process your personal data where we have a legal basis to do so. As a data controller, the legal basis for our collection and use of your personal data varies depending on the manner and purpose for which we collected it.
We will only collect personal data from you when:
- we have your consent to do so, or
- we need your personal data to perform a contract with you. For example, to process a payment from you, fulfil your order or provide customer support connected with an order, or
- the processing is in our legitimate interests and not overridden by your rights, or
- we have a legal obligation to collect or disclose personal data from you.
2. Uses made of your personal data
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we wish to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. We may process personal data without your consent only where this is required or permitted by law.
3. How long we keep your data for
We will keep your personal data for no longer than is necessary for the purpose(s) it was provided for and to meet our legal obligations. Further details of the periods for which we retain data are available on request.
Marketing Preferences, Adverts & Cookies
1. Marketing – your preferences
We may send you marketing communications and promotional offers:
- if you have opened an account with us or purchased goods from us, or registered for a promotion or event, and you have not opted out of receiving that marketing (in accordance with your preferences, as explained below);
- by email if you have signed up for email newsletters;
- if you have provided us with your details when you entered a competition and you have consented to receiving such marketing (in accordance with your preferences, as explained below).
You will always have full control of your marketing preferences. If you do not wish to continue receiving marketing information from us (or any third party, if applicable) at any time:
- you can unsubscribe following the instructions included in the footer of any marketing email; or email us directly: firstname.lastname@example.org
We will process all opt-out requests as soon as possible, but please note that due to the nature of our IT systems and servers it may take a few days for any opt-out request to be implemented.
Our use of analytics and targeted advertising tools
We use tools such as Google Analytics to analyse Google’s interest-based advertising data and/or third-party audience data (such as age, marital status, life event, gender and interests) to target and improve our marketing campaigns, marketing strategies and website content. We may also use tools provided by other third parties, such as Facebook, Content Square, Adroll, Responsys, Criteo and Bing to perform similar tasks, using your Contact, Technical, Usage and Profile Data.
In order to opt out of targeted advertising you need to disable your ‘cookies’ in your browser settings or opt-out of the relevant third-party Ad Settings. For example, you can go here to opt-out of the Google Display Advertising Features.
The Digital Advertising Alliance (which includes companies such as Google, Responsys and Facebook) provides a tool called WebChoices that can perform a quick scan of your computer or mobile devices, find out which participating companies have enabled customised ads for your browser, and adjust your browser preferences accordingly.
If you would like any further information about the data collected by these third parties or the way in which the data is used, please contact us.
How we share your data
We may disclose and share your personal data with the parties set out below:
- to suppliers, sub-contractors and other third parties that we use in connection with the running of our business for the purposes set out in the table above in the section ‘How we use your data’, such as:
- third party service providers that we engage to provide IT systems and software, and to host our website;
- third-party payment processing services (including Worldpay, Paypal, and in certain regions, Klarna) to process your payment to us. We do not store your credit/debit card information;
- third party service providers that we engage to deliver goods you have ordered;
- third party service providers that we engage to send emails and postal mail on our behalf including in relation to incomplete orders or abandoned baskets, or marketing communications, to provide data cleansing services and to provide marketing and advertising services;
- analytics and search engine providers that assist us in the improvement and optimisation of our website;
- to protect our customers and website from fraud and theft, we may share personal data that is required to make identity checks and personal data that we obtain from making identity checks (including data relating to your age, name and location), together with account information, with organisations (including law enforcement agencies), involved in fraud prevention and detection and credit risk reduction. Please note that these third parties may retain a record of the information that we provide to them for this purpose;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation; or
- to our professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
You have several rights under the data privacy legislation. This includes, under certain circumstances, the right to:
- request access to your personal data
- request correction of your personal data
- request erasure of your personal data
- request restriction of processing of your personal data
- request the transfer of your personal data
- object to processing of your personal data
- object to automated decision making
Brief details of each of these rights are set out below. If you wish to exercise any of these rights, please email us at email@example.com.
1. Request access to your personal data
You have the right to obtain a copy of the personal data we hold about you and certain information relating to our processing of your personal data.
2. Request correction of your personal data
You are entitled to have your personal data corrected if it is inaccurate or incomplete. You can update your personal data at any time by logging into your account and updating your details directly, or by emailing us at firstname.lastname@example.org.
3. Request erasure of your personal data
This enables you to request that Drum Depot delete your personal data, where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
4. Request restriction of processing of your personal data
You have a right to ask Drum Depot to suspend the processing of your personal data in certain scenarios, for example if you want us to establish the accuracy of the data, or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Where processing is restricted, we are allowed to retain sufficient information about you to ensure that the restriction is respected in future.
5. Request the transfer of your personal data
You have the right to obtain a digital copy of your personal data or request the transfer of your personal data to another company. Please note though that this right only applies to automated data which you initially provided consent for us to use or where we used the data to perform a contract with you.
6. Object to processing of your personal data
You have the right to object to the processing of your personal data where we believe we have a legitimate interest in processing it (as explained above). You also have the right to object to our processing of your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your data which override your rights and freedoms.
7. Object to automated decision making and profiling
You have the right to object to the automated processing of your personal data without human intervention. This form of processing is permitted where it is necessary as part of our contract with you, providing that appropriate safeguards are in place or your explicit consent has been obtained.
We will try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. We may need to request specific information from you to help us confirm your identity and ensure your right to exercise any of the above rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
8. Right to lodge a complaint
If you have any concerns or complaints regarding the way in which we process your data, please email us directly at email@example.com. You also have the right to make a complaint to the ICO (the data protection regulator in the UK). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please do contact us in the first instance.
Changes to this privacy notice
From time to time we may change this privacy notice. If there are any significant changes we will post updates on our website, applications or let you know by email.
How to contact us
We welcome feedback and are happy to answer any questions you may have about your data.
Please send any questions, comments or requests for more information to our inbox firstname.lastname@example.org
This Privacy Notice was last updated on 27th April (Version v1.1)