GAK Privacy Notice - Updated 17th May 2018
Who We Are
When we say ‘we’ or ‘us’ in this notice we are generally referring to the two distinct legal entities that make up the GAK Group:
- GAK.co.uk Ltd (registered office: 30-34 North Street, Hailsham, East Sussex, BN27 1DW)
- The Guitar, Amp & Keyboard Centre Ltd (registered office: 30-34 North Street, Hailsham, East Sussex, BN27 1DW)
Please contact the GAK Data Protection Officer to make a request under the Data Protection Act or EU data protection regulation or if you have any questions about your personal information:
Email: [email protected]
Data Protection Officer
60 Gladstone Place
In the event that you are not satisfied with the response from the GAK Data Protection Officer, you may contact the Information Commissioner directly.
What Information Do We Collect?
- Information you have provided to us such as Forename, Surname, Delivery address, Billing address, Email address and contact phone number.
- Information relating to payment transactions processed as part of placing an order with GAK such as payment provider (Visa, MasterCard, PayPal, Amazon, Bank Transfer, V12 Finance), transaction reference and status. If registered for ‘Express checkout’ we will store a payment token in order to facilitate fast payment through our payment pages provided by a third-party Secure Trading Ltd. Please note we do not store your credit card details.
- If you have signed up for a User Account we store your User Name and an encrypted version of your Password.
- If you contact us (either via our Contact Us page, direct email or via post) we may keep a copy of that correspondence
- If you have placed an order and respond to a Service or Product Review request from one of our third-party providers (TrustPilot or Google Reviews) we may store your review and comments.
- If you visit any of our retail premises your image may be recorded and stored for a short time in our CCTV system for security purposes only.
If you decide not to provide relevant information this may hinder our ability to respond efficiently to your visit to our website and may mean that we will not be able to take any further action to support your enquiry.
Why We Collect This Information and How We Use It
We collect personal information from you so we can process orders placed and keep you updated on their progress. Only where you have specifically requested will we use any information collected to contact or update you with marketing communications relating to products or services. When you submit an order with us your personal details may be shared internally with our sales staff, customer service staff and warehouse staff and to fulfil the delivery of your order your personal details may be shared with any relevant third-party courier companies (FedEx, DPD, UK Mail, DHL or Royal Mail) or product suppliers/distributors.
Our legal basis for collecting and processing your personal information is generally that we either have your explicit consent, that we require this information in order to perform a contract with you or that we have a legitimate business interest to do so.
How Long Do We Store The Information We Collect
Where we process your information in order to fulfil an order for goods or services, we will securely store your information as long as is necessary for warranty, financial and tax storage requirements. Once we no longer have a legitimate business need to store or process your personal information we will delete or remove it at the earliest opportunity.
Where we process your personal information in order to keep you updated about products and services we will retain and process that information indefinitely unless you notify us that you no longer wish to receive these communications.
The information we collect may be stored and processed in various locations, this will not include locations outside the European Economic Area (EEA).
Who We May Share Your Personal Information With
In order to fully process and deliver orders placed we will share relevant personal information with third parties where required and where you have opted-in to our marketing updates, we will share relevant personal information with third parties for marketing purposes.
Your personal information may be shared with:
- Delivery and logistics partners to facilitate the delivery of your goods.
- Email service providers that enable us to send relevant marketing email communications.
- Server management and data storage providers that host and manage our secure website and business software applications.
- Payment service providers that enable payments online through our website, payment links or over the phone.
- Suppliers and/or Distributors to facilitate the direct shipment of goods from third-party warehouses to customers.
- Third-party providers who facilitate our customer service function including; Zendesk - online live chat, TrustPilot - customer review service, Google Customer Reviews - customer review service. These service providers all maintain their own Privacy Policies which are publicly available and we can direct you to these if required.
Where we use any third party to process personal information on our behalf, we have drafted compliant processor agreements and due diligence procedures for ensuring that they (as well as we) meet and understand their/our Data Protection Legislation obligations. These measures include reviews of the service provided, the necessity of the processing activity, the technical and organisational measures in place and compliance with Data Protection Legislation.
Your Rights Under Data Protection Law
Under Data Protection Legislation you have the following rights in certain circumstances as an individual:
- The right of access - you have the right to be told what personal data we hold about you on our database and how we process that data. You also have the right to be provided with a copy of all personal data we hold (in a format and time frame that is reasonable to request, not exceeding 1 month), we will not charge for providing this information.
- The right to request rectification - you have the right to request to have any inaccurate personal data rectified or completed if incomplete.
- The right to request erasure - you have the right to request to have personal data erased, also known as the ‘right to be forgotten. Where appropriate requests have been made, deletion of personal data will be processed within 1 month.
- The right to request to restrict processing - you have the right to request restriction or suppression of your personal data although this only applies in certain circumstances.
- The right to request data portability if data you have provided is processed using automated means - you have the right to obtain and reuse the personal data we hold for your own purposes across different services. This would generally involve a copy or transfer of the personal data we hold in an electronic format from one IT environment to another.
- The right to object - you have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling), direct marketing (including profiling) and processing for purposes of scientific/historical research and statistics.
- Rights related to automated decision making including profiling.
For further information on your Individual Rights please visit the Information Commission’s Office website
If you wish to exercise any of the rights listed above please contact our Data Protection Officer.