Please read this document carefully before submitting any personal data to us.
(1) GENERAL INFORMATION
1.3 Our role as a data controller. We act in the capacity of a data controller with regard to the personal data processed through the Website in terms of the applicable data protection laws, including the UK Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR).
1.5 Children. The Website is not marketed to and should not be used by children. We do not intentionally collect children’s personal data. If you, as a parent or a legal guardian of a child, become aware that the child has submitted his/her personal data to us, please contact us immediately. We will delete your child’s personal data from our systems without undue delay.
(2) WHAT PERSONAL DATA DO WE COLLECT AND FOR WHAT PURPOSES DO WE USE IT?
2.1 Sources of personal data. We obtain your personal data from the following categories of sources:
• Directly from you. For example, if you submit certain personal data directly to us when registering your user account or contacting us;
• Directly or indirectly through your activity on the Website. When you use the Website, we automatically collect technical information about your use of the Website; and
• From third parties. We may receive information about you from third parties to whom you have previously provided your personal data, if those third parties have a lawful basis for disclosing your personal data to us.
• Registration of your user account. When you register your user account on the Website, we collect your location, customer number, first name, last name, phone number, email address, and password. When you register your user account with us, we collect your company name, company registration number, tax ID number or VAT number, the nature of your business, your company type, contact name, email address, phone number, and password. We use the said information to register and maintain your user account, enable your access to the Website, provide you with the requested services, contact you, if necessary, and maintain our business records. The legal bases on which we rely are ‘performing a contract with you’, ’pursuing our legitimate business interests’ (i.e., operate, analyse, grow, and administer the Website), and ‘your consent’ (for optional personal data). We keep such data until you delete your user account.
• Orders. When you make an order for our products and services, we collect your delivery address and other information that you decide to provide. We use this information to process your orders, deliver you your orders, and maintain our business records. The legal bases on which we rely are ‘performing a contract with you’ and ’pursuing our legitimate business interests’ (i.e., administer our business). We will store this data until you request us to delete your user account, unless we need to keep our business records for the time period required by law.
• Inquiries. When you contact us by email we collect your name, email address, and any information that you decide to include in your message. We use such data to respond to your inquiries. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to grow and promote our business) and ‘your consent’ (for optional personal data). We keep your personal data until we decide to delete old emails or support tickets.
• Payments. When you make a payment, you will be asked to provide your payment details that depend on the chosen payment provider (like your name, credit card number, expiration date, security code, and billing address). Please note that we do not process payments - it is done by our third-party payment processors. Your payment data is used to process your payments and maintain our business records. The legal bases on which we rely are ‘performing a contract’, ’pursuing our legitimate business interests’ (i.e., administer our business), and ‘complying with our legal obligations’. We keep your personal data for as long as required by law.
• IP address. When you use the Website, we or our third-party analytics service providers (as explained in section 3 below) collect your IP address. We use your IP address to analyze the technical aspects of your use of the Website, prevent fraud and abuse of the Website, ensure the security of the Website, and tailor the Website for your location. The legal basis on which we rely when processing your IP address is ‘pursuing our legitimate business interests’ (i.e., to analyze and protect the Website). We keep your personal data as long as it is necessary for analytics purposes.
• Forms. When you complete the forms available on the Website (e.g., trade credit application form or the resale certificate), we collect your personal data that is relevant to that form, such as your full name, trading name, phone number, fax number, email addresses, information about your company, address, contact persons’ details (name, title, address), order numbers, and any other information that you decide to provide or that is necessary for completing the form. We use such information to process your forms, contact you, if necessary, and maintain our business records. The legal bases on which we rely are ‘performing a contract with you’ and ’pursuing our legitimate business interests’ (i.e., administer our business). We will store this data until you cease to be our client, unless we need to keep our business records for the time period required by law.
2.3 Sensitive data. We do not collect or have access to any special categories of personal data (“sensitive data”) from you, unless you decide, at your own discretion, to provide such data to us. Sensitive data is information that relates to your health, genetics, biometrics, religious and political beliefs, racial origins, membership of a professional or trade association, or sexual orientation.
2.4 Refusal to provide personal data. If you refuse to provide us with your personal data when we ask for it, we may not be able to perform the requested operation and you may not be able to use the full functionality of the Website, receive our products and services, or get our response. Please contact us immediately if you think that any personal data that we collect is excessive or not necessary for the intended purpose.
(3)WHAT TECHNICAL (NON-PERSONAL) DATA DO WE COLLECT?
3.1 Log files and analytics data. In order to analyze your use of the Website, we and our analytics service provider Google Analytics automatically collect certain technical non-personal data about your use of the Website. Such data does not allow us or Google to identify you as an individual person in any manner. The non-personal data includes the following information:
• Your activity on the Website (e.g., what functionalities you use, how much time you spend on different pages of the Website, how long it takes for the Website to load and process your requests, and what errors occur);
• Your device type;
• The operating system of your device;
• Your browser type;
• URL addresses that you visit; and
• Your other online behavior.
3.2 Your feedback. If you contact us, we may keep records of any questions, complaints, recommendations, or compliments made by you and any subsequent responses. Where reasonably possible, we remove all personal data that is not necessary for keeping such records.
3.3 Purposes of technical (non-personal) data. We use your technical (non-personal) data for the following purposes:
• To analyze what kind of users visit the Website;
• To examine the relevance, popularity, and engagement rate of the Website;
• To investigate and help prevent bugs, security issues and abuse;
• To develop and provide additional features to the Website; and
• To personalize the Website for your specific technical needs (e.g., to adjust the design and resolution for your device).
3.4 Aggregated and de-identified data. If we combine your non-personal data with certain elements of your personal data and such a combination allows us to identify you as a natural person, we will handle such aggregated data as personal data and make sure that we have a legal basis for processing it. If your personal data is de-identified in a way that it can no longer be associated with a natural person, it will not be considered personal data and we may use it for any business purpose.
(4) HOW DO WE COMMUNICATE WITH YOU?
4.1 Newsletters. If we have your email address, we may, from time to time, send you a newsletter informing you about the latest developments related to the Website, our products, and special offers. You will receive our newsletters in the following instances:
• If we receive your express (“opt-in”) consent to receive marketing messages; or
• If you voluntarily subscribe for our newsletter on the Website; or
• If we decide to send you information closely related to services already used or products purchased by you.
4.2 Opting-out. You can opt-out from receiving our commercial communication at any time free of charge by clicking on the “unsubscribe” link included in our newsletters, adjusting the settings of your user account, or by contacting us directly.
4.3 Tracking pixels. The newsletters sent by us may contain tracking pixels that allow us to conduct analysis of our marketing campaigns. Tracking pixels allow us to see whether you opened the newsletter and what links you have clicked on. We use such information to conduct analytics and pursue our legitimate business interests.
4.4 Service-related notices. If necessary, we will send you important informational messages, such as confirmation receipts, order updates, payment information, technical emails, and other administrative updates. Please note that such messages are sent on an “if-needed” basis and they do not fall within the scope of commercial communication that may require your prior consent. You cannot opt-out from service-related notices.
(5) HOW LONG DO WE KEEP YOUR PERSONAL DATA?
5.3 Retention as required by law. In certain cases, we are required by law to store your personal data for a certain period of time (e.g., for business records or accountancy purposes). Thus, we keep your personal data for the time period stipulated by the applicable law and securely delete it as soon as the required storage period expires.
(6) HOW DO WE SHARE AND DISCLOSE YOUR DATA?
6.1 Disclosure to data processors. From time to time, your personal data is disclosed to our service providers with whom we cooperate (our data processors). For example, we share your personal and non-personal data with entities that provide certain technical support services to us, such as hosting and email distribution services. We do not sell your personal data to third parties. The disclosure is limited to the situations when your personal data is required for the following purposes:
• Ensuring the proper operation of the Website;
• Ensuring the delivery of the products and services ordered by you;
• Providing you with the requested information;
• Pursuing our legitimate business interests;
• Enforcing our rights, preventing fraud, and security purposes;
• Carrying out our contractual obligations; or
• If you provide your prior consent to such a disclosure.
• Our hosting, database, and cloud storage service provider Amazon Web Services located in the United States;
• Our newsletter service provider MailChimp located in the United States;
• Our analytics service provider Google Analytics located in the United States;
• Our shipping service providers Endicia, Royal Mail, UPS, FedEx, and DHL;
• Our payment service providers Stripe, and Authorize.net located in the United States;
• Our live chat software provider Pure Chat located in the United States; and
• Our independent contractors and consultants.
6.3 Disclosure of technical (non-personal) data. Your technical (non-personal) data may be disclosed to third parties for any purpose. For example, we may share it with prospects or partners for business or research purposes, for improving The Website, responding to lawful requests from public authorities or developing new products and services.
6.4 Legal requests. If we are contacted by a public authority, we may need to disclose information about you to the extent necessary for pursuing a public interest objective, such as national security or law enforcement.
6.7 International transfers. Some of our data processors listed above are located outside the country in which you reside. For example, if you reside in the European Economic Area (EEA), we may need to transfer your personal data to jurisdictions outside the EEA. In case it is necessary to make such a transfer, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for your personal data or we conclude a data processing agreement with the respective third party that ensures such protection. We will not transfer your personal data internationally if no appropriate level of protection can be granted.
(7) HOW DO WE PROTECT YOUR PERSONAL DATA?
7.1 Our security measures. We implement organizational and technical information security measures to protect your personal data from loss, misuse, unauthorized access, and disclosure. The security measures taken by us include:
• Access control;
• Secured networks;
• SSL protocol;
• Strong passwords;
• Anonymization of personal data (when possible); and
• Carefully selected data processors.
7.2 Security breaches. Although we put our best efforts to protect your personal data, given the nature of communications and information processing technology and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data that was caused by circumstances that are beyond our reasonable control. In case a serious breach occurs, we will take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law.
(8) WHAT RIGHTS DO YOU HAVE WITH REGARD TO YOUR PERSONAL DATA?
8.1 The list of your rights. You have the right to control how your personal data is processed by us by exercising the rights listed below (unless, in very limited cases, the applicable law provides otherwise):
• Right of access: you can get a copy of your personal data that we store in our systems and a list of purposes for which your personal data is processed;
• Right to rectification: you can rectify inaccurate personal data that we hold about you;
• Right to erasure (‘right to be forgotten’): you can ask us to erase your personal data from our systems;
• Right to restriction: you can ask us to restrict the processing of your personal data;
• Right to data portability: you can ask us to provide you with a copy of your personal data in a structured, commonly used and machine-readable format and move that personal data to another processor;
• Right to object: you can ask us to stop processing your personal data;
• Right to withdraw consent: you have the right to withdraw your consent, if you have provided one; or
• Right to complaint: you can submit your complaint regarding our processing of your personal data.
8.3 Complaints. If you would like to launch a complaint about the way in which we process your personal data, we kindly ask you to contact us first and express your concerns. If we receive your complaint, we will investigate it and provide you with our response as soon as possible. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.
8.4 Non-discrimination. We do not discriminate against you if you decide to exercise your rights. It means that we will not (i) deny any goods and services, (ii) charge you different prices, (iii) deny any discounts or benefits, (iv) impose penalties, or (v) provide you with lower quality services.
(9) OUR CONTACT DETAILS
United States (global)
Postal address: Samuel & Sons 983 Third Avenue New York, NY 10022, USA
Postal address: Samuel and Sons Unit 3.13, Chelsea Design Centre Chelsea Harbour, London SW10 0XE, United Kingdom
Postal address: Samuel & Sons Passementerie 72, rue du Faubourg Saint Honoré 75008 Paris France