CBF Group is committed to protecting our customer privacy and takes its responsibility about security of customer data very seriously. We will be clear and transparent about the information we are collecting and what we will do with it. This Policy includes:
- What personal data we collect and process about you as a customer and through your use of our websites and online services;
- Where we get that data;
- What we do with that data;
- How we store the data;
- Who we share that data with;
- How we deal with your data protection rights;
- And how we comply with the data protection rules.
“CBF Group” in this policy refers to Cheltenham Forms Limited and its associated businesses, CBF Creative, CBF Fulfilment, Blawill Holdings Limited.
CBF Group is the “data controller” of all personal information that is collected and used about customers and is registered in the UK with registration number 02005932 with the registered address 1 Alvin Street, Gloucester, England, GL1 3EJ.
Personal data means any identifying information relating to you, such as your name, contact details, order/invoice numbers, payment details and information about your access to our website.
We may collect personal data from you when you make an enquiry, use our website subscribe to our newsletters, or when you contact us.
Specifically, we may collect the following categories of information:
- Name, home address, business address, e-mail address, telephone number, credit/debit card or other payment details;
- order history, including payment and delivery information;
- Information about your use of our websites;
- Location, including your IP Address, if you use Location Services settings on your devices and computer.
Your data may be used for the following purposes:
- Providing products and services you request, including quotes, print delivery;
- Contacting you in the event of an issue with a service such as late delivery or changes to orders; these communications are not made for marketing purposes and cannot be opted-out of;
- Credit or other payment card verification/screening;
- Administrative or legal purposes, such as to deal with a dispute or claim;
- Marketing: we may occasionally contact you with information regarding special offers or changes of operation, via e-communications. You will have the choice to opt in or opt out of receiving such communications when we contact you. You will also have the chance on every e-communication we send you to opt out of receiving our direct marketing material.
We will not keep your data longer than is necessary to fulfil the purpose it is being processed for, so for example we may want to contact you after a year to ask whether you wish to update a dated item, or to re-order based on our knowledge of previous order patterns.
We may also need to retain personal data to deal with complaints, queries and to protect our legal rights in the event of a claim being made.
When we no longer need your personal data, or if you ask us to do so, we will securely delete or destroy it.
We follow strict security procedures in the storage and disclosure of your personal data, and to protect it against accidental loss, destruction or damage. The data you provide to us is protected using SSL (Secure Socket Layer) technology. SSL is the industry standard method of encrypting personal information and credit card details so that they can be securely transferred over the Internet.
All payment details are transmitted over SSL across dedicated network infrastructure (Multiprotocol Label Switching-MPLS) and stored in compliance with Payment Card Industry Data Security Standards (PCI DSS).
We may share your data with only our trusted third party organisations, for instance courier firms and delivery agents, photographers or illustrators you have asked us to commission on your creative project, external agencies working directly with us on your projects if we need them.
Some of our sites use tracking and analytics software to monitor traffic patterns and site usage, but this does not enable us to capture any personal information.
We have appointed a Data Protection Officer (“DPO”) to oversee this policy, and you can ask, by law, whether we hold personal information about you, and, if so, what that information is and why we are holding/using it. You can also ask us to correct the information we hold, and to delete the data completely if you don’t wish us to continue holding it.
If you want to exercise any of these rights, please contact our DPO by post at Data Protection Officer, 1 Alvin Street, Gloucester, England, GL1 3EJ.