Information We Collect
Username and password – if we collect a username and password, this is so we can keep your information safe and so that we can have your information to hand each time you visit us.
Name, address and postcode – without this, we won’t know where to send your order or to whom. We also use postcodes to quickly get your full address to save you typing it out, and to determine which services are available for your area.
Email address – we send confirmation of your orders via email as well as other relevant services, product and marketing communications.
Telephone numbers – if there are any problems with your order or we need to check anything, we need to be able to contact you quickly.
Correspondence – if you contact us we may keep a record of that correspondence.
IP addresses – when you visit our site, we will automatically receive your IP address, a unique identifier for your computer or other access devices.
You may also provide us with personal information if you contact customer services, if you enter promotions or competitions run by us or if you get in touch with us in some other way, for example by way of an email facility provided on the website.
Cookies – As with the majority of websites, we collect cookies to enhance user experience and to enable our site to properly function. You can read more information on Cookies and how we use them here.
How We Use the Information We Collect
Our main uses of your information are explained above which in general is to process your orders, as well as to help us understand your needs and provide you with a better service.
Your account may be used to store information about your previous purchases, personal preferences and my essentials lists. But you should also be aware of the following uses:
Marketing – we may use the information we collect to inform you by email about offers, products and services that we think may be of interest to you.
We will tell you about this when we collect your information and if you do not wish to receive these communications, please let us know. You can change your mind at any time by emailing email@example.com with your request. You can also unsubscribe following the instructions that we will include in any communication we send to you.
Customer care and correspondence – as part of our customer care procedures, we may follow-up by email, customers who have purchased goods or services from our website or who have posted comments about Picture Superstore on the internet, for example, to resolve a complaint or to ask for a testimonial.
Website improvement – to help us design our website and improve your experience, we may collect information about the way you use and access our website. We collect information about each visitor, including IP address, the length of time spent on the website and the order in which pages are visited. This is explained in more detail in our Cookies Policy.
Fraud Prevention – in order to protect our customers and us from fraud and theft, we may look at the information that we get from making identity checks and other information in our customer records, including how you conduct your account, and may pass this to other group companies, and to financial and other organisations (including law enforcement agencies) involved in fraud prevention and detection, to use in the same way.
Delivery Fulfilment – we will share address and contact information with third party carriers and postal fulfilment providers to enable deliveries to be completed.
Credit Account Payment Information – When you apply for a credit account, we may be required to go through a more detailed credit check which will tell you about you first. When you have a credit account we may share also share account information with our credit insurers.
You have a right to access the personal information that is held about you. To obtain a copy of the personal information Picture Superstore holds about you, please email us at firstname.lastname@example.org enclosing your postal details, account number and the details of your request.
Security – we have taken many steps to make sure your trading experience with us is secure. Information about you will be kept safe and secure. In order to prevent unauthorised access or disclosure of your information, we have put in place suitable physical, electronic and managerial procedures to protect and secure information that is collected online.
Keeping your information secure – to help us keep your information secure you should:
– Keep your password secret.
– Never distribute the website addresses for pages that you have looked at while logged in as a registered customer.
– Password – you should choose a password that is not obvious or known to anyone else. You should never give a third party your password, as you will be responsible for all activity and charges incurred through use of your password whether authorised by you or not.
If you forget your password, you can request a new password, which will be emailed to the address we hold for you. You can change your password anytime through the account facilities on the website. Should we think that there is likely to be, or has been any breach of security, we may change your password and notify you of the change by email.
Security on our premises – access to your information is restricted in our premises. Only employees who need the information to perform a specific job are granted access to personally identifiable information. The servers that store this information are kept in a secure environment.
Notification of Changes to This Policy
Payment Card Security – The Website has numerous security measures in place to protect the loss, misuse and alteration of information under our control, such as passwords, firewalls, and Cyber Essentials accreditation. We cannot, however, guarantee that these measures are, or will remain, adequate. We do, however, take data security very seriously and will use all reasonable endeavours to protect the integrity of the information you provide.
When we provide our services to you as our client, you are generally responsible for the following aspects of the collection and processing of personal information:
Determining what personal information, we collect and how we use it;
Establishing a legitimate basis to collect and process personal information and ensuring that the collection and processing complies with the applicable law;
If appropriate, you are notified of, or provide consent for, the collection and processing of your personal information in accordance with applicable law;
Complying with any legal obligation you may have as the entity that controls or owns the personal data.
Generally speaking, we will be responsible for the following aspects of the collection and processing of personal information:
Carrying out the services requested by you in accordance with your instructions;
Storing and protecting personal information in our custody in accordance with your instructions; and
Comply with any legal obligation we may have as a data processor, custodian, service provider or similar under applicable law
We will not reuse personal information for a new purpose other than the original one(s) for which it was collected, unless:
the new use is compatible with the original one, meaning you should reasonably expect it;
we have notified you of the new use and given you an opportunity to object to it; or
the new use is otherwise permitted or required by law.
When, why and how do we communicate personal information outside of Picture Superstore?
To complete services
When we provide our services to you, we may transmit personal information back and forth. This is done through our secure web platforms.
Engage services providers
Whilst most of our work is carried out by our employees or authorised personnel who access personal information directly from our systems and whose activities are under our direct control, we use third-party service providers for certain specialised tasks, these include storage of data, information technology support and some services we perform for our clients.
It would be impractical to list all the service providers, however, should you wish to understand which service providers may receive your personal information, please contact us.
When we provide services to a client it is done so in accordance with your instructions.
In exceptional circumstances, we may be asked to communicate personal information to law enforcement agencies, national security agencies, courts or other public bodies in any jurisdiction where we are subject to the law, regardless of where personal information is stored. If we receive a production order, warrant, subpoena or other enforceable demand, we will comply as required by law. If we receive a request to provide information voluntarily, we will consider your interests, our business interests, the interests of our clients, public safety implications and our legal obligations prior to deciding whether to communicate personal information. In any case where the information in question was collected from or on behalf of a client, we will consult with you before proceeding unless prohibited by law.
We may proactively communicate personal information to law enforcement or other third parties if necessary to investigate or report a violation of the law or a contractual agreement, or if otherwise appropriate and permitted by law.
How do we ensure your personal information is accurate?
Much of the personal information we collect comes directly from you, in which case you are in control of its accuracy. Our processes for collecting and transcribing personal information are automated to the greatest extent possible and are subject to rigorous quality controls. Information that is found to be inaccurate, either through our own audits or following your request for correction, is updated.
Do we engage in automated decision-making or profiling using personal information?
We do not make decisions about you, automated or otherwise, and do not attempt to analyse or predict your behaviour, preferences, interests, health or other personal characteristics.
Do we conduct research using personal information?
We do not use your personal information to conduct any research. We maintain historical statistical data in anonymised, aggregate format for research and analysis.
How long do we keep personal information?
We keep personal information as long as you are a client of ours or as long as we need to keep it to comply with our legal obligations. For information on how long your personal information may be retained, please contact us.
Do we transfer personal information between countries?
We do not transfer personal information between countries. Your personal information is collected and stored in the United Kingdom.
How do we protect personal information?
We have advanced security measures in place to secure and protect your personal information, such as internal and external firewalls, monitoring and alert systems to prevent and detect intrusion attempts. Our servers are located within a securely managed infrastructure, and undergo multiple reviews by independent auditors. Our employees access data through secure desktop interfaces, and our online interfaces are encrypted, password protected and monitored.
We employ equally rigorous physical security policies to prevent physical access to our premises. Our servers and offices, including personal information in hard copy form, are kept in access-controlled and monitored environments.
We restrict access to your personal information to individuals who need it to perform their work functions. Our marketing, sales, customer service and account management teams may have regular access to your information and employees in other departments may access it occasionally as required to manage our relationship with you and fulfil our legal obligations.
We also enter into contractual agreements with service providers with which we may need to share your personal information, which requires them to protect your personal information to the same level as we do.
How can you choose how and whether we collect and use your personal information?
Providing your information to us is voluntary. The purpose of collecting personal information is to enable us to provide our products and services to you.
Whenever our legitimate basis for collecting and using personal information is your consent, you can withdraw or modify your consent for future collection or use of your personal information at any time, and we will explain the consequences of doing so.
If we use your personal information for sales or marketing purposes, you can ask us to stop at any time and we will do so.
How can you access or correct your personal information, request that it be deleted, or ask for it to be transferred to another organisation?
At any time, you can request access to your personal information, request that any inaccuracies will be corrected, and request that comments or explanations be added to records about you.
You can also ask about:
whether and why we have your personal information;
how we got your personal information;
what we have done with your personal information;
to whom we have communicated your personal information;
where your personal information has been stored, processed or transferred;
how long we will retain your personal information, or how that retention period will be determined; and
the safeguards in place to protect your information when it is transferred to third parties or third countries.
Finally, you can ask us not to collect or use your personal information for certain purposes, you can ask us to delete your personal information, or you can ask us to provide your personal information to a third party.
Depending on which laws apply to your personal information, we may only be able to do some of these things for you. If you request one of these things and we refuse to do it, we will explain your legal rights, the reason for our refusal and any recourse you may have.
How can you make a complaint about how we have handled your personal information or responded to a request to exercise your rights?
We commit to investigating and resolving complaints about our collection or use of your personal information. To make a complaint, contact us at email@example.com.