Privacy Policy.

The type of personal information we collect:

The type and amount of information we collect depends on why you are providing it. We may collect, use, store and transfer different types of personal data which we have grouped together as follows:

  • Identity Data includes first name, last name, preferred pronoun, date of birth, gender, username or similar identifier or title.
  • Contact Data includes billing address, delivery address, email address and telephone numbers, as well as details of any additional persons for whom correspondence is required.
  • Correspondence Data includes details of your correspondence with us (including order details recorded online or by phone, and any complaints you have made to our customer services team).
  • Image data including photographs and video images.
  • Financial Data includes bank account, and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Profile Data includes (your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses).
  • Usage Data includes information about how you use our website, products and services (including the data obtained from cookies, web logs and other similar technologies that monitor usage).
  • Marketing and Communications Preferences Data includes your preferences in receiving marketing from us.
  • Job Applicant Data – the information you are asked to provide is as set out in the application and necessary for the purposes of considering your fit for the vacancy.

How we get the personal information and why we have it:

We may collect information from you whenever you contact us or have any involvement with us for example when you:

  1. Visit our website/customer portal
  2. Enquire about our activities or services
  3. Sign up to receive news about our activities
  4. Create or update your system login information
  5. Post content onto our sites or social media
  6. Attend a meeting with us and provide us with information
  7. Take part in our events
  8. Contact us in any way including online, email, phone, SMS, social media or post

We use the information that you have given us in order to:

  • Provide you with the information or services you have asked for.
  • Send you communications with your consent that may be of interest, including marketing information about our services and activities.
  • When necessary, carry out your obligations under any contract between us.
  • Seek your views on the services or activities we action, so that we can make improvements.
  • Maintain our organisational records and ensure we know how you prefer to be contacted.
  • Analyse the operation of our sites and your website behaviour to improve their usefulness.
  • Process job applications.

We have set out below, a description of a number of ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Please note that the following list is not exhaustive.

Purpose/Activity Type of Data Lawful Basis
To register you as a new customer
  1. Identity
  2. Contact
Performance of a contract with you
To provide you with requested services and/or products
  1. Identity
  2. Marketing & Communications Preferences
  3. Contact
  4. Transaction
  5. Financial
  6. Correspondance
Neccessary for performance of a contract

OR

Necessary for legitimate interests

To process and deliver the products you have ordered
  1. Identity
  2. Contact
  3. Financial
  4. Transaction
  5. Marketing & Communications Preferences
  6. Correspondance
  1. Performance of a contract with you
  2. Necessary for legitimate interests (to recover debts due to us)
To manage our relationship with you which will include:

  • Notifying you about business changes
  • Asking you to leave a review
  1. Identity
  2. Contact
  3. Profile
  4. Marketing & Communications
  1. Performance of a contract with you
  2. Necessary to comply with a legal obligation
  3. Necessary for our legitimate interest
To evidence our compliance with legal requirements
  1. Identity
  2. Contact
  3. Transaction
  4. Credit History
Compliance with legal obligations
To administer and protect business and websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
  1. Identity
  2. Contact
  3. Technical
  1. Necessary for legitimate interest
  2. Necessary to comply with legal obligations
To deliver relevant website content and advertisements to you and measure or understand their effectiveness
  1. Identity
  2. Contact
  3. Profile
  4. Usage
  5. Marketing & Communications
  6. Technical
Necessary for legitimate interest
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
  1. Technical
  2. Usage
Necessary for legitimate interests
To make suggestions and recommendations to you about goods and services that may be of interest to you and send details about future offers and events
  1. Identity
  2. Technical
  3. Contact
  4. Usage
  5. Profile
  6. Transaction
  1. Necessary for legitimate interest
  2. Consent – agreed for further information
To monitor your use of our services to provide staff training and improve your experience
  1. Corresepondance
Legitimate interest

Access to your information:

Your personal data will be processed by the individual at Summit Creative Ltd that initially receives it, and may also be transferred to and processed by other departments within the company.

Where it is necessary to enable us to provide you with the services you have requested, we will transfer your personal data to third parties (for example; we may transfer your data to our bank, payment card system operators, shippers, warehouses, insurers, product partners, and analytics and search engine providers). These organisations will only use the information to carry out the instructed services and on the basis, that the information is confidential and secure. Some of these organisations may be located outside the EEA (please see below).

We do not transfer your personal data to third parties who wish to use it for their own marketing or other purposes.

We may need to carry out anti-money laundering and trade sanction checks and for us to do so we may need to retain and disclose certain information about you to appropriate agencies. This is also to assist with fraud, crime prevention and detection.

We will only disclose your personal data when we receive a request from a government or law enforcement authority to provide your data in two situations: when we are ordered to do so by a court; or after we have undertaken an internal review and conclude that the institution making the request has both complied with the correct procedure and has the right to seek disclosure.

Owing to matters such as financial or technical considerations, the information you provide to us may be transferred to countries outside the European Economic Area (EEA), which are not subject to the same data protection regulations as apply in the UK. We meet our obligations under GDPR by ensuring that the information has equivalent protection as if it were being held within the EEA. We do this by ensuring that any third parties processing your data outside the EEA either benefit from an adequacy determination for GDPR purposes and/or, where appropriate, we have entered into a data processing agreement which contains model EU clauses.

We may also disclose your personal information if we are required to do so under any legal obligation and may use external data for the purposes of fraud prevention and credit risk reduction, or where doing so would not infringe your rights, but is necessary and in the public interest.

Other than this, we will not share your information with other organisations without your consent.

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing information are:

  1. (a) Your consent. You are able to remove your consent at any time. You can do this by contacting systems@summitcreative.co.uk.
  2. (b) We have a contractual obligation.
  3. (c) We have a legal obligation.
  4. (d) We have a vital interest.
  5. (e) We need it to perform a public task.
  6. (f) We have a legitimate interest.

How we store your personal information:

Your information is securely stored. We recognise and take seriously our responsibility to protect the personal data you entrust to Summit Creative Ltd from loss or misuse. We take appropriate technical and physical steps to safeguard all information. We ensure only authorised persons (employees and contractors) have access to the information and that everyone who has access is appropriately trained to manage the data..

Summit Creative Ltd uses a variety of security technologies and organisational procedures to help protect your personal data. For example, we implement access controls, use firewalls and secure servers, and we encrypt data, such as financial information and other important data.

No data transmission over the internet can be guaranteed to be completely secure. So, whilst we strive to safeguard your information, we cannot guarantee the security of any information you provide online and you do this at your own risk.

We keep personal information on file for 12 months after a contract/relationship has terminated. We will then dispose of information by way of a regular system data cleanse.

Your data protection rights:

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability – You have the right to request that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. Such requests must be made in writing. To make a request, please contact us at systems@summitcreative.co.uk. Your response will be provided within 30 days from the date the request is submitted.

You have the right to request details of the processing activities that we carry out with your personal information by making a subject access request. Such requests must be made in writing. To make a request, please contact us at systems@summitcreative.co.uk. Your response will be provided within 30 days from the date the request is submitted.

You are not required to pay any charge for exercising your rights.

Our sites may contain links to and from our partners’ and affiliates’ websites. If you follow a link to their sites, please note that these sites have their own privacy policy and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these sites.

If you are not happy with the way in which we have processed or dealt with your information, you can provide feedback to the Information Commissioner’s Office:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk

Last Updated: 1 Nov, 2022