For the purpose of the Data Protection Act 1998 and the General Data Protection Regulation (“GDPR”) the data controller is Bikezaar Limited, company number 10620630, whose registered address is Unit B, Arundel House, Whitebridge Lane, Stone, Staffordshire, United Kingdom, ST15 8LQ.
You are not required to provide the personal information that we request, but, if you choose not to do so, in many cases we will not be able to provide you with our products or services or respond to any queries you may have.
This notice is issued by bikeZaar Limited.
1. Definitions and Interpretation
- The following words and expressions have the following meanings unless inconsistent with the context:
Kevin Griffiths who can be contacted by post at Unit B, Arundel House, Whitebridge Lane, Stone, Staffordshire, United Kingdom, ST15 8LQ or by email at [email protected];
a small amount of data sent from the server, which is then stored on your computer’s hard disc drive;
“data processors”, “personal data”, “process” or “processing”, “sensitive personal data”
as defined in the Data Protection Legislation;
“Data Protection Legislation”
means (i) until and including 24 May 2018, the Data Protection Act 1998, (ii) from and including 25 May 2018, the GDPR and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK, and thereafter (iii) any successor legislation to the GDPR or the Data Protection Act 1998;
“we”, “us” or “our”
Bikezaar Limited, a company registered in England and Wales with company number 10620630 whose registered office is at Unit B, Arundel House, Whitebridge Lane, Stone, Staffordshire, United Kingdom, ST15 8LQ and who may be contacted on [email protected]; and
an individual, company, or firm accessing our Site.
- References to any statute or statutory provision include, unless the context otherwise requires, a reference to the statute or statutory provision as modified or re-enacted and in force from time to time, and any subordinate legislation made from time to time under the relevant statute or statutory provision.
- References to “persons” include natural persons, firms, partnerships, companies, corporations, associations and organisations, (in each case whether or not having separate legal personality).
- Use of any gender includes the other genders.
- Words in the singular include the plural and words in the plural include the singular.
- Any reference to “writing” or any cognate expression includes communications by post and email but not facsimile or text messages.
- Any phrase introduced by the term “include”, “including”, “in particular” or any similar expression will be construed as illustrative and will not limit the sense of the words preceding that term.
- Our primary reason for collecting your personal data is to address enquiries which you may make on our Site from time to time and provide you with the most efficient service possible. We do not anticipate collecting or processing sensitive personal data about you.
- Our Site may contain links to other websites. Please note that we are not responsible for the privacy practices of such other websites and advise you to read the privacy statements of each website you visit which collects personal data.
3. Our policy for processing your personal data
- What personal data do we process and where do we get it from?
- When you contact us via the “Contact Us” link on our Site or contact us by telephone or email us we will collect personal data from you. We also collect personal data when you use the email sign-up tool available via the Site, and from other webpages on the Site including the following: “Checkout”, “Create an Account”, “Blogs”, “Product Reviews”, “Bike Finder”, “Price Match”, Clubs” and “Contact Us”.
- Personal data may also be obtained automatically by your internet browser.
- The types of personal data which we may collect from you could include your name, email address, postal address, telephone number financial and credit card information, and other information collected through the “Contact Us” link on our Site.
4. What do we do with your personal data?
- We will process your personal data so that we can:
- fulfil our obligations to you under any contract subject to the terms and conditions of our Site;
- take payment from you under any contract subject to the terms and conditions of our Site; and
- deal with the general queries you raise from time to time through the “Contact Us” link on our Site, by post or by email.
- Other purposes for which we may process your personal data are:
- the general administration of your records by us;
- the general maintenance of our database and records by us;
- the general maintenance of our payment records;
- for credit referencing purposes;
- for training our staff and other internal procedures;
- for security purposes to protect your personal data held and/or processed by us; and
- for our general marketing purposes unless you have notified us to the contrary.
5. Legal basis for us processing your personal data
- In general, we only rely on consent as a legal basis for processing in relation to sending direct marketing communications to you via email or post.
- You have the right to withdraw consent at any time and where consent is the only legal basis for processing, we will cease to process data after your consent is withdrawn.
- We collect and use your personal data because it may be necessary for:
- the purposes of complying with our duties and exercising our rights under a contract for the sale of goods or services to you;
- complying with our legal obligations; o
- the pursuit of our legitimate interests including but not limited to:
- the uses outlined in Conditions 4.1 and 4.2;
- selling and supplying services to you;
- protecting customers, employees and other individuals and maintaining their safety, health and welfare;
- understanding our customers’ behaviour, activities, preferences, and needs;
- improving existing products and services and developing new products and services;
- complying with our legal and regulatory obligations;
- preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;
- handling customer contacts, queries, complaints or disputes;
- protecting us, our employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to us;
- effectively handling any legal claims or regulatory enforcement actions taken against us; and
- fulfilling our duties to our customers, colleagues, shareholders and other stakeholders.
6. Who else gets to see your personal data?
- Our data processors.
- Other companies which are part of the group of companies which we may be part of from time to time.
- Retailers on our Site, including our prescription lens manufacturer if you buy prescription eyewear, our insurance partner if you have selected 14 days free bike insurance, and our travel and events partners if you have enquired about specific travel or events.
- Financial service providers.
- Such couriers or fulfilment service providers used by us from time to time for the purposes of delivering goods to you, where applicable.
- Other third parties such as analytical or search engine providers in order to better optimise or improve our Site.
- Advertisers and advertising networks that may require personal data to select and serve relevant adverts to you and others.
- Unless you have otherwise notified us to the contrary, other carefully selected companies who provide goods or services which we think may be of interest to you.
- We may also need to disclose your personal information in the event that we:
- sell or buy any business or assets, in which case we may need to disclose your personal data to a prospective buyer or seller;
- are acquired by a third party, in which case personal data we hold will be transferred to the third party acquiring our other assets; or
- have a duty to disclose your personal data to comply with a legal obligation, enforce a contract we have with you, or need to disclose personal data to protect our rights, property or safety and those of our vistitors, customers or others.
7. Your Rights
- The rights that you have in your personal data are due to be expanded significantly after a new law, the GDPR comes into force on 25 May 2018.
- We are committed to handling your personal data in the right way and we welcome the new rights introduced; your enhanced rights as from 25 May 2018 are set out below:
- your information will be treated securely and strictly in accordance with the GDPR;
- you have the right to access information held about you. Any access request may be subject to a fee specified by law (currently of £10.00). After 25 May 2018, we will not charge a standard administrative fee of £10.00 but please note we may still be able to recover costs from you where your request is vexatious or very repetitive in nature;
- you have the right to ask us (at no cost) to update and correct any personal information which is out of date or incorrect;
- you have the right to ask us to erase your personal data or restrict our processing of the data if you wish;
- where you have consented to our processing your data in a certain manner, you have the right to withdraw that consent at any time;
- you have the right to make a complaint directly with the Information Commissioner’s Office. In order to report a concern, you should follow the directions given on www.ico.org.uk which contains details about available methods of complaint;
- you have the right to receive from us a copy of the personal data in a commonly used, machine readable format and the right to store it for further personal use on a private device; and
- you have the right to transmit the personal data to another entity where this is technically possible.
- You can help ensure that your contact information and communication preferences are accurate, complete, and up to date by contacting us at [email protected]
- You have the right to object to your personal data being used for ‘direct marketing’ and/or ‘host mailing’ purposes (see Condition 4.2.7 and Condition 6.6 above). You can change your options in relation to the information you wish to receive at any time by contacting our Compliance Officer in writing by post or email.
8. Duration of Storage
9. How we protect your data
- We are committed to the security of your personal data. All of our employees and sub-contractors with access to your personal data and/or who are associated with the processing of that data are contractually obliged to respect the confidentiality of your personal data.
- Our security measures include:
- encryption of data;
- regular cyber security assessments of all service providers who may handle your personal data;
- regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents;
- yearly penetration testing of systems;
- security controls which protect the entire Bikezaar infrastructure from external attack and unauthorised access; and
- internal policies setting out our data security approach and training for employees.
- Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk.
- Where applicable, you are responsible for keeping the password we have provided you with confidential. We ask you not to share this password with anyone, and we will not be liable for any breach of your personal data resulting from you having shared your password.
10. Where we store your data
12. Contact information
- If you have any queries about our processing or use of your personal data you should write, in the first instance, to our Compliance Officer.
- If you want to learn more about your rights regarding your personal data, you should contact the Information Commissioner’s office information line on: (0044) 01625 545745 or visit their website at ico.gov.uk.
13. Governing Law and Jurisdiction
- This legal notice and any dispute or claim arising out of or in connection with it or its subject matter will be governed by and construed in accordance with the laws of England and Wales.
The parties irrevocably agree that the courts of England will have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with this legal notice or its subject matter.