Last Updated: 18 August 2018
For the purposes of this policy data protection law means: (i) the 1998 Data Protection Act until 25th May 2018; (ii)unless and until it is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679) (GDPR) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK; and then (iii) any subsequent, and successor, legislation to the GDPR or the Data Protection Act 1998.
DramData is the data controller of the personal information we hold about you.
We will comply with data protection law. Personal information we hold about you will be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
What is personal information?
Personal information, or personal data, refers to any information about an individual from which that person can be identified. It does not refer to anonymous data. Anonymous data is information where any personal identifiers have been removed. There are "special categories" of more sensitive personal data which require a higher level of protection.
What information do we collect store and use?
Information you give us.
When you shop with us at www.dramdata.com we may ask for, and collect, personal information such as your name, billing address, telephone number, email address, items ordered and payment details. We also store passwords for any accounts that are created. Your email address is requested when you sign up to receive our email newsletter.
Information we collect about you or receive from other sources.
We may also collect, and third-party providers of advertisements may also collect, information regarding your visit to www.dramdata.com. This may include where you are geographically, how you were referred to us (e.g. search engines or email marketing), your browser and device type, the pages you viewed and duration of your visit and any search terms used.
This information may be collected even if you do not register an account with us.
How do we use your personal information?
We use this information to make your experience as easy and enjoyable as possible.
- To process your order including for payment and to manage your account.
- Online account holders require an email address and password to access their account.
- To send you special offers and promotions that may be of interest if you have consented for us to do so or we believe may be of interest to you. You may opt-out of receiving these messages at any time.
- Any information we collect about customers' browsing and buying habits is used to for statistical analysis and to continuously improve the DramData website and the products and services offered to our customers.
- to allow you to participate in interactive features of our site
- to personalise your repeat visits to our site
- to verify your identity;
- To assist in the detection and prevention of fraud or abuses of our site.
- where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).
- to enable third parties to carry out technical, logistical or other functions on our behalf.
Sharing data with third parties
We do not transfer your information to anyone for marketing purposes without your consent. However, it may be necessary for us to share your personal information with third parties in the following circumstances:
Our service providers and suppliers
- In order to make certain services available to you, we may need to share your personal information with some of our service partners. These include IT, payments and marketing service providers.
- We only allow our service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your data to provide services to us and to you, and for no other purposes.
Other third parties
if we or our business are acquired by a third party when our customers’ personal data will be transferred to the buyer;
- If we have to disclose in order to comply with a legal obligation;
- in order to enforce or apply the terms of our contract with you; or
- to protect the rights, property, or safety of DramData, our customers, or others.
How long will we keep your information?
We will retain your personal information no longer than is necessary for the purpose we obtained it for thereby reducing the risk that it will become inaccurate, out of date or irrelevant. Information that is no longer needed will be securely deleted. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 6 years.
What are the consequences of failing to provide personal information or withdrawing consent?
If you fail to provide certain information when requested:
We may not be able to fulfil your orders or perform other aspects of any contract we have entered into with you
- We may be prevented from complying with our legal obligations
- You may not be able to participate in the interactive aspects of our site.
Informing us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.
What are your rights?
Right of access - You have the right to obtain confirmation that your data is being processed and request access to your personal data. You can make a request by email to firstname.lastname@example.org, or in writing to using the address set out below:
In the first instance we will provide a copy of the information free of charge. However, we may charge a reasonable administration fee when a request is manifestly unfounded or excessive or to comply with requests for further copies of the same information although this does not mean that we will charge for all subsequent access requests.
We will without delay and within 1 month of your request (subject to extensions in some cases):
- confirm what personal data we hold about you;
- provide a copy of the data in commonly used electronic format if the request is made electronically.
- provide any supporting explanatory materials.
We can extend the time to respond by a further two months where requests are complex or numerous. If this is the case, we will inform you of this within one month of the receipt of the request and explain why the extension is necessary. Where requests are obviously unfounded or excessive we can refuse to respond. In such cases, we will, within 1 month, explain why and will inform you of your right to complain to our Supervisory Authority and to pursue a legal remedy.
Data portability – in addition to your access right you can require us to provide a copy of your information that we hold in a commonly used machine-readable format.
Rights of Rectification and Erasure (the right to be forgotten) You may ask us to correct or remove information you think is inaccurate or no longer necessary.
Right to withdraw consent or restrict processing
Processing for marketing purposes - You may object, at any time, to the processing of your personal data for direct marketing purposes. When you register and every time we get in touch with you, we will offer you the opportunity to opt-out of any service to which you have subscribed. Any e-mail we send you will contain an easy automated opt-out.
Processing for our legitimate interest - You can object to any processing which is for our legitimate interests or those of a third party in which case, the processing must stop, unless there are compelling legitimate grounds for the processing which override your rights, or where the processing is necessary in relation to legal action.
You can raise an objection, withdraw consent or restrict processing by email to email@example.com
How to unsubscribe from marketing communications?
All DramData customers have the choice to refine or opt out of receiving marketing communications from us by emailing firstname.lastname@example.org
Web Banner Advertising
Automated decision making
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you. We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
The bit we cannot control…
Third party sites: Our site may contain links to and from the websites of our partner networks, advertisers and other third parties. If you follow a link to any of these websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Do not track (DNT) is a feature offered by most browsers, with some newer browsers offering it as default. If enabled, it sends a signal to websites to request that your browsing isn't tracked. Tracking is used for a wide variety of reasons ranging from social or advertising networks measuring effectiveness or third-party analytical services such as Google Analytics to improve customer experience and provide statistical analysis.
At present there is not an industry-wide uniform standard that has been agreed and adopted to determine how DNT requests should be managed. As a result, dramdata.com does not currently respond to DNT requests. We will continue to review our DNT process and other new technologies.
How we keep your information secure -SSL and encryption
We use the latest secure server technology to ensure your information is protected to the highest standards. We use encryption to safeguard your personal information and only accept orders from web browsers that permit communication through Secure Socket Layer (SSL) technology - this means you cannot inadvertently place an order through an unsecured connection. Most web browsers above version three support this security. This encryption makes it virtually impossible for unauthorised parties to read any information that you send us. The encryption technique we use is the highest standard available for e-commerce.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential.
We will maintain appropriate safeguards to ensure the security, integrity and privacy of your information and will take reasonable steps to try to ensure that third parties to whom we transfer any of your information will provide sufficient protection of that information
CONTROL OVER COOKIES
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.