Your privacy is important to us. That’s why we’re committed to protecting and respecting your personal data in accordance with the Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (GDPR).
Who are we?
We are The Gift of Oil Ltd (Company Number: 04133749) and will be what’s known as the ‘Controller’ of the personal data that you provide to us on this website. Our registered office is Richard House, Winckley Square, Preston, Lancs, PR1 3HP.
How and why we collect information from you?
We seek to acquire information about you when you use our website. This includes; when you contact us through our website, when you purchase products and services from our website, or if you register to receive our newsletter service.
Whenever we request personal information from you on our website we will always aim to reasonably explain why we are collecting the information and refer you to this policy for more comprehensive detail. The points where we are requesting your personal information will be highlighted by the following symbol:
Please note, we do not collect or store personal data about you supplied or obtained from any 3rd party sources. Any data we store is only that which we have collected from you directly.
What type of information is collected from you?
Enquiry / contact forms
When you contact us about our products and services we will request personal details such as your name, telephone number, email address, IP address, the pages you have visited on our website and where applicable, the company for whom you work.
When you request to receive our newsletter service we will request personal details such as your name, your email address, IP address, the pages you have visited on our website and where applicable, the company for whom you work.
Online orders / purchases / donations
When you order products and services through our website we will request personal details such as your name, telephone number, email address, IP address, the pages you have visited on our website, billing address, delivery address, credit / debit card details*1 and where applicable, the company for whom you work.
Please note, that when processing e-commerce transactions, if you fail or refuse to provide such information, then we may not be able to fulfil our contractual obligations to you.
*1 If you make a purchase on our website, your card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online processing of credit/debit card transactions. For further information on this, please read 3rd party representatives working on our behalf or in association with’.
How is your information used?
We may use your information to:
- Respond to your enquiries
- Process online orders that you have placed with us (products, services, or membership)
- Carry out our obligations arising from any contracts entered into by you and us
- Seek your views or comments on the services we provide
- Notify you of changes to our service
- Send you communications which you have requested and that may be of interest to you
How long do we keep your information?
If you purchase any products and services from us, then under UK tax law we are required to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it can be erased on your request. We will hold your personal information on our systems indefinitely for marketing purposes or until you notify us that you no longer wish us to do so, unless your request contradicts our statutory obligations.
Who has access to your information?
As stated before, your privacy is important to us. That’s why we will not, under any circumstances, sell or rent your personal information to any third parties. In addition, we will not share your information with third parties for their specific marketing purposes.
3rd party representatives working on our behalf or in association with:
In order to respond to your enquiries, deliver products and services or to send your newsletters, we may need to pass your information to our 3rd party service providers. In all circumstances, we will remain the controller of your data and our 3rd party service providers will be processors of your data.
For example, if you purchase products and services through our website, your payment will be processed by a 3rd party payment processor (SagePay, or PayPal), who specialises in the secure online capture and processing of credit/debit card transactions. Your order would also be delivered by a 3rd party service provider (Royal Mail, Parcel Force, DPD, UPS etc).
For example, if you subscribe to our newsletter service, your personal data may be processed by a 3rd party email processor such as MailChimp who specialise in the delivery of email newsletter services.
When we use third party service providers, we disclose only the personal information that is absolutely necessary in order to deliver the service. We also have contracts in place with all ‘3rd Party Service Providers’ that requires them to keep your information secure and not to use it for their own direct marketing purposes.
Restricting marketing communications
It’s important that you are aware that you have a choice about whether or not you wish to receive marketing information or service notifications from us.
If you have previously given us consent to process your personal data and send you marketing information, you can withdraw this consent at any time by unsubscribing or contacting us directly. We will aim to cease the delivery of all marketing communications to you immediately on receipt on your objection or un-subscription.
How you can access, update and delete your information?
Accessing your data
You have the right to ask for a copy of the information we hold about you. You can request a copy of this data at any time by contacting us directly. We will, where possible, always supply your personal data in a convenient and transferable format within 30 days.
Updating your data
Your personal data probably changes all of the time, and the accuracy of your information is important to us. Therefore, if your details do change, or the information we hold becomes inaccurate or out of date, please let us know by contacting us directly and we will rectify your data.
Deleting your data
If you would like us to delete or erase your personal information from our systems, then where possible (if not required for statutory or contractual requirements) we will do so within 30 days and provide confirmation that your data has been removed from our systems. To request that your personal data is erased from our systems, please contact us directly.
Transferring your information outside of Europe
In order to complete some forms of communications or service delivery, we may need to pass your information to service suppliers who are registered outside the European Union (“EU”). For example, this may occur if we use the US based newsletter emailing service provider MailChimp.
By submitting your personal data, you’re agreeing to this transfer, storing or processing. When transferring your information outside of the EU, we take steps to ensure that your privacy rights continue to be protected.
Our website is protected with 128 Bit SSL encryption. This means that any information we collect from you via our website is protected and secure. When you are asked for any personal data on our website, you will see a lock icon in your browser, ratifying that your data is secure.
Once we receive your information, we make our best effort to ensure its security on our systems. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
In the unlikely event of our systems and your data being breached, then we will notify you within at least 30 days including full details of what parts of your personal data have been compromised.
In order to better improve our products, services, marketing and website experience, we may analyse your personal information to create a profile of your actions, interests and preferences. Where applicable, we do this so that we can tailor your experience on our website and contact you with more relevant information specific to your needs.
Examples of this may include:
- Profiling your previous points of interest on our website and automatically tailoring the messages and images you see when returning to our website
- Profiling your interests in our products and services and automatically sending you tailored marketing communications or newsletter variants
Please be aware, that at no point is automated profiling used to assess your credibility or eligibility for contractual approvals or legal decision-making.
Use of ‘cookies’
Links from us to other websites
In order to provide you with further information or additional reference points, our website may contain links to other websites run by other organisations.
Please be aware, that we cannot be responsible for the protection and privacy of your information which you provide whilst visiting other websites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
If at any point you wish to raise a complaint about how we have handled your personal data, then please contact us directly. If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
Review of this Policy
We keep this Policy under regular review. This Policy was last updated in December 2017.