E-Commerce Privacy Notice
Introduction
At Macildowie Associates Ltd, our parent and subsidiary companies, we respect your personal data.
This Fair Processing Notice (FPN) explains how we will use your personal data after you have sent us your data.
Our contact details
We have offices in Nottingham and Leicester.
Nottingham
6th Floor
Waterfront House
Station Street
Nottingham
NG2 3DQ
Leicester
3 Merus Court
Meridian Way
Meridian Business Park
Leicester
LE19 1RJ
Our Data Protection Consultant is Kristy Gouldsmith, and the email address to contact her is
What personal data do we collect about you? How will we use that personal data?
At Macildowie, we take the privacy of your data very seriously. We need to collect and process your personal data in order to fulfil your order.
The following table tells you what we do with your data.
What data we collect |
Your name, email address, and phone number. |
What we do with it |
In order for you to create an account, we need your name and email address. The optional information is the phone number. This data is only used to create an account for you. You consent to create an account with us when you put in your details. Once you have created an account, we are permitted to send you marketing information under the legal basis of legitimate interest. You can opt out of receiving our marketing emails at any time. When you make a purchase through our website, your payment data are sent directly to our payment handler (Stripe). We don’t ever handle your payment card details. Stripe is a data controller for all of the personal data that you input when paying for an item. Stripe’s Privacy Notice can be found here: Privacy Policy (stripe.com) We keep a copy of your data to ensure we can find your details in the case of an issue. We also share this with our customer management software and this is a legitimate interest for us. We will send you marketing information if you have opened an account with us or purchased a product and our legal basis for doing so is legitimate interest. You can also choose to receive marketing from us by signing up to receive it with your email address. If you unsubscribe from any emails, we will keep your email address in a suppression list for five years so that we don’t email you again by accident. This is a legitimate interest for us. Rest assured that Macildowie and our approved processors are the only ones with access to it. |
What is our legal basis for processing your data? |
Contract – we need your data in order to fulfil our contract with you, Legitimate interest - Once you have created an account, we are permitted to send you marketing information under the legal basis of legitimate interest. You can opt out of receiving our marketing emails at any time. Consent – you can sign up to receive our newsletter or create an account. |
What can I do if I don’t want you to have my data? |
You have the right to request we delete it. Just email us at |
Do we use any automated decision making?
We do not use any automated decision making.
Who do we share your personal data with?
We share your data with:
- Our software providers, (e.g. our CRM provider or external assessment software);
- Our professional advisors (e.g. legal advisors, accountants etc.);
- HMRC for financial reasons.
Do we transfer your personal data outside of the UK?
We do not transfer your personal data outside of the UK as a general rule. If we discuss a role with you which requires us to send your data outside the UK, then we will speak to you in advance.
How long do we keep your personal data for?
We will only retain your personal data for seven years under HMRC requirements.
We keep a list of people who have made deletion requests (name, email, date deletion actioned and any correspondence) for one year after the request in case of any further enquiries. This is a legitimate interest for the business.
We keep a similar list of people who have made a subject access request for one year in case of any further enquiries. This is a legitimate interest for the business.
Your rights as a data subject
The UK GDPR gives you rights as a data subject. You have:
- The right to request from us access to your personal data;
- The right to request from us rectification of your personal data;
- The right to request from us erasure of your personal data;
- The right to request from us restriction of processing your personal data;
- The right to object to our processing of your personal data;
- The right of data portability;
- If we are processing your personal data on the basis of your consent, you have the right to withdraw your consent at any time. To do so please contact
This email address is being protected from spambots. You need JavaScript enabled to view it. . This does not affect the lawfulness of processing based on your consent before you withdrew it; and - You have the right to complain to the ICO if you feel that we have been unable to resolve your query.
More information on your rights can be found in Chapter 3 of the UK General Data Protection Regulation.