Who we are
For the purposes of Privacy Law*, the data controller is West Yorkshire Spinners Limited registered at West Yorkshire Spinners Limited, West Yorkshire Spinners, Unit 2 Airedale Park, Royd Ings Avenue, Keighley, BD21 4DG. Registered Company Number: 03306556.
Changes to Our Privacy Notice
We review this notice regularly as part of our internal processes or as our services, activities, or regulatory requirements change. It's subject to change at any time, but the most up to date version is published on www.wyspinners.com website.
This notice is dated July 2018.
By post to West Yorkshire Spinners Limited, West Yorkshire Spinners, Unit 2 Airedale Park, Royd Ings Avenue, Keighley, BD21 4DG.
By email at firstname.lastname@example.org.
We take any complaints regarding your Privacy very seriously. If you think our collection or use of your personal information is unfair, misleading or inappropriate, please bring it to our attention and we'll be happy to provide any additional information or explanations needed. We also welcome suggestions for improving our procedures.
You can also contact the Information Commissioner's Office at https://ico.org.uk/ or write to Wycliffe House Water Lane, Wilmslow, Cheshire SK9 5AF or 0303 123 1113 for information, advice or to make a complaint.
Your Privacy Rights
You have rights relating to your personal information. You can find more information about your privacy rights on the Information Commissioner's Office website www.ico.org.uk. You have the right to be informed about how and why we process your personal information and any time you give us personal information you have the right to be informed about why we need it and how we'll use it.
You can find most of the information you need in this Privacy Notice.
If you have any questions, please contact us through the above contact details.
You have the right to access your personal information
You can request a copy of information we hold about you at any time.
You may choose to exercise your right of access through any of our contact details, but we'll ask you to provide documented evidence of your identity before we process your request. We may also contact you to clarify your request or to ensure we have all the information we need to fully meet your request.
We aim to respond to your request within 30 calendar days of verifying your identity (or within 3 months for more complex cases). You'll receive a full response as soon as we can reasonably provide one. In more complex cases where we cannot provide a full substantive response within that time frame, we'll write to you within 30 calendar days to explain why an extension is needed.
We don't charge for subject access requests.
You have the right to ask us to correct inaccurate personal information we hold about you.
If you believe information we hold about you to be inaccurate or incomplete, you can ask us to correct it or complete it at any time, through any of our contact channels. Wherever possible, we'll correct inaccurate or incomplete information immediately. Whilst we investigate the accuracy of the information, we'll restrict the processing of the information in question.
We'll let you know the outcome of our investigation as soon as we can. Any information we verify as inaccurate will be corrected within one month of receiving your request.
You have the right to ask us to delete your personal information.
In some circumstances you have the right to ask us to delete information we hold about you. For example, if we have asked for your consent to process the information, and you withdraw that consent.
We'll respond to your request as soon as we can, and we'll act on any requests granted within one month of your request.
We can't delete any information where we have a legal or regulatory obligation to keep it. For example, this applies to all outstanding debts and some HMRC information that we are required to keep by law. We may also refuse your request if we believe it to be excessive. If your request for deletion is refused, we'll explain the reasons for refusal.
You have the right to ask us to restrict the use of your personal information
In some instances, you have the right to ask us to restrict the use of your personal information (for example, if you've challenged the accuracy of the information we hold or have objected to our processing). We'll restrict our use of your information whilst we investigate your objection or request to correct your information.
We'll respond to your request as soon as we can. If your objection is unsuccessful, we'll only continue processing once we've let you know the outcome of the investigation.
Information related to these requests will not be automatically deleted unless you expressly ask us to.
You have the right to data portability
If we process your personal information with your consent and our processing is automated, you have the right to move, transfer or copy that data to another system for your own purposes. However, we don't currently have any services that processes information in this way. If we do in future, you can make a request and this data can be exported from our systems for you.
You have the right to ask us not to process your personal information.
We process most of the information we collect about you under the lawful basis of 'legitimate interest' or by 'consent'. You have the right to object to our processing of your personal information under these lawful bases or for marketing purposes.
We will respond to your objection as soon as we can, detailing any actions we can reasonably make. If we believe there is an overriding compelling reason to continue the processing, we will explain why we think this is.
Where appropriate we'll action any requests to stop direct marketing as soon as practicable after receiving your request.
You can object to us using your data at any time through any of our contact details above.
Lawful basis for processing
Privacy Law states we must have a lawful basis for processing your information; the legal basis will vary depending on the circumstances of how and why we have your information. Usually we'll do this in the following instances:
Our business activities are within our legitimate interests. Our "legitimate interests" include our legitimate business purposes and commercial interests in operating our business in a customer-focused, efficient and sustainable manner, in accordance with all applicable legal and regulatory requirements;
you've given consent for us to process the information e.g. in relation to certain offers and certain marketing activities;
the processing is necessary for compliance with a legal obligation to which we are subject, for example some financial, credit or HMRC regulations;
to fulfil our contractual obligations to you; or because you have asked us to do something before entering into a contract (e.g. provide a quote).
We do not routinely process any special category information i.e. information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, processing of genetic or biometric data for the purpose of uniquely identifying individuals, health data, or data concerning your sex life or sexual orientation.
Where we need to do so we must have a further lawful basis for the processing.
These instances may include:
you are giving us your explicit consent to do so
the processing is necessary for the establishment, exercise or defence of legal claims e.g. because you've failed to pay your bill
the processing being necessary for reasons of substantial public interest e.g. where we suspect fraud on the part of a customer
Information we collect from you and what we do with it
To provide our services to you, we need to collect, process and store information about you that may be personal or sensitive in nature. We use your information to administer, support, improve and develop our business generally, to provide statistical information to meet our regulatory requirements and to enforce our legal rights. If we intend to use your information for a different purpose, we'll do so in ways consistent with Privacy Law or, wherever possible, by notifying you in advance.
We only use your information for the specific purpose(s) for which it has been provided to us or collected.
We collect and process a variety of information from you and about you. In most cases, the information we collect about you is provided by you directly. This is one of the ways we can ensure the information we collect is as accurate and up to date as possible. We'll usually do this when you first contact us, and we may ask you to confirm your details on subsequent contacts from time to time.
The type of information collected from you and obtained about you will vary depending on your relationship with us, the service you are requesting and your chosen method of contacting us. However, in most cases we are likely to ask you to provide: -
Name and address (and possibly your date of birth) - to verify your identity and help us prevent fraud;
contact details (including phone number, e-mail address or social media identifiers) - to contact you about your account, update you about the products or services you've requested or received from us, or contact you with other information related to our business;
financial information (including method of payment and bank account details) - to bill you for the products or services you receive from us and manage your payment arrangements.
We may ask you for documented evidence of the above and will keep digital copies for validation and audit purposes.
If you contact us by post or e-mail we may keep a record of the contact.
If you use our website, we'll keep a record of the contact and we may collect additional information about you to provide a better digital service and website functionality.
We may store and use your personal information as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests for the purposes of:
(a) administering your orders and queries;
(b) carrying out anti-fraud and anti-money laundering checks and verifying your identity;
(c) where appropriate assessing financial and insurance risks, including by carrying out credit reference checks and credit scoring assessments, and calculating your payments;
(d) using your payment details to process payments relating to your orders;
(e) handling any complaints;
(f) communicating with you about your orders, including responding to your enquiries;
(g) administering debt recoveries, where you lawfully owe us money under a contract or otherwise;
(h) undertaking market research and statistical analysis, including analysing your use of our website;
(i) fulfilling our obligations owed to a relevant regulator, tax authority, or revenue service.
Information we collect or obtain from others about you
We prefer to collect information directly from you, so we can ensure it's as up to date and as accurate as possible. However, we occasionally we may also need to collect information about you from other sources to assist us supplying your products or services or to improve our quality of service to you e.g. verifying your address or postcode details from open source information such as the Electoral Register.
Information we receive from and share with Credit Reference Agencies
Where you've requested a credit facility in association with products or a service we are providing, we'll share your personal information with one or more credit reference agencies ('CRAs') and they'll give us information about you.
This will include information confirming your identity and, depending on the status of your account with us, your financial situation and financial history. CRAs will supply to us with both public (including the Electoral Register) and shared credit, financial situation and financial history information and fraud prevention information.
When a Credit Reference Agency receives a request for information from us, they'll usually:
Place a search 'footprint' on your credit file. The record of that search (but not the name of the organisation that carried it out) may be seen by other organisations when you apply for credit in the future.
Link together the records of you and anyone that you've advised is your financial associate including previous and subsequent names of parties to the account. Links between financial associates will remain on your and their files until you or your partner successfully file for a disassociation with the Credit Reference Agency.
We may also make periodic searches at CRA's depending on your relationship with us, or if you've requested additional services.
We'll use this information to:
- Verify the accuracy of the information you've provided to us (including your identity);
- Manage your account(s) (including making decisions about how to manage your account if you fall into arrears);
- Help detect and prevent financial crime, fraud and money laundering;
- Trace and recover debts;
- Carry out statistical analysis; and
- To assess or verify whether you may be eligible for any of our discounts or schemes.
We may continue to exchange information about you with CRAs while you have a relationship with us and, on rare occasions, we may continue to provide information to them for up to six years afterwards. We'll also inform the CRAs about your settled accounts, missed payments, defaults and current balances on your account. This information may be supplied to other organisations by those CRAs.
If you apply for credit with us, we'll undertake a credit search and the CRAs will place a search footprint on your credit file that may be seen by other lenders.
Profiling and automated decision making
We do not carry out any profiling and automated decision making using your personal data.
What to expect when you contact us
If you contact us by phone or in writing (including e-mail, social media or via our website we may record, monitor or keep copies of the contact. We keep this information for several reasons (including fraud prevention and crime recording/investigation) but the main reasons are to:
- assist our response to any account queries you may have;
- ensure we continue to offer you the best possible service;
- maintain standards and help train our customer relationship managers;
- demonstrate our compliance with regulatory obligations; and
- keep our records up to date so that we comply with data protection legislation.
Contacting us by telephone
When you contact us by telephone, your telephone number may be added to your account so that we can contact you in future to service your account. We use a telephone number listed on your account to contact you to discuss your account for example reminders to pay unpaid bills.
We may also use a telephone number listed on your account to call or text you regarding the status of the order of your service or product.
Contacting us by post
Where the post relates to an identifiable account, we may store the letter and attachments on that account. Post is stored and processed in a secure area of the building. The retention of hard-copy documents and electronic images of post received complies with our data retention rules.
If you email us, we'll respond to you using the email address you gave us. We may add your email address to your account and it may be used for future communications.
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Emails are stored, archived and deleted in line with our information security and data retention policies.
Contacting us via social media
We strongly advise not to post your personal contact or other sensitive information on a public social media site. If you contact us using social media to report an issue, we'll ask you to private message us to gather suitable information. We may suggest an alternative contact method if we think this is more appropriate.
Making a complaint
If you make a complaint to us, we'll follow our complaints process. We may need to share details about your complaint internally to fully investigate.
If the complaint relates to a service provided by a third party, we'll share information with them to try resolve your complaint. If a complainant doesn't want information identifying him or her to be disclosed, we'll try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We'll only use the personal information we collect to process the complaint and to check on the level of service we provide. We may occasionally compile and publish statistics internally, for example information like the number of complaints we receive, but not in a form which identifies any individuals.
We'll keep complaints in line with our data retention policy. This means that information relating to a complaint will be retained for two years from closure.
Visiting our website or using our mobile application
The website itself uses four cookies for tracking what the customer has in their cart and the settings they have chosen:
PHPSESSID – Contains information about shopping cart
cookieLaw – Tracks whether customer has agreed to the cookie notice
currency – Stores selected currency used in the checkout
language – Stores selected language
The Google Analytics cookies:
This links contains more information,
Facebook related cookies:
Twitter related cookies:
Using your information to provide our services
Most of the information we collect from you or about you is to help us manage your account with us and to make account management decisions according to your needs or the products and services we provide you. We'll use this information to bill you for the products or services or to update you on your order.
Falling into arrears or failure to pay your bill
If you fail to pay your bill in full, or fall into arrears, the information that we hold about you may be used to recover arrears in line with our business requirements. In doing so, we may use third party debt collection / management companies and credit reference agencies to assist us. This will involve sharing your information with them.
Our relationship with our suppliers and service partners
We may share your data with our business partners, stores etc. as part of providing and administering our products and services or operating our business.
Capturing images (including CCTV)
Visiting our premises
Our premises are monitored by CCTV, so your image may be captured whenever you enter our site boundary. Our CCTV is used for maintaining public safety, the security of our property and premises and for the detection, prevention and investigating of crime. It may also be used to monitor staff when carrying out work duties.
For these reasons, the information processed may include visual images, including personal appearance and behaviour of those displayed and recorded on the system.
Where the CCTV is located on our premises but near a public space, it may also record these images even if you have not directly visited our premises.
There are signs to show you when you are entering an area monitored by CCTV. CCTV images are held for 30 days and then deleted.
Health & Safety requirements:
If you have an accident whilst you are on any of our premises, this must be reported and will be recorded and kept for the purposes of health and safety and insurance requirements.
Information we share with others
In most cases, we will not disclose your personal information without your consent. However, there are circumstances where we need to share some of your information to meet our legal obligations or where we are permitted to under Privacy or other legislation.
Sometimes we are contacted by HMRC, the Department for Work and Pensions (DWP) the police, fraud agencies or Immigration asking for information about individual customers. Under Privacy Law, we are permitted to share this data with them without your consent and you will not be notified that this has been done. This is in the support of the prevention and detection of crime.
We do not routinely share your information with any other organisations except where detailed in this privacy notice.
Trusted Partners we use who may have access to your data
We use trusted partners to help us process your personal information and provide services to you. All of our data processors have a binding contract with us that restricts their access to and handling of your personal information to only what is necessary in performance of their contract. We use:
third-party software providers for different systems, such as; internal business communications (emails etc.), social media management, case management and workflow systems etc. to support us with processing the large amounts of data that we need to manage. All such arrangements comply with Privacy Law requirements for the transfer of personal data;
companies to help us process payments including bank card payments;
selected debt agencies to trace customers and recover debt. They have access to relevant customer information from our billing system and may use your data to contact you or visit your home in fulfilment of their contract with us;
from time to time we require legal advice and may need to share your personal data with our legal advisers or our insurance company or other professional advisors to obtain advice or make a claim.
Where we store your information and how we keep it safe
All customer personal information is stored on our systems on secure servers. We operate a suite of IT and security policies to ensure your information is kept secure, including appropriate access and auditing controls.
We use anti-virus software and fire walls to protect against cyber-attack. Unfortunately, the transmission of information via the internet isn't completely secure. Although we'll do our best to protect your personal information, we cannot guarantee the security of information you send to us that is outside of our security arrangements; any transmission is at your own risk.
We also operate strict physical security at all our sites and our employees all receive security and data protection awareness training.
We may store your personal information on your local device, for example as Cookies, such as your computer or mobile phone to assist you in your repeated use of our services. We have no control over inappropriate access to this information. You can delete this information at any time using the facilities of your Internet browser or mobile device.
Where we transfer information to third parties to enable them to process it on our behalf (see the information about Trusted Partners above), we ensure that the providers meet or exceed the relevant legal or regulatory requirements for transferring data to them and keeping it secure.
Storing or transferring your information outside the European Economic Area ("EEA")
We do not transfer or store your personal information outside the EEA.
How long we'll keep your information
We only keep your information for as long as we need it. We'll retain certain information (e.g. contact information and bank details) for as long as you have a relationship with us. The length of time depends on the purpose of the processing. Generally, we keep:
- customer account details; billing, correspondence, products supplied, order histories etc. for up to ten years after the last contact with you,
- All HMRC business records must be retained for a period of (broadly) six years;
- enquiries about our services for up to one year;
- data subject requests and enquiries about your privacy rights (e.g. subject access requests and objections) for up to two years;
- social media posts (in third party systems) for up to six months, unless related to a complaint;
- information relating to a complaint will be retained for two years from closure;
- CCTV recordings for 30 days.
After which time your personal information will be either deleted or anonymised.
These retention periods may be extended in certain limited cases as prescribed or permitted by law - e.g. because of an accident or to bring or defend a legal claim.
* Privacy Law means the Data protection Act 2018, EU General Data Protection Regulation, the Regulation of Investigatory Powers Act 2000, the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003, the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011, and all other applicable laws and regulations relating to processing of personal data and privacy in any applicable jurisdiction as amended and replaced, including where applicable the guidance and codes of practice issued by the UK Information Commissioner or such other relevant data protection authority.
What we collect
We may collect the following information:
- contact information including email address
- demographic information such as postcode, preferences and interests
- other information relevant to customer surveys and/or offers
For the exhaustive list of cookies we collect see the List of cookies we collect section.
What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- Internal record keeping.
- We may use the information to improve our products and services.
- We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
- From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling your personal information
You may choose to restrict the collection or use of your personal information in the following ways:
- whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
- if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by letting us know using our Contact Us information
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please email us this request using our Contact Us information.
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
List of cookies we collect
The table below lists the cookies we collect and what information they store.
|Cookie Name||Cookie Description|
|FORM_KEY||Stores randomly generated key used to prevent forged requests.|
|PHPSESSID||Your session ID on the server.|
|GUEST-VIEW||Allows guests to view and edit their orders.|
|PERSISTENT_SHOPPING_CART||A link to information about your cart and viewing history, if you have asked for this.|
|STF||Information on products you have emailed to friends.|
|STORE||The store view or language you have selected.|
|MAGE-CACHE-SESSID||Facilitates caching of content on the browser to make pages load faster.|
|MAGE-CACHE-STORAGE||Facilitates caching of content on the browser to make pages load faster.|
|MAGE-CACHE-STORAGE-SECTION-INVALIDATION||Facilitates caching of content on the browser to make pages load faster.|
|MAGE-CACHE-TIMEOUT||Facilitates caching of content on the browser to make pages load faster.|
|SECTION-DATA-IDS||Facilitates caching of content on the browser to make pages load faster.|
|PRIVATE_CONTENT_VERSION||Facilitates caching of content on the browser to make pages load faster.|
|X-MAGENTO-VARY||Facilitates caching of content on the server to make pages load faster.|
|MAGE-TRANSLATION-FILE-VERSION||Facilitates translation of content to other languages.|
|MAGE-TRANSLATION-STORAGE||Facilitates translation of content to other languages.|