PRIVACY POLICY

Important Information

Your privacy is important to us.  This Privacy Notice aims to give you information on how we collect and process your personal data.  Your use of our web sites, and any engagement with us on a commercial, employment, marketing or correspondence basis (for example if you are or have been a customer, employee or supplier) will mean you accept the terms of this Policy.

This website is not intended for children and we do not knowingly collect data relating to children.

If you provide information about other people, please make sure you have their permission.

For the purposes of data protection legislation, we are the data controller of your personal data.

We aim to keep your personal data safe by using industry standard perimeter security and endpoint security systems, and through internal policies and procedures – all of which are reviewed periodically.

It is important that you read this Privacy Notice together with any other similar Notice we may provide from time to time when we are collecting or processing personal data about you so that you are aware of how and why we are using your data. This Privacy Notice supplements the other notices and is not intended to override them.

Personal information posted by you on social media is your responsibility.  Once you make a public posting, you may not be able to change or remove it.

Throughout our dealings with you, we seek to balance our interests with your rights.

Who we are

History & Heraldry Limited is located at 5 Denby Way, Hellaby Industrial Estate, Rotherham, S66 8HR. We have operated a number of brands including History & Heraldry, Heart & Home, Next Pixel, Paper Island and John Hinde. If you have any questions or concerns about how we use your data you can write to us at this address, phone us on 01709 730700, or email us at privacy@historyheraldry.com

The personal information we collect and use

Information collected by us:

The table below shows the type of Personal and Sensitive data we hold. This data is held in a combination of electronic and paper based solutions and systems.

Customer Registered Interest (4) Supplier, Agent, Contractor Current / former employee
Name Yes (1) Yes Yes Yes
Postal Address Yes Sometimes Yes Yes
Phone Number Yes (1) Sometimes Yes Yes
Email Address Yes (1) Yes Yes Yes
Credit Check Yes No No No
Date of Birth Yes (2) No No Yes
Bank / Payment Details Yes (3) No Yes Yes
Employment History No No No Yes
Gender, Ethnicity, Religion No No No Yes
Passport, Driving License No No No Yes
Health, Disability No No No Yes
Unspent Convictions No No No Yes
Holiday, Sickness, Absence No No No Yes
Job Performance No No No Yes
Emergency Contacts No No No Yes
NI, Tax Information No No No Yes
Pension Details No No No Yes
Surveys, Competitions (5) Yes Yes No No

Notes:

(1) We may store several names, phone numbers and email addresses for a customer e.g. Accounts, Manager.  Sometimes this information will be personal such as a named individual with a personal email address and mobile number, and other times it maybe generic information e.g. accounts@example.com.

(2) Date of Birth may be held for sole traders when performing credit checks

(3) We store bank details if we make payments by cheque or BACS transfer.  We do not store credit / debit card details (we are PCI DSS compliant in this area).

(4) Someone who has registered an interest with us would have provided consent to receive brochures, marketing emails, etc.

(5) We need to capture personal information in order for us to successfully run surveys, competitions and other promotions helping us give you what you want.

In addition, our web sites and other technologies automatically collect certain information (see below) to help us administer, protect, and improve our services; analyse usage; and improve users’ experience.

Information we collect automatically:

Cookie Policy

History Heraldry uses cookies to improve the user experience on our website. We do not pass on or in any way collect personal information about you as an individual user.  Cookies are placed onto your machine by every website you visit, and most of those websites, including ours, may not function correctly without them. However, if you would like to disable cookies, you can read how to do so in your browser on AboutCookies.org.  History Heraldry uses the following cookies:

(a) First Party Cookies: These cookies are created by historyheraldry.com to enable the functionality of various aspects of our website, typically random numbers and letters (PHP session cookie) which identifies a specific user’s session. This will expire when you leave the website.

(b) Third Party Cookies: These are created by companies to provide various services which we use to enhance our site. The only one we use is Google Analytics used to determine where visitors are coming from and what content they are looking at. No personal information is collected by Google Analytics.  Cookies beginning with _ga, _gat, _utm(x) are used to collect information about traffic and user activity.

Device information

We may also collect information about your device each time you use a site. If you have an account with us, we may collect information from or about the computers, phones or other devices where you log into our services. We may associate the information we collect from your different devices, which helps us provide consistent services across your devices. Examples of the device information that we collect include operating system, hardware version, browser type and IP address

Log information

We also collect log information when you use our website which includes amongst other things – device information such as web browser type and language; how long you have been on our web site; pages viewed, identifiers associated with cookies or other technologies that may uniquely identify your device or browser, and pages you visit before or after navigating to our website.

How we use your personal information

We use your information in several different ways. The table below set this out in detail, showing what we do, and why we do it.

Category of Personal Data Purpose for Processing Lawful basis - GDPR
Name and contact details such as email address, phone number, postal address
  • Deliver orders to you
  • Send you service messages by text, email or phone e.g. delivery updates
  • Contact you about payments, invoices and credits
  • Legal agreements e.g. commercial contracts, setting up online account
  • Performance of a contract
 
  • Fraud prevention & detection
  • Legal obligation
  • Send you as a business representative information about our products and services
  • Legitimate Interest – commercial
  • Send you as an individual information about our products and services
  • Consent
Date of birth information
  • Fraud prevention & detection
  • Legal obligation
Payment information
  • Customers –  take payment and give refunds
  • Suppliers – make payments
  • Employees – make payments
  • Performance of a contract
  • Fraud prevention & detection
  • Legal obligation
Contact history e.g. by phone, email
  • Provide customer service and support
  • Legitimate Interest
  • Fraud prevention & detection
  • Legal obligation
Information about the technology you use to access and use our systems e.g. phone, PC
  • Improve our web site, set defaults such as language
  • Legitimate Interest

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service, the best products and the best and most secure experience. We assess any potential impact on you (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Performance of Contract means processing your data where it is necessary for the performance of a contract such as the supply of goods and services, employment, and purchasing to which you are a party.  Where there is an intention or possibility of a contract existing between us we may also process your personal data.

Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.  This typically includes fraud prevention and detection which in practice is used sparingly.

Consent means you have agreed we can send you promotional and marketing information about us and our products and services.  You can remove consent at any time by contacting us at privacy@historyheraldry.com or 01709 730700, or by clicking on unsubscribe links in emails.

Who we share your personal information with

We share your data with the following categories of companies as an essential part of being able to provide our services to you:

  • Members of the History & Heraldry group of companies, as sometimes different entities in our group are responsible for different activities
  • Companies that get your order to you, such as payment service providers and delivery companies
  • Professional service organisations such as marketing providers and IT partners who help us run our business
  • Credit reference agencies, law enforcement and fraud prevention agencies, so we can help tackle fraud.  This includes any third parties relating to court orders as part of legal proceedings
  • Companies approved by you, such as social media sites

Wherever possible we aim not share your personal information with any other third party.

How long your personal information will be kept

We will retain your information for as long as you have your account, or as long as is needed to be able to provide the services to you, or (in the case of any contact you may have with our Customer Care team) for as long as is necessary to provide support-related reporting and trend analysis only.

If reasonably necessary or required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions, we may also keep hold of some of your information as required, even after you have closed your account or it is no longer needed to provide the services to you.

For employees we will retain your information so long as you are an employee.  We will retain personal data on former employees to comply with prevailing employment legislation, financial purposes (such as tax and pension), and for other obligations (such as providing employment reference).

Job applicants, current and former History & Heraldry employees

All the information you provide will only be used for progressing your application, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties.  The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary. Therefore, if you unsuccessfully apply for a role with us, we will delete or anonymise your personal information once we have communicated this to you. There may be circumstances in which we may retain your data for a future opportunity and if this is the case, we will seek your approval beforehand.

The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t.

You will be asked to provide equal opportunities information. This is not mandatory information – if you do not provide it, it will not affect your application. Any information you do provide, will be used only to produce and monitor equal opportunities statistics.

If we make you a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our employees, their right to work in the United Kingdom and seek assurances as to their trustworthiness, integrity and reliability.

We therefore use your information in several different ways. The table below set this out in detail, showing what we do, and why we do it.

Category of Personal Data Purpose for Processing Legal basis – GDPR
Name and contact details such as email address, phone number, postal address
  • Application process
  • Performance of a contract
Previous employment history, qualifications, references
  • Application process
  • Performance of a contract
Gender, nationality, religion, ethnicity
  • Monitor equal opportunities
  • Legal obligation
Passport, visa details
  • Establish legal right to work in the UK and confirm identity
  • Legal obligation
Health and disability
  • Establish fitness to work
  • Make any reasonable adjustments if necessary
  • Risk assessments, emergency evacuation
  • Legal obligation
Unspent criminal convictions
  • Application process
  • Performance of a contract
Bank Details
  • Payment of salary and wages
  • Performance of a contract
Holiday, Sickness, Absence
  • Ensures entitlement met and appropriate payments made
  • Performance of a contract
Job Performance
  • Maintain staff records aligned to job description
  • Performance of a contract
Emergency Contacts
  • Next of kin contact details in case of emergency
  • Legal obligation
NI, Tax Information
  • Compliance with HMRC regulations
  • Legal obligation
Pension Details, Westfield Health and other benefit schemes
  • Compliance with company benefit schemes
  • Performance of a contract

Further information

Further information can be obtained by:

  • Contacting us at privacy@historyheraldry.com or 01709 730700 where we will try and respond to your request within 4 weeks unless the request is particularly complex.
  • From the Information Commissioners Office at https://ico.org.uk/