PRIVACY & COOKIES POLICY
Last updated 22 August, 2023
​
This privacy policy for the Cameron Mills Group describes how and why we might collect, store, use, and/or share your information when you use our services, such as when you: visit our website, contact us or make a booking with us.
​
​
1. What information do we collect?
​
We receive, collect and store any information you enter on our website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history.
Technical data that is automatically collected may be used by us to analyse how the website is being found and used, and to evaluate the effectiveness of our marketing activity. It is not used by us to build a personal profile.
​
We also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, product reviews, and recommendations.
​
In all cases, the data collected is only the minimum required to conduct our business in a way that has a valid legal basis (see below).
​
​
2. How do we collect your information?
​
When you conduct a transaction on our website, as part of the process, we collect the personal information you give us – such as your name, address and email address – to provide, improve, and administer our services, communicate with you, to arrange payment for our services, for security and fraud prevention, and to comply with law.
We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We do not use this information to build a personal profile.
3. How do third parties process your information?
​
Although we do not use automatically collected visitor data to build a personal profile on you or identify you personally, Google, which provides the analytics service that collects the data, will do this. If you are logged into a Google account on your device, it will associate your data with the identity details that you have previously given to Google. What is done with that data will depend on the preferences you have expressed in the privacy settings of your Google account. If you are not logged into a Google account, the data will be associated with a unique identifier given to your browser or device.
For further details about how Google uses your data please see Google's privacy policy and this statement about Google Analytics Privacy.
​
4. What legal bases do we rely on to process your information?
​
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we will always rely on one of the following legal bases to collect and process your personal information:
​
Consent. We may process your information if you have given us permission (i.e. consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.
​
Performance of a contract. We may process your personal information when we believe it is necessary to fulfil our contractual obligations to you, including providing our services or at your request prior to entering into a contract with you.
​
Legitimate interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:
Analyse how our services are used so we can improve them to engage and retain users
Evaluate our marketing activities.
​
Legal obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
​
Vital interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
​
5. How do we store, use, share and disclose your personal information?
​
Our website is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
We may share your data with third-party vendors, service providers, contractors, or agents ('third parties') who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information. They commit to protect the data they hold on our behalf. The categories of third parties we may share personal information with are as follows:
Data Analytics Services
Payment Processors.
All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands such as Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
We do not sell your data to third parties or allow third parties to contact you without your permission.
​
6. How do we communicate with you?
We may contact you to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our User Agreement, applicable national laws, and any agreement we may have with you. For these purposes we may contact you via email, telephone, text messages, and postal mail.
​
7. Do we use cookies and other tracking technologies?
A cookie is a small file that might be placed on a computer or similar device when you visit or interact with a website. We use cookies and similar tracking technologies (such as web beacons and pixels) to access or store information about visitors to our website.
​
The following table indicates which cookies we are using and what they do.
​
You can choose to set your browser to reject cookies or install a browser extension to reject cookies. Your browser will also have a tool to remove cookies that have already been set. If you choose to remove cookies or reject cookies, this could affect the functionality of parts of our website. To opt out of interest-based advertising by Google, see the privacy preferences in the settings of your Google account.
​
8. How long do we keep your information?
We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).
​
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
​
9. Is the information accurate and up to date?
We are legally obliged to ensure that the information we have on record is accurate and up to date. If your details have changed since we were last in touch with you, you are kindly requested to notify us of the new details so we can update our records.
​
10. How do we keep your information safe?
We have implemented appropriate and reasonable technical and organisational security measures to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our services is at your own risk. You should only access the services within a secure environment.
11. Breach notification
If we hold records of your personal data and we become aware of a data breach, we will endeavour to inform you of this within 72 hours.
​
12. What are your privacy rights?
In the United Kingdom, you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability.
In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by using the contact details provided below to contact us. We will consider and act upon any request in accordance with applicable data protection laws.
If you are located in the UK and you believe we are unlawfully processing your personal information, you also have the right to complain to the Information Commissioner's Office. You can find their contact details here: https://ico.org.uk/make-a-complaint/.
Withdrawing your consent: You have the right to withdraw your consent to process your personal information at any time. You can withdraw your consent by contacting us using the contact details provided below.
However, please note that this will not affect the lawfulness of the processing before its withdrawal, nor will it affect the processing of your personal information where there are lawful grounds other than consent.
​
13. How can you contact us about this notice?
If you have questions or comments about this notice, you may contact Cameron Mills by email at info@cameronmillsgroup.com or by post to: 8 Coombe St, Exeter, EX1 1DB.
​
14. Privacy policy updates
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances we use and/or disclose it.