The Clydeside Trading Society Limited website, www.ctsgardensupplies.co.uk, is published and maintained in order to provide public access to information, products and services available from Clydeside Trading Society Limited.
All data collected and processed by Clydeside Trading Society Limited, is managed in compliance with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
Clydeside Trading Society Limited ("the Company", "we", "us", "our"), collects and processes personal information relating to customers, clients, suppliers and individuals with whom we form a working relationship. This personal information may be held by the Company on paper or in electronic format.
Support, Clydeside Trading Society Limited, 80 Vere Road, Kirkmuirhill, Lanark, ML11 9RP
Telephone 01555 894151
The GDPR Privacy Notice applies to information collected and processed by Clydeside Trading Society Limited, it’s website and social media platform. This includes www.ctsgardensupplies.co.uk.
Data protection principles
Under the GDPR, there are six data protection principles that the Company must comply with. These provide that the personal information we hold about you must be:
Processed lawfully, fairly and in a transparent manner.
Collected only for legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes.
Adequate, relevant and limited to what is necessary in relation to those purposes.
Accurate and, where necessary, kept up to date.
Kept in a form which permits your identification for no longer than is necessary for those purposes.
Processed in a way that ensures appropriate security of the data.
The Company is responsible for, and must be able to demonstrate compliance with, these principles.
What types of personal information do we collect about you?
Personal information is any information about an individual from which that person can be directly or indirectly identified. It doesn’t include anonymised data, i.e. where all identifying particulars have been removed.
This information may include:
your contact details, including your name, address, telephone number and e-mail address
financial and payment information*
*Please note: financial and credit/debit card information is not held on any of our servers. We use Opayo (formerly SagePay) for all online payments and no employee within our organisation has access to your complete financial information. This also applies to offline credit/debit payments, (ie. payments made in person or over the telephone), where no record of complete financial information is held within the company – payments are processed in accordance with the Payment Card Industry Data Security Standard, (PCI DSS), which is designed to ensure that companies which accept, process and transmit credit card information maintain a secure environment.
technical data related to website usage and functionality
How do we collect your personal information?
The Company collects, uses and processes a range of personal information about you. This includes, (as
applicable), information that may be gathered from data provided by filling in forms on our website or by otherwise engaging or corresponding with us by phone, e-mail or otherwise, including in relation to purchasing products and services from us. This includes information you provide when you register to use our website, make enquiries, subscribe to our services, search for products or services, place an order on our website, enter a competition, promotion or survey, or when you report an issue, participate in discussion boards or participate in other social media functions on our websites or social media platforms.
Information may also be gathered about visits to our website and social media platforms including the Internet protocol (IP) address used to connect your computer or device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. In addition information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information, (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone numbers used to call our customer service number.
We may also receive information about you from third parties, (eg. business partners or sub-contractors with regard to payment, delivery and technical services, advertising, analytics, search information or credit references).
Why and how do we use your personal information?
We will only use your personal information when the law allows us to. These are known as the legal basis for processing. We will use your personal information in one or more of the following circumstances:
where we need to do so to perform the contract for services we have entered into with you
where we need to comply with a legal obligation
where it is necessary for our legitimate interests (or those of a third party), and where your interests or your fundamental rights and freedoms do not override our interests
We may also occasionally use your personal information where we need to protect your vital interests (or someone else’s vital interests).
We need all the types of personal information listed under "What types of personal information do we collect about you?" primarily to enable us to perform our contract with you and to enable us to comply with our legal obligations. In some cases, we may also use your personal information where it is necessary to pursue our legitimate interests (or those of a third party), provided that your interests or your fundamental rights and freedoms do not override our interests. Our legitimate interests include: performing or exercising our obligations or rights under the direct relationship that exists between the Company and you; performing effective internal administration and ensuring the smooth running of the business; ensuring the security and effective operation of our systems and network; protecting our confidential information. We believe you have a reasonable expectation, as our customer, client or supplier that we will process your personal information.
Some purposes for which we are processing, or will process, your personal information are to:
enable us to maintain accurate and up-to-date records and contact details
comply with statutory and/or regulatory requirements, obligations and contractual rights
administer the contract we have entered into with you
manage, plan and organise work
to notify you about important information or changes related to our products or services
enable us to establish, exercise or defend possible legal claims
to administer our online platforms’ internal operations, including troubleshooting, data analysis and testing
Please note that we may process your personal information without your consent, in compliance with these rules, where this is required or permitted by law.
Where explicit relevant consent is given, we may also provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about.
What if you fail to provide personal information?
If you fail to provide certain personal information when requested or required, we may not be able to perform the contract we have entered into with you, or we may be prevented from complying with our legal obligations. You may also be unable to exercise your statutory or contractual rights.
Change of purpose
We will only use your personal information for the purposes for which we collected it. If we need to use your personal information for a purpose other than that for which it was collected, we will provide you, prior to that further processing, with information about the new purpose, we will explain the legal basis which allows us to process your personal information for the new purpose and we will provide you with any relevant further information. We may also issue a new privacy notice to you.
Who has access to your personal information?
Your personal information may be shared internally within Clydeside Trading Society Limited, including with members of the Accounts, Sales, Technical and Despatch departments along with IT staff if access to your personal information is necessary for the performance of their roles.
The Company may also share your personal information with third-party service providers (and their designated agents), including:
business partners, suppliers, sub-contractors and couriers for the performance of any contract we enter into with them or you
analytics and search engine providers for the sole purpose of assisting us in the improvement and optimisation of our website
credit reference agencies for the purposes of assessing your credit score where this is a condition of us entering into a contract with you
external IT services
professional advisers, such as lawyers and accountants
where you have otherwise consented to disclosure
We may also need to share your personal information with a regulator or to otherwise comply with the law.
We may share your personal information with third parties where it is necessary to administer the contract we have entered into with you, where we need to comply with a legal obligation, or where it is necessary for our legitimate interests, (or those of a third party).
We require any third parties with whom we have shared your personal information to comply with the law and meet the data privacy standards and requirements as defined within the General Data Protection Regulation, (“GDPR”), and the Data Protection Act 2018.
How does the Company protect your personal information?
The Company has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed, used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, workers, agents, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities.
Where your personal information is shared with third-party service providers, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes.
The Company also has in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and you of a suspected breach where we are legally required to do so.
For how long does the Company keep your personal information?
The Company will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, tax, health and safety, reporting or accounting requirements.
Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems within relevant time scales, and we will also require third parties to destroy or erase such personal information where applicable.
In some circumstances, we may anonymise your personal information so that it no longer permits your
identification. In this case, we may retain such information for a longer period.
Your rights in connection with your personal information
It is important that the personal information we hold about you is accurate and up to date. If your personal information changes, (e.g. changes to your contact details or delivery address), please keep us informed so that our records can be updated. The Company cannot be held responsible for any errors in your personal information in this regard unless you have notified the Company of the relevant change.
As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain
circumstances, you have the right to:
request access to your personal information – this is usually known as making a data subject access request and it enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
request rectification of your personal information – this enables you to have any inaccurate or incomplete personal information we hold about you corrected
request the erasure of your personal information - this enables you to ask us to delete or remove your personal information where there’s no compelling reason for its continued processing, e.g. it’s no longer necessary in relation to the purpose for which it was originally collected
restrict the processing of your personal information - this enables you to ask us to suspend the processing of your personal information, e.g. if you contest its accuracy and so want us to verify its accuracy
object to the processing of your personal information - this enables you to ask us to stop processing your personal information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your particular situation which makes you decide to object to processing on this ground
data portability – this gives you the right to request the transfer of your personal information to another party so that you can reuse it across different services for your own purposes
If you wish to exercise any of these rights, please contact our Support. We may need to request specific
information from you in order to verify your identity and check your right to access the personal information or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.
In the limited circumstances where you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent, please contact Support. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose you originally agreed to, unless we have another legal basis for processing.
If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues.
The Company will not transfer your personal information to countries outside the UK.
Changes to this privacy notice
The Company reserves the right to update or amend this privacy notice at any time, including where the Company intends to further process your personal information for a purpose other than that for which the personal information was collected or where we intend to process new types of personal information. We will issue you with a new privacy notice when we make significant updates or amendments. We may also notify you about the processing of your personal information in other ways.
If you have any questions about this privacy notice or how we handle your personal information, please contact Support, Clydeside Trading Society Limited, 80 Vere Road, Kirkmuirhill, Lanark, ML11 9RP. Tel. 01555 894151 or email firstname.lastname@example.org
eu_cookie_law - this stores whether the EU Cookie legislation notification on the site has been acknowledged.