We are committed to protecting and respecting your privacy.
For the purpose of the Data Protection Act 1998 (the Act), the data controller is KandyToys Limited of Hill Barton Business Park, Sidmouth Road, Exeter, EX5 1DR
Information we may collect from you
We may collect and process the following data about you:
Information you give us.
You may give us information about you by filling in forms on our site or by corresponding with us by phone, e-mail or otherwise. This includes information you provide if you register to use our site, place an order through our site, or when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number and financial and credit card information.
Information we collect about you.
With regard to each of your visits to our site we may automatically collect the following information:
- technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
Information we receive from other sources.
We may receive information about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this site. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.
We use the following cookies:
|XSRF-TOKEN||A security token used to validate requests.||2 hours|
|kandy_toys_session||Records information specific to your visit in order to interact with the website.||2 hours|
|cookieconsent_status||Records whether the cookie consent bar has been dismissed.||1 year|
Uses made of the information
We use information held about you in the following ways:
Information you give to us.
We will use this information:
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
- to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
We may disclose your personal information to third parties:
Where we store your personal data
All information you provide to us is stored on our secure servers or on secure servers operated by a third party. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Access to information
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of up to £10 to meet our costs in providing you with details of the information we hold about you.
The GDPR introduces new rights for data subjects, including the requirement for consent to be given to process data, and prompt reporting of data breaches to the Information Commissioner’s Office (ICO). For further information on the GDPR, please refer to the ICO website:
What information is held by us?
We hold a variety of data for both current and past customers/suppliers, including contact information, bank details, information on past transactions (both digital and paper), and all other necessary information for the establishment of a trading relationship.
Why do we hold this information?
The majority of information is held within our finance processes in order to facilitate normal business activities. The provision of this information by customers and suppliers is considered a contractual necessity and a sufficient justification for the on-going retention of this information.
How will we dispose of this information?
As soon as data has been flagged for deletion, our established processes will be used to ensure that this information is permanently removed from out systems and any hardcopy is shredded/confidentially disposed of.
Routine audits will be undertaken to ensure that data is not kept past established timescales or for any longer than is required for either business or audit purposes.
We may from time to time email information on promotions/certain products/events that we consider will be of interest. We will only do this where there is a ‘legitimate interest’ and will always ensure that there is a clear option to opt out from future emails each time.