This policy is designed to provide you with information about how we use the personal data and information that you provide to us during your use of the www.cclonline.com website (the “Site”), when you order products from us over the phone, and any related communication between us.
We are CCL Computers Limited, a company incorporated in England with company number 3224671 (“we” “us” or “our”). Our registered address is Inmoor Road, Cross Lane, Bradford, BD11 2PS. We are the data controller.
What information do we collect from you?
We will collect and process the following data about you:
Opening an account, placing an order and managing your account
- Information provided by you to us when opening an account and placing an order with us. This information will include your name, delivery address, billing address, e-mail address, telephone number, financial information (such as credit or debit card number, and expiry date, which is stored in a tokenised format) and unique identifiers (such as your username and password). Passwords are hashed so they are not visible to us.
- Information relating to orders you have placed with us and payments to and from you.
Using our website
- Information that you provide by filling in forms on our Site. This includes information provided at the time of subscribing to join the CCL VIP Club.
- Information that we automatically receive and record from your browser or your mobile device when you visit our Site, such as your IP address or unique device identifier, the cookies you accept and data about which pages you visit.
- Device-specific information that we may automatically collect when you use our Site. This information may include information such as the hardware model, operating system information, browser information and device identifiers.
- Information about how you use our Site.
- Information that you provide us with if you enter a competition or other promotional feature on our Site, such as name, address, e-mail address, telephone number and country of residence.
- Records of any correspondence we have with you. We may monitor or record any communications we have with you, including phone calls and emails.
How do we use this information?
We use information about you in the following ways:
Opening an account, placing an order and managing your account
- To open your account on our Site and maintain your records
- To process your order and arrange delivery or collection of your products
- To contact you in relation to your order
- To process payments from you or to you
- To respond to your requests and queries
- To check that your payment card is not being used without your consent
- Asking you to leave a review of our service.
Ensuring the Quality of our Service & Effectiveness of our Site
- To help train our staff and improve our customer service.
- To ensure that content from our Site is presented in the most effective manner for you and for your device.
Marketing & Competitions
- If you have opted-in to receive email marketing communications from us, to make suggestions and recommendations to you about products that may be of interest to you by email.
- To telephone you, to make suggestions and recommendations to you about products that may be of interest to you or make you aware of special offers or promotions.
- To run competitions and to contact you if you are the winner.
Internal Business Purposes
- For internal purposes, such as website and system administration.
- To carry out data analytics, including which parts of our Site you visit in order to improve our Site, for marketing purposes and to improve our customer experience.
- To comply with our legal and regulatory obligations, including for crime and fraud prevention purposes.
On what basis are we entitled to process your data?
Data protection law sets out a number of different legal grounds upon which data controllers can legally process personal data.
In most cases, we process your data in order to take steps at your request before entering into a contract with you, or because the processing is necessary to perform our contract with you.
If the processing is not related to your contract, we will process your information on one of the following bases:
- You have given clear consent for us to process your personal data.
- Our legitimate interests, which include:
- carrying out data analytics to help us predict future market trends and customer behaviour
- to improve our Site and your experience of using it, including customising your experience
- to understand the types of products that you are interested in
- to develop our business and inform our marketing strategy
- to run our business, administer our Site and ensure its security
- to prevent fraudulent purchases on our Site
- to improve service quality and compliance.
- Where the processing is necessary to comply with our legal obligations, a court order or to exercise or defend legal claims.
How long we will keep your data for?
If you have ordered through www.amazon.co.uk, once the order has been on our system for 30 days your data is anonymised. Amazon require that we keep the data in an off-line archive in case they are ever needed for legal or compliance reasons.
If you have ordered through our website, we will keep your data for a maximum of 7 years. This is to enable us to retrieve your data if there is a dispute or you bring a claim against us during the statutory 6 year limitation period and to comply with HMRC’s requirements in relation to keeping records. Our customer database is cleansed annually and all customer data that is no longer required is deleted.
Who do we disclose your information to?
Our service providers
We may need to pass on your information to service providers who provide services on our behalf. Your data will only be used by our third party providers to provide the requested services to us.
We use the following service providers to provide us with services:
- our authorised repairer Mendit Computer Repairs Limited
- our payment services providers
- third party payment providers who are integrated into our Site. When you pay using one of these methods e.g. Paypal, you are redirected to the provider’s portal. Your use of these services is subject the terms and conditions and the privacy policies of these payment providers. This includes where you choose to pay by finance.
- providers of IT security services
- third party databases, against which we will validate your details in order to verify your identity and prevent fraud. To perform these checks your personal information may be disclosed to a registered Credit Reference Agency, which may keep a record of that information. This is done only to confirm your identity, a credit check is not performed and your credit rating will not be affected.
- providers of delivery services, such as Royal Mail and DPD
- providers of competitions platform and virtual agents
- to Google Customer Reviews, to enable you to rate your purchase experience with us.
Other third parties
We may provide your information to the manufacturer of any device you have bought, so that they can repair it under warranty.
On occasion, if we do not have items in stock, we may ask our supplier to send your items to you directly. In that case, we will need to provide them with your order and delivery details.
We may disclose your personal information to any member of our group, which means our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may also disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- You request or authorise the disclosure of information to a third party.
- If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers is likely to be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation.
Do we transfer your data outside of the UK?
At the time of writing this privacy notice, only one of our external service providers is based outside the UK. This is the competitions platform we use. We may however begin using other service providers based outside the UK in the future if we feel this is appropriate. If the service that these service providers provide involve the processing of your personal data, this will also involve a transfer of data outside the UK.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
- Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
As a data subject, you have the following rights:
- The right to request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- The right to require the correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
- The right to request erasure of your personal data (commonly known as “the right to be forgotten”). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it or where you have withdrawn your consent and there is no other legal ground for us to process the data.
- The right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
- The right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data's accuracy.
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- The right to object to the processing, on grounds relating to your particular situation, where we are relying on a legitimate interest (or those of a third party). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
- In limited circumstances, you may have the right to request to receive personal data in a structured, commonly used and machine-readable format. You have the right to transmit the data in this format to another data controller.
If you have any questions about how we use your personal data or if you’d like to exercise any of your rights, please contact us. You can get in touch by emailing us at email@example.com or by post at Data Protection, CCL Computers Ltd, Inmoor Road, Cross Lane, Bradford. BD11 2PS.