1. Lawful basis of processing
We may process your data based on one of three main legal grounds: (1) your consent; (2) any contract between you and us; and (3) our legitimate interests.
We collect your personal data based on one or many of the following legal bases:
- we have obtained your prior express consent (written, verbal or online) to the processing of your personal data (this legal basis is only used in relation to processing that is entirely voluntary - it is not used for processing that is necessary or obligatory in any way);
- the processing is necessary in connection with any contract between David Shuttle and you ("contractual necessity"); or
- we have a legitimate interest in carrying out the processing for the purpose of managing, operating or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights, or freedoms ("legitimate interests").
You have a right to withdraw your consent to the processing of your personal data, at any time, by contacting Customer Service.
2. Personal data we collect
We collect the following information:
- Information provided directly by you
- Information collected when our website or interactive products or services are used
- Information related to the purchases and other business with us by you
- Information collected from other sources which may be combined with the user account details
Please note that we do not collect any payment information. All payment data are processed by authorised third party payment services providers and are encrypted using a minimum of 128-bit SSL encryption.
We may collect personal data either directly from you, automatically from your devices that interact with our services, or from third party sources as described below.
Information collected directly from you:
- Contact details: your name, email address(es), telephone number, postal address;
- Demographic information: gender, date of birth or age, language, title or degree;
- Information related to your account: payment type or method, username, encrypted password, account picture;
- Any consents, communications and feedback that you provide to us;
- Personal interests notified by you;
- Work-related information provided by you: company/employer's name and contact details;
- Gift purchase information: the recipient's name, contact address, delivery address(es), telephone number and email address(es); and
- Other information collected on the basis of your prior, express, voluntary consent (including public social media profiles).
Information collected when our website or interactive products or services are used:
- Your user account identity and registration date (if you are logged in);
- Your browser, operating system, device model, IP-address, time of access and duration of access;
- Location data (including details of your WiFi-connection point, GPS coordinates or similar measure (read more: use of location data));
- Web pages through which our website was accessed, the pages browsed by you, all other actions with our website during your website visit (e.g., interactions, referral sites, search key words);
- Cookies and other identification tags;
- Marketing information: the benefits, campaigns and services directed or offered to the customer and your usage of them; and
- Other information collected based on your consent.
Information related to your purchases:
- Information on orders, deliveries, payment methods, billing address(es), delivery address(es), and other information related to any business you may do with David Shuttle;
- Your contacts with Customer Service and communication with you;
- Your participation in our promotions and contests; and
- Your contact information.
Information collected from other sources which may be combined with your user account:
- If you have connected to our website, service or social media channel using your social media profile(s), we may collect the public information available on your social media profile(s);
- We may purchase information from third parties to complement the data collected by us;
- We may collect information from public registers maintained by authorities, if such registers are available in your country; and
- Updated delivery and contact information from delivery agents.
We use third party service providers for payment processing, in which case you will be directed to the relevant third party service provider's website which is subject to that third party service provider's terms and conditions. All credit card payments made during on-line transactions are handled on our behalf by SagePay’s secure payment gateway. David Shuttle does not store credit card information.
3. How David Shuttle uses your personal data
We collect your personal data in order to offer you our products and services in the best possible way; to create a smooth shopping experience; and to operate and maintain our website and services effectively. We use the collected information for the following purposes:
- Offering products, marketing and personalising
- Customer loyalty programs and other user accounts
- Customer service
- Product and services development and anonymised reporting
- Detection, investigation and prevention of unlawful activities
- Identifying users
We may process your personal data for the following purposes:
I. Offering products, marketing and personalising
We want to offer you the most interesting products and services and therefore we may analyse your interests, preferences and needs.
We may process your personal data to manage our relationship with you, in the context of marketing and sales purposes as follows: managing the customer relationship lifecycle, customer segmentation and improving effectiveness.
Your personal data may be processed for the purposes of informing you about our products and services, announcing any new product or service launches or benefits available to you, and concluding market surveys, provided that we have first obtained any necessary consent, where required for such use, in accordance with the applicable law. Such marketing may be carried out as follows:
- Direct marketing through mail or telephone, including text messages;
- Electronic messaging: emails and other electronic messages; and
- Digital online marketing (e.g., displays, search engine marketing)
II. Customer service
We may process your personal data for the purpose of providing personal and customised services when you contact our Customer Service team.
Our Customer Service team may process your personal data if you contact them. Your calls to the Customer Service team may be recorded, in which case you will be informed of such recording beforehand. We may connect the personal data collected by the Customer Service team with other personal data, such as your purchase history, which enables us to provide you with as efficient and personal service as possible.
Your personal data may also be processed for warranty-related activities, such as activating the warranty, claims related to warranties and registering additional warranties for certain items.
III. Product and services development and anonymised reporting
Product and services development is essential to us and enables us to provide our customers with ever better, more innovative and user-friendly products and services.
We may process your personal data and account details to both improve our existing products and services, and to develop new ones. We may connect any feedback and communication received from you with your account.
- Surveys/research conducted via our website: We may use questionnaire tools on our website to improve our customer experience from time to time.
- Loyal customer community: To improve our service and our program to meet our customers' needs we may provide you with surveys or research questions concerning our products and services (whether in hard copy or online).
We use anonymised data for reporting purposes. Such data have been anonymised and cannot be used to identify you. We use such data to analyse the realisation of our commercial objectives, such as effectiveness of our product campaigns. Such anonymised data may contain:
- Aggregate visitor numbers of our website;
- Aggregate visitor numbers of our stores;
- Average visit duration;
- Typical visitors path on our site or our store; and
- Certain measurements related to our product sales.
If you have ordered products or services from our website or physical stores, we may process your personal data for the purposes of processing your order(s).
Payment details are not stored in our systems. Instead, payment data are provided by you directly to our third party payment services providers.
V. Detection, investigation and prevention of unlawful activities
We may process your personal data for the purposes of detecting, investigating and preventing unlawful activities. We may provide your information to law enforcement authorities based on their request, or based on a legal basis defined in any applicable law for prevention and investigation of fraud and other unlawful activities. We may disclose your personal data to any party in response to an order from a court of competent jurisdiction.
VI. Identifying users
We may identify you for the purposes of providing you with more personalised and customised services, and a better experience.
We may identify your online activities based on cookies. Read more on cookies we use. In mobile applications and website, we may identify you based on your log-in details.
Identifying you in any of our physical stores requires your name and postal address and possibly ID verification.
4. How long your data is stored
- Your data are stored as long as your online account is valid, plus the applicable period for limitation of legal claims, and any additional periods required or permitted under applicable law.
- Remember to update your information if any material changes occur.
If you have created an account on our website your personal data will be retained until such time as you either terminate the account or request that your data be deleted. To ensure that you receive news, offers and other information you are interested in, you may be asked to update your data once in twelve (12) months when you use your website account or when you purchase products in any of our local stores.
5. How we disclose your personal data to other parties
We do not disclose your data to third parties, except for processors and approved third parties, in accordance with applicable law. We do not sell, lease or rent your data. Your data are adequately protected if transferred internationally. We may provide your data if needed for lawful requests, fraud combating, mergers or acquisitions or protection of our interests.
We disclose your personal data only to the parties indicated below and for the following reasons only:
- International transfers. Our services may be provided using resources and servers located in various countries, partly located outside of EU/EEA. Therefore your personal data may be transferred across international borders outside the country in which you use our services. In the event that your personal data are transferred outside of EU/EEA, we will ensure that any such transfer is covered by appropriate contractual measures (e.g., using European Commissions Standard Contractual Clauses), that the transfer has an appropriate legal basis, and that the data processing and confidentiality fulfills the requirements in relevant laws. You may obtain a copy of the relevant Standard Contractual Clauses (where applicable) by contacting us using the details set out in Section 12 below.
- Lawful requests. We may be required by the binding requirements of applicable law, or for the purposes of responding to legal proceedings or other lawful requests to disclose your personal data to authorities or third parties.
- Protection of our interests and combating fraud. We may also disclose or otherwise process your personal data, in accordance with applicable law, to defend our legitimate interests (for example, in civil or criminal legal proceedings) and when combating fraud.
- Mergers and acquisitions. In the event of any sale, consolidation or reorganisation of our businesses (for example mergers and acquisitions), we may disclose your personal data to prospective or actual purchasers or their advisers, where appropriate.
6. Steps taken to safeguard the personal data
We have created appropriate safeguards to protect your personal data. We have implemented both technical and organisational safety measures, and only certain restricted personnel are permitted to access your data. However, you should always be careful when transmitting your data via internet, as the transmission of data to our website will be at your risk.
We have implemented appropriate technical and organisational security measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of processing, in accordance with applicable law.
We maintain a variety of physical, electronic, and procedural safeguards to guard your personally identifiable information. Specifically, we use commercially accepted procedures and systems to protect against unauthorised access to our systems. Only our appointed personnel and third party companies operating on behalf of us or on our assignment (referred to as "Authorised Third Parties") are entitled to access or process your personal data.
Unfortunately, the transmission of information via the internet is never completely secure. Although we will implement all reasonable measures to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
7. Actions you can take in regard to the processing
Subject to applicable law, you may have the following rights with respect to the processing of your personal data:
- Choosing not to provide your personal data
- Accessing, or obtaining a copy of, your personal data
- Checking and editing your data in your user account
- Unsubscribing from direct marketing
- Checking and editing your personal data
- Blocking and deleting the cookies
- Permitting or refusing processing of your location data
- Erasure, or restriction of our processing, of your data
- Objecting to the processing of your personal data
- Withdrawing your consent
- Porting your data to another controller
- Lodging a claim at the supervisory authority
Please note that upon exercising any of the rights listed below, you may be requested to provide additional information for identification purposes. Such additional information shall not be used for any other purpose and will be removed after successful identification.
- Providing your data: You may choose not to provide your personal data to us. It should be noted that some features of our website and other services may not be fully available to you if you choose not to provide us with your personal data (e.g., we may not be able to process your orders without the necessary details).
- Right of access: You may have the right to request access to, or copies of, your personal data, together with information regarding the nature, processing and disclosure of those data.
- Unsubscribing: We include an unsubscribe link in all electronic marketing messages we send to you. You may withdraw your consent to direct marketing at any time. If you do so, we will promptly update our databases, and will not send you further direct marketing, but we may continue to contact you to the extent necessary for the purposes of any products or services you have requested.
- Checking and editing your personal data: Should you have an online user account, you may edit and complete your personal data directly yourself. If you do not have an online user account, you may contact our Customer Service team using the details provided in Section 12 below, who will upon your request as soon as possible rectify, remove or complete the information which is incorrect, unnecessary, lacking or outdated.
- Blocking and deleting cookies: You may block the cookies using your browser settings. Please note that blocking the cookies may affect the usability of our website. You may also delete the cookies from your browser via its settings, in which case the information collected by the previous cookie will not affect the account created based on the information collected after such deletion.
- Allowing use of location data: You may give your consent to the use of location data in the options of the device or the application. You may also withdraw such consent at any time from the options menu in your account, or by contacting our Customer Service team
- Erasure, or restriction of our processing, of your data: Should you believe that we process your data which is not accurate; the processing is illegal; we are not processing your data in accordance with the processing purpose or you want to oppose the processing, you may contact our Customer Service team to request the erasure, or restrictions on the processing, of your data. Please note that we will investigate your request reasonably promptly, before deciding what action to take.
- Right to object: You may have the right to object, on legitimate grounds, to the processing of your personal data.
- Withdrawing your consent. You may at any time decide to withdraw your consent to the processing of your personal data. If your consent is withdrawn, it does not prevent us from processing your personal data based on other legal bases, such as fulfilling your orders and storing your order data as required by applicable law. However, it should be noted that your account(s) on our website will be removed, and advantages granted to you via your account will be reset. Please note that withdrawal of consent does not affect the lawfulness of any processing performed prior to the date on which we receive notice of such withdrawal.
- Right to data portability: You may have the right to have your personal data transferred to another controller, in a structured, commonly used and machine-readable format, to the extent applicable.
- Lodging a claim with a supervisory authority: Should you believe that our processing of your personal data infringes your legal rights, you may lodge a claim with your local supervisory authority. Please do see a list for supervisory authorities' website here.
9. Third party website
Please note that certain features on our website are offered by third parties and the third party privacy policies apply.
Our website and services use options which enable you to share content on social media, such as Facebook's "share" button. Such options are provided directly by the third-party service providers (e.g., Facebook, Twitter, Instagram, Google+, etc.). Each such third-party service provider may collect personal data regarding your visits and interaction with its services, based on its own policies and rules concerning data privacy.
David Shuttle cannot be held liable for any privacy policies or terms and conditions concerning data privacy of such third parties.
11. Defined terms
- "controller" means the entity that decides how and why personal data are processed. In many jurisdictions, the controller has primary responsibility for complying with applicable data protection laws.
- "personal data" means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
- "process", "processing" or "processed" means anything that is done with any personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- "processor" means any person or entity that processes personal data on behalf of the Controller (other than employees of the Controller).
12. Our contact point
In general privacy issues, in issues relating to your account or to opt out from marketing messages, please contact our Customer Service: firstname.lastname@example.org 01494 677665 ext. 1
- Transaction Security
- Payment Security
- Verified By Visa And Mastercard SecureCode
- Registering for 3D Secure
We realise how important it is to securely store any information that you provide. As such DavidShuttle.com maintains the highest levels of security. Our site useshigh level SSL encryption technology, the most advanced security software currently available for online transactions. You can, therefore, rest assured that we take the privacy and security of your payment and personal details very seriously.
You can tell whether a page is secure as 'https' will replace the 'http' at the front of the www.DavidShuttle.com in your browser address window. A small locked padlock will also appear in the bottom bar of your browser window.
All credit card payments made duringon-line transactions are handled on our behalf by the SagePay secure payment gateway. All transaction information passed between our site and SagePay’s systems are encrypted using a minimum of 128-bit SSL encryption.
No cardholder information is ever passed unencrypted. You can be completely assured that nothing you pass to Sage Pay’s servers can be examined, used or modified by us and or any third parties.
SagePay’s systems are scanned by Trustwave which are an independent Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV) for the payment card brands.
SagePay is also audited under the Payment Card Industry Data Security Standards (PCI DSS) and is a fully approved Level 1 payment services provider, which is the highest level of compliance. They are also active members of the PCI Security Standards Council (SSC) that defines card industry global regulation.
To give you even more confidence in shopping online with DavidShuttle.com, we have introduced Verified by Visa and Mastercard® SecureCode™. These services enhance your existing card account against unauthorised use when you shop with us online.
To use this service, you must first register with the bank or other organisation that issued your card. To find out more about these services:Visit the Verified by Visa website Visit the Mastercard® SecureCode™ website
Once you've registered and created your own private password with your card issuer, you'll be prompted automatically at checkout to provide this password each time you make a purchase.
Please note: Your Verified by Visa or Mastercard SecureCode™ password is not your DavidShuttle.com account password. DavidShuttle.com does not have access to your Verified by Visa or Mastercard SecureCode™ password.
If you have a John Lewis Mastercard, you will need to enroll it with HSBC here.
All card companies using 3D Secure require you to register for the service. For your convenience, we have listed below some of the major card issuers and provided links to their registration pages.
- Santander Mastercard
- Santander Visa
- Barclaycard Mastercard
- Barclaycard Visa
- Natwest Mastercard
- Natwest Visa
- The Co-operative
- HSBC Mastercard
- HSBC Visa
- Royal Bank of Scotland
- Lloyds TSB
- Nationwide Visa
- Marks & Spencer Visa
- Marks & Spencer Mastercard
- Capital One Mastercard
- Ulster Bank
- Danske Bank (Formally Northern bank)