Here at Ruby UK we care about your data, so this document provides you information on how we look after your data and your rights under GDPR.
Process Controller’s identity and contact details:
Ruby UK Ltd act as both a data controller and a processor for their customers data. You can contact us by emailing firstname.lastname@example.org.
What information is collected:
We store your company name (if applicable), full name, address(es), phone number(s), email address(es) and username(s).
How your information will be used:
We use your information only to communicate with you, bill you and deliver the products you have requested us to provide. Your information will be passed to a third party to take and fulfill your order only. These include courier’s or online marketplaces.
Legal basis for processing your data:
Our legal basis for processing your data is three fold:
- The contract (verbal or written) between us to provide information, quotations or the products requested.
- Our legal obligation to maintain registered accounts.
- Your explicit consent is given when you read this notice and then choose to provide the requested information. Or, if you make verbal contact with us we will make you aware of where to find this information and outline it to you.
Who receives your information:
Only persons working for and with Ruby UK will have access to the information, and only as much as is required to carry out your order or the products requested by you.
Although they do not have access to our systems we do use sub-processors for data storage, dispatching orders and delivering products. We also use email and payment companies. The sub-processors we use are:
- KB Software
- Royal Mail
- UK Mail
Where your information is stored and how it is kept secure:
Your information storage and security depends on what we hold on your behalf:
Personal information is stored within our accounts system, order fulfillment software and email database. All of these are accessible only by passworded accounts given to users authorised by Ruby UK’s manager or director. The accounts system is hosted on a cloud server operated by Sage. The order fulfillment system is hosted on a cloud server operated by Linnworks. The email database is hosted on a cloud server operated by KB Software. All of these are available on our personal laptops which are password protected.
Order information, quotations, as well as specifications, documents and information related to specific products we are required to provide for you are kept on:
- Sage. Access to these is via controlled passworded accounts.
- Linnworks. Access to these is via controlled passworded accounts.
If an order is placed via our Shopify website, then Google Analytics is used to gather data from every visit / visitor to our website. This will be collected but personally identifiable information is not stored. A visitor’s IP address (which is now recognised as personal data by GDPR) is used to determine their physical location but the IP address itself is not data that can be accessed through Google Analytics. All data in Google Analytics is aggregated and anonymised.
Your order information and personal details will also be stored by the online marketplace which you used to place your order. Our access to these websites are password protected and we use password protected laptops to access them.
Transfers of data to 3rd countries and safeguards in place:
Data is held on EU data protection compliant servers. The only information we hold that might be transferred to 3rd party countries is:
Order information, quotations, documents and information related to specific products or orders we are required to undertake for you are kept on:
- Shopify. Shopify is responsible for all onward transfers of personal information to third parties in accordance with the EU-U.S. Privacy Shield Framework, the Swiss-U.S. Privacy Shield Framework, and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).
How long your information will be kept:
This depends on the information you provided us with:
- Your personal data is kept for as long as you are a customer. Sufficient information (e.g. Invoice details) in order to fulfil our legal obligation for producing accounts is kept for as long as is required by the HMRC, but at least 7 years.
- Order information will be kept by us for the period you remain a customer and for 12 years after our relationship ends.
- Google Analytics data is retained for 38 months by default. You can request alternative retention periods.
Under GDPR you have a number of rights for which we must provide, those that apply to the data we hold are listed below but more information is available here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
- You should be informed by us about how we use your data (this documents fulfills that obligation)
- You can request a copy of what information we hold on you.
- You can ask us to correct any errors in the information we hold on you
- You always have the right to require us to delete information for which we have no legal obligation to keep.
- You can request us to provide the information we hold to be provided in a .csv format for transfer to another organisation.
How you can make a complaint:
If you are unhappy with anything you can complain.
First, please let us know so we can put things right. Email to us at email@example.com.
If we don’t resolve things to your satisfaction then you can report us direct to our supervisory authority, the Information Commissioner’s Office, by ringing 0303 123 1113 or via live chat at their website: https://ico.org.uk/concerns/.
More Information can be found here: https://ico.org.uk/for-the-public/raising-concerns/
Our Data Protection Policy is here: