The Pierre Cardin Gift Collection is supplied by official license holders The Pen Warehouse. The Pen Warehouse is a trading name of Tancia Ltd. Registered in England and Wales – Company no. 02966120 – Charles Lake House | Claire Causeway | Crossways Business Park | Dartford | Kent | DA2 6QA | UK
We believe that privacy is a fundamental human right and that respect for an individual’s privacy should apply in all walks of life but especially so in business. We recognise the need to protect not just the privacy of customers but also the privacy of all individuals involved in the supply chain.
In order to operate our business, we do need to collect some personal data. We only ever collect what is necessary and we do not store the data for any longer than we need to.
What type of data do we store?
If you’re a registered customer, we’ll hold some or all of the following types of information about you:
- Your name.
- Your email address.
- Your telephone number, which may include direct dial or mobile numbers.
- Your home or business address.
- Your IP address (if you visit our websites).
- Website cookies (if you visit our websites).
We rely upon a number of different legal bases for processing personal information – these include processing personal information where it is in our legitimate interests to do so and where this is necessary for the fulfilment of a contract. Where we rely on our legitimate interests, this means that we use personal information to run our business and to provide the services we have been asked to provide. We only collect information that has been supplied voluntarily; you do not have to provide us with personal information. However, if you do not provide us with information we need by law or require to do work, we may not be able to offer certain products and services.
You have several important rights in relation to your data:
- The right to be informed – We’ll always try to be as transparent as possible about how your data is being stored and processed by us.
- The right to access – If you’d like to know what information we store about you, you can exercise your right to access, often known as a “subject access request”. We usually prefer to get these in writing and sometimes we may need to ask for additional proof of identity. We will respond to all access requests within one calendar month but if we do need to ask you for ID, that one month period won’t start until we’ve received it.
- The right to rectification – If you believe that we hold some incorrect information about you, then you have the right to request that we amend your personal information across all of our systems. We’ll try and complete any such requests as quickly as possible but you should allow us up to one calendar month.
- The right to erasure – You can ask us at any time to remove your personal data from our systems. In some cases, for example if required to do so by HMRC, we might need to keep a few records even after you’ve asked us to delete your information. We’ll let you know about this when you request removal, as well as telling you how long we’ll be keeping the data for.
- The right to restrict processing – You can ask us not to use your data in particular ways. This is different than the right to erasure because it lets you specify that you’re happy for us continue using your data in other ways.
- The right to data portability – You can ask us to export your personal information in a commonly-understood file format, such as CSV. This is particularly useful if you wanted to give the data to someone else to process. The same one-month period and need for identification applies to these requests as it does to a subject access request.
- The right to object – You can raise an objection at any time to the way in which we’re using your data. For example, you might want to remain a customer but opt out of receiving marketing communications. You have the right to do so without it affecting your legal status with us.
Who has access to your data?
Staff members who might have access to your personal data have all been provided with relevant GDPR training. We only allow our staff access to customer data when it’s absolutely necessary for them to do their jobs.
In regards to electronic communication, all of our email services are provided by Google LLC. Google provide a very secure email platform that encrypts all communications between their servers and our office PCs. In order to provide support on our email services, some Google employees do have access to our email system. This is only to provide technical support and they don’t perform any processing or collection on emails coming through our system.
Please note that we also contract out some I.T. development and support services to the following companies. In order to support our software, employees of these companies will sometimes be granted access to our secure systems on which your data is stored.
Eiger Group Ltd – Company number 03727605 – Kenward House High Street, Hartley Wintney, Hook, Hampshire, RG27 8NY
Eureka Solutions (Scotland) Limited – Company number SC165567 – 29 Portland Road, Kilmarnock, Ayrshire, KA1 2BY
If you visit our websites, then your activities on the site are anonymised and sent to Google Analytics with a tracking cookie. This data lets us know how well our websites are working and which parts still need improvement. If you’d prefer not to take part in this anonymous usage tracking, then you should set your browser to “do not track” mode.
What do we do with your data?
Apart from using your data to process and despatch orders, we’ll also use it to keep in touch about our latest developments and services. We often run reports on our sales orders so that we can spot purchasing trends. Identifying trends helps us ensure that our prices and product range are competitive. You can opt out of any specific types of data processing if you wish to.
In order to provide an electronic shopping basket and checkout function, our website needs to create and temporarily store cookies on your computer.
Where do we store your data?
Your personal data may be stored in physical files located on one of our premises in Aldershot. Any files that contain personally identifiable information are stored securely, under lock and key. Access to those files is only available to staff members who require it to complete their assigned duties. Physical files are only kept as long as necessary by law and are then destroyed.
Electronic storage of your personal data is mostly situated on our in-house servers. Our I.T. systems are compliant to the Cyber Essentials scheme, meaning that everything is firewalled and encrypted and that access to the systems is highly restricted.
We may also have some of your personal information stored off-site in a data centre. Our website is also compliant with Cyber Essentials and we regularly review the security protocols in place.
A data breach will be deemed to have occurred whenever an unauthorised party gains access to ours records or systems. Our staff have been trained to recognise a data breach and report them internally. Upon receiving such a report, a thorough investigation will take place. We will assess the severity of the breach and report it to the ICO with 72 hours, including reference to the steps which we will take to prevent future breaches of a similar nature. Where the breach may have allowed the unauthorised third party to gain access to personal information relating to our customers, we will notify affected customers and explain what data may have been accessed and what steps they may need to take (e.g. resetting passwords).
Who should you talk to if you have further questions?
Telephone: +44 (0)1252 400270
Address: FAO: Data Protection Officer, Pierre Cardin – The Pen Warehouse 2-4 Mount Pleasant Road, Aldershot Hampshire GU12 4NL