Privacy Policy - Surrati 

1. Introduction and Data Controller

This Privacy Policy describes how Surrati Since 1929 ("we", "us", or "our"), operating from the United Kingdom (UK), collects, uses, and protects your personal data when you use our website, surratisince1929.co.uk.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For the purpose of the UK GDPR, the Data Controller is Surrati Since 1929, based in the UK.

2. The Data We Collect About You

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

• Identity Data: Includes first name, last name, username or similar identifier, marital status, title, date of birth, and gender.
• Contact Data: Includes billing address, shipping address, email address, and telephone numbers.
• Financial Data: Includes payment card details (note: these are often processed directly by a third-party payment processor and not stored by us).
• Transaction Data: Includes details about payments to and from you and other details of products and services you have purchased from us.
• Technical Data: Includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
• Usage Data: Includes information about how you use our website, products, and services.
• Marketing and Communications Data: Includes your preferences in receiving marketing from us and our third parties and your communication preferences.

3. How Your Personal Data is Collected

We use different methods to collect data from and about you, including through:

• Direct Interactions: You may give us your Identity, Contact, and Financial Data by filling in forms or by corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when you: purchase our products or services; create an account; subscribe to our service or publications; or give us feedback.
• Automated Technologies or Interactions: As you interact with our website, we will automatically collect Technical Data and Usage Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies.
• Third Parties or Publicly Available Sources: We may receive personal data about you from various third parties, such as payment providers, analytics providers (like Google), and advertising networks.

4. Legal Basis for Processing (UK GDPR)

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Contract: Where we need to perform the contract we are about to enter into or have entered into with you (e.g., to process your order).
• Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (e.g., fraud prevention, improving our services).
• Legal Obligation: Where we need to comply with a legal or regulatory obligation (e.g., tax or accounting laws).
• Consent: Where you have given your explicit consent to us processing your personal data for a specific purpose (e.g., sending you marketing emails). You have the right to withdraw consent at any time.

5. Your Legal Rights (UK GDPR Rights)

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include:

• The right to access your personal data (commonly known as a "data subject access request").
• The right to rectification of your personal data if it is inaccurate or incomplete.
• The right to erasure of your personal data (the "right to be forgotten").
• The right to object to processing of your personal data.
• The right to restrict processing of your personal data.
• The right to data portability (to transfer your personal data to another party).
• The right to withdraw consent at any time where we are relying on consent to process your personal data.

If you wish to exercise any of the rights set out above, please contact us using the details provided below.

6. Data Security and Retention

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed.

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

7. Complaints and Contact Information

Right to Complain to the ICO (UK Regulator)

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

Contact Details