The purpose of this statement is to set out how we use personal information we may obtain about you. By registering as a user of the services provided by Infurniti and by using the Infurniti’s web site generally you agree to this use.
- DATA CONTROLLER REGISTRATION
When you register and use this site you will be asked to provide certain information such as your contact details. This information will be collected and processed by Infurniti Home.
We only collect data which is necessary for its purpose for example the information you provide when making an order. Data we collect includes:
- Personal details like name and delivery address when you register an account or place an order;
- Payment information when you place an order (payment information will not be stored. See section 8 for further information on payment security);
- Contact information and preferences when you register your interest in our marketing communication;
- Information about your browser, device and the path you take through our website when you visit.
- HOW WE USE YOUR INFORMATION
We only ever use your personal information for the reason it was collected, either with your consent, to perform a contract with you, or where we have a legitimate interest (where our interests do not override yours) to do so. For example:
- To register you with an account on our website;
- To fulfil an order and to deliver your goods;
- For assessment and analysis (e.g. market, customer and product analysis) to enable us to review, develop and improve the services we offer and to provide you and other customers with relevant information through our marketing programme;
- For the prevention and detection of fraud;
- Where you allow us to do so, we will inform you by email and/or postal mail about products and services that we consider may be of interest to;
- To administer any prize draws or competitions you may enter.
- LEGAL BASIS FOR PROCESSING
Where we’ve collected your data in relation to an account sign up, the information we process will be based on the legitimate interest we have in administering that account to enable you to safely access your order history and the personal details you’ve provided us with.
Where data has been collected in relation to an order, it will be processed by necessity of entering into a contract whereby the payment you provide requires us to fulfil your order request, in which case we will only collect data which is necessary to fulfil and deliver your order.
Where data has been collected in relation to marketing, we rely on your consent. See section 5 for a more detailed explanation of how we process data for marketing.
If you have indicated that you’d like to be contacted for direct marketing purposes we rely solely on your consent. We review consent frequently and seek to refresh consent periodically as we see appropriate. At the time of sign up, you can choose which methods of direct marketing you would like to receive, from either email, and/or postal mail. We will never use other methods of direct marketing without your consent.
Data collected in line with your marketing preferences, like name and address will only be used to personalize your communications, including sending you content which we think is relevant to your location.
We will hold this data for five years following your last interaction with our marketing programme, including opening an email or logging a visit to our website. After this point, we will send you a notification detailing that your information will be removed from our marketing database. The data record will be purged of all personal identifiers apart from email address which must be used to completely suppress the record. The minimised record will be held with associated engagement data for statistical purposes thereafter.
You have the right to withdraw your consent to receive direct mail communications at any time. This may be done by using the unsubscribe link provided in electronic communications, visiting your account preference centre, by sending an email to firstname.lastname@example.org
- WHO WE SHARE YOUR INFORMATION WITH
We will never sell your personal data. We may share information about you to the following, who may use it for the same purposes as set in section 3 of this policy:
- Employees and agents of Infurniti Home to administer any accounts, products and services provided to you by Infurniti Home now or in the future;
- Anyone to whom we transfer or may transfer our rights and duties under our agreement with you, in particular order fulfilment, and payment service providers;
- Data processors, such as our Customer Relationship Management platform, data analytics tools and marketing partners.
We may also share your information if we have a duty to do so or if the law allows us to do so.
We use some aspects of the personal data we collect in an automated decision-making process called ‘profiling’. We use this type of processing to help us understand our customers and to provide them with a better experience within the Infurniti’s environment.
We analyse sets of data to determine common patterns in behaviour which allows us to provide you with a more personalised, individual experience on our website, in our digital advertising and in our electronic marketing communications. For example, if we recognise that you browse several products with a common feature over a period of time, we are able to recommend similar products that you may also be interested in.
You have a right to object to this kind of processing. Further details of your rights can be found in section 10 of this policy.
We do not use automated decision-making techniques that produce a significant or legal effect on you, unless we have a lawful basis for doing so. If this changes in the future, we will not carry out this kind of profiling without first obtaining your consent.
Data security is very important to us and is at the centre of our business culture and practices. We take all reasonable steps to protect your personal details against abuse both in the setup of our technology systems and in our staff procedures.
We process and store data digitally within secured databases and limit which staff have access to the data. Those who have the privilege of handling personal data receive regular data protection training and must abide by a strict code of conduct for data-management.
We cannot guarantee the security of any data you disclose online. You accept the inherent security risks of providing information and dealing online and will not hold us responsible for any breach of security unless this is due to our negligence or wilful default.
In line with our data security strategy, we have robust protocol in place which would be deployed in the unlikely event of a major security breach. The breach management plan primarily endeavours to minimise the impact on our customers. It encompasses notifying the relevant parties, including the Information Commissioner’s Office and the affected customers where necessary.