Who we are
Purpose of The Policy
Please note that this Policy applies in conjunction with other policies and procedures. It does not establish contractual or legal rights for any persons but intends to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the ‘General Data Protection Regulation’ or ‘GDPR’).
Who Controls Your Personal Data
www.360castles.com is the controller of the personal data you submit to us and is responsible for the processing of your personal data under the applicable data protection legislation. Our registered address is Waterfield, Tillybirloch, Inverurie, Aberdeenshire. AB51 7PS
How We Collect & Process Your Personal Data
3.1 Personal Data We Collect About You
Because data privacy is of high importance for us, we intend to remain open and transparent about how we use your personal data. www.360castles.com will only collect your personal data where necessary for our Services.
Depending on your use of our Services and our websites, we may thus collect, use and disclose (i.e., process) the following types of personal data about you: your contact information, such as a name, surname, address, e-mail address, IP address and telephone number. We may also collect payment, credit and order information.
Although we are technically considered ‘data controllers’, the ultimate control over your personal data remains with you at all times. Provided you give us a proof of your real identity, you have the right to request access to a copy of the personal data we currently maintain about you in a structured, commonly used and machine-readable format and obtain information regarding the processing, including whether we process your personal data for profiling purposes. In case you notice an error in your personal data, you may also request that we rectify the inaccurate personal data or complete your personal data. Following this, we will notify each third party to which we have disclosed your personal data so that they can make sure your personal data is accurate with them too. Where technically feasible, you have the right to request that www.360castles.com transmits your personal data to another company of your choice.
3.2 Legal Grounds for Processing
Under the applicable data protection legislation, personal data may only be collected and processed based on a limited number of legal grounds. At www.360castles.com, we rely on one of the following grounds to process your personal data:
The necessity for the performance of a contract with you (e.g. when you purchase products or subscriptions from us);
The legal obligation to which www.360castles.com is subject (e.g. when we handle your payment details);
Legitimate interests of www.360castles.com (e.g. when we send you marketing e-mails regarding products similar to the ones you already purchased from us);
Your explicit and informed consent (e.g. when you subscribe to our newsletters through your marketing preferences, or if you participate in a contest)
3.3 Purchasing Products Through Our Websites
If you purchase products or subscriptions through our online stores, www.360castles.com will require your personal data to manage your payments, handle your orders, and make sure the products or subscriptions you have bought are delivered to the right address by our external delivery partners.
In order to purchase products or subscriptions through our websites, www.360castles.com will collect personal data such as your name, surname, e-mail address, telephone number, billing and shipping information, and limited payment card information. We process your personal data for the purposes explained above because it is necessary for the performance of the contract with you.
We may also need to process other personal data such as your navigation and browsing behaviour with a view to for example save items in your shopping basket, provide you with relevant product recommendations, or offer you size recommendations. Moreover, processing this personal data allows us to keep track of your purchasing history, for example in case you change your mind following your purchase, or if you need to return a product according to the applicable return policy.
3.4 Marketing E-mail Newsletters
Some of our Customers might be genuinely interested in receiving newsletters about our latest products and Services. However, we understand not everyone feels the same way. Therefore, the processing of your personal data for marketing purposes is based solely on your explicit prior consent, which means we will never send you marketing communication if you don’t want to unless you have already bought products from us.
If you wish to receive newsletters regarding our latest products and Services, you are able to opt into our e-mail newsletters through our websites, in which case we will process your e-mail address.
Once subscribed, you may object at any time to the use of your personal data for profiling by www.360castles.com or any of the third-party recipients we have shared your personal data with, provided that we process your personal data based on our legitimate interests. If we process your personal data for direct marketing purposes, such as sending you newsletters, you have the right to object at any time to the use of your personal data for that purpose by contacting our data protection officer using the contact details below, without any additional cost.
3.5 Information We Collect in Our Stores
When you buy products or subscribe in our stores, we may process personal data such as your name, contact details and limited payment details because this information is necessary for the performance of the contract with you.
If you already have a registered account, we may use information from your previous online and in-store purchases or subscriptions, as this will help us facilitate purchases, process payments, manage product returns and for marketing purposes. In such a case, we process personal data because it is in our legitimate interest to gather insights about our customers who buy our products and subscriptions online.
Since we process your personal data based on our legitimate interests, you have the right to object at any time to the use of your personal data for profiling by www.360castles.com or any of the third-party recipients we have shared your personal data with. You can do so by contacting our data protection officer by using the e-mail address mentioned below this Policy.
3.6 Customer Service
It is in our legitimate interest to make sure technical support, as well as complaints and queries relating to product warranties, are handled quickly and efficiently. In order to do so, we may process details such as your name, contact information, date of birth, gender, bank account number (e.g. for refunds), purchasing history, and browsing activity. Where you contacted our Customer support through social media, we may also process some of your social media account information.
You may also request www.360castles.com access to a copy of the personal data we currently maintain about you in a structured, commonly used and machine-readable format and obtain information regarding the processing, including whether we process your personal data for profiling purposes. In case you notice an error in your personal data, you may request that we rectify the inaccurate personal data or complete your personal data. In such a case, we will notify each third party to which we have disclosed your personal data so that they can make sure your personal data is accurate with them too.
How We Protect Your Personal Data
www.360castles.com is committed to the processing of your personal data in a lawful, fair and transparent manner. Accordingly, we will only use your personal data if we have a valid reason for doing so and provided you have been informed of the processing purposes beforehand, at the time we collected your personal data.
Moreover, www.360castles.com guarantees that any processing of your personal data will be limited to what is necessary, adequate and relevant in order to achieve the purposes for which personal data is collected. Whenever possible and technically feasible, www.360castles.com will use anonymized or pseudonymized data, e.g. for our internal statistics and financial reporting purposes.
Because the protection of your personal data is of the utmost importance to us, www.360castles.com is also dedicated to protecting your personal data and the systems it is held in. We have defined and implemented adequate technical and organisational measures against any unauthorised access, unlawful use, accidental loss, corruption or destruction. This way, www.360castles.com is confident that your personal data will be processed on a strictly ‘need to know basis’, when and where appropriate and necessary.
As we are fully aware threats evolve and diversify and we wish to sustain your trust throughout the years, we regularly review and update our security measures and infrastructure, with a view to mitigate operational risks and maintain our security programs up to the latest industry-accepted standards and best practices.
External Parties with Whom We May Share Your Personal Data
Where relevant and necessary for the purpose of the processing activity, we may occasionally need to disclose your personal data to other appropriate organisations who have a need to know (so-called ‘third party recipients’), based on our legitimate interest.
With the purpose of helping us understand more about your interests and preferences, offer you more relevant advertisements, we may, for example, share your personal data with data analytics companies and advertisers based on our legitimate interest. Additionally, we may share some of your personal data with external parties when you provide us with feedback and review about our products.
We are also required to share some of your personal data with delivery couriers, such as when you order a product online, and with financial institutions in order to verify your payment details, based on the performance of a contract.
Each time your personal data is shared externally, this will be covered by strict data processing agreements, where www.360castles.com remains the data controller and the third parties involved act as data processors. www.360castles.com shall restrict the access and transfer of your personal data to trusted third party recipients who demonstrate an adequate level of data protection. Moreover, these third-party recipients will be required to delete or return all the personal data to www.360castles.com after the end of the provision of Services relating to the processing and delete existing copies, unless the law requires storage of the personal data.
International Transfers of Your Personal Data
How Long We Keep Your Personal Data
As a general rule, www.360castles.com only keeps your personal data for as long as necessary to fulfill the purpose for which we initially collected it. However, because these needs can vary for different data types in the context of different products and subscriptions, actual retention periods can vary significantly. In addition, there are laws and regulations that apply and which set minimum periods for retention of personal data.
www.360castles.com will always ensure you are kept informed of the criteria used to determine the effective retention period as well as the underlying reasons thereof, which will depend on whether we process your personal data in the context of a contractual relationship with you or based on your explicit consent; whether we process the personal data for our own legitimate interest, or whether www.360castles.com is legally obligated to retain the personal data for a specific period or to comply with specific legal obligations.
How We Erase Your Personal Data
Under certain circumstances, and provided you give us a proof of your real identity, you may exercise your right to request the erasure of your personal data and have us inform third-party recipients to whom we provided your personal data of this request. Please be aware that this is only possible to the extent that the personal data is no longer necessary for the initial purpose (i), if the processing was based on your consent and you withdrew it (ii), or where you have already objected to the processing based on our legitimate interest (iii).
Except when we need to keep a copy of your personal data for statistical purposes, to establish, exercise or defend legal claims (e.g. regarding the warranty period applicable to products sold by www.360castles.com or insofar as we are legally required to retain a copy of your personal data, you can rest assured www.360castles.com shall either securely dispose of or permanently anonymize your personal data once we have fulfilled the initial processing purpose and when further retention of your personal data is not necessary anymore.
Your Rights as Data Subjects
For further information or if you wish to exercise one of your above-mentioned rights, please contact our customer services team. We will do our best to reply to your e-mail as soon as possible, and in any case within one month. If fulfilling your request necessitates more time, we will keep you informed of this and come back to you within two additional months. www.360castles.com will charge you nothing for this request unless we have already provided you with the requested information previously or it appears unreasonably difficult for us to retrieve it. In such a case, we will inform you beforehand of the administrative fee.
If you are not satisfied with the way we handled your request, you have the right to request the restriction of our use of your personal data and lodge a complaint with the supervisory authority responsible for the protection of personal data in your country of residence. Although we sincerely hope this won’t be necessary, we have provided the contact details of the relevant data protection authorities below.
The Information Commissioner’s Office
Water Lane, Wycliffe House
Tel: +44 1625 545 745
Forum Personal Data
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you (see above), including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.