Grey Mouse Online (The Company)
The company is the ‘Data Controller’ for the purposes of data protection law.
The company’s Data Protection Officers details are provided at the end of this policy.
We aim to communicate in a clear and concise language that is understandable to our likely audience and age group. If there is anything that you feel is unclear or you do not fully understand, please contact us for more information at the contact details given at the end of this policy.
We only collect the minimum personal information that is needed to provide our services, and to avoid contact or transactions with age groups outside of our intended customer base.
Any details inadvertently received from age groups outside of our intended market will not be held by us for any longer than is reasonably necessary to erase the data.
This information may include:
• Age group
• E-mail address
• Telephone number
• Payment details
We collect and hold personal information provided by you through our online forms, from emails you respond to which we may send (which you have consented to or is within our legitimate interest as an existing customer), from pages that you visit on our website(s) or from general communications you make with us.
We collect third party (suppliers and service providers) information when we first use their services. We will only collect third party data that is essential to the companies operation and where we are legally required to do so.
Any data you provide will be held by us until we no longer legitimately require or use the data. This requirement and use is defined as:
• To complete any commercial or contracted orders we have with you.
• To administer your relationship with us.
• To continue to communicate with you in the future to provide marketing
material and future offers that we feel may be of interest to you.
• Or until you withdraw your consent.
When we no longer use or have a legitimate requirement for your data, or you withdraw your consent, we will erase all your data from our records and you will receive no further contact from us. All electronic data will be purged from our file storage system and any paper data will be shredded. This will be completed as soon as reasonably possible, but within 90 days as a maximum, except where we are legally required to hold the data for longer.
Data relating to commercial transactions, such as a purchase from us, are required by law to be kept by us for 6 years.
Where practical we will store your data in a commonly used machine readable format, which is access code protected.
We will not sell, barter or rent your data.
Except in the provision of a commercial transaction you have entered into with us, we will not share your data unless compelled to by law.
When fulfilling a commercial transaction with you, we will only share the minimum amount of personal data necessary to complete the transaction, with any third parties.
How your personal information is used
• To provide and personalise our services and website.
• To provide support and respond to your enquiries and enact your requests.
• To administer your orders and accounts.
• To provide you with information about products, services and offers.
• To understand your interests to improve and provide the most relevant
content to you.
• To monitor our business performance and the quality of our services.
• To comply with any lawful statutory duties placed upon us.
We will only collect and use your information when the law allows us to.
We use two legal basis to collect, store and process your data:
• We use consent as the GDPR legal basis when you have used a form to
‘opt-in’ but do not complete a commercial transaction. (Make a purchase for
• We also use legitimate interest as the GDPR legal basis when you have
completed a commercial transaction with us (Made a purchase or taken out
a subscription for example), or communicated with us in general showing
an interest in our company or requesting information.
At any time if you would like to ‘opt-out’ or withdraw previously given consent, you can do so by contacting the Data Protection Officer at the contact details given at the end of this policy. Our marketing emails also contain unsubscribe links where practical.
Cookies and Analytics
Our website and electronic communications may include links to third parties which are used to help us process your data, but only for the purposes identified within this policy. We are not responsible for the privacy policies and practices of any third party to whom we work with, but we do use reasonable endeavours to ensure that any third parties we use are also GDPR compliant.
You have the following rights:
• To be informed.
• To request a copy of the personal data we hold about you, free of charge.
(Subject Access Request)
• To have any errors in your data rectified.
• To portability of the data you provided or consented to be processed.
• Not to be subject to automated decision making and profiling.
• To object and/or restrict processing of your data.
• To withdraw your consent.
• To the right to be forgotten. (Erasure of your data)
• To complain to the lead Data Protection Supervisory Authority if you believe
we have misused or mishandled your data.
You can find out what (if any) personal information we hold about you, and how we use it, by making a ‘Subject Access Request’ to the Data Protection Officer at the contact details given at the end of this policy.
When requested, except where there is a lawful reason to withhold the information, we will:
• Explain where we got your data from, if not from you.
• Tell you who your data has been, or will be, shared with.
• Let you know if we are using your data to make any automated decisions.
(decisions being taken by a computer or machine, rather than by a person)
• Give you a copy of your personal data.
International Information Transfers
We only work with third parties that we can reasonably trust to process data outside the European Economic Area. We keep shared data to the minimum necessary and review the privacy policies of those third parties with which we work.
We operate and may work with third parties outside of the European state. Our registered office and administration centre is based in the UK and the lead Data Protection Supervisory Authority in the UK is the Information Commissioners Office (ICO).
We will take any complaints about how we collect and use your personal data very seriously, please let us know if you think we have done something wrong.
You can make a complaint at any time by contacting our Data Protection Officer at the contact details given at the end of this policy.
You can also complain to the Information Commissioner’s Office in one of the following ways:
Report a concern -
online at https://ico.org.uk/concerns/
Tel: +44(0)303 123 1113
Or write to:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK
If you have any requests concerning your personal information or any queries with regard to these practices, please contact the Data Protection Officer (DPO), via our email: firstname.lastname@example.org