This policy applies to information we collect when you choose to use this website, and also to personal data which we process further to supplying services/goods to you should you purchase from our retailers using this website and app.
In short however, we aim to collect only the personal information about you that we need for you to use this website. We collect some further information so that we can help the website be useful for more people - such as what people search for. We will never sell your personal data to any one else.
Who we are
This website is owned by Shoal Data Limited and our registered office is at 2 Duck House, Thorney, Langport, Somerset, TA10 0DR (Company No. 11625896). My Mendip ('we' or 'us') are a 'data controller' for the purposes of the Data Protection Act 2018 (the "Act") where we control the purposes for which we process your personal data.
Any questions about our data protection policy or how we handle your personal data may be addressed to [email protected]. (See ‘How to contact us’ below.)
What personal data do we collect?
We collect personal data about you (such as your name, address, email address and contact number), when you make an enquiry, fill out forms on the website (or email, telephone or otherwise contact us), subscribe with us, use social media functions available on our website, or when you purchase products or services from our retailers via our website.
My Mendip never sees, stores, or has access to your full credit/ debit card information. We see only the last four numbers of your card number. We do not see, store, or have access to your CVC or any sensitive information. All credit/ debit card transactions are handled by Stipe. For more information about Stripe uses your data please see https://stripe.com/privacy
Who do we share your personal data with?
We may send information about you to other parties, our retailers, service providers and law enforcement agencies in connection with any investigation to help prevent unlawful activity.
Due to the nature of our business we work with a variety of service providers who act as our processors who store and process your personal data on our instructions. At all time we only provide them with the personal information that they need - such as your name and email address if it is an email being sent. When we work with sub contractors some will have access to your personal informatiob, but this is limited to the smallest possible number, access is revoked when no longer required, and they are required to sign contracts to say that they will not access or use this information for any purposes other than those they are contracted to do for My Mendip. Below is a list of our service providers for your information:
- Mendip businesses registered with My Mendip - to fulfil and process your order;
- Website and app development and hosting companies - who host our website. Our site is hosted using Digital Ocean, Laravel Forge, and CloudFlair;
- Email platforms to distribute emails to customers- we use MailGun to send emails on the website and Gmail as our email provider;
- Business partners that help to promote or deliver My Mendip;
- Sub-contractors who help to improve, promote and extend the reach of My Mendip;
- Delivery companies – so that they can contact you directly regarding your delivery or processing your orders if and when applicable;
- Information Technology platforms that host our site or support our IT development work or where we link our social media or videos;
- Secure servers that host the site and data; Secure payment platforms – so that we can take payment for your order in a secure safe manner (see the information about Stripe above - My Mendip never has access to sensitive card information such as your full card number of CVC);
We would only send your data outside the EEA where we have in place a legal agreement which complies with the Legislation and where you have given your express consent. Currently, all the services we use we have selected in part because of their EEA servers which means all your data stays within the EEA. The data My Mendip exclusively handles never leaves the UK.
How will we use the information about you?
We process information about you so that we can:
- provide the products and/or services to fulfil the contract between you and any retailer;
- identify you and manage any account you hold with us;
- answer any questions you may have about our website and the products and/or services;
- detect and prevent fraud;
- develop, maintain and protect our website;
- customise our website and its content to your particular preferences;
- notify you of any changes to our website or to our services that may affect you;
- improve our services;
- let you know about other products or services that may be of interest to you (see 'Marketing’ section below)
- send our newsletter to you (if requested by you);
- participate in discussion boards, functions on the website;
- enter a competition, promotion or survey.
We use any personal data submitted to us by you to provide you with further information by email about the products and services we offer or our retailers offer which you have requested and/or which may be similar and which we consider could be of interest to you. You can choose to unsubscribe at any point by clicking on the link at the bottom of the emails or removing yourself from notifications or our social medial platforms. We shall not sell your personal data or disclose your data third parties for the purpose of such third party marketing to their products or services to you.
Email marketing campaigns published by us may contain tracking facilities within the actual email. Subscribed activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include: the opening of emails, forwarding of emails, the clicking of links within the email consent, times, dates and frequency of activity (this is by no means a comprehensive list).
Any comments you make on these social media platforms in general must be not offensive, insulting or defamatory. You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.
Lawful basis for processing personal data
We will only process your personal data where we have a legal basis for doing so. There are 6 lawful reasons for processing personal data which are:
- Contractual - the processing is necessary to fulfil a contract we have with you, or because you have asked you to take specific steps before entering into a contract
- Legal Obligation - the processing is necessary for us to comply with the law
- Vital Interests - the processing is necessary for us to protect a person’s life
- Legitimate Interest - the processing is necessary for our legitimate interest and this does not override an individual' s personal data rights and freedoms
- Consent - you have given clear consent for that processing of your personal data
- Public Task - the processing is necessary for us to perform a task in the public interest or for our official functions
Most of the processing we carry out in relation to your personal data is done in order to fulfil our contractual obligations with you but we also have legal obligations to keep and use certain personal data, legitimate interest and consent.
If we are relying on the legitimate business interest basis for lawful processing be assured that we only do this where we have considered carefully the risks to your rights and freedoms (as we are required to do by the GDPR) and we will not process personal data on this basis if we have any doubt that your rights might be adversely affected. We also revisit this assessment regularly and update our procedures according to our findings.
Keeping your data secure
Our staff and associates are bound by obligations of confidentiality and trained in the protection of personal data. We will take all reasonable steps to comply with the Act and use the appropriate technical and organisational measures necessary to safeguard your personal data. We only share your personal data with third parties who are required to comply with the Act.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that is transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How can you contact us?’ below).
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
We store your personal data on secure servers for a period of:
1 years from the date on which you cease to be registered on our website; or until you ask us to destroy it, in each case unless the law requires us to store the data for a longer period.
What rights do you have?
The GDPR provides the following rights for individuals whose personal data is processed:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object to processing
Rights in relation to automated decision making and profiling. We do not carry out automated decision making and profiling)
Right to access – i.e., to request a copy of your information
You can request a copy of your information which we hold (this is known as a subject access request). If you would like a copy of some or all of it, please:
email or write to us (see ‘How can you contact us?’ below);
let us have proof of your identity (a copy of your driving licence or passport); and
let us know what information you want.
Right to correct any mistakes in your information
You can require us to correct any mistakes in your information which we hold free of charge. If you would like to do this, please:
- email or write to us (see ‘How can you contact us?’ below)
- let us have enough information to identify you
- let us know the information that is incorrect and what it should be replaced with.
Right to remove your details from our records or restrict how we use your information
You can ask us to stop contacting you for particular purposes or remove your information completely from our records. There may be a legal reason why we need to keep your personal data and in that circumstance we will destroy your personal data as soon as we are legally entitled to do so. If you would like us to stop contacting you with information about our services, please:
- email or write to us (see ‘How can you contact us?’ below). You can also click on the ‘unsubscribe’ button at the bottom of the email and/or newsletter
- let us know what method of contact you are not happy with if you are unhappy with certain ways of contacting you only (for example, you may be happy for us to contact you by email but not by telephone).
Right to complain
If you have any concerns or complaints about how we use your personal data we hope you will alert us to these directly (see the Contact information below). You are entitled to complain to the Information Commissioners Office (ICO) which is the supervisory authority in the UK. Their contact details and the procedure can be found at www.ico.gov.uk
You can set your browser not to accept cookies and the websites below tell you how to remove cookies from your browser. However, some of our website features may not function as a result.
For further information on cookies generally visit www.aboutcookies.org or www.allaboutcookies.org.
How to contact us