Protecting your Personal Data
Last updated: 4th May 2018
For the purpose of the Data Protection Act 1998 and, from 25th May 2018, the General Data Protection Regulation (together being the “Data Protection Laws”), the data controller is Nima Print & Design Services Ltd.
1. Collecting Information
1.1 We may collect Personal Data about you from a number of sources, including the following:
1.1.1 From you when you purchase a service or product from us, which will usually involve creating a Nima Print account. We will collect your full name, email address, telephone number, company name, billing and delivery details and you will be asked to provide a password.
1.1.2 From you when you contact us with an enquiry or in response to a communication from us, in which case, this may tell us something about how you use our services.
1.1.3 From documents that are available to the public, such as the electoral register.
1.2 With regard to each of your visits to our site we will automatically collect the following information:
1.2.1 Technical device information, including the device used to access our site (i.e. desktop, mobile or tablet);
1.2.2 Information about your visit, including products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, whether our template designs have been downloaded and whether you have subscribed to our blog and/or mailing lists.
1.3 We do not anticipate collecting ‘sensitive personal data’ from you, within the meaning of the Data Protection Act 1998 (or a ‘special category of personal data’ within the meaning of the General Data Protection Regulation). For example, information about your health or ethnic origin. However, in the event that we wish to do so, you will be asked to expressly consent to the collection and processing of this Personal Data and are under no obligation to provide such consent.
2. Using Your Personal Information
2.1 The Personal Data of our customers is an important part of our business and we shall only use your Personal Data for the following purposes and shall not keep such Personal Data longer than is necessary to fulfil these purposes:
2.1.1 To help us to identify you when you contact us.
2.1.2 To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us.
2.1.2 To help us to administer and to contact you about improved administration of any accounts, services and products we have provided before, do provide now or will or may provide in the future.
2.1.3 To allow us to carry out marketing analysis and conduct research (including creating statistical and testing information). We will not, however, use your Personal Data for automated profiling without your express consent.
2.1.5 To allow us to contact you (including mail, email, telephone, visit, text or multimedia messages) about products and services offered by us that are similar to those that we have already provided to you or that we have a legitimate interest to contact you about, unless you have asked us not to do so. We will only allow selected partners to contact you where you have provided your express consent. You can normally do this by ticking a box on an application form or contract. You may change your mind at any time by contacting us using the details set out in clause 6.1.
2.1.6 We may check your details with fraud prevention agencies, as further set out in clause 2.4 below.
2.1.7 To notify you about changes to our service.
2.1.8 To ensure that content from the Website is presented in the most effective manner for you and for your computer.
2.1.9 To administer the Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
2.1.10 To improve the Website to ensure that content is presented in the most effective manner for you and for your computer.
2.1.11 As part of our efforts to keep the Website safe and secure.
2.3 We may allow other people and organisations to use Personal Data we hold about you in the following circumstances:
2.3.1 Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
2.3.2 If we, or substantially all of our assets, are acquired or are in the process of being acquired by a third party, in which case Personal Data held by us, about our customers, will be one of the transferred assets.
2.3.3 If we have been legitimately asked to provide information for legal or regulatory purposes or as part of legal proceedings or prospective legal proceedings.
2.4 In connection with any transaction which we enter into with you:
2.4.1 We, and other companies in our group, may from time to time carry out credit and fraud prevention checks with one or more licensed credit reference and fraud prevention agencies. We and they may keep a record of the search. Information held about you by these agencies may be linked to records relating to other people living at the same address with whom you are financially linked. These records will also be taken into account in credit and fraud prevention checks. Information from your application and payment details of your account will be recorded with one or more of these agencies for this purpose.
2.4.2 If you provide false or inaccurate information to us and we suspect fraud, we will record this and may share it with other people and organisations. We, and other credit and insurance organisations, may also use technology to detect and prevent fraud.
2.4.3 If you require further details of the credit agencies and fraud prevention agencies we engage from time to time, please write to our Data Protection Officer using the contact details set out in clause 6.1.
3. Protecting Information
3.1 In accordance with the Data Protection Laws, we adopt strict security measures to protect your Personal Data.
3.2 All Personal Data you provide to us is stored on our secure servers in the European Economic Area. We will not transfer your Personal Data outside the European Economic Area without your express consent.
3.3 We reveal only the last five digits of your credit card numbers when confirming an order. Of course, we do however transmit the entire credit card number to the appropriate credit card company during order processing.
3.4 We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of Personal Data. Our security procedures mean that we may occasionally request proof of identity before we disclose Personal Data to you.
3.5 It is important for you to protect against unauthorised access to your password and to your computer. Be sure to sign off when you finish using a shared computer. If you have any reason to believe that your password may have been accessed by a third party, please contact us as soon as possible and we will take steps to reset that password.
3.6 We will retain your Personal Data for so long as we reasonable require the processing of it. Your Personal Data will then be deleted. This will usually be for a period of seven years or, if you have been inactive on the Website for a period of time, we may delete your Personal Data sooner at our discretion.
4. The Internet and Cookies
4.1 As stated above, we may occasionally email you about our services and products. We will, however, give you the opportunity to opt-out of that communication in each email. You can also always contact us using the details set out in clause 6.1.
4.2 Please remember that communications over the Internet, such as emails and webmails (messages sent through a website), are not secure unless they have been encrypted. Your communications may go through a number of countries before they are delivered – this is the nature of the Internet. We cannot accept responsibility for any unauthorised access or loss of Personal Data that is beyond our reasonable control.
4.3 We may from time to time use ‘cookies’ on the Website to monitor how people use the Website. This helps us to understand how our customers and potential customers use the Website so we can develop and improve the design, layout and function of the sites. A cookie is a piece of information that is stored on your computer’s hard drive through your browser, to recognise your browser and which records how you have used a website. This means that when you go back to that website, it can give you tailored options based on the information it has stored about your last visit.
4.5 The cookies that we currently use on the Website are as follows:
This cookie is used by Wordfence to verify you as a human user, for added security. Expires after 24 hours.
Contains information about your general geographic location. These are known as session cookies and are deleted when you leave the site.
Provided by StatCounter.com, when it is first set, a random id is generated and stored in the cookie in order to avoid counting you as a visitor more than once (e.g. if you are on a mobile device and your IP address changes while you browse). Similarly to the is_unique cookie, this cookie also stores a count of your returning visits. Duration: 2 years. For more information about this cookie, please visit https://statcounter.com/about/cookies/
The PHPSESSID cookie is native to PHP and enables websites to store serialised state data. On the Action website it is used to establish a user session and to pass state data via a temporary cookie, which is commonly referred to as a session cookie. As the PHPSESSID cookie has no timed expiry, it disappears when the client is closed.
nimaprint.co.uk Shopping Cart
Contain information about the cart as a whole and helps WooCommerce know when the cart data changes. It expires at the end of your session.
Contains a unique code for each customer so that it knows where to find the cart data in the database for each customer. No personal information is stored within these cookies. Expires after 48 hours.
nimaprint.co.uk Web-2-print editing/ordering portal, provided by Red Tie Limited (http://netprintmanager.com/public/index.asp?purl=demo)
Temporary session cookie not stored once the browser is closed. Set by the load balancers to ensure future requests return to the same server, contains a small token (eg. srv-101) we don’t use this for any tracking, or link to any identifiers.
Persistent cookie (~120 days) storing the most recently used webstore default language as the content (eg. English) in case it’s not available elsewhere, typically when a session has been logged out or tries to resume an expired session. We don’t use this for any tracking, or link to any identifiers.
Persistent cookie (~24 hours) storing the most recently used webstore catalogue as the content in case it’s not available elsewhere. We don’t use this for any tracking, or link to any identifiers.
Temporary session cookie set by the website script engine, drives Session functionality allowing us to securely persist actions across pages, verify you’re logged in etc. Cookie is based around a pair of long random tokens, doesn’t expose any sensitive data but does enable us to securely link data to it in backend server code. We don’t use this for tracking directly (again only lasts as long as the browser stays open) but it does enable us to associate your actions in the browser to your account, eg. selecting products.
(More information on Session State cookies https://msdn.microsoft.com/en-us/library/ms178581.aspx)
5.1 The Website may include third-party advertising and links to other websites. We do not provide any Personal Data to these advertisers or third-party websites.
5.3 We exclude all liability for loss that you may incur when using these third party websites.
6. Further Information
6.4 We aim to keep the Personal Data we hold about you accurate and up to date. If you tell us that we are holding any inaccurate Personal Data about you, we will delete it or correct it promptly.
6.5 Please note that we may monitor and record communications with you (including phone conversations and emails) for quality assurance and compliance. You will be advised at the start of your phone conversations with us whether any recording is taking place and whether you are comfortable proceeding on that basis. If not, we will contact you by other means.
7. Your Rights
7.1 The Data Protection Laws give you the right to access information held about you. Your right of access can be exercised in accordance with the Act. An access request may be subject to an administrative fee to meet our costs in providing you with details of the information we hold about you. You additionally have the right to ask for your Personal Data to be deleted or to be moved to another provider. These are sometimes referred to the ‘Right to Erasure’ and the ‘Right to Data Portability’.
7.2 Please contact us using the details set out in clause 6.1 if you wish to exercise any of those rights and we will be happy to assist.
7.3 You also have the right to make a complaint to the Information Commissioner’s Office (or, from 25th May 2018, the Data Protection Authority) if you are unhappy about how we have dealt with your Personal Data. You can find the Information Commissioner’s Office’s website at https://ico.org.uk/