Daniel Sandler Limited (“DSL” or “we”) are committed to protecting and respecting your privacy.
For the purpose of the Data Protection Act 1998 (the Act), the data controller is Daniel Sandler Ltd, registered office: Office 7, 35/37 Ludgate Hill, London, EC4M 7JN.
We are committed to safeguarding the privacy of our website visitors and customers; in this policy we explain how we will handle your personal data.
How we use your personal data
In this Section we have set out:
- the general categories of personal data that we may process;
- in the case of personal data that we did not obtain directly from you, the source and specific categories of that data;
- the purposes for which we may process personal data; and
- the legal bases of the processing.
We may process data about your use of our website and services ("usage data"). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.
We may process your account data ("account data"). The account data may include your name and email address. The source of the account data is you. The account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.
We may process information that you post for publication on our website or through our services ("publication data"). The publication data may be processed for the purposes of enabling such publication and administering our website and services. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.
We may process information contained in any enquiry you submit to us regarding goods and/or services ("enquiry data"). The enquiry data may be processed for the purposes of offering, marketing and selling relevant goods and/or services to you. The legal basis for this processing is consent.
We may process information relating to our customer relationships, including customer contact information ("customer relationship data"). The customer relationship data may include your name, your contact details, and information contained in communications between us and you. The source of the customer relationship data is you. The customer relationship data may be processed for the purposes of managing our relationships with customers, communicating with customers, keeping records of those communications and promoting our products and services to customers. The legal basis for this processing is our legitimate interests, namely the proper management of our customer relationships.
We may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our website ("transaction data"). The transaction data may include your contact details, your card details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely the proper administration of our website and business.
We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters ("notification data"). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent.
We may process information contained in or relating to any communication that you send to us ("correspondence data"). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is the proper administration of our website and business and communications with users.
We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
In addition to the specific purposes for which we may process your personal data set out in this Section, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Providing your personal data to others
We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Financial transactions relating to our website and services are handled by our payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
In addition to the specific disclosures of personal data set out in this Section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
We may update this policy from time to time by publishing a new version on our website.
You should check this page occasionally to ensure you are happy with any changes to this policy.
We will notify you of significant changes to this policy by email.
In this Section, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under data protection law are:
- the right to access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- the right to complain to a supervisory authority; and
- the right to withdraw consent.
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. You can access your personal data by visiting https://www.danielsandler.com/account when logged into our website.
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To the extent that the legal basis for our processing of your personal data is:
that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract,
and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
You may exercise any of your rights in relation to your personal data by written notice to us in addition to the other methods specified in this Section.
Third party websites
Our website includes hyperlinks to, and details of, third party websites.
We have no control over, and are not responsible for, the privacy policies and practices of third parties.
Personal data of children
Our website and services are targeted at persons over the age of 18.
If we have reason to believe that we hold personal data of a person under that age in our databases, we will delete that personal data.
Please let us know if the personal information that we hold about you needs to be corrected or updated.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Cookies that we use
For a full list of the cookies that we use, and to change your consent, please click here.
Cookies used by our service providers
To view the cookies we use, and to change your consent, please click here.
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
https://support.apple.com/kb/PH21411 (Safari); and
Blocking all cookies will have a negative impact upon the usability of many websites.
If you block cookies, you will not be able to use all the features on our website.
This website is owned and operated by Daniel Sandler Ltd.
We are registered in England and Wales under registration number 05350055, and our registered office is at Office 7, 35-37 Ludgate Hill, London, EC4M 7JN, United Kingdom.
You can contact us by email, using firstname.lastname@example.org
Accountability: LimeSpot shall require that its Store-based Clients, as part of its engagement therewith, provide the means for Shoppers to inquire from LimeSpot, through the Store-based Clients, regarding their personal data, and to withdraw consent (including by deleting all identifying personal information), or to inquire from LimeSpot or its Data Protection Officer (“DPO”);
Security: LimeSpot shall provide a secure means in which to store data, as well as to transfer data to LimeSpot via the Products from the Store-based Client; and
Breaches: LimeSpot shall notify the applicable Store-based Client in the event of any breach of security or other unauthorized processing of any of their Shoppers' information.
Our Relationship to Our Clients and Their Shoppers
LimeSpot provides its Services to help its approved and contracted store-based clients (hereinafter “Store-based Clients”) to achieve the Purposes, as defined above. LimeSpot, at the written direction and authorization of our Store-based Clients, may obtain certain information regarding Shoppers as they use and provide information to our Store-based Clients. No matter who provides us with personal information, however, our commitment to privacy remains strong.
How We Collect Shopper Information
The Types of Information We May Collect
We collect two types of information. Both types of information are required to provide the LimeSpot Purposes that are offered via a LimeSpot-enabled Store-based Client’s eCommerce platform, or through related channels (e.g. Emails, Messages, Advertising, etc.).
The first type of information is Personally Identifying Information (“PII”). The other type of information is Non-Personally Identifying Information (“NPII”).
PII includes information that is uniquely associated with an identifiable Shopper, or that identifies a Shopper, and may specifically include age, gender, location, email address, phone number, and, in some cases, IP address.
NPII may include information that is collected directly from a Shopper, during a Shopper’s interaction with the site, or from information provided to a third-party, and which does not identify, or is not uniquely associated with, an identifiable Shopper. NPII includes, but is not limited to, a Store-based Client's name and location, Store-based Client product and collections information, non-identifying order information, Store-based Client CRM/Loyalty programs, age range, association with a geographical or network area, Shoppers’ general interests as indicated by their interaction with an e-Commerce Platform (such as selections thereon), Shoppers’ shopping behavior, and Shoppers’ choices within LimeSpot enabled e-Commerce Platforms. NPII may also include information that is non-personally identifying but was generated from PII, such as by aggregation with other PII or anonymization.
How We Use and Disclose Information
Performance of Services. We may use Shoppers' PII and NPII to fulfil the Purposes. We may also use Shoppers’ NPII in connection with other services and features we provide to third-parties or other Store-based Clients. This includes by assessing information relating to, and historical patterns associated with, Shoppers, and/or profiles or categories of classes of Shoppers, such as by observing shopping choices and activities of Shoppers (or Shoppers fitting characteristics relating to such profiles or categories, but not necessarily any information relating to an identifiable Shopper). We may also process Shoppers’ data in association or combination with information relating to that Shopper, or information relating to Shoppers belonging to the same profile or category, from other Store-based Clients. We will also use this information to improve the quality of our Products and Services.
Performance of Services Associated With Third-Party Platforms:
a) Advertising Customization: In order to provide personalized advertising on Third-Party Platforms, LimeSpot pushes certain NPII information relating to a Shopper (e.g. non-personally identifying shopping preferences profile information) to such Third-Party Platform which then selectively provides advertising. Except as provided below, none of a Shopper’s PII or NPII information is provided to LimeSpot from any Third-Party Platform.
b) Authentication: In some cases, LimeSpot uses authentication services provided by Third-Party Services to authenticate a Shopper with their LimeSpot data.
Investigations and Protection. LimeSpot may release Shopper information: when we believe it is appropriate or required in order to comply with the law; to investigate, prevent, or take action regarding illegal activities; to detect or investigate suspected fraud; in situations involving potential threats to the physical safety of any person or other similar exigent circumstances; to prevent violations of LimeSpot’s Customer Terms of Service, or to enforce the provisions thereof; to comply with any other agreement that we may have entered into with you; or to protect the rights, property or safety of LimeSpot and others. This may include exchanging information with other companies and organizations for fraud prevention and credit risk reduction. LimeSpot may cooperate with and disclose information to any authority, government official or third-party, without giving any notice, in connection with any investigation, proceeding or claim arising from an asserted illegal action or infringement.
Third-Party Service Providers. LimeSpot may employ or engage other companies to perform tasks on our behalf and may need to share some of your information with them to provide products and services to you. Examples of this may include data storage and analysis. These third-parties have access to information needed to perform their functions but may not use it for any other purpose.
Granting us this permission not only allows us to provide our Products and Services as they exist today, but also allows us to provide innovative features, products, software and services we may develop in the future that use the information we receive about Shoppers in new ways.
LimeSpot owns the databases and all rights to our applications and software. While Store-based Clients and Shoppers allow us to process the information we receive, such Store-based Clients and Shoppers using LimeSpot enabled stores always own all of their own personally identifiable information.
How We Keep Your Information Secure
The security of Shopper information is important to us. We implement reasonable security measures to protect the security of your information both online and offline, and we are committed to the protection of Shopper information. Only those individuals at LimeSpot that have an obligation to maintain confidentiality may access Shopper PII.
When we handle Shopper information on the Internet we encrypt the transmission of that information using secure socket layer technology (“SSL”). Shopper information is pseudonymized and rendered as NPII. LimeSpot has redundant and distributed systems, and other system measures, that provide for ongoing confidentiality, integrity, availability and resilience. Our systems are routinely tested or assessed for their measures to ensure the security of Shopper Data.
However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect Shopper information, we cannot guarantee that unauthorized access, hacking, data loss or other breaches will never occur.
We will notify the Store-based Client, who is ultimately the data controller, from whom we obtain information in the event of an unauthorized access or disclosure of such information. We will take reasonable administrative steps, by making it a condition of our terms of services with them, to ensure that such Store-based Client take steps to inform the affected Shopper to the extent that it is required under applicable law.
If you have any questions about how we strive to keep information secure, you can contact us at email@example.com.
Storage and Transfer of Your Information
We may transfer, store and process Shoppers’ information, both PII and NPII, to or on computers located in the United States, Europe, or Canada. Accordingly, such information may be subject to the laws of these relevant jurisdictions.
LimeSpot's technical infrastructure relies on data centers and cloud service providers that are located outside Europe on Microsoft's Azure platform. Microsoft became the first global cloud service provider to appear on the Department of Commerce’s list of Privacy Shield certified entities as of August 12th 2016. The European Commission adopted the EU-US Privacy Shield Framework on July 12th 2016, replacing the International Safe Harbor Privacy Principles as the mechanism for allowing companies in the EU and the US to transfer personal data across the Atlantic in a manner compliant with the EU data protection requirements, as stated on PrivacyShield.gov. See also https://azure.microsoft.com/en-us/blog/microsoft-cloud-is-first-csp-behind-the-privacy-shield.
Canada has been recognized as ensuring an adequate level of protection for personal data. See https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
There is no fixed period for storage of Shoppers’ PII. We will remove Shoppers’ PII upon any of the following:
A request from the Shopper via our Shopper Rights Access Portal (see below);
A request from the applicable Store-based Client from which the Shopper, whose data is being deleted, was obtained, or such Shopper notifies LimeSpot in writing that their consent has been withdrawn;
An objection from a Shopper, via a Shopper or an applicable Store-based Client, is received by LimeSpot in writing relating to the processing of any Shopper PII;
If LimeSpot learns that any PII has been collected unlawfully;
A request from any supervisory authority or legal authority (e.g. police, third-party having an applicable court order) having sufficient legal authorization or LimeSpot being made aware that PII should be deleted to ensure compliance with an applicable legal obligation.
There storage period for any NPII that does not relate to, or uniquely identify, a Shopper is indefinite.
LimeSpot supports Shoppers’ rights in the following ways:
Accountability and DPO. While LimeSpot is not a controller of Shopper data, LimeSpot nevertheless encourages Shoppers to contact the LimeSpot DPO (firstname.lastname@example.org) for issues relating to Shopper information that is collected or processed by LimeSpot via a Store-based Client (although LimeSpot reserves the right to take no action, and/or to forward Shopper’s concerns to the applicable Store-based Client, in cases where the issue relates to Shopper data collected or processed by the Store-based Client). Furthermore, the Shopper has the right to lodge a complaint about LimeSpot’s data protection with an applicable supervisory authority with jurisdiction to receive such a complaint. We note that for European Shoppers, there is no requirement for LimeSpot to have a European representative (as LimeSpot is not a controller); however, the applicable Store-based Client may, if applicable law requires such a representative, may be contacted regarding the processing of any data relating to a European person, if that requirement applies to such Store-based Client.
Access, Rectification, and Deletion. LimeSpot provides the Shopper Rights Access Portal, via its Store-based Clients, or directly from our Privacy Tool, which is an automated tool for viewing the PII and NPII that LimeSpot may have in data storage. The Shopper Rights Access Portal further allows any Shopper to delete all PII in LimeSpot storage upon request. See our Privacy Tool If any information is incorrect or is incomplete, please direct any requests for rectification to email@example.com after which they shall be addressed as is practicable.
Breaches. LimeSpot shall notify the Store-based Client that collected the information in the event of any breach or unauthorized access to Shoppers’ PII of the following information: the existence and nature of such breach, our DPO, possible or likely consequences, and measures taken to address or, where possible, mitigate the breach. Our standard terms with our Store-based Clients require them to comply with this requirement, where required by applicable law.
Questions and Concerns