GPRD Compliance for EU Citizens
The European General Data Protection Regulation is designed to allow citizens and residents of the EU more control over their personal data.
What follows is our Privacy Notice which explains in clear terms how we manage your information.
Your Personal Data:
What We Need
Retr8bit is the Data Controller of the personal data you provide to us when you place an order or request to join our mailing list. This will include name, address, email, phone number etc and is provided directly from you or indirectly via Paypal.
Why We Need Your Data.
Our lawful bases for collecting your data are contract (fulfilling your order and shipping it to you) legitimate interest (we must maintain records of transactions and inventory for EU Tax Regulations and to facilitate the operation of our business) and consent (you may have directly consented to joining our newsletter.) We treat your order as a contract. We require select personal data to fulfil and ship your order.
We need to know your basic personal data in order to deliver the items you order and communicate with you should any problems arise.
We will not collect any personal data from you that we do not need in order to provide and oversee this service to you.
By default, you will not receive additional email contact from us unless you have directly consented to subscribe to this service.
Retr8bit has no newsletter service. Any notice sent as such should be treated as false and/or fake use of our brand. Please report any of these such events using the Contact form.
How Your Information is Processed
All the personal data we collect is processed in the UK however for the purposes of IT hosting and maintenance this information may be located outside of the European Union.
We have a Data Protection regime in place to oversee the effective and secure processing of your personal data.
Your payment information is securely encrypted by PayPal and your Card Provider / Bank. Retr8bit does not receive your Payment details at any time. We receive only confirmation of a payment’s success.
Duration of Information
If you place an order we will keep your basic personal data (name, address, contact details) indefinitely – for a minimum of seven years after which time it may be destroyed. Your information is encrypted and / or archived securely. EU Law requires the management of such records for tax purposes.
- If you contact us but without placing an order we will keep a record of that contact thus :
Information provided when creating an account on our website (including a name, email address and/or postal address): 7 years after creation if account is unused, otherwise indefinitely.
- Information provided for subscribing to email notifications (including a name and email address): Indefinitely or until you choose to ‘unsubscribe.’
- Information posted to our website for publication on the internet (for example product reviews): indefinitely or until requested to delete.
- Information sent through the website Contact Us function OR emailed to any Retr8bit email address: 2 years following contact.
- Any other personal information chosen to be sent e.g. letter post or hand-delivered notes: 2 years following contact.
What we would also like to do with it
We perform no other processing of your data other than required to fulfil your order or maintain our list of subscribers to our newsletter. Your data will not be passed on to a third party.
We collect data on how many times you have ordered, which, if you have also consented to receive marketing emails, we use to reward repeat customers with Store Credit as part of our Loyalty scheme.
What are your rights?
If at any point you believe the information we process on you is incorrect you can request to:
• See this information
• Correct this Information
• Delete this Information
By emailing firstname.lastname@example.org
If you wish to raise a complaint on how we have handled your personal data, you can contact us to investigate at email@example.com
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).
Right to Refuse Service
We retain the right to refuse service in instances of attempted fraud or where a high risk of fraud is detected. We have a zero tolerance policy towards abuse of our staff; instances of abuse may result in a permanent refusal of service.