We collect information about you (such as your name, email address, phone number shipping address, card details, order details) when you:
We store your information in the following places:
We collect your personal information to help Chewsy UK better understand you and to enable us to personalize your experience with Chewsy UK, including offers, promotions, and services to meet your needs.
We use your information to:
We never share your information with 3rd party companies for their own use.
This specification describes the responsibilities and rights of Chewsy UK Ltd, the Data Controller, and Codestorm Limited, the Data Processor.
The Data Controller and the Data Processor have entered into a contract for the Data Processor to carry out data processing on behalf of the Data Controller. This specification sets out the responsibilities of the parties to the contract in respect of the data processing that is to be carried out. The Data Controller has determined that the purpose of the processing is to:
1. Collate and API or upload orders into an encrypted order management system that is generated by the Data Controller to a mailing list of Data Subjects provided by the Data Controller. The Data Processor will carry out some or all the following services: –
a. Upload data file to the encrypted order management system
b. Process orders in a secured working environment
c. Ensure data is deleted within agreed timescales as disclosed by the data controller
And is to be carried out during the period of 2019
The type of personal data to be processed is restricted to the name and postal address of data subjects. All extraneous personal data provided by the Data Controller to the Data Processor must be extracted from the data being processed by the Data Processor.
The Data Processor must: –
1. Only act upon written instructions provided by the Data Controller.
2. Ensure that anyone processing the data is subject to a duty to maintain the confidentiality of the data.
3. Ensure that the data is processed in accordance with its certified ISO27001 Information Security Management System.
4. Obtain the prior consent of the Data Controller to use a subcontractor to process the data
5. Where consent is given to using a subcontractor ensure that a written contract is in place before processing commences.
6. Assist the Data Controller to provide Data Subject access and allow them to exercise their rights under the GDPR (General Data Protection Regulations).
7. Assist the Data Controller to meet its GDPR obligations in relation to
a. the security of processing
b. the notification of personal data breaches
c. completion of data protection impact assessment
8. Return all personal data to the Data controller and delete the personal data from its systems 365 days after complete use or when requested by the Data Controller.
9. Submit to audits and inspections, provide the Data Controller with whatever information it needs to ensure that they are both meeting their Article 28 obligations and tell the Data Controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state.
10. Co-operate with supervisory authorities such as the ICO.
If you want to get in touch with us with regards to your personal details then please contact us at firstname.lastname@example.org.