privacy policy
this privacy policy sets out the privacy practices of Torf Corporation Ltd - www.tolpa.co.uk last updated on 16th June 2021.
Thank you for your interest in our online store. The protection of your privacy is very important to us. In this privacy policy, you will find detailed information on the handling of your data. The data controller and administrator of your data is Torf Corporation Ltd, registered office c/o DWF Company Secretarial Services Limited, 1 Scott Place, 2 Hardman Street, Manchester, M3 3AA, United Kingdom, company no. 13299642. e-mail: [email protected].
1. Website
You can visit our website without providing any personal data. Each time the website is accessed the server automatically saves only the so-called server logs, such as the name of the requested file, IP address, date and time of the call, the amount of data transferred and the Internet service provider submitting the query (access data) and documents the page call. We are not able to identify you based on the information provided above.
2. Contact us
If you decide to contact us, you will be asked to provide your personal data. Mandatory fields are marked as such because the data they contain are necessary for us to consider the case in question and to provide you with an answer. Without the data, we will not be able to answer your question. What data is collected results from the forms into which the data is entered. We will delete your data after the expiry of the limitation period for any claims that may arise in connection with the inquiry. The law basis for our processing of your personal data isto implement our legitimate interest, i.e. the need to answer business inquiries of current and potential customers..
3. Collection and processing of data to fulfil the contract and create a customer account
We collect personal data only when you voluntarily provide it to us by placing your order, by contacting us in connection with the performance of the contract (e.g. using the contact form or e-mail) or by creating a customer account. Mandatory fields are marked as such because the data they contain are necessary for us to perform the contract or set up a customer account. Without their provision, it is not possible to complete the order or create a customer account. What data is collected results from the forms into which the data is entered. We use the data provided by you to perform the contract. After the execution of the contract or the deletion of your customer account, the processing of your data will be limited to the minimum necessary. We will delete the data completely after the expiry of the limitation period for any claims that could arise in connection with the conclusion and performance of the contract. Your customer account can be deleted at any time by you. For this purpose, please send a message to our contact address indicated in the section ‘Our contact details and your rights’ or use the appropriate function in your customer account. You also have more limited rights to "be forgotten", i.e. a legal right of erasure - see further at paragraph 7 below. Customers who are under the age of 13 years in the UK require their parents' consent before submitting any personal data to us.
4. Transfer of personal information
We ensure the protection of all personal data concerning you and we do not disclose this information to third parties in cases other than those listed below unless we obtain your consent or disclosure of the data is necessary due to the legal obligation imposed on us. We may disclose the personal data provided to the following categories of entities:
- external entities providing accounting services to the extent that disclosure of data is necessary to provide these services to us;legal advisers to the extent that disclosure of data is necessary to obtain legal advice or protect our rights in court proceedings;
- government administration, justice and law enforcement authorities, if required by law.
In addition, we transfer personal data:
- as part of entrusting data processing – on our behalf, an external service provider provides us with services in the field of hosting and presentation of websites. All data that – as described in this privacy policy – have been collected as part of the use of our website or in the forms provided for this purpose in the online store, are stored on the servers of this service provider. Processing on other servers takes place only to the extent specified in this privacy policy. This service provider is based in a country belonging to the European Economic Area ("EEA") and/or the UK so we export UK personal data between UK and the EEA.
By transferring your personal data, we use the services of entities processing personal data in the UK and the EEA. If it is necessary to use the services of entities outside the UK and EEA, personal data will be transferred to them, provided that appropriate basis for data export regarding international data transfers is followed.
5. Advertising using e-marketing tools
Google AdWords and Remarketing
With the help of Google Adwords, we promote our website in search results and on third-party websites. For this purpose, when visiting our website, in each visitor's device, there is the so-called Google cookie Remarketing file left automatically which, with the help of a pseudonymous identifier (ID) and based on the pages you visit, allows displaying interest-based advertising. The processing of personal data for this purpose also includes your profiling. The above – as part of the analysis and assessment of interests – serves to protect our legitimate interest, consisting in the optimal operation of our website on the market and matching advertising to your preferences.
Further data processing only takes place if you have given your consent to Google to link your browsing history and application use to your account and to use the information from your Google account to personalize the ads displayed on websites. If in this case you will be logged in when visiting our website on Google, Google will use your data together with Google Analytics data to create and define lists of target groups for remarketing purposes on various devices. For this purpose, Google temporarily links your personal data with Google Analytics data to form target groups. The Google AdWords Remarketing service is a product of Google LLC (www.google.pl). Google LLC is based in the USA and is certified under the EU-US-Privacy Shield. The current certificate is available at the link provided. Under the agreement between the US and the European Commission, the latter has established an adequate level of data protection in the case of companies certified by the Privacy Shield. You can disable cookies used for remarketing by clicking on this link. Also, you can find out about the use of cookies and the appropriate settings on the Digital Advertising Alliance website.
In addition, together with our trusted partners, we process your personal data, including personal data collected via cookies, groups of non-standard recipients on Facebook and other similar technologies for marketing purposes in connection with targeting you with advertising that is tailored to your preferences. The processing of personal data for this purpose also includes profiling. More about cookies can be found in the Cookies Policy. tab. In cases where we use the services of trusted partners, cookies are left on your computer or other device used to browse our website, enabling our trusted partner to recognize you on other websites that are part of the advertising network of a given Trusted Partner. These are our trusted partners with whom we constantly cooperate to adapt advertising on our and their websites to your needs and interests, as well as the services that we and our trusted partners provide. Consequently, our advertisements are displayed to you on websites that do not belong to us. These ads are tailored to your interests.
Depending on the assumptions made by us in a given case, this may include, for example:
- displaying an advertisement to people who visited the Website with greater intensity than the general public,
- displaying the advertisement only to those who, based on information about the visited websites processed by our trusted partner, have been assigned to a specific profile (category of persons).
The legal basis for the processing of your personal data for marketing purposes in connection with targeting you with behavioural advertising is the legitimate interest of our trusted partners and/or us. The legitimate interest is to provide you only with advertisements tailored to your potential interests.
The list of our trusted partners is below:
• Facebook: https://www.facebook.com/privacy/explanation
• HotJar: https://www.hotjar.com/legal/policies/privacy/
• Adform: https://site.adform.com/privacy-center/adform-cookies/
7. Social websites plug-ins
Use of social plug-ins
Our website uses so-called social plug-ins ("plug-ins") of social networks.
By displaying our website with such a plug-in, your browser will establish a direct connection to the servers of Facebook, Google, Twitter or Instagram. The content of the plug-in is transmitted by the respective service provider directly to your browser and integrated into the website. Thanks to this integration, service providers receive information that your browser has displayed our website, even if you do not have a profile with a given service provider or are not logged in at the time. Such information (along with your IP address) is sent by your browser directly to the server of a given service provider (some servers are located in the USA) and stored there. If you are logged in to one of the social networking sites, this service provider will be able directly to assign the visit to our website to your profile on the given social networking site. If you use a given plug-in, for example, click on the "Like" button or the "Share" button, the relevant information will also be sent directly to the server of the given service provider and stored there. This information will also be published on a given social network and will be shown to people added as your contacts.
The purpose and scope of data collection and their further processing and use by service providers, as well as the possibility of contact and your rights in this regard and the possibility of making settings to protect your privacy are described in the privacy policy of service providers.
http://www.facebook.com/policy.php
If you do not want social networking sites to assign the data collected during your visit to our website directly to your profile on a given website, you must log out of this website before visiting our website. You can also completely prevent the plug-ins from being loaded on the page by using appropriate extensions for your browser, e.g. script blocking with "NoScript" (http://noscript.net/)."
8. Our contact details and your right
General
In order to allow exercise of your rights to your personal data we may sometimes ask you to provide additional information that will allow us to confirm your identity. If you do not provide us with this information, or if the information we have about you is not sufficient to prove your identity, we have the right to refuse to comply with your request.
If you want to exercise any of the rights described below, you can do so by contacting the data controller at [email protected].
Access to data
You have the right to access your personal data that we have collected. If you exercise this right, we may also provide you with a copy of your personal data that we process or, at our option, details of that data, .
We will fulfil your request by sending a copy of your data or details of the data by electronic means unless you explicitly specify in your request another method of exercising this right.
Deletion, rectification and limitation of data processing
If you believe that the information we have about you is incorrect, you can contact us so that we can update the information and ensure that it is correct. In addition, you can correct your data yourself in the settings of your customer account.
Depending on the purpose of processing your personal data, we will automatically delete them after the purpose for which the data was collected has been completed or after the expiry of the limitation period for any claims that could arise in connection with the conclusion and performance of the contract. Nevertheless, you also have the right to request us to delete your personal data at any time and we will remove except where we are not allowed to do so by law.
You also have the right to restrict data processing.
Data transferability
Where the processing of your personal data takes place based on a contract, you have the right to receive the personal data provided to us in a structured and commonly used, machine-readable format. You also have the right to request us to transfer this data to another controller, if technically feasible.
Withdrawal of consent and the right to object to processing
If the data processing requires your consent, you can withdraw such consent at any time. Where we send you marketing communications using the soft-opt in basis under the Privacy and Electronic Communications (EC Directive) Regulations 2003 we will give you the opportunity to "click to un-subscribe" on each such email and if you then exercise that right we will then remove you from our database within 30 days However, please remember that the withdrawal of consent will not make the processing of data that took place before the withdrawal of consent illegal.
If the processing of your data takes place in connection with the implementation of our legitimate interest, you have the right to object to such processing.
Changes to the privacy policy
We update this privacy policy regularly and we strive to improve it. We, therefore, reserve the right to amend it from time to time. However, we will not limit your rights listed in this privacy policy without your express consent. Each change to the privacy policy will be marked with the date of publication and will be effective from that date. Access to earlier versions of the privacy policy can be obtained at [email protected].
How to contact us for additional help?
If you have any questions or concerns about this privacy policy, or if you would like more information about how we protect your personal data or what your rights are, please contact us.
We hope to be able to answer any questions you may have and resolve any disputes amicably. Nevertheless, if you believe that your rights have not been respected or that there has been a breach of privacy, you can raise the matter with us and/or lodge a complaint with the UK's Information Commissioner's Office.
Applicable law
The Data Protection Act 2018, UKGDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003 in the UK are applicable to the processing of your personal data. To the extent data is exported to our Polish parent company Torf Corporation Sp. z.o.o. EU/Polish data protection law is applicable including the EU GDPR.