The General Data Protection Regulation (GDPR), the 2018 Data Protection Act, along with the Privacy and Electronic Communications Regulations (PECR), seek to protect and enhance the rights of data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU and its storage within the EEA.
Who we are
Ruma is based at Stafford Mills, Milnsbridge, Huddersfield, West Yorkshire, HD3 4JD, and is pleased to provide the following additional information:
We process your personal data to meet our legal, statutory and contractual obligations and to provide you with our products and services. You do not have to give us any personal information but if you decide not to you may not be able to buy from our site and you are unlikely to receive our optimal customer experience. We will only use your personal data when the law allows us to.
The personal data we collect is as follows:
- Your on-site browsing behaviour, including the products and pages you have viewed, IP address and browser details etc.
- Your name, email and telephone.
- Your addresses, payment details and any other data you provide as required for processing your orders and returns. Please note we do not store your payment details from online transactions.
- Communication between us, including emails, text messages and telephone calls.
- Other data entered into our site for specific purposes.
- Marketing and communications data – your preferences in receiving marketing from us and our third parties and your communication preferences.
We use your data for the following purposes:
- To process orders you have placed online and deliver your purchases to you. If we don't collect your personal data during checkout, we won't be able to do this and comply with legal obligations. For example, your details may need to be passed to one of our partner couriers to deliver the product you ordered, and we may keep your details for a reasonable period afterwards in order to fulfil any contractual obligations such as refunds and guarantees.
- To provide customer service and support and handle returns/exchanges, together with refunds and guarantees.
- To send you service messages by text, e-mail or through social media, such as order updates to ensure a smooth customer experience and to fulfil our contractual obligations
- To send you relevant communications by email or post in relation to updates, products and services and to send things like fabric swatches you may have requested. You are free to opt out of hearing from us by email or post at any time. Just email us at firstname.lastname@example.org
- To prevent and detect fraud and protect or customers.
- To show you adverts as you browse the web.
- To find out what you and our other customers like.
All of the above are done on the basis of our legitimate interests or where you have opted in to receive these.
We may have to share your personal data with the parties set out below for the purposes described above. We do not, and will not, sell any of your personal data to any third party, including your name, address, email address or credit card information.
We do however share your data with the following categories of companies as an essential part of being able to provide our services to you:
- Companies that require information to get your purchases to you, such as delivery companies, finance providers and payment service providers.
- IT companies that support our website and other business system.
- Professional service providers such as marketing agencies, advertising partners, Feefo review site and website hosts, which help us run our business.
- Credit reference agencies, law enforcement and fraud prevention agencies, so we can help tackle fraud
- External payment providers where you choose to use their payment service (SAGE, PayPal).
- Our catalogues are delivered by a mailing house, so we need to share your name and address with them. We have ensured that our chosen mailing house will treat your personal data with as much respect as we do.
If you have consented, we will send you marketing messages by email and post, to keep you up to date with what we are doing, the latest trends and new products.
You can stop receiving marketing messages from us at any time. You can do this through your account settings, by clicking on the ‘unsubscribe’ link in any email or by contacting us directly at email@example.com.
Stopping marketing messages will not stop service communications such as order updates or customer service messages.
We also engage in online advertising to keep our customers aware of the latest offers and new product categories and help you find the right product. The banners and ads you see when visiting other websites will be based on information we hold about you, using a variety of digital marketing networks and ad exchanges. These adverts are based on our legitimate interests.
To enable retailers to recruit new customers via Postal Marketing, retailers share customer data (name, address, purchase date, value and quantity) with Marketing Services Providers (MSP). The retailer signs up to the MSP’s data pool agreement.
We will share your data with the Marketing Services Providers (MSP) listed below, who will use it to help direct marketing organisations such as ourselves better understand the likely characteristics of their customers; communicate with them more effectively; and also identify prospective customers. This should mean that you receive direct marketing that is more relevant to you.
Epsilon Abacus - We work with Epsilon Abacus (registered as Epsilon International UK Ltd), a company that manages the Abacus Alliance on behalf of UK retailers. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors categories. They share information on what their customers buy. Epsilon Abacus analyses this pooled information to help the retailers understand consumers’ wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy.
Experian - Your personal data is shared with Experian Ltd for the purposes of managing a service called Club Canvasse. By sharing information on what customers buy and pooling that with contributions from other members of the co-operative, the service allows Ruma to better understand our customers and to communicate with you more effectively.
i-Behavior - To find new customers for our business we are a member of a large co-operative of like-minded UK retail brands that pool and share transactional information. This process highlights spending patterns and allows us to identify suitable prospects to receive an offer or introduction from us via the post. Thus, we send postal offers and information only to prospective customers that are likely to be interested in buying from us. Co-op Member brands operate in numerous categories, including apparel, home and garden, collectables, food and wine, gadgets and gifts, entertainment, health and beauty, travel and leisure.
We will purchase ‘single time use’ recruitment mailing lists from the MSP. If you request to be removed from our mailing list, and you have not purchase from us, we will keep your name and address on a suppression file so we never use your data again.
Did you know that you can subscribe to the Direct Marketing Association’s (DMA) Mailing Preference Service to stop all future unsolicited direct mail entirely? All of our partners are registered as DMA members and as members they suppress any name and address on the DMA’s Mailing Preference Service file from their mailing lists. The simplest way to register is online at www.mpsonline.org.uk/mpsr/
The Business will keep your personal information safe and secure, although our administration team will have access to your contact details so that they can manage your account. The Ruma website uses the highest levels of security to ensure that your information is secure and protected against unauthorised use. The Business will not disclose your Personal Information unless compelled in order to meet legal obligations, regulations or valid governmental requests. The business may also enforce its Terms and Conditions, including investigating potential violations of its Terms and Conditions to detect, prevent or mitigate fraud or security or technical issues; or to protect against imminent harm to the rights, property or safety of its staff.
We use external payment systems such as SAGE Pay, PayPal, and Klarna to process all our online payments. All these systems have their own security. We do not store your credit card details and we do not store your card’s security/CVV code. We process personal data for the duration of the transaction and will continue to store only the minimum personal data needed for up to seven years after any contract has expired to meet legal obligations. After seven years all personal data will be deleted, unless basic information needs to be retained by us to meet our future obligations to you, such as erasure details.
All Data is held in the United Kingdom. The Business does not store personal data outside the EEA.
Your Information and Right
We will hold on to your information for as long as you have your account or for as long as it is needed to be able to provide the services to you including guarantee obligations. We may keep hold of some of your information as required, even after you have closed your account, or it is no longer needed to provide the services to you, so that we can meet legal or regulatory requirements, resolve disputes, or enforce our terms and conditions.
You have a number of rights that include the following:
- The right to be informed about how your personal information is being used
- The right to access the personal information we hold about you
- The right to request the correction of inaccurate personal information we hold about you
- The right to request that we delete your data, or stop processing it or collecting it
- The right to stop direct marketing messages and to withdraw consent for other consent-based processing at any time
- The right to request that we transfer or port elements of your data either to you or another service provider
- The right to complain to your data protection regulator (the Information Commissioner’s Office in the UK) but we hope you would contact us first so we can resolve any issues for you
You also have the right not to be subject to a decision that is based solely on automated processing, including profiling. Our communications both via email and post are designed to give you relevant offers and we may use the information we have about you to tailor our content and ensure we are staying relevant to your needs. Ruma therefore undertakes some profiling on our customers, but we do not believe these to have a legal or other significant effect on you. If you do not wish us to use your data for this purpose please email us at firstname.lastname@example.org
You can request the following information
- Identity and the contact details of the person or organisation that has determined how and why to process your data.
- Contact details of the data protection officer, where applicable.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of the Business and information about these interests.
- The categories of personal data collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- How long the data will be stored.
- Details of your rights to correct, erasure, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority (ICO).
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
To access what personal data is held, identification will be required
We will accept the following forms of ID when information on your personal data is requested: a copy of your driving licence, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If we are dissatisfied with the quality, further information may be sought before personal data can be released.
All requests should be made using the contact details below.
If you have any questions and/or complaints, or would like us to stop using your information then please get in touch using the details below:Data Privacy
Tel: 0330 433 9899
email at email@example.com