Who We Are
The Personal Data We Collect Is As Follows:
Your on-site browsing behaviour, including the products and pages you have viewed, IP address and browser details etc.
Your name, email and telephone.
Your addresses, payment details and any other data you provide as required for processing your orders and returns. Please note we do not store your payment details from online transactions.
Communication between us, including emails, text messages and telephone calls.
Other data entered into our site for specific purposes.
Marketing and communications data – your preferences in receiving marketing from us and our third parties and your communication preferences.
We Use Your Data For The Following Purposes:
To process orders you have placed online and deliver your purchases to you. If we don't collect your personal data during checkout, we won't be able to do this and comply with legal obligations. For example, your details may need to be passed to one of our partner couriers to deliver the product you ordered, and we may keep your details for a reasonable period afterwards in order to fulfil any contractual obligations such as refunds and guarantees.
To provide customer service and support and handle returns/exchanges, together with refunds and guarantees.
To send you service messages by text, e-mail or through social media, such as order updates to ensure a smooth customer experience and to fulfil our contractual obligations
To send you relevant communications by email or post in relation to updates, products and services and to send things like fabric swatches you may have requested. You are free to opt out of hearing from us by email or post at any time. Just email us at email@example.com
To prevent and detect fraud and protect or customers.
To show you adverts as you browse the web.
To find out what you and our other customers like.
All of the above are done on the basis of our legitimate interests or where you have opted in to receive these.
We may have to share your personal data with the parties set out below for the purposes described above. We do not, and will not, sell any of your personal data to any third party, including your name, address, email address or credit card information.
We do however share your data with the following categories of companies as an essential part of being able to provide our services to you:
Companies that require information to get your purchases to you, such as delivery companies, finance providers and payment service providers.
IT companies that support our website and other business system.
Professional service providers such as marketing agencies, advertising partners, Trustpilot review sites and website hosts, which help us run our business.
Credit reference agencies, law enforcement and fraud prevention agencies, so we can help tackle fraud
External payment providers where you choose to use their payment service (SAGE, PayPal).
Our catalogues are delivered by a mailing house, so we need to share your name and address with them. We have ensured that our chosen mailing house will treat your personal data with as much respect as we do.
We may also use such reviews in other promotional material and media for our advertising and promotional purposes.
If you have consented, we will send you marketing messages by email and post, to keep you up to date with what we are doing, the latest trends and new products.
You can stop receiving marketing messages from us at any time. You can do this through your account settings, by clicking on the ‘unsubscribe’ link in any email or by contacting us directly at firstname.lastname@example.org.
To enable retailers to recruit new customers via Postal Marketing, retailers share customer data (name, address, purchase date, value and quantity) with Marketing Services Providers (MSP). The retailer signs up to the MSP’s data pool agreement.
We will share your data with the Marketing Services Providers (MSP) listed below, who will use it to help direct marketing organisations such as ourselves better understand the likely characteristics of their customers; communicate with them more effectively; and also identify prospective customers. This should mean that you receive direct marketing that is more relevant to you.
Epsilon Abacus - We work with Epsilon Abacus (registered as Epsilon International UK Ltd), a company that manages the Abacus Alliance on behalf of UK retailers. The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors categories. They share information on what their customers buy. Epsilon Abacus analyses this pooled information to help the retailers understand consumers’ wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy.
Experian - Your personal data is shared with Experian Ltd for the purposes of managing a service called Club Canvasse. By sharing information on what customers buy and pooling that with contributions from other members of the co-operative, the service allows Rūma to better understand our customers and to communicate with you more effectively.
i-Behavior - To find new customers for our business we are a member of a large co-operative of like-minded UK retail brands that pool and share transactional information. This process highlights spending patterns and allows us to identify suitable prospects to receive an offer or introduction from us via the post. Thus, we send postal offers and information only to prospective customers that are likely to be interested in buying from us. Co-op Member brands operate in numerous categories, including apparel, home and garden, collectables, food and wine, gadgets and gifts, entertainment, health and beauty, travel and leisure.
We will purchase ‘single time use’ recruitment mailing lists from the MSP. If you request to be removed from our mailing list, and you have not purchase from us, we will keep your name and address on a suppression file so we never use your data again.
Did you know that you can subscribe to the Direct Marketing Association’s (DMA) Mailing Preference Service to stop all future unsolicited direct mail entirely? All of our partners are registered as DMA members and as members they suppress any name and address on the DMA’s Mailing Preference Service file from their mailing lists. The simplest way to register is online at www.mpsonline.org.uk/mpsr/
The Business will keep your personal information safe and secure, although our administration team will have access to your contact details so that they can manage your account. The Rūma website uses the highest levels of security to ensure that your information is secure and protected against unauthorised use. The Business will not disclose your Personal Information unless compelled in order to meet legal obligations, regulations or valid governmental requests. The business may also enforce its Terms and Conditions, including investigating potential violations of its Terms and Conditions to detect, prevent or mitigate fraud or security or technical issues; or to protect against imminent harm to the rights, property or safety of its staff.
We use external payment systems such as SAGE Pay, PayPal, and Klarna to process all our online payments. All these systems have their own security. We do not store your credit card details and we do not store your card’s security/CVV code. We process personal data for the duration of the transaction and will continue to store only the minimum personal data needed for up to seven years after any contract has expired to meet legal obligations. After seven years all personal data will be deleted, unless basic information needs to be retained by us to meet our future obligations to you, such as erasure details.
Your Information And Right
We will hold on to your information for as long as you have your account or for as long as it is needed to be able to provide the services to you including guarantee obligations. We may keep hold of some of your information as required, even after you have closed your account, or it is no longer needed to provide the services to you, so that we can meet legal or regulatory requirements, resolve disputes, or enforce our terms and conditions.
You Have A Number Of Rights That Include The Following:
The right to be informed about how your personal information is being used
The right to access the personal information we hold about you
The right to request the correction of inaccurate personal information we hold about you
The right to request that we delete your data, or stop processing it or collecting it
The right to stop direct marketing messages and to withdraw consent for other consent-based processing at any time
The right to request that we transfer or port elements of your data either to you or another service provider
The right to complain to your data protection regulator (the Information Commissioner’s Office in the UK) but we hope you would contact us first so we can resolve any issues for you
You Can Request The Following Information
Identity and the contact details of the person or organisation that has determined how and why to process your data.
Contact details of the data protection officer, where applicable.
The purpose of the processing as well as the legal basis for processing.
If the processing is based on the legitimate interests of the Business and information about these interests.
The categories of personal data collected, stored and processed.
Recipient(s) or categories of recipients that the data is/will be disclosed to.
How long the data will be stored.
Details of your rights to correct, erasure, restrict or object to such processing.
Information about your right to withdraw consent at any time.
How to lodge a complaint with the supervisory authority (ICO).
Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
The source of personal data if it wasn’t collected directly from you.
Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
To Access What Personal Data Is Held, Identification Will Be Required
We will accept the following forms of ID when information on your personal data is requested: a copy of your driving licence, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If we are dissatisfied with the quality, further information may be sought before personal data can be released.
All requests should be made using the contact details below.
If you have any questions and/or complaints, or would like us to stop using your information then please get in touch using the details below:
Tel: 0330 433 9899
Email at email@example.com