Privacy Statement

Important Information and Who We Are

We are Ransomspares.co.uk Limited of Unit 3, Yeobridge Tradepark, Flushing Meadow, Yeovil, BA21 5DL (“we”, “us”, “Ransom”).

The nature of Ransom’s business involves the sourcing, sale and distribution of spares, parts and accessories for the home and garden. We aim to promote a repair culture instead of throwing away home appliances that have broken down. We source our genuine spare parts directly from major manufacturers in the UK, maintaining an ongoing partnership with numerous household name brands, including Midea Group Co., Ltd (“Midea”). We also have an ongoing relationship with Pacifica Appliance Services Limited (“Pacifica”), a company which deals with domestic appliance repairs and provides extended warrantees and guarantees for domestic appliances. Where you order from our website, your goods will be distributed by Pacifica via a third-party courier.

About This Document

Your personal privacy is of great importance to us. We will only use your personal information in accordance with this privacy policy (“Policy”).

By using our website, purchasing goods or services from our website, or interacting with us online, you’re agreeing to be bound by this Policy. You should read this privacy policy carefully so that you understand how we will handle your personal information. This Policy may be updated. Please check it whenever you visit our website.

During the course of our activities we will process personal information (which may be held on paper, electronically, or otherwise) about our customers and website users and we recognise the need to treat it in an appropriate and lawful manner, in accordance with the UK’s General Data Protection Regulation (“UK GDPR”). The purpose of this Policy is to explain to you how we will handle your personal information.

If you have any questions regarding this Policy you can contact our Data Protection Representative via email at dataprotection@ransomspares.co.uk.

We are registered with the Information Commissioner’s Office under registration number 6779183.

What Information Do We Collect About You?

Personal data means any information about an individual from which that person can be identified. It does not include data which has been anonymised.

We will collect personal data from you when you visit our website or interact with our social media platforms, buy a service or product from us or via our website, make enquiries or otherwise provide us with your personal data.

The categories of personal information we may collect for the purpose of managing your engagement with us as either a customer or website visitor include:

• Contact Data: Your name and title, address, telephone number(s), personal or work e-mail address and any other contact details you may provide. If you are a corporate customer or supplier this could include the organisation you work for and details of your job title and other business contact data.
• Correspondence Data: Your contact history with us, including things you have told us by email, via social media, over the phone, or via live chat.
• Identification Data: Your internet protocol (IP) address and information regarding which website pages you accessed and when, how you access our website, and if shared, your location data.
• Marketing Data: We may collect information about your marketing preferences if we are entitled to send you marketing materials.
• Purchase Data: We may collect data about the goods and services you have purchased via our website and items you have saved in your basket for another time.
• Financial Data: This includes bank account and payment card details.

How We Collect Your Personal Information

We will collect your personal information in the following ways:

• Information you give us. This is information (including Contact Data, Identification Data, and Financial Data) you provide to us by: visiting our website, ordering from us and interactions on our website or social media. We may also get some personal data by you corresponding with us (for example, by email, phone or live chat).
• Information we observe. We will gather personal information about you through the monitoring of our systems including use of telephones and the internet and other technologies.
• Information acquired through automated technologies or interactions. As you interact with our website, we will automatically collect personal data about you that distinguishes you from other users by using cookies. Please see our Cookie Policy on our website for more details.
• Information we create. We will create information about you where we create an account for you and where we keep records of our interactions with you including payments you make.

Why We Collect Personal Information About You and How We Use It

We process your personal information for a variety of commercial purposes and will also process your personal information, including special category personal information where necessary for us to provide special assistance or comply with any statutory duties, to which we are subject.

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).

The purposes for which we process your personal information and the lawful bases for such processing are as follows:

Managing our contractual relationship with you

Data types: Contact, Correspondence, Identification, Purchase, Financial Data
Lawful basis: Contract – necessary for the management and administration of your contract with us. Legitimate interests – to keep information about you which is in addition to that needed to fulfil our contractual obligations.

Customer correspondence, complaints and feedback

Data types: Contact, Correspondence, Identification Data
Lawful basis: Legal obligation – necessary so that we can respond to complaints. Legitimate interest – to respond to your correspondence and improve our service.

Meeting customers’ needs and account management

Data types: Contact, Correspondence, Identification, Purchase Data
Lawful basis: Legitimate interests – to build a complete view of our customers’ use of our website, products and services, including behaviour, activities, preferences and needs.

Data analytics to improve our website, products and services

Data types: Identification Data
Lawful basis: Consent – we rely on consent via the cookie consent notice. You can opt out through the cookie consent notice.

Marketing purposes

Data types: Contact, Correspondence, Identification, Marketing, Purchase Data
Lawful basis: Consent – if you have opted in, we will send marketing information. Where you have consented, we may share your data with third parties. Legitimate interests – to market our services and products to you.

Network security

Data types: Contact, Identification Data
Lawful basis: Legitimate interests – to make sure your use of our network and systems does not compromise our security.

Insurance and legal claims

Data types: Contact, Identification Data
Lawful basis: Legitimate interests – necessary in the purchase of insurance policies and to respond to and defend legal claims.

Our Legitimate Interests

We sometimes process personal information on the basis that it is in our legitimate interests to do so. The legitimate interests are as follows:

• To maintain up to date information about you: we sometimes gather data about you which is useful for building a complete view of your website use. Although some of this data is not strictly required by law, it is nevertheless useful to us and we consider it in our legitimate interest of running a successful, profitable business.
• To respond to your complaints or correspondence: we will process your information where we need to contact or respond to you directly in respect of your interactions or contractual relationship with us.
• To market our goods: it is in our legitimate interest to keep and process certain information about you which will allow us to market our services and products to you in order to promote goods and services available on our website, or market after sales servicing or repairs, share special offers and repair tips.
• Network and information security: we will monitor our network and your use of it. It is a legitimate interest of ours to make sure that your use of our network and systems does not compromise our information security.
• To procure insurance policies and to respond to and defend legal claims: it is in our legitimate interests to use your personal information where necessary in the purchase of insurance policies and to respond to and defend legal claims.

Ensuring Your Personal Information Is Accurate

We will keep the personal information we store about you accurate and up to date. We will take every reasonable step to erase or rectify inaccurate data without delay. Please tell us if your personal details change or if you become aware of any inaccuracies in the personal information we hold about you. We may contact you from time to time to check your details are still up-to-date. We will also contact you if we become aware of any event which is likely to result in a change to your personal information.

Retaining Your Personal Information

We will not keep your personal information for longer than is necessary for the purpose(s) for which we process it. This means that information will be destroyed or erased from our systems when it is no longer required.

For further guidance on how long certain information is likely to be kept before being destroyed, contact the Data Protection Representative by email at dataprotection@ransomspares.co.uk.

What Rights Do You Have in Respect of Your Personal Information?

You have the right to:

Request access to any personal information we hold about you

You have a right to access a copy of your own personal information. We try to respond to all requests within one (1) calendar month. Occasionally, it may take us longer than a month if your request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated.

We will request information from you in order to help us confirm your identity and ensure you have a right to access the personal information you have requested to see. This is a security measure to ensure that we do not disclose personal information to any person who has no right to receive it.

You will normally not have to pay a fee to access your personal information. However, we may charge a reasonable fee if your request is clearly unfounded or excessive (particularly where requests are repetitive). Alternatively, if your request is clearly unfounded or excessive we may refuse to comply with your request.

Require us to rectify any personal information which is inaccurate

Rectification enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Have personal information erased, in certain circumstances

This right enables you to have your data erased (the so-called “right to be forgotten”). The right relates only to personal information we hold at the time you make the request.

The right to have personal information erased applies where:

• our use of your personal information is no longer necessary for the purpose for which we gathered it;
• we have relied on consent as the basis for processing and you withdraw your consent;
• we are processing your personal information on the basis of legitimate interests unless we have an overriding interest to continue the processing;
• we are processing your personal information unlawfully; or
• we have to erase to comply with a legal obligation.

The right to erasure does not apply in certain circumstances including where:

• we have to process the personal information to comply with a legal obligation; or
• where we use the personal information to carry out a task in the public interest such as where we are investigating fraud or preventing or detecting other unlawful acts.

Have the processing of your personal information restricted, in certain circumstances

This enables you to ask us to suspend the processing of your personal information in the following scenarios:

• if you want us to establish the information’s accuracy;
• where our use of the information is unlawful but you do not want us to erase it;
• where you need us to hold the information, even if we no longer require it as you need it to establish, exercise or defend legal claims; or
• you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.

Request your personal information in a portable format

We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Object to certain types of processing

You can object where we are processing personal data on the basis of legitimate interests and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your interests, fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your interests, rights and freedoms or that the processing is required for the establishment, exercise or defence of legal claims.

The right to withdraw consent

If we are processing any of your personal information based on you having given us consent to do so, you have the right to withdraw that consent at any time. However, this will not affect the lawfulness of any processing we may have undertaken based on your consent before it is withdrawn.

Automated decision-making

For information, we will not use any automated decision-making in our processing of your personal information.

If you wish to exercise any of the rights set out above, you must make the request in writing to the Data Protection Representative at dataprotection@ransomspares.co.uk.

How We Keep Your Data Secure

Keeping your data secure is important to us. We use reasonable and up to date security methods to keep your personal information secure and to prevent unauthorised or unlawful access to your personal information, and against the accidental loss of, or damage to, personal information.

We have in place procedures and technologies to maintain the security of all personal information from the point of collection to the point of destruction. These include adhering to various security standards, including physical and technological protection, data encryption, patching and software update management, management of access rights, vulnerability scanning and penetration testing, network configuration and monitoring. We will ensure your personal information is only accessible by those who need to see your information for their specific role. We will only transfer personal information to a third party if that third party agrees to comply with those procedures and policies, or if they put in place adequate measures themselves.

Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorised purposes) of the personal information.

Providing Information to Third Parties

Employees and business partners

Our employees who need to access your data will view it in order that we can manage your engagement with us and comply with our legal and statutory duties. All of our employees have been trained in data protection and understand the need to keep your information confidential.

Our business partner, Pacifica, will receive your personal data so that they are able to fulfil orders that you make via our website. Where Pacifica arrange to ship goods to you, they will send you a shipping note via email so that you may also contact Pacifica directly in respect of your order.

Service providers

In addition to our employees and business partners, we also use service providers who may process personal information on our behalf (for example by passing details to Kontrolit.net Limited which assists with web design and digital marketing expertise). Apart from our employees, business partners and service providers, we will not disclose your personal information to a third party without your consent unless we are satisfied that they are legally entitled to the data. Where we do disclose your personal information to a third party, we will put in place arrangements to make sure your information is well protected and processed strictly in accordance with data protection laws.

Third party marketing

Where you have given us consent to share your data with third parties for marketing purposes, we will also share your personal data with third parties, including our business partners Pacifica and Midea. We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.

Where you opt out of receiving these marketing messages, we can still send you service messages which are email and other correspondence which directly relate to the goods and services we provide such as warranty notifications and other information it is reasonable for us to provide to you as part of the service we offer.

Please refer to Midea’s privacy policy and Pacifica’s privacy policy for further information on how they will process your data.

Other circumstances where data may be provided to third parties

We may also disclose your personal information to third parties:

• in the event that we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets;
• if we or substantially all of our assets are acquired by a third party, in which case personal information held by us will be one of the transferred assets; and
• if we are under a duty to disclose or share your personal information in order to comply with legal obligations or to protect our rights, property, or safety of our customers, suppliers or other employees. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

If your personal information is provided to any third parties, you are entitled to request details of the recipients of your personal information or the categories of recipients of your personal information.

Transferring Your Personal Information Outside the United Kingdom

We will not transfer your personal information outside the UK unless such transfer is compliant with the UK GDPR. This means that we cannot transfer any of your personal information outside the UK unless:

• the UK government has decided that another country or international organisation ensures an adequate level of protection for your personal information; or
• the transfer of your personal information is subject to appropriate safeguards, which may include:
  • binding corporate rules; or
  • the International Data Transfer Agreement or the UK Addendum.
• one of the derogations in the UK GDPR applies (including if you explicitly consent to the proposed transfer).

Breaches of Data Protection Laws

If you consider that we have not complied with data protection laws in respect of personal information about yourself or others, you should raise the matter with our Data Protection Representative at dataprotection@ransomspares.co.uk. We will take any breach of the UK GDPR seriously.

Right to Lodge a Complaint

If you have any issues with our processing of your personal information and would like to make a complaint, you may contact the Information Commissioner’s Office on 0303 123 1113 or at: