- Security & Privacy
Security and Privacy
You can trust Walktall to ensure we keep your data safe because your privacy and security is extremely important to us. All information that you share with us will only be used with your permission and we will share with you all data held if you request that of us. We may process your personal information for carefully considered and specific purposes which are in our interest and enable us to enhance the services we provide, but which we believe also benefit our customers. See below for more details.
Under the GDPR definition, Walktall uses “Legitimate Business Use” as the basis for processing your data. This does not affect any of your rights under the regulation and you have the right to object to us processing your data in this way.
General Data Protection Regulation and what it means to you
The GDPR (EU) 2016/679 (or ‘GDPR’) will ensure that you have right on how and with whom your data is used and stored. Under GDPR you will have fundamental right to:
- 1. be processed lawfully, fairly and in a transparent manner
- 2. be forgotten
- 3. not be profiled or to limit profiling
- 4. not have your data passed to someone else
- 5. see a copy of all data stored by us
- 6. object
- 7. data portability
We will comply with all the above rights but please note, other data relating to financial transactions may need to be held to comply with financial regulations.
Under these circumstances your data will be moved to a separate part of our customer database, obfuscated (if appropriate) and will not be available to marketing or customer services.
You will be informed of any instances where we have not been able to comply with a specific data request and why.
What data do we collect about you?
- We collect your personal data such as your name, address, your date of birth (if you want to give it to us), telephone number and email address.
- We also store details of what you have purchased from us, goods you have returned to us.
- All payment card details are encrypted ahead of transmission to payment processors.
- The last 4 digits of your PAN and the card expiry date are visible within our system, which is allowed under the PCI DSS 3.2 (Please see the section on Payment Processing for more information).
How do we ensure your data is safe?
Walktall takes several steps to ensure the data we hold about you is safely & securely held. PCI DSS 3.2 Compliance
Our systems are secured by firewalls and other security measures that meet accepted industry standards and are regularly tested to ensure they meet standards set by the PCI DSS Security Council.
Our websites & external internet connections are tested monthly by Trustwave Holdings, Inc., an Approved Scanning Vendor (ASV) and Qualified Security Assessor Company (QSA-C).
All connections to our web sites are encrypted and are verified by Geo-Trust.
We do not store any payment card information online beyond that which is permitted under the PCI DSS 3.2.
https://www.geotrust.com NCSC Cyber Essentials
Walktall is working towards Cyber Essentials accreditation from the UK National Cyber Security Centre.
Walktall follows industry best practices with our customer cardholder data, using technologies such as strong encryption, payment card tokenisation & obfuscation.
Web Payment Processing on our Website(s) CyberSource
Card transactions via our website (WEB) & over the phone (MOTO) are handled by our payment processor, CyberSource, a secure card processing company, owned and operated by Visa.
We use 3D Secure (also known as Verified by Visa and MasterCard SecureCode) to keep you safe online and protect your existing card account against unauthorised use when you shop with us.
CyberSource are fully PCI DSS 3.2 compliant.Link
We also accept payment via PayPal to provide an alternative way to purchase without giving us your card details.
PayPal are fully PCI DSS 3.2 compliant.Link
Amazon We also accept payment via Amazon Pay to provide an alternative way to purchase without giving us your card details. https://pay.amazon.com/uk/shopper
Amazon Pay are fully PCI DSS 3.2 compliant.Link
Payment Processing in our retail store(s) Lloyds Bank Cardnet
Payments taken in our retail shop are handled by Lloyds Bank Cardnet, who work with First Data to process the transactions.
Card transactions are sent directly to the processor using Chip & PIN machines provided by First Data.
No data from these transactions is recorded on our EPOS machines & merchant slips are stored securely and destroyed when they are no longer required.
First Data are fully Payment Card Industry (PCI) DSS 3.2 compliant.Link
Why we collect this data and what we do with it
We use the data to contact you via our mailing and email programmes and to keep you up to date on new products, competitions and prize draws that we run from time to time.
We will profile your data by using your name, address and purchasing history to keep our offers and mailings relevant to you and your requirements.
If you do not wish us to profile your data, we will not be able to add you to our marketing programme.
We use the following criteria to categorise your purchase behaviour to add you to an appropriate mailing cell.
- Last purchased 0-18 months = Active customer
- Last purchased 18-36 months = Lapsing customer
- Last purchased over 36 months = Lapsed customer
How long do we keep this data?
Data from Active, Lapsing and Lapsed customers will be kept of 7 years to comply with HMRC VAT regulations
Walktall uses industry standard backup technologies to protect sensitive customer data against loss, theft or disaster.
All data backups are stored within the European Economic Area & are retained for 30 days.
Who do we pass your data to?
Companies that we send data to produce mailings, emails, offer data cleansing services and to gather feedback. All these companies do not pass your data to anyone else and will delete your data once processed.
3rd party data processors Company Reason
Sunline Direct Mail Limited
Registered Address: Cotton Way, Weldon Rd Industrial Estate, Loughborough, Leicestershire. LE11 5FJ
Registered Address: No. 1 London Bridge, London, SE1 9BG
Email Marketing, abandoned cart & Processing
Registered Address: Mountain View Innovation Centre, Jurby Road, Lezayre, Ramsey, ISLE OF MAN, IM7 2DZ
Address Cleansing, Deduplication & Suppression
Wood for Trees Limited
Registered Address: Unit 1 Citizen House, Crescent Office Park, Bath, B&NES, BA2 2AF
Data Profiling & Processing
Off-site Disaster Recovery
Feefo Holdings Limited
Registered Address: Heath Farm, Heath Road East, Petersfield, GU31 4HT
Third-Party Customer Reviews
To opt out of emails you will need to go direct to Feefo
We share relevant personal data with the following delivery and fulfilment partners (where appropriate) to ensure you receive our products and services:
- Parcel Force - https://www.parcelforce.com/
- Royal Mail - https://www.royalmail.com/
- DPD (UK) - http://www.dpd.co.uk/
- UPS - https://www.ups.com/gb/en/Home.page
We will only disclose data when obliged to disclose personal data by law, or the disclosure is ‘necessary’ for purposes of national security, taxation and criminal investigation, or we have your consent, and to the following:
- Other companies within our Group of companies: Cosyfeet ( https://www.cosyfeet.com)
- Suppliers we engage to process data on our behalf: Wood for Trees Ltd
- Successors in title to our business.
Use of personal information
We process personal information collected via our websites and mail order for the purposes of:
- Providing information about products and services
- Providing and personalising our services
- Dealing with your enquiries and requests
- Administering orders and accounts relating to our suppliers or customers
- Conducting market research
Data Capture Information
We will send you information according to the preferences you submitted via our order form/data capture form/contact us page.
If you would like to change these preferences at any point, please contact us using the details at the end of this document.
Subject Access Requests
You have the right to see what personal data we hold about you.
To obtain a copy of the personal information we hold about you, please write to our Data Officer using the details at the end of this document.
The Right to be Forgotten
Under the EU GDPR, you have a right to request to be forgotten.
We will endeavour to honour this request as quickly as possible . If we are not able to satisfy the request to be forgotten for legitimate business reasons, we will notify you in writing.
Data will be removed from our Live database(s) as soon as possible. It will also leave our system backup rotation within 30 days.
Given that the Internet is a global environment, using it to collect and process personal data necessarily involves the transmission of data on an international basis. This means for instance that data you pass to us may be processed outside the European Economic Area, although the data will always be held securely and in line with the requirements of UK data protection legislation . By communicating electronically with us, you acknowledge and agree to our processing of personal data in this way.
A cookie is a small piece of information sent by a web server to a web browser, which enables the server to collect information from the browser.
Find out more about cookies on www.allaboutcookies.org.
Most browsers will allow you to turn off cookies. If you want to know how to do this, please see your browser help documents or follow instructions on www.allaboutcookies.org.
Please note, turning off certain cookies means you won’t be able to access your account or checkout. You will need to call us on 01458 449020 to place your order.
We use the following cookies on our site:
Cookie Who owns this data How long this data is kept for Is this a 1st party of a 3rd party cookie? Data collected by the cookie _ga .walktall.co.uk 2 years 1st Party Google Analytics _gat .walktall.co.uk 1 minute 1st Party Google Analytics _gid .walktall.co.uk 1 day 1st Party Google Analytics devicewidth .walktall.co.uk When the browsing session ends 1st Party Store the width of the screen used _gali .walktall.co.uk 1 minute 1st Party Unspecified frontend .www.walktall.co.uk 4 days 4 hours 1st Party Magento Customer Identification __atuvc www.walktall.co.uk 2 years 1st Party Unspecified __atuvs www.walktall.co.uk 1 hour 1st Party Unspecified _uetsid www.walktall.co.uk 1 hour 1st Party Unspecified civicCookieContro www.walktall.co.uk 3 months 1st Party Used to control the 'Cookie Control' banner external_no_cache www.walktall.co.uk 1 hour 1st Party Used to control page caching recordID www.walktall.co.uk 1 year 1st Party Unspecified bt2 .addthis.com 8 months 13 days 3rd Party AddThis di2 .addthis.com 2 years 3rd Party AddThis loc .addthis.com 2 years 3rd Party AddThis ssc .addthis.com 2 years 3rd Party AddThis uid .addthis.com 2 years 3rd Party AddThis um .addthis.com 2 years 3rd Party AddThis uvc .addthis.com 2 years 3rd Party AddThis vc .addthis.com 2 years 3rd Party AddThis MR .bat.bing.com 6 months 3 days 3rd Party Bing Ad Tracking MUID .bing.com 13 months 3rd Party Bing IDE .doubleclick.net 2 years 3rd Party Google Ad Tracking id .doubleclick.net 2 years 3rd Party Google Ad Tracking datr .facebook.com 2 years 3rd Party dats .facebook.com 6 months 3rd Party fr .facebook.com 3 months 3rd Party lu .facebook.com 2 years 3rd Party sb .facebook.com 2 years 3rd Party _ga .feefo.com 2 years 3rd Party Feefo Analytics Tracking _gid .feefo.com 2 years 1 day 3rd Party Feefo Analytics Tracking CONSENT .google.co.uk 21 years 3rd Party Unspecified NID .google.co.uk 6 months 3rd Party Unspecified NID .google.com 6 months 3 days 3rd Party Unspecified _ga .twitter.com 2 years 3rd Party Twitter Tracking _gid .twitter.com 1 day 3rd Party Twitter Tracking _twitter_sess .twitter.com When the browsing session ends 3rd Party Twitter Tracking ct0 .twitter.com 6 hours 3rd Party Twitter Tracking external_referer .twitter.com 1 week 3rd Party Twitter Tracking guest_id .twitter.com 2 years 3rd Party Twitter Tracking MUIDB bat.bing.com 2 years 3rd Party Bing Ad Tracking KHcl0EuY7AKSMgfvHl7J5E7hPtK .paypal.com 20 years 3rd Party Used when using Paypal payment method LANG .paypal.com 9 hours 3rd Party X-PP-ADS .paypal.com 1 year 3rd Party X-PP-K .paypal.com 1 month 3rd Party X-PP-SILOVER .paypal.com 30 minutes 3rd Party _ga .paypal.com 2 years 3rd Party consumer_display .paypal.com 2 years 3rd Party cookie_check .paypal.com 10 years 3rd Party feel_cookie .paypal.com 2 years 3rd Party login_email .paypal.com 6 months 3rd Party navlns .paypal.com 2 years 3rd Party s_pers .paypal.com 2 years 3rd Party ts .paypal.com 3 years 3rd Party tsrce .paypal.com 1 day 3rd Party ui_experience .paypal.com 6 months 3rd Party x-csrf-jwt .paypal.com 1 week 3rd Party x-pp-p .paypal.com 1 year 3rd Party x-pp-s .paypal.com When the browsing session ends 3rd Party 44907 www.paypal.com 3 months 3rd Party 47364 www.paypal.com 30 minutes 3rd Party AKDC www.paypal.com 30 minutes 3rd Party KHcl0EuY7AKSMgfvHl7J5E7hPtK www.paypal.com 20 years 3rd Party X-PP-SILOVER www.paypal.com 0 seconds 3rd Party X-PP-SILOVER www.paypal.com 0 seconds 3rd Party akavpau_ppsd www.paypal.com When the browsing session ends 3rd Party ectoken www.paypal.com Indefinitely 3rd Party nsid www.paypal.com When the browsing session ends 3rd Party xppcts www.paypal.com 5 minutes 3rd Party amazonagreement-6 www.walktall.co.uk 1 month 1st Party Used to control mailing preferences from the checkout amazonallow_mailshot www.walktall.co.uk 1 month 1st Party amazongdpr_mailshot www.walktall.co.uk 1 month 1st Party aw_pop* .www.walktall.co.uk 1 hour 1st Party Used when visiting the website to control alerts aw_popup_closed_* www.walktall.co.uk When the browsing session ends 1st Party current_popid www.walktall.co.uk When the browsing session ends 1st Party firstvisittime www.walktall.co.uk 99 years 1st Party session-set www.walktall.co.uk 20 years 1st Party at-acbuk .amazon.co.uk 20 years 3rd Party Used when using Amazon Pay payment method lc-acbuk .amazon.co.uk 19 years 3rd Party s_dslv .amazon.co.uk 3 years 3rd Party s_nr .amazon.co.uk 24 years 3rd Party s_vnum .amazon.co.uk 23 years 3rd Party sess-at-acbuk .amazon.co.uk When the browsing session ends 3rd Party session-id .amazon.co.uk 19 years 3rd Party session-id-time .amazon.co.uk 19 years 3rd Party session-token .amazon.co.uk 20 years 3rd Party ubid-acbuk .amazon.co.uk 20 years 3rd Party x-acbuk .amazon.co.uk 20 years 3rd Party x-wl-uid .amazon.co.uk 19 years 3rd Party session-id .amazon.com 19 years 3rd Party session-id-time .amazon.com 19 years 3rd Party session-token .amazon.com 20 years 3rd Party ubid-main .amazon.com 19 years 3rd Party x-wl-uid .amazon.com 19 years 3rd Party
You may ask us at any point not to share your information with 3rd Parties, by contacting us by email at firstname.lastname@example.org
If you wish to speak to someone over the phone regarding any issues, concerns or comments about this document, please call us on 01458 449020.
Alternatively, you can also write to our Data Officer at:
Jackie Bemmer, Data Officer,
Unit 5, The Tanyard,
It was last updated on 08/05/2018.