Canterbury Bears respects your privacy and will not sell or make available in any way your personal information except where specific permission has been given. This statement sets out the principles governing our use of your data:
Any details that you provide to us from which we can identify you are protected by the General Data Protection Regulation, May 2018. This framework is designed to protect your data in a networked world. GDPR requires that information gathering is carried out in a concise, informed and unambiguous way and your consent must be freely given. When you purchase a product from Canterbury Bears, our website records the purchase and your details (this does not include financial data such as information passed to paypal or credit card details). If you would like us to delete those details after purchase please contact us directly. Those details will not be used for marketing purposes unless you positively opt-in to our mailing list.
Our ‘sign-up forms’, both electronic and physical, are designed to ensure the user understands that they are signing up to communications which will include news from Canterbury Bears, and marketing campaigns. By signing up to the Canterbury Bears Database, individuals are agreeing that we have a lawful basis for collecting and processing personal data. Unless otherwise instructed we will hold this information for ten years, at which point you may be contacted to reconfirm your subscription.
By the definitions of GDPR Canterbury Bears is the ‘controller’ of your data, the organisation MailChimp is the ‘processor’ of your data. Subscribers personal details will be transferred to MailChimp, the applicable activities performed by MailChimp are: data collection through electronic sign up forms, storage of personal data in distribution lists and the transfer of personal data to certain of MailChimp’s sub-processors, who perform critical support for their services. Mailchimp’s servers and offices are located in the United States, so your information may be transferred to, stored, or processed in the United States. The legal ground for transferring personal data set out in the GDPR allows for an ‘adequacy decision’ – a decision by the European Commission that an adequate level of protection exists for personal data in the country, territory or organisation to which it is being transferred. A ‘Privacy Shield’ framework is one such example. MailChimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield Framework. They are committed to subjecting all Personal Information received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles.
GDPR also stipulates an individual’s ‘right to be forgotten’. To this end if you do not wish to receive any further emails from us please use the “unsubscribe” link found in all email communications. Alternatively email your unsubscribe request to us. Please allow a few days for the request to process.
For the avoidance of doubt, Canterbury Bears will not pass data to any third parties except to enable you to receive information you have requested to be sent to you by post or email.
Our site may link to other websites and we are not responsible for their data policies or procedures or their content.
If you are concerned about how your data is stored please contact us by email for further information; if you are not satisfied with our response you have the right to complain to the Information Commissioners Office.
When using Canterbury Bears website you consent to the collection and use of this information. If you do not wish to have this information collected please change your computer’s security settings to block cookies. However, blocking cookies may restrict access to the website.
We endeavour to take all reasonable steps to protect your personal data but by using our site you must accept the inherent security implications of dealing online over the internet and we are not responsible for any breach of security unless we have been negligent or in wilful default.