- Who we are
- What data we collect from you
- Why we need it
- How we use it
- Who we share it with
- How you can see the data, amend the data or have it deleted.
Who we are
Exhibit is a business at web address https://exhibitstore.co.uk, and a physical address in Ballymena, Northern Ireland.
What personal data we collect and why we collect it
Exhibit collects data from you when you contact us, sign up to our mailing list or place an order. When we process an order we require your first & last name, country of residence (defaulted to the UK), billing address, phone number and email address. If your shipping address is different to your billing address, you will be asked to provide it also. We also provide an option to create an account for easier shopping. If you choose to create an account, we require you to create a password.
This data ensures we can send your order to the right address, in an acceptable time frame. We also collect your contact details incase we have a problem with your order, or to contact you with confirmation and dispatch notices. If your order is delivered by a courier we provide your phone number to the courier company, to help with delivery.
When we process a payment we require your DEBIT/CREDIT number, expiry date and your CVC code. This enables Stripe (our payment processor) to process your payment. We use a secure HTTP protocol called HTTPS to transfer your payment details over the internet. This is the industry standard for sending encrypted data over the internet. When you place a payment, your card data is encrypted and sent to the Stripe’s servers, where it is decrypted and the payment is processed. Exhibit never sees your payment information and we cannot access your payment details. You can read Stripe’s privacy report at https://stripe.com/gb/privacy.
Who we share your data with
Other than the above company, Exhibit will not share your order details with anyone outside of Exhibit and we are committed to only working with companies who have a strict GDPR policy.
How long we retain your data
We are committed to not holding your data longer than necessary. Your order data such as your name, address and contact details along with the details of what you ordered are held for 6 years in accordance with UK law. If you have not requested your data be deleted before then, it will be deleted after 6 years.
We never keep nor see your payment card details.
If you sign up to our mailing list, your email will remain on the list until you unsubscribe.
If you contact us by contact form, email or by writing, we will keep the information you supply for as long as necessary to deal with your request.
What rights you have over your data
If you have an account on this site, you can request to receive an exported file of the personal data we hold about you, including all data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
As someone who provides us data, your rights over your data include:
1. Right of access
2. Right to challenge accuracy of data held on you
3. Right to object to the use of your personal information
4. Right to object to direct marketing
5. Right to restrict use of your personal information
6. Right to erasure of your data
7. Right to withdraw your consent for us to use your data
If you have a data protection question or would like to assert any of your rights over your data, please email the Exhibit data protection officer at firstname.lastname@example.org and we will reply promptly. Alternatively you can write to us at:
5 Millennium Park,
Data breach procedures
In the case of a data breach, it is now the law that we contact those affected as soon as possible. In the unlikely event of a data breach we will contact users within one working day to inform them that their data may have been accessed by someone else. We do everything possible to stop this from happening.