We respect your right to privacy. This notice sets out details about the personal data that we collect from you and how we may use your information.
In this policy and any linked notice, references to ‘us’, ‘our’ or ‘we’ are to the House of Commons. The Corporate Officer (Clerk of the House) is the Controller of any personal data processed as described in this Privacy Notice. The Data Protection Officer is the Head of Information Compliance.
If you have any questions about the use of your personal data, please contact us:
Telephone – 020 7219 4296
Post – IRIS Service, House of Commons, SW1A 0AA
Collection of your personal data
The personal data we are collecting and processing is:
Names, email address, shipping and billing postal address, payment method, company name, phone number, IP address, device data and photography.
Please note your payment details will be processed by our payment gateway provider Shopify Payments and we do not store or have access to these details.
Use of your personal data
We consider the purposes for the processing to be for the purpose of completing a transaction, verifying your credit card, placing an order, arranging a delivery or return of a purchase and the lawful basis to be:
- the processing is necessary to fulfil a contractual agreement between you and us (the purchase of items)
Details about the lawful basis for processing personal data can be found on the Information Commissioner’s Lawful Basis For Processing Page.
Sharing your personal data
We will only ever share your personal data with third parties for the purposes of fulfilling our contractual agreements with you (for example, delivering your products). Examples of third-parties include our product suppliers and delivery partners.
These service providers are acting as approved data processors on our behalf and the contracts we enter into with all such processors require them to comply with UK data protection laws, act only under our instruction, and ensure they have the appropriate controls in place to protect your information.
Storage and retention of your personal data
The retention period for the collection of this personal data is 3 years after last purchase after which the personal data will be disposed of securely.
Disclosure and security of your personal data
Our store is hosted on Shopify Inc who provide us with an online e-commerce platform, and your data is stored outside the EEA in the US. Shopify are signed up with the EU-U.S. Privacy Shield Framework.
All personal data you provide to the House of Commons will be stored securely, both physically and electronically, in accordance with our policies. We have an information security process in place to oversee the effective and secure processing of your personal data.
We will ensure you can exercise your rights in relation to the personal data you provide to us. These are as follows:
- Where we are relying on your consent to use your personal data, you can withdraw that consent or unsubscribe from our services at any time. Instructions are provided when we collect your data.
- You can request access to the personal data we hold about you at any time by contacting the Data Protection Officer whose contact details are found at the top of this notice.
- You can ask us to update your personal data if it changes. In certain circumstances, you can request we erase the personal data we hold, or ask us to stop or restrict processing if you have an objection.
- You can unsubscribe from marketing emails at any time by clicking the unsubscribe link at the bottom of each email, or by sending an email to firstname.lastname@example.org notifying us of your wish to unsubscribe.
- You can ask for a copy of your information in a machine-readable format to allow you to obtain and reuse your personal data for your own purposes across different services. (the right to data portability).
- If you have any privacy-related questions or unresolved problems relating to the use of your personal data, you may contact us to complain by contacting the Data Protection Officer whose contact details are found at the top of this notice.
- You also have the right to complain to the Information Commissioner’s Office, the supervisory authority, about our collection and use of your personal data. They can be contact at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, ico.org.uk.
Further details about your rights and the complaints process can be found on the Information Commissioner’s page for individual rights.
If you would like to: access, correct, amend, delete any personal information or opt-out of electronic marketing, please email email@example.com or telephone 020 7219 3890.