This policy is designed to provide you with information about how we use the personal data and information that you provide to us during your use of the www.chillblast.com website (the “Site”) and any related communication between us.
We are Decision Logic Limited trading as Chillblast, a company incorporated in England with company number 07450324 (“we” “us” or “our”). Our registered address is Unit 28, Upton Industrial Estate, Factory Road, Poole, BH16 5SL. We are the data controller.
What information do we collect from you?
We will collect and process the following data about you:
Opening an account, placing an order and managing your account
- Information provided by you to us when opening an account and placing an order with us. This information will include your name, delivery address, billing address, e-mail address, telephone number and unique identifiers (such as your password). Passwords are hashed so they are not visible to us.
- Information relating to orders you have placed with us and payments to and from you.
Using our website
- Information that we automatically receive and record from your browser or your mobile device when you visit our Site, such as your IP address or unique device identifier, the cookies you accept and data about which pages you visit.
- Device-specific information that we may automatically collect when you use our Site. This information may include information such as the hardware model, operating system information, browser information and device identifiers.
- Information about how you use our Site.
- Information that you provide us with if you enter a competition or other promotional feature on our Site, such as name, address, e-mail address, telephone number and country of residence.
- Records of any correspondence we have with you. We may monitor or record any communications we have with you, including phone calls and emails.
How do we use this information?
We use information about you in the following ways:
Opening an account, placing an order and managing your account
- To open your account on our Site and maintain your records
- To process your order and arrange delivery or collection of your products
- To contact you in relation to your order
- To process payments from you or to you
- To respond to your requests and queries
- To check that your payment card is not being used without your consent
- Asking you to leave a review of our service.
Ensuring the Quality of our Service & Effectiveness of our Site
- To help train our staff and improve our customer service.
- To ensure that content from our Site is presented in the most effective manner for you and for your device.
Marketing & Competitions
- To make suggestions and recommendations to you about products that may be of interest to you or to make you aware of special offers or promotions . This may be via the Site, or by email, SMS, telephone, social media or post.
- To telephone you to check if you need any help with your orders.
- To run competitions and to contact you if you are the winner.
- If you are on a social media platform, we may use the contact details we collected from you when you set up your account and/or placed an order and combine this with information which the social media platform holds. We will do this so that we can find your social media platform account. We may then contact you or market to you via the platform.
Internal Business Purposes
- For internal purposes, such as website and system administration.
- To carry out data analytics, including which parts of our Site you visit in order to improve our Site, for marketing purposes and to improve our customer experience.
- To comply with our legal and regulatory obligations, including for crime and fraud prevention purposes.
On what basis are we entitled to process your data?
We will only use your personal data when the law allows us to. Data protection law sets out a number of different legal grounds upon which data controllers can legally process personal data.
In most cases, we process your data in order to take steps at your request before entering into a contract with you, or because the processing is necessary to perform our contract with you.
If the processing is not related to your contract, we will process your information on one of the following bases:
- You have given clear consent for us to process your personal data.
- Our legitimate interests, which include:
- developing our products and growing our business
- carrying out data analytics to help us predict future market trends and customer behaviour
- to improve our Site and your experience of using it, including customising your experience
- to understand the types of products that you are interested in
- to develop our business and inform our marketing strategy
- to run our business, administer our Site and ensure its security
- to prevent fraudulent purchases on our Site
- to improve service quality and compliance.
In accordance with data protection law, we make sure we consider and balance any potential impact on you and your rights before we process your data for our legitimate interests. If the potential impact on you and your rights overrides our legitimate interests, we will not process your data, unless we are able to do so using a different legal basis.
- Where the processing is necessary to comply with our legal obligations, a court order or to exercise or defend legal claims.
How long we will keep your data for?
We will provide you with phone and email support for the lifetime of your PC. To do this, we will need to keep details of you and your order, so we can retrieve these details if you contact us. So that we don’t keep your data indefinitely, we will keep your personal data for a maximum of 12 years. After 12 years, the only information that we will retain is information to enable us to identify the PC as one that we have manufactured. Our customer database is cleansed annually and all customer data that is no longer required is deleted.
Who do we disclose your information to?
Our service providers
- our authorised repairer Mendit Computer Repairs Limited
- our payment services providers
- third party payment providers who are integrated into our Site. When you pay using one of these methods e.g. Paypal, you are redirected to the provider’s portal. Your use of these services is subject the terms and conditions and the privacy policies of these payment providers. This includes where you choose to pay by finance.
- providers of IT security services
- providers of customer support software
- providers of internet based telephony services
- third party databases, against which we will validate your details in order to verify your identity and prevent fraud. To perform these checks your personal information may be disclosed to a registered Credit Reference Agency, which may keep a record of that information. This is done only to confirm your identity, a credit check is not performed and your credit rating will not be affected.
- providers of delivery services, such as Royal Mail and DPD
- email services providers
- providers of competitions platform and virtual agents
- to TrustPilot, to enable you to rate your purchase experience with us where you agree to do so.
Other third parties
We may provide your information to the manufacturer of any peripherals you have bought, so that they can repair it under warranty. Usually however we will provide you with the manufacturer’s contact details, so you can contact them directly.
On occasion, if we do not have items in stock, we may ask our supplier to send your items to you directly. In that case, we will need to provide them with your order and delivery details.
We may disclose your personal information to any member of our group, which means our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may also disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- You request or authorise the disclosure of information to a third party.
- If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers is likely to be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation.
Do we transfer your data outside of the UK?
Some of our external third party suppliers or service providers are based outside of the UK, so their processing of your personal data may involve a transfer of data outside the UK.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
- Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
As a data subject, you have the following rights:
- The right to request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- The right to require the correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
- The right to request erasure of your personal data (commonly known as “the right to be forgotten”). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it or where you have withdrawn your consent and there is no other legal ground for us to process the data.
- The right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
- The right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data's accuracy.
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- The right to object to the processing, on grounds relating to your particular situation, where we are relying on a legitimate interest (or those of a third party). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
- In limited circumstances, you may have the right to request to receive personal data in a structured, commonly used and machine-readable format. You have the right to transmit the data in this format to another data controller.
If you have any questions about how we use your personal data or if you’d like to exercise any of your rights, please contact us. You can get in touch by emailing us at firstname.lastname@example.org or by post at Data Protection, Unit 28 Upton Industrial Estate, Factory Road, Poole, BH16 5SL .