Dragons Den Winners
Sign up for exclusive email offers

Security and privacy

Magic Whiteboard Limited is fully General Data Protection Regulation compliant as of 21st May 2018.

A picture

Security

We want you to be confident about ordering online and use secure socket layer (SSL) technology to ensure that your details are safe and that the information you provide is fully encrypted so that it cannot be read by third parties. When in the payment pages your browser will confirm that you are shopping in a secure environment by showing a locked padlock icon or an image of a key in the bar at the base of your screen.

At Magic Whiteboard, we take security very seriously and our webpage is safe and secure.

Your browser will go into secure mode as soon as you access the 'checkout' or 'login' pages, i.e. before you enter any personal or payment details. You can check that you are shopping in a secure environment by looking for either a locked padlock or a key icon in the grey bar at the bottom of your screen.

Being in 'secure mode' means that all of your details are encrypted to help keep them secure. Encryption creates billions of code combinations to protect each transaction made on our site, so your card details cannot be viewed by anyone else using the Internet. If you are using one of the more recent browser versions, our site supports 128 bit encryption and therefore keeps your details as safe as possible at all times.

We only accept orders that are placed using Secure Socket Layer (SSL). This technology prevents you from inadvertently revealing personal information using an insecure connection. During payment, we also ask for your card billing address as an additional security check. New security checks like the card signature code have recently been introduced to protect your credit card details online.

No credit or debit card details are stored once your order has been processed. This is why you can save your favourite delivery address but need to enter your card details each time you order.

We recommend that you always close down your Internet browser when you have finished shopping online, especially if you use a shared PC. This will delete temporary Internet cookies from any sites that you may have visited.

Privacy statement

We have created this privacy statement in order to demonstrate our firm commitment to your privacy.

We will collect and store the personal data you give to us whilst using our website e.g. when you place an order or enter a competition. The type of information we collect includes your name, address, telephone number, e-mail address and order details.

We collect and store this information to allow us to fulfil your orders and to occasionally send you special offers and product information. Your details may also be forwarded securely to our delivery and payment partners in order to fulfil each order. Data collected will not be passed on to any other third parties. Magic Whiteboard do not store any credit card details. Any data stored is kept in accordance with the European General Data Protection Regulation (GDPR).

Individuals registering their details or subscribing to our special offers do so on the understanding that they are aware of the intended purposes for the collection of their data. An option to opt-out will be given using an unsubscribe link in any newsletters we send you.

Magic Whiteboard may send you emails from time to time but we would never send an email asking for your security information or log on details, or direct you to a web page that asks for this information.

If you receive an email that appears to be from Magic Whiteboard that you suspect is fraudulent, do not click on any links contained within the email or provide any credit card or log on details.

In addition to the information that you supply to us, information and data may be automatically collected through the use of cookies. Cookies are small files stored within your web browser from our website. Cookies are widely used on the internet. They do not collect personal information about you, nor do they allow us to access your computer in any way. We use tracking cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs.

Links to other websites

Our website may contain links to other websites or services. You should note that we are in no way responsible for the content or privacy policies of these websites.

1. What personal data do we collect?

The personal data we collect from you directly can include your name, email address, mobile/landline telephone number, address, your purchasing activity, your credit, or debit card or other payment information (this is collected by our payment provider Sage Pay we do not store credit or debit card details), and information you give us when you contact our customer services team, when you engage with our social media platform.

If you are using a mobile device and shopping with us online or browsing our website, we may collect your IP address or other device identifier, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other portable device information.

2. When do we collect your personal data?

  • When you purchase products and services from us online or over the phone
  • When you contact our customer services team in store, online or over the phone
  • When you engage with us on social media (by mentioning/tagging us or by contacting us directly)

3. How do we use your personal data and what are our legal justifications for doing so?

To make our products and services available to you

We use your personal data to provide you with the information, products and services that you request or purchase from us (i.e. to complete certain tasks, processes or orders on our website or within our apps, take payment online (where applicable) and deliver your products or services), and to communicate with you regarding those products and services that you purchase from us and respond to your questions and comments;

We rely on our contractual arrangements with you as the lawful basis on which we collect and process your personal data when you make an order for products and services. Alternatively, in some cases, we rely on our legitimate interests as a business (for example, to measure customer satisfaction and troubleshoot customer issues). Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.

For administrative and internal business purposes

We may use your personal data for our internal business purposes, such as enhancing our site, improving our services and products and identifying usage trends. We may also use your data to monitor the use of our website and ensure that our website is presented in the most effective and relevant manner for you and your device and setting default options for you (such as language and store location);

It is in our legitimate interests as a business to use your personal data in this way. For example, we want to ensure our website is customer friendly and works properly and that our products and services are efficient and of high quality. We also want to make it easy for you to interact with us. Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.

For security and legal reasons

We use your personal data to:

  • ensure the personal and financial information you provide us is accurate;
  • conduct fraud checks or prevent other illegal activity;
  • protect our rights or property (or those of others); and
  • fulfil our legal and compliance-related obligations.
 

In some cases we will use your personal data because it's necessary for us to comply with a legal obligation (such as if we receive a legitimate request from a law enforcement agency). In other cases (such as the detection of fraud) we will rely on our legitimate interests as a business to use your personal data in this way. Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.

To personalise your shopping experience and improve our operations

We use your personal data to:

  • allow you to create a profile on our website which enables you to purchase products and services online without having to fill in your personal data every time you shop online with us;
  • provide you with marketing material via SMS and email;
  • analyse how you shop and what you shop for. This may include information on products you have viewed, historical transactions and products you have added to your online basket. This allows us to provide a browsing experience which is relevant to you.

It is in our legitimate interests as a business to use your data in this way and we do this in order to enhance your shopping experience with us. This allows us to help you find the products and services which you may be looking for and avoids you having to browse through products or services which are not relevant to you.

4. Who do we share your personal data with?

We will never sell any of your personal data to a third party. However, in order for us to provide our services to you, we share your personal data with our trusted third party service providers or our group companies, as detailed below. Whenever we share your personal data, we put safeguards in place which require these organisations to keep your data safe and to ensure that they do not use your personal data for their own marketing purposes.

Third party service providers

To fulfil orders for products and services

We work with a number of trusted service providers who carry out services on our behalf. When you purchase products and services from us, the services provided by these organisations includes delivery and processing payments. It is in our legitimate interests as a business to work with these service providers since we may not have the capabilities to provide these services ourselves. In each case, we will ensure that the service provider is only allowed to use your personal data in order to provide the services to us and for no other purpose.

5. Your rights

You have a number of rights relating to your personal information and what happens to it. You are entitled to:

  • have your data processed in a fair, lawful and transparent way;
  • be informed about how your personal data is being used, an example being this privacy policy;
  • access personal data we hold about you;
  • require us to correct any mistakes in your personal data;
  • require us to delete personal data concerning you in certain situations where there is no good reason for us to continue to process it;
  • request that we transfer your personal data to you or another service provider in a simple, structured format;
  • object at any time to processing of your personal data for direct marketing purposes;
  • object to automated decision making which produces legal effects concerning you or similarly significantly affects you;
  • object in certain other situations to our continued processing of your personal data; and
  • otherwise restrict or temporarily stop our processing of your personal data in certain circumstances.

6. Changing your preferences

If you no longer wish to be contacted by us about our products or services, or for other marketing purposes, you can amend your preferences or unsubscribe by emailing us. Alternatively, if you have a profile on the Magic Whiteboard website, you can unsubscribe by logging into your account, or simply follow the unsubscribe link provided in emails you receive from us.

We want to ensure that all the information we have about our customers is factually correct and up to date. If you find that the personal data we have about you is inaccurate or needs updating (for instance, you may have changed your name or address) then please contact us so that we can correct it. If you have created a profile on the Magic Whiteboard website, you can change the details stored about you by logging into your account.

7. Security and retention of your personal data

Security of your personal data

We take the security of your personal data very seriously. We have implemented various strategies, controls, policies and measures to keep your data secure and keep these measures under close review. We protect your data by using encryption techniques and we use other safeguards such as firewalls and password protection. This means that your data is protected and only accessible by co-workers who need it to carry out their job responsibilities. We also ensure that there are strict physical controls in our buildings which restricts access to your personal data to keep it safe.

Retention of your personal data

In broad terms, we will only retain your personal data for as long as is necessary for the purposes described in this Privacy Policy. This means that the retention periods will vary according to the type of the data and the reason that we have the data in the first place.

We have procedures in place regarding our retention periods which we keep under review taking into account our reasons for processing your personal data and the legal basis for doing so.

8. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make significant changes we will let you know but please regularly check this policy to ensure you are aware of the most updated version.

This Privacy Policy was last updated on 21th May 2018.

Magic Whiteboard is fully General Data Protection Regulation compliant as of 21st May 2018.

Background

The General Data Protection Regulation 2016 (‘GDPR’) comes into full effect on 25 May 2018. Its purpose is to protect the “rights and freedoms” of natural persons (i.e. living individuals) and to ensure that personal data is not processed without their knowledge and, wherever possible, that it is processed with their consent.

The GDPR applies to the processing of personal data wholly or partly by automated means (i.e. by computer) AND to the processing other than by automated means of personal data (i.e. paper records) that form part of a filing system or are intended to form part of a filing system.

Our Commitment

We are committed to compliance with all relevant EU and Member State laws in respect of personal data, and the protection of the rights and freedoms of individuals whose information we collect and process in accordance with the General Data Protection Regulation (GDPR). Ongoing compliance is embedded into the fabric of Magic Whiteboard Limited.

Our Current Position

As a result of our own assessment and the independent inspections that we have undergone, we are confident that our systems and operations are fully compliant with current Data Protection Act legislation and that we are already compliant with the GDPR.

How we ensured compliance

To ensure that we were fully GDPR compliant well in advance of the ‘go live’ date of 25 May 2018 we undertook a comprehensive, structured programme of work including:

  • A GDPR gap analysis on all of our policies, procedures, work instructions and records;
  • A formal review of how GDPR impacts on all of our products and services;
  • Implementation of a GDPR Compliance Framework;
  • An assessment of the potential impact of GDPR on our customers;
  • Gaining confirmation from our suppliers regarding their commitment to GDPR;
  • Review of our processes, procedures and contracts by a qualified solicitor with expertise in data protection legislation;
  • A training and development programme for every member of our team.

Copyright ©

The contents of this site are owned or registered to Magic Whiteboard Limited and can only be used or reproduced strictly by permission. Unlawful reproduction may result in legal action.
 
If you have any comments, questions, or complaints relating to our Security & Privacy Statement please email sales@magicwhiteboard.co.uk