Privacy & Cookie Policy

CASTELLO INTERIORS LIMITED

PRIVACY AND COOKIES POLICY

Castello Interiors Limited (“we“, “us”) is committed to protecting and respecting your privacy. This Privacy and Cookies Policy (“Policy”) (together with and any other documents referred to therein) sets out the basis on which the personal data collected from you, or that you provide to us will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purpose of the General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018 the Data Controller is Castello Interiors Limited, whose registered office is 4 King Street, Spennymoor, County Durham, DL16 6QG.

YOUR PERSONAL INFORMATION

Information we collect from you

We collect and process some or all of the following types of information from you in the course of your use of www.castellointeriors.co.uk (the “Website”) or providing our services:

Information that you provide by filling in forms on the Website or filing in forms as part of creating a Website account. This includes information provided at the time of creating a Website account, making a purchase as a guest buyer, or requesting further information or services. We may also ask you for information when you report a problem with the Website.

Specifically, personal details such as name, email address, postal address, or any information input by you when using our Website, or completing our survey forms.

We do not collect payment information. Payments are made through Stripe and Klarna, please read their privacy policies for further information on how your personal data is used. We are not responsible for their privacy policies.

If you contact us, we may keep a record of that correspondence.

We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.

Technical information such as details of your visits to the Website including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources that you access.

This Website is not intended for children and we do not knowingly collect data relating to children.

We do not collect any special categories of data about you (ie information about your race or ethnicity religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

The provision of your name, phone number, email address and postal address is required from you to enable us to perform our obligations under a contract with you (such as a contract to purchase goods from our website). We will inform you at the point of collecting information from you, whether you are required to provide the information to us.

LINKS TO THIRD PARTY WEBSITES

This Website may include links to third-party websites, plug-ins and applications, such as (but not limited to) Facebook, Instagram, Snapchat and TikTok. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

USES MADE OF YOUR INFORMATION

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity	Type of data	Lawful basis for processing including basis of legitimate interest
To register you as a new customer	Contact details	Performance of a contract with you
To process and deliver your order including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us	Payment information, contact details	(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or take a survey	Contact details	(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	Contact details, technical information	(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you	Contact details, technical information and marketing preferences.	Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences	Technical information	Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you	Contact details and marketing preferences	Necessary for our legitimate interests (to develop our products/services and grow our business)

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Marketing

In addition to the above uses we may use your information, to notify you about goods or services which may be of interest to you. Where we do this, we will contact you by electronic means (ie e-mail) only if you have consented to such communication. If you do not want us to use your data in this way please either (i) tick the relevant box situated on the form on which we collect your data (for example, the website registration form); (ii) unsubscribe from our electronic communications using the method indicated in the relevant communication; or (iii) inform us at any time by contacting us at the contact details set out below.

DISCLOSURE OF YOUR INFORMATION

We routinely disclose your personal data to third parties as follows:

We may pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example, to our suppliers and courier companies to send our products to you).

We may disclose your personal data to any member of our corporate group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (where applicable).

We may also disclose your personal data to third parties:

in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; or

if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets; or

if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Website Terms and Conditions and other agreements; or

to protect our rights, property, or safety or that of our affiliated entities and our users and any third party we interact with the to provide the Website; or

in relation to selected third parties only, only to the extent that you have consented to such selected third parties notifying you about certain goods or services, which may be if interest to you.

Other than as set out above, and save insofar as is necessary in order for us to carry out our obligations arising from any contracts entered into between you and us, we will not share your data with third parties unless we have procured your express consent to do so.

STORING YOUR PERSONAL DATA

Security

We take appropriate measures to ensure that any personal data are kept secure, including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. Where you have chosen (or we have provided you with) a password which enables you to access certain parts of the Website, you are responsible for keeping this password confidential.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Keeping your personal data up to date

If your personal details change you may update them by accessing the relevant page of the Website, or by contacting us using the contact details below. If you have any questions about how we use data collected which relates to you, please contact us by sending a request by email to the contact details below.

We will endeavour to update your personal data within seven (7) working days of any new or updated personal data being provided to us, in order to ensure that the personal data we hold about you is as accurate and up to date as possible.

How long we keep your personal data

We will hold personal information associated with a Website account (eg name, address and contact details) for 6 years from the last transaction made by the Website account.
Where you check out as a guest, we will hold personal information associated with that transaction for 6 years as required by UK tax law.
Where you subscribe to any newsletter, we will hold your personal information for the duration of your subscription (so we can send you our newsletter), and for 6 years after you have unsubscribed (to ensure we don’t contact you again).

Where we store your personal data

All information we hold about you is stored on our secure servers in the UK.

The data that we collect from you may be transferred to, and stored at, a destination outside the United Kingdom and/or the European Economic Area (“EEA”). It may also be processed by staff operating outside the United Kingdom and/or EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your orders, the processing of your payment details and the provision of support services.

In the event we transfer your personal data to a country without an adequacy decision from the United Kingdom, any such transfer will be subject to standard contractual clauses approved by the United Kingdom’s Information Commissioner’s Office and any other appropriate safeguards which may be applicable to such transfers.

If you would like further information please contact us (see ‘Contact’ below).

YOUR RIGHTS

Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:

access to your personal data and to certain other supplementary information that this Policy is already designed to address
require us to correct any mistakes in your information which we hold
require the erasure of personal data concerning you in certain situations
receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
object at any time to processing of personal data concerning you for direct marketing
object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
object in certain other situations to our continued processing of your personal data
otherwise restrict our processing of your personal data in certain circumstances
claim compensation for damages caused by our breach of any data protection laws.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

email, call or write to us
let us have enough information to identify you (for example any reference number associated with your Website account, order number, email address)
let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
let us know the information to which your request relates, including any order or reference numbers, if you have them

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

HOW TO COMPLAIN

We hope that we can resolve any query or concern you raise about our use of your information.

The General Data Protection Regulation and the UK GDPR also give you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state or the UK where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.

CHANGES TO OUR PRIVACY POLICY

We reserve the right to modify this Policy at any time. Any changes we may make to our Policy in the future will be notified and made available to you using the Website. Your continued use of the services and the Website shall be deemed your acceptance of the varied privacy policy.

INFORMATION ABOUT OUR USE OF COOKIES AND IP ADDRESSES

We may collect information about your mobile phone, computer or other device from which you access the Website including where available your IP address, operating system and browser type, for systems administration and to report aggregate information to third party affiliates such as Google Analytics. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. We may, however, use such information in conjunction with the data we have about you in order to track your usage of our services.

Our Website uses cookies to distinguish you from other users of our Website. This helps us to provide you with a good experience when you browse our Website and also allows us to improve the Website. By using our Website you agree to our use of cookies as more specifically set out below.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

The cookies we use include:

“Analytical” They allow us to recognise and count the number of visitors and to see how visitors move around the Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.

“Strictly necessary” cookies. These are cookies that are required for the operation of our Website. They include, for example, cookies that enable you to log into secure areas of our Website, use a shopping cart or make use of e-billing services.
“Functionality” cookies. These are used to recognise you when you return to our Website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
“Targeting” cookies. These cookies record your visit to our Website, the pages you have visited and the links you have followed to our affiliates’ websites. We will use this information to make our Website, offers e-mailed to you and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

You can find more information about the individual cookies we use and the purposes for which we use them in the tables below:

WooCommerce Cookies	Purpose	More information	Duration
woocommerce_cart_hash woocommerce_items_in_cart	These cookies enables us to determine when shopping cart contents/data changes.	These cookies are strictly necessary cookies. Further information can be found: https://woocommerce.com/ document/woocommerce-cookies/	session
wp_woocommerce_session_	This cookie contains a unique code for each customer so that it knows where to find the shopping cart data in the database for each customer.		2 days
woocommerce_recently_viewed	Powers the Recent Viewed Products widget.	These cookies are required for functionality of the website. Further information can be found: https://woocommerce.com/ document/woocommerce-cookies/	session
store_notice[notice id]	Allows customers to dismiss the Store Notice.		Session
woocommerce_snooze_suggestions__[suggestion]	Allows dashboard users to dismiss Marketplace suggestions, if enabled.		2 days
woocommerce_dismissed_suggestions__[context]	Count of suggestion dismissals, if enabled.		1 month
tk_ai	Stores a randomly-generated anonymous ID. This is only used within the dashboard area and is used for usage tracking, if enabled.		session

We use Google Analytics and Google Ads to collect statistical data including how many times our website has been visited, and how you found our website. Further information is available at: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Google Analytics and Ads	Purpose	Duration
_ga	Used to distinguish users.	2 years
_gid	Used to distinguish users.	24 hours
_gat	Used to limit the amount of requests in order to maintain website performance.	1 minute
AMP_TOKEN	Contains a token that can be used to retrieve a Client ID from AMP Client ID service.	30 seconds to 1 year
_gac_<property-id>	Contains campaign related information for the user.	90 days
_utma	Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics.	2 years from set/update
_utmt	Used to throttle request rate.	10 minutes
_utmb	Used to determine new sessions/visits.	30 mins
_utmz	Stores the traffic source or campaign that explains how you reached our site.	6 months
_utmv	Used to store visitor-level custom variable data.	2 years
_ga_<container-id>	Used to persist session state	2 years
_gac_gb_<container-id>	Contains campaign related information for the user.	90 days

We also use the default cookies deployed by social media platforms TikTok, Facebook and Snapchat for marketing, advertising and analytics.

Other Third Party Cookies	Purpose	More information	Duration
S_v_web_id Webapp_launch_mode	To record if user has seen embedded content.	TikTok https://cookiedatabase.org/service/tiktok/	session
MONITOR_WEB_ID			3 months
Tt_webid Tt_webid_v2 Ttwid			1 year
Csrf_session_id Tt_csrf_token	To provide protection against hackers.		session
_abck	To provide protection against hackers.		1 year
Webapp_session_id	stores a unique session ID, store and track visits across websites		session
Snapchat sc_at	Used to identify a visitor across multiple domains.	https://snap.com/en-GB/privacy/cookie-information	1 year
Facebook _fbc	Stores when you last visited site.	https://cookiedatabase.org/cookie/facebook/_fbc/	2 years
Facebook _fbp	Stores and tracks visits across website.	https://cookiedatabase.org/cookie/facebook/_fbp/	3 months

Please note that the Website may include links to third parties affiliates who may also use cookies, over which we have no control.

Cookies which are strictly necessary for the core functionality of the website are enabled by default, and set automatically at the point you access the website.

Any cookies which are not strictly necessary for the functioning of the website will not be set unless you expressly consent to them through the cookie banner by clicking “accept”.

You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of the Website.

CONTACT

All questions, comments and requests regarding this Privacy and Cookies Policy should be addressed to [email protected] or write to us at 4 King Street, Spennymoor, County Durham, DL16 6QG.