Privacy Policy

We take your privacy very seriously. The below policy explains how we use your information to ensure you and your orders are dealt with efficiently, without bias and giving you the best customer service we can offer.

What the Privacy Policy covers

We are committed to putting our costumers (you) first and therefore we are transparent on how we collect, use and protect your details. We at Shut Up And Fish Ltd are data controllers and are referred to in this policy as "we", "us" or "our".

Here’s a breakdown of what our Privacy Policy explains:

the data we collect and why;
how we use your data;
when and why we will disclose your data to other organisations;
why we process your data;
the rights and choices you have when it comes to your data;
how long we will hold your data for;
Data Breach and how we will respond, and;
how you can contact us.

What we collect and why

As a supplier of goods we ask for certain details (data) that enables us to function as a company in the completion of orders.

The data collected for customers and their orders is accessible by us so orders can be completed in a satisfactory manner.

Below are details (data) we collect and then hold on you:

Your contact name including the shipping contact name.
Your address/es, including billing and shipping address/es.
Your contact telephone number/s, including shipping contact telephone numbers
Your contact email address/es, including when consent is given, the delivery email address.
Your web address (if necessary).

We collect no personal data on you as a customer or in conjunction with your order. For card payments we process these in shopify payments and Paypal. No payment card details are stored by us.

Email addresses and/or mobile telephone numbers will only be entered on delivery instructions with your consent, as these are used by our courier networks to inform you when your delivery may be expected.

Your data and other organisations

The data we hold for each customer and their orders also enables us to enquire on your behalf when the goods ordered may have been lost in transit by the delivery company, incorrectly picked in the warehouse or arrive damaged. Where goods are lost or arrive damaged, the data we hold will be passed to the delivery services used. This typically means the delivery full name, delivery company name (if applicable), delivery address and items ordered. This is essential to complete investigations for errors to be rectified.

We treat all information we hold about buyers as private and confidential. We will not reveal any personal details or details concerning buyers’ orders to anyone not connected with us, unless:

a buyer asks us to reveal the information, or we have a buyer’s permission to do so
we are required or permitted to do so by law
it is required by law enforcement, fraud prevention or credit reference agencies

If you have given your consent to receive email marketing, only your email address will be used by a third party email service such as Mailchimp. No personal information is kept on this website as it is not required.

Your data will also be disclosed to legal authorities if required to do so by Law.

Why we process your data

We will only collect and use your data (as described above “What we collect and why” and “Your data and other organisations”) in accordance with data protection laws. Our grounds for processing your personal information are as follows:

Consent – Where necessary we will only collect and process your data if you have consented for us to do so in business operation or buying goods for sole use. For example, when you create an account with us for ordering purposes we will use your data to provide the services and goods as mentioned in “What we collect and why”. Company correspondence via email to you will only be made with your consent. We will never assume you want to receive emails of which an order is not associate. Our websites will ask you for specific permission to receive emails. Also our staff will ask you via the telephone if would like to receive emails and a record of consent is kept alongside customer data.

Legitimate Interests – We may use and process some of your details (data) where we have sensible and legitimate business reasons for doing so. Under European privacy laws there is a concept of "legitimate interests" as a justification for processing your data. Our legitimate interests for processing your data are:

to enable you to access and use our website for ordering goods at www.shutupandfish.co.uk.
to fulfil orders placed either online (websites listed above) or by email and telephone contact with our sales office.

Use of children’s personal information

We do not knowingly collect or store any personal information about children under the age of 16. If you are aged under 16 please get your parent’s or guardian's permission before you provide any personal information to us.

Your rights and choices

You have the following data rights under GDPR legislation which will apply from May 25th 2018:

To request the data we hold on you at any time, whereupon we can supply you the data in an easily accessible format and easy to read, within a month (30 day period).
To request your data to be deleted at any time which will be replied to within a 30 day period (month). The request for deletion of data must be made verbally or in writing along with an explanation as to why you have requested it.
To be informed of any changes we make to data we hold on you.
To rectify any data we hold on you.
To restrict processing of personal data we hold. This means that you have the right to request that we don’t use all or part of your data at your request when processing an order. If a request is made we aim to respond in a one month (30 day) period. In certain circumstances you can request a restriction of certain data and we cannot use this for processing orders, but we can still store your data. Any request can be made verbally or in writing. All requests are kept for policy and reference. In the case of legitimately lifting any data restriction, we will notify you prior to a restriction being lifted.
To have your data portable and its portability. i.e. if you want to use your data to share with someone else or another company. You also have the right to use our data for your own purposes. This is data portability. When asked we will supply that data to you in an easily readable format for use and within the space of one month (30 days). This data is supplied free of charge.
To object about the data we hold and how it used. This includes using your data for marketing, profiling and research purposes. In such cases verbal and written consent is always obtained prior to any material being sent out either in print or electronically.
To refuse to be subject to automated decision-making including profiling. This often refers to data being handled by non-human involvement. If we use any such profiling or automated decision making, you will be informed at the time so you can make the decision if you would like to take part or not. No assumed consent is taken and if no answer is given then no profiling or automated decision making will take place (unless under contract where such profiling or automated decision making forms part of the contract in the services agreed to).

We have the right to refuse or charge for requests that are manifestly unfounded or excessive. Upon refusal we will explain fully to you why the decision was made. If this does occur you have the right to complain to the supervisory authority (ICO - https://ico.org.uk/) and to a judicial remedy which will be dealt with in the period of one month (30 days).

How long we hold you data for

We store and use your data while your account is active and they will remain live as long as there is a current and regular transaction history associated with the account.

Data Breach and how we will respond

Any data breach will be dealt with immediately and if a breach occurs you will be notified at the time of the breach. If the breach will result in a risk to your rights and freedoms, the breach will be instantly reported to the ICO.

How to contact us

If you wish to contact us regarding any Privacy Policy concerns or issues, then call 01172300799 9am – 5pm Monday to Friday and speak with customer services, or email info@shutupandfish.co.uk.

Compiled by Shut Up And Fish Ltd – 16th May 2018.