Last Updated: 25 May 2018
My Wooden Railway Ltd (“We”) are committed to protecting and respecting your privacy.
The purpose of this policy is to explain to you how we control, process, handle and protect your personal information while browsing or using this website, including your rights under current laws and regulations. If you do not agree to the following policy you may wish to cease viewing / using this website.
Policy key definitions:
- “I”, “our”, “us”, or “we” refer to the business, My Wooden Railway Ltd.
- “you”, “the user” refer to the person(s) using this website.
- GDPR means General Data Protection Act.
- PECR means Privacy & Electronic Communications Regulation.
- ICO means Information Commissioner’s Office.
- Cookies mean small files stored on a users computer or device.
This policy only applies to our site. If you leave our site via a link or otherwise, you will be subject to the policy of that website provider. We have no control over that policy or the terms of the website and you should check their policy before continuing to access the site.
Processing of your personal data
Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases.
We are registered with the ICO under the Data Protection Register, our registration number is: ZA333901.
Unless otherwise defined, we only process your personal data for accounts and records, advertising, marketing, PR or staff administrator (where applicable) purposes;
We use the contract lawful basis under the GDPR for the processing of your information to provide you with the fulfilment of any products that are bought from us via our ecommerce website or marketplace store, for example our eBay Shop. We shall process your information until the contract between us ends or is termination under any contract terms. Your personal data under the contract lawful basis is is shared with third parties for the purposes of fulfilling the service and delivery of goods, such as payment platforms including PayPal, ecommerce platforms including eBay, and delivery services and tracked couriers such as MyHermes, Royal Mail and Parcel Force.
We use the consent lawful basis under the GDPR for the processing of your information when you explicitly consent to our email mailing list. Your information is used to send marketing messages with the scope outlined to you at the point of subscription. We collection the following information from you;
- Your email address
- Your First Name and Last Name (if provided)
- Time and date you subscribed
- Your consent to marketing email communications
- Your consent to use your email for customised online advertising (if provided)
You can unsubscribe or manage your personal information at any time through an online system, which you will find links to in any subscription confirmation email or marketing message we sent to you since. We will continue to process your information until you withdraw consent or it is determined your consent no longer exists. Your personal data under the consent lawful basis is shared with our Email Service Provider and where opted in, third parties that allow for your email address or hashed formats such as MD5 and SHA-256 to be used for customised online adverising. An example could be to reach you via a custom audience when you are on Facebook, Twitter, or Google.
We use the legitimate interests lawful basis when we, or a third party, will need to process your personal data for the purposes of our (or a theist party’s) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your personal data protected. Our legitimate interests include responding to requests and enquiries from you or a third party, optimising our website and customer experience, informing you about our products and services and ensuring that our operations are conducted in an appropriate and efficient manner.
We use the legal obligation lawful basis for compliance when we are subject to certain legal requirements which may require us to process your personal data. We may also be obliged by law to disclose your personal data to a regulatory body or law enforcement agency.
We may collect and process the following data about you:
- Information that you provide by filling in forms on our site https://www.mywoodenrailway.com (our site). This includes information provided at the time of registering to use our site, subscribing to our service or requesting further services. We may also ask you for information when you report a problem with our site.
- If you contact us, we may keep a record of that correspondence.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
We may disclose your personal information to third parties in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
Your individual rights
Under the GDPR your rights are as follows. You can read more about your rights in details here;
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making including profiling.
You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
We may collect information about your computer, including where available your I.P. address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual and we will not collect personal information in this way.
Cookies enable us:
- To estimate our audience size and usage pattern.
- To store information about your preferences, and so allow us to customise our site according to your individual interests.
- To speed up your searches.
- To recognise you when you return to our site.
Some cookies are required to enjoy and use the full functionality of this website.
Cookies that we use are;
- Google Universal Analytics; _ga, _gat, _gid
- YouTube; DSID, IDE, PREF, VISITOR_INFO1_LIVE, YSC
- DoubleClick.net; IDE
- Vine.co; IDE, _utma, _utmc, _utmz
- MailChimp (List-Manage.com); _AVESTA_ENVIRONMENT
All of the major browsers offer tips and guidance for managing the cookies available on your browser. There are also lots of different third party browser plug-ins and extensions available which you can download to make it easier to see and control your cookies.
You can find out more about internet advertising by visiting the following websites: www.allaboutcookies.org, www.yourchoicesonline.eu, and www.networkadvertising.org. Some of these sites enable you to opt out of online behavioural advertising and other tracking cookies (in addition to the control settings on your browser).
Data security and protection
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.
An example of this, is our EMS, email service provider, MailChimp, who operate under the US-EU Privacy Shield framework, and we have a Customer EU Data Processing Addendum as part of our agreement.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Transparent Privacy Explanations
We have provided some further explanations about user privacy and the way we use this website to help promote a transparent and honest user privacy methodology.
Sponsored links, affiliate tracking & commissions
Clicking on any adverts, sponsored or affiliate links may track your actions by using a cookie saved to your device. You can read more about cookies on this website above. Your actions are usually recorded as a referral from our website by this cookie. In most cases we earn a very small commission from the advertiser or advertising partner, at no cost to you, whether you make a purchase on their website or not.
We use advertising partners in these ways to help generate an income from the website, which allows us to continue our work and provide you with the best overall experience and valued information.
If you have any concerns about this we suggest you do not click on any adverts, sponsored or affiliate links found throughout the website.
Email marketing messages & subscription
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the “Processing of your personal data” above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences, otherwise contact the EMS provider.
Resources and further information
- Overview of the GDPR – General Data Protection Regulation
- Privacy and Electronic Communications Regulations 2003
- The Guide to the PECR 2003
If you have any enquiries or if you would like to contact us about our processing of your personal information, including to exercise your rights as outlined above, please contact us by any of the methods below. When you contact us, we will ask you to verify your identity.
Address to the Data Controller, and email firstname.lastname@example.org or via post to My Wooden Railway Ltd, 20-22 Wenlock Road, London, NW1 7GU, United Kingdom.
What are cookies?
Cookies are small text files containing a string of characters that can be placed on your computer or mobile device that uniquely identify your browser or device.
What are cookies used for?
Cookies are an essential part of how our site works. Some of these cookies are required by our site to enable you to transact whilst other cookies enable us to give you an enhanced, personalised web experience.
What types of cookies does My Wooden Railway use?
There are generally four categories of cookies: “Strictly Necessary”. “Performance”, “Functionality”, and “Targeting”. You can find out more about each cookie category below.
Strictly Necessary Cookies
These cookies are essential, as they enable you to move around the website and use its features, such as accessing logged in or secure areas.
These cookies also allow us to tailor the website to provide enhanced features and content for you. The information these cookies collect may be anonymous, and they are not used to track your browsing activity on other sites or services.
My Wooden Railway, our advertising partners or other third party partners may use these types of cookies to deliver advertising that is relevant to your interests. These cookies can remember that your device has visited a site or service, and may also be able to track your device’s browsing activity on other sites or services other than My Wooden Railway. This information may be shared with organisations outside of My Wooden Railway, such as advertisers and/or advertising networks to deliver the advertising, and to help measure the effectiveness of an advertising campaign, or other business partners for the purpose of providing aggregate website usage statistics and aggregate website testing.
First and third party cookies
First-party cookies are cookies that belong to My Wooden Railway, third-party cookies are cookies that another party places on your device through our website. Third-party cookies may be placed on your device by someone providing a service for My Wooden Railway, for example to help us understand how our website is being used. Third-party cookies may also be placed on your device by our business partners so that they can use them to advertise products and services to you elsewhere on the Internet.
How long will cookies stay on my device?
The length of time a cookie will stay on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your computer or mobile device until they expire or are deleted.
How to control and delete cookies
If you want to delete cookies follow the instructions at http://www.allaboutcookies.org/manage-cookies/clear-cookies-installed.html. Note that if you set your browser to disable cookies, you may not be able to access certain parts of our website and other parts of our website may not work properly. You can find out more information cookie settings at third-party information sites, such as www.allaboutcookies.org.