Last Updated: 25 May 2018

Privacy Policy

 

My Wooden Railway Ltd (“We”) are committed to protecting and respecting your privacy.

This privacy policy notice is for this website; https://www.mywoodenrailway.com and is served by the data controller, My Wooden Railway Ltd, 20-22 Wenlock Road, London, NW1 7GU, United Kingdom (registration number 07891423) and governs the privacy of those who use it.

The purpose of this policy is to explain to you how we control, process, handle and protect your personal information while browsing or using this website, including your rights under current laws and regulations. If you do not agree to the following policy you may wish to cease viewing / using this website.

Policy key definitions:

• “I”, “our”, “us”, or “we” refer to the business, My Wooden Railway Ltd.
• “you”, “the user” refer to the person(s) using this website.
• GDPR means General Data Protection Act.
• PECR means Privacy & Electronic Communications Regulation.
• ICO means Information Commissioner’s Office.
• Cookies mean small files stored on a users computer or device.

This policy only applies to our site. If you leave our site via a link or otherwise, you will be subject to the policy of that website provider. We have no control over that policy or the terms of the website and you should check their policy before continuing to access the site.

This policy (together with our terms of use https://www.mywoodenrailway.com/terms-conditions and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.  Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. We keep certain basic information when you visit our website and recognise the importance of keeping that information secure and letting you know what we will do with it.

Processing of your personal data

Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases.

We are registered with the ICO under the Data Protection Register, our registration number is: ZA333901.

Unless otherwise defined, we only process your personal data for accounts and records, advertising, marketing, PR or staff administrator (where applicable) purposes;

We use the contract lawful basis under the GDPR for the processing of your information to provide you with the fulfilment of any products that are bought from us via our ecommerce website or marketplace store, for example our eBay Shop.  We shall process your information until the contract between us ends or is termination under any contract terms.  Your personal data under the contract lawful basis is is shared with third parties for the purposes of fulfilling the service and delivery of goods, such as payment platforms including PayPal, ecommerce platforms including eBay, and delivery services and tracked couriers such as MyHermes, Royal Mail and Parcel Force.

We use the consent lawful basis under the GDPR for the processing of your information when you explicitly consent to our email mailing list.  Your information is used to send marketing messages with the scope outlined to you at the point of subscription.  We collection the following information from you;

• Your email address
• Your First Name and Last Name (if provided)
• Time and date you subscribed
• Your consent to marketing email communications
• Your consent to use your email for customised online advertising (if provided)

You can unsubscribe or manage your personal information at any time through an online system, which you will find links to in any subscription confirmation email or marketing message we sent to you since.  We will continue to process your information until you withdraw consent or it is determined your consent no longer exists.  Your personal data under the consent lawful basis is shared with our Email Service Provider and where opted in, third parties that allow for your email address or hashed formats such as MD5 and SHA-256 to be used for customised online adverising.  An example could be to reach you via a custom audience when you are on Facebook, Twitter, or Google.

We use the legitimate interests lawful basis when we, or a third party, will need to process your personal data for the purposes of our (or a theist party’s) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your personal data protected.  Our legitimate interests include responding to requests and enquiries from you or a third party, optimising our website and customer experience, informing you about our products and services and ensuring that our operations are conducted in an appropriate and efficient manner.

We use the legal obligation lawful basis for compliance when we are subject to certain legal requirements which may require us to process your personal data. We may also be obliged by law to disclose your personal data to a regulatory body or law enforcement agency.

We may collect and process the following data about you:

• Information that you provide by filling in forms on our site https://www.mywoodenrailway.com (our site). This includes information provided at the time of registering to use our site, subscribing to our service or requesting further services. We may also ask you for information when you report a problem with our site.
• If you contact us, we may keep a record of that correspondence.
• We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.

We may disclose your personal information to third parties in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.

If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required.  We shall stop processing your personal information if the lawful basis used is no longer relevant.

Your individual rights

Under the GDPR your rights are as follows. You can read more about your rights in details here;

• the right to be informed;
• the right of access;
• the right to rectification;
• the right to erasure;
• the right to restrict processing;
• the right to data portability;
• the right to object; and
• the right not to be subject to automated decision-making including profiling.

You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.

We handle subject access requests in accordance with the GDPR.

I.P. addresses

We may collect information about your computer, including where available your I.P. address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual and we will not collect personal information in this way.

Internet cookies

We use cookies on this website to provide you with a better user experience. We do this by placing a small text file on your device / computer hard drive to track how you use the website, to record or log whether you have seen particular messages that we display, to keep you logged into the website where applicable, to display relevant adverts or content, referred you to a third party website.  Further information can be read on this page under the section ‘Cookie Notice’.

Cookies enable us:

• To estimate our audience size and usage pattern.
• To store information about your preferences, and so allow us to customise our site according to your individual interests.
• To speed up your searches.
• To recognise you when you return to our site.

Some cookies are required to enjoy and use the full functionality of this website.

We use a cookie control system which allows you to accept the use of cookies, and control which cookies are saved to your device / computer. Some cookies will be saved for specific time periods, where others may last indefinitely. Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options.

Cookies that we use are;

• Google Universal Analytics; _ga, _gat, _gid
• YouTube; DSID, IDE, PREF, VISITOR_INFO1_LIVE, YSC
• DoubleClick.net; IDE
• Vine.co; IDE, _utma, _utmc, _utmz
• MailChimp (List-Manage.com); _AVESTA_ENVIRONMENT

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our site.

All of the major browsers offer tips and guidance for managing the cookies available on your browser. There are also lots of different third party browser plug-ins and extensions available which you can download to make it easier to see and control your cookies.

You can find out more about internet advertising by visiting the following websites: www.allaboutcookies.org, www.yourchoicesonline.eu, and www.networkadvertising.org. Some of these sites enable you to opt out of online behavioural advertising and other tracking cookies (in addition to the control settings on your browser).

Data security and protection

We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

An example of this, is our EMS, email service provider, MailChimp, who operate under the US-EU Privacy Shield framework, and we have a Customer EU Data Processing Addendum as part of our agreement.

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Transparent Privacy Explanations

We have provided some further explanations about user privacy and the way we use this website to help promote a transparent and honest user privacy methodology.

Sponsored links, affiliate tracking & commissions

Our website may contain adverts, sponsored and affiliate links on some pages. These are typically served through our advertising partners; Google Adsense, eBay Partner Network, Amazon Affiliates, or affiliate networks including Commission Junction, TradeDoubler, Webgains, Affilinet, Affiliate Window, Trade Tracker, or are self served through our own means. We only use trusted advertising partners who each have high standards of user privacy and security. However we do not control the actual adverts seen / displayed by our advertising partners. Our ad partners may collect data and use cookies for ad personalisation and measurement. Where ad preferences are requested as ‘non-personalised’ cookies may still be used for frequency capping, aggregated ad reporting and to combat fraud and abuse.

Clicking on any adverts, sponsored or affiliate links may track your actions by using a cookie saved to your device. You can read more about cookies on this website above. Your actions are usually recorded as a referral from our website by this cookie. In most cases we earn a very small commission from the advertiser or advertising partner, at no cost to you, whether you make a purchase on their website or not.

We use advertising partners in these ways to help generate an income from the website, which allows us to continue our work and provide you with the best overall experience and valued information.

If you have any concerns about this we suggest you do not click on any adverts, sponsored or affiliate links found throughout the website.

Email marketing messages & subscription

Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the “Processing of your personal data” above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.

Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.

Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences, otherwise contact the EMS provider.

Our EMS provider is; MailChimp and you can read their privacy policy in the resources section below.

Resources and further information

• Overview of the GDPR – General Data Protection Regulation
• Privacy and Electronic Communications Regulations 2003
• The Guide to the PECR 2003
• Twitter Privacy Policy
• Facebook Privacy Policy
• Google Privacy Policy
• Mailchimp Privacy Policy

Changes to our Privacy Policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. However, we advise that you check this page regularly to keep up to date with any necessary changes.

Contact

If you have any enquiries or if you would like to contact us about our processing of your personal information, including to exercise your rights as outlined above, please contact us by any of the methods below. When you contact us, we will ask you to verify your identity.

Address to the Data Controller, and email hello@mywoodenrailway.com or via post to My Wooden Railway Ltd, 20-22 Wenlock Road, London, NW1 7GU, United Kingdom.

 

Cookie Notice

 

What are cookies?

Cookies are small text files containing a string of characters that can be placed on your computer or mobile device that uniquely identify your browser or device.

What are cookies used for?

Cookies are an essential part of how our site works. Some of these cookies are required by our site to enable you to transact whilst other cookies enable us to give you an enhanced, personalised web experience.

What types of cookies does My Wooden Railway use?

There are generally four categories of cookies: “Strictly Necessary”. “Performance”, “Functionality”, and “Targeting”.  You can find out more about each cookie category below.

Strictly Necessary Cookies

These cookies are essential, as they enable you to move around the website and use its features, such as accessing logged in or secure areas.

Performance Cookies

These cookies collect information about how you have used the website.  We also use cookies to track aggregate website usage and experiment with new features and changes on the website. The information collected is used to improve how the website works.

Functionality Cookies

These cookies also allow us to tailor the website to provide enhanced features and content for you. The information these cookies collect may be anonymous, and they are not used to track your browsing activity on other sites or services.

Targeting Cookies

My Wooden Railway, our advertising partners or other third party partners may use these types of cookies to deliver advertising that is relevant to your interests. These cookies can remember that your device has visited a site or service, and may also be able to track your device’s browsing activity on other sites or services other than My Wooden Railway. This information may be shared with organisations outside of My Wooden Railway, such as advertisers and/or advertising networks to deliver the advertising, and to help measure the effectiveness of an advertising campaign, or other business partners for the purpose of providing aggregate website usage statistics and aggregate website testing.

First and third party cookies

First-party cookies are cookies that belong to My Wooden Railway, third-party cookies are cookies that another party places on your device through our website. Third-party cookies may be placed on your device by someone providing a service for My Wooden Railway, for example to help us understand how our website is being used. Third-party cookies may also be placed on your device by our business partners so that they can use them to advertise products and services to you elsewhere on the Internet.

How long will cookies stay on my device?

The length of time a cookie will stay on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your computer or mobile device until they expire or are deleted.

How to control and delete cookies

If you want to delete cookies follow the instructions at http://www.allaboutcookies.org/manage-cookies/clear-cookies-installed.html. Note that if you set your browser to disable cookies, you may not be able to access certain parts of our website and other parts of our website may not work properly. You can find out more information cookie settings at third-party information sites, such as www.allaboutcookies.org.