Welcome to the Discover Archery Ltd’s privacy notice.This privacy notice provides information on how Discover Archery Ltd collects and processes your personal data when you visit our website (https://discoverarchery.co.uk/) to sign up for a newsletter, purchase a product or service.It is important that you read this privacy notice together with our website privacy policy which contains more detailed information about our data processing and can be accessed here.
Important information and who we are
DISCOVER ARCHERY LTD is the controller and responsible for your personal data.
Contact details
Our full details are:
Full name of legal entity: DISCOVER ARCHERY LTD
Name or title of Joshua Edwards-Lloyd
Email address: info@discoverarchery.co.uk
Postal address: 41 Mountside, Guildford, Surrey, GU2 4JD
Telephone number:+44 800 002 5054 or +44 07967763985
- The data we collect about you
We may collect, use, store and transfer different kinds of personal data about you as follows:
- Identity Data.
- Contact Data.
- Financial Data.
- Transaction Data.
- Technical Data.
- Profile Data.
- Usage Data.
- Marketing and Communications Data.
We explain these categories of data here:
Identity Data: This category includes information that directly identifies an individual, such as their name, date of birth, social security number, passport number, or any other identification number.
Contact Data: Contact Data encompasses information used to communicate with an individual, such as their address, email address, telephone numbers, or any other contact details.
Financial Data: This type of data involves information related to an individual’s financial accounts or transactions. It might include bank account details, payment card information, or any other financial information used for transactions.
Transaction Data: Transaction Data refers to details about payments made by or to an individual, including details of products or services purchased, the date of purchase, amount spent, and any other relevant transactional information.
Technical Data: Technical Data includes information collected through technological means. This could be data about an individual’s device(s), IP address, browser type, operating system, or other technical information collected through their interaction with digital platforms or services.
Profile Data: Profile Data relates to information that has been collected and compiled about an individual, often based on their preferences, behavior, interests, and interactions with a service or platform. This could include user account details, preferences, and activities.
Usage Data: Usage Data refers to information that indicates how an individual uses a service or platform. This may include data on website visits, interactions with content, clicks, time spent on pages, and similar usage patterns.
Marketing and Communications Data: This category includes preferences and permissions related to marketing communications. It covers an individual’s preferences for receiving marketing materials, newsletters, or other promotional content, as well as their communication preferences.
We use different methods to collect data about you, which are explained here:
Cookies: Cookies are small text files stored on a user’s device when they visit a website. They help track user behavior, preferences, and session information. There are different types of cookies, such as session cookies (temporary) and persistent cookies (remain on the device until deleted).
Web Analytics Tools: Websites often integrate web analytics tools like Google Analytics, Adobe Analytics, or Matomo (formerly Piwik). These tools track and analyze visitor behavior, providing insights into page views, bounce rates, time spent on pages, referral sources, and more.
Tracking Pixels: Also known as web beacons or pixel tags, these are tiny, transparent images embedded in web pages or emails. They track user actions and help in measuring advertising effectiveness, visitor behavior, and conversions.
Heatmaps: Heatmap tools like Crazy Egg or Hotjar visually represent user interaction by showing which areas of a web page receive the most attention or clicks. This method helps in understanding user behavior and optimizing web design.
Forms and Surveys: Including forms or surveys on websites allows collecting specific data directly from visitors. This method helps gather feedback, preferences, demographics, and other information based on user responses.
Social Media Integrations: Websites often integrate social media plugins or login options. These plugins can collect data based on social media activity or interactions with social sharing buttons.
IP Tracking: Analyzing IP addresses provides information about visitor locations and helps in identifying returning users. However, it’s important to handle this data responsibly, considering user privacy.
User Accounts and Registrations: Websites with user account functionality collect data during the registration process. This can include personal information, preferences, and behavior associated with the user account.
Third-Party Data Providers: Some websites leverage data from third-party sources, like demographic or interest-based data, to enrich their understanding of site visitors. This helps in creating targeted content or advertising.
User Interaction Tracking: This involves monitoring user interactions, such as clicks, scrolls, mouse movements, and keystrokes. Tools like Mouseflow or SessionCam help visualize and analyze these interactions.
- How we use your personal data
We will only use your personal data for the purpose for which we collected it which include the following:
- To register you as a new customer.
- To process and deliver your order.
- To manage your relationship with us.
- To enable you to participate in a prize draw, competition or complete a survey.
- To improve our website, products/services, marketing or customer relationships.
- To recommend products or services which may be of interest to you.
- How we share your personal data
We may share your personal data [within the group / with external third parties]. More detail can be found here:
3.1 We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
3.2 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
3.3 Financial transactions relating to our website and services are handled by our payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
3.4 Email communications relating to our website and services are handled by our email services provider, Mailchimp (part of the The Rocket Science Group). We will share personal data with our email service providers only to the extent necessary for the purposes of processing email communications. You can find information about the email service providers privacy policies and practices at https://mailchimp.com/legal/privacy/
3.5 We may disclose your enquiry data to one or more of those selected third party suppliers of goods and services identified on our website for the purpose of enabling them to contact you so that they can offer, market and sell to you relevant goods and/or services. Each such third party will act as a data controller in relation to the enquiry data that we supply to it; and upon contacting you, each such third party will supply to you a copy of its own privacy policy, which will govern that third party’s use of your personal data.
3.6 In addition to the specific disclosures of personal data set out in this Section 4, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
- International transfers
We may transfer, store and process your personal data outside the UK. More detail can be found here:
4.1 The hosting facilities for our website are situated in Ireland.
4.2 Legal Basis for Transfer: We take a valid basis for transferring personal data outside the UK/EEA. This could be explicit consent from the data subjects, the necessity of the transfer for the performance of a contract, implementation of pre-contractual measures, legal obligations, vital interests, public interest, or legitimate interests.
EU Adequacy Decision: One way to facilitate data transfers is if the European Commission has issued an adequacy decision for the specific country or region outside the EEA. An adequacy decision means the destination country ensures an adequate level of data protection similar to GDPR standards. If the country has an adequacy decision, data transfers can proceed without further safeguards. Our Data centre have valid EU adequacy decisions.
Standard Contractual Clauses (SCCs): If there is no adequacy decision, SCCs, also known as model clauses, approved by the European Commission can be used. These are contractual clauses that ensure sufficient safeguards for the protection of personal data during its transfer outside the EEA.
Binding Corporate Rules (BCRs): For intra-group transfers within a multinational organization, binding corporate rules can be established. These are internal rules adopted by the company to ensure that transfers of personal data within the group comply with GDPR requirements.
Derogations: In specific situations outlined in GDPR Article 49, derogations allow data transfers without meeting the above conditions. These situations include explicit consent, necessity for the performance of a contract, legal claims, vital interests, or public interest.
Regarding data storage and processing outside the UK/EEA:
The data center in Ireland ensures that the data is stored and processed in a manner compliant with GDPR principles, regardless of its physical location.
Adequate safeguards, encryption, pseudonymization, data minimization, and other security measures should be in place to protect the personal data.
- Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data including the right to receive a copy of the personal data we hold about you and the right to make a complaint at any time to the Information Commissioner’s Office, the UK regulator for data protection issues (www.ico.org.uk).
- Further details
If you are looking for more information on how we process your personal data including on data security, data retention and lawful processing bases, please access our website privacy policy.