SmallStoreUK privacy notice document

Introduction

SmallStoreUK is a small independent company specialising in electronics. Privacy

matters to us because we care about our customers and want them to be able to feel safe
when using our products and/or ordering from us through Amazon.

Who we are?
DPO: Arthur Funnell
Company: SmallStoreUK
Address: 3 Rockfield Terrace, Talyllyn, Brecon, Powys, LD3 7TB
Contact: alafunnell@gmail.com
Number: 07583202801
What information do we collect?

 Billing address and name:

Automate invoice creation
 This information is stored for 29 days then deleted along with any other information
related to the person the data is about.
 Shipping address and name:
o Used to ship items to the customer who ordered

How do we use personal information?

 The personal information is passed to the data processor (Amazon FBA)

 Amazon FBA then ship the items to you the customer
 After this your billing address and name will be used to create an invoice this, data will
only be used if an invoice is requested.
 The data is not used to ID or any other sort of advertising

What legal basis do we have for processing your personal data?

Types of data processing:
• consent
• contract
• legitimate interests
• vital interests
• public task
• legal obligation

Consent is provided when a product is ordered and there is a legal obligation for the business
(SmallStoreUK) to use the shipping address and name to ship the product to the customer. This
is done through Amazon’s fulfilment service.

The consent to use the billing address is provided when a customer requests an invoice. We
then fulfil the invoice creation and send the invoice to the customer automatically.

When do we share personal data?

We never share personal data

Where do we store and process personal data?

Personal data is stored on one machine, this machine is updated regularly with security updates
and has antivirus and firewall running on it. It is encrypted using BitLocker and is password
protected with a complex password which is not used on any other accounts.

How do we secure personal data?

• We prevent unauthorised access, use, destruction or disclosure (this is done through

end to end encryption and password protected machine)
• We ensure business continuity and disaster recovery
• People will not have direct access to PII (apart from one developer)
• we conduct privacy impact assessments in accordance with the law and your
business policies
• we train staff and contractors on data security
• we manage third party risks, through use of contracts and security reviews

How long do we keep your personal data for?

29 days is the longest any data will be kept. An automatic script will delete any files (thus and
PII in these files) after 29 days.

Your rights in relation to personal data

A customer has a right to any of this

• access to personal information

• correction and deletion
• withdrawal of consent (if processing data on condition of consent)
• data portability
• restriction of processing and objection
• lodging a complaint with the Information Commissioner’s Office

Use of automated decision-making and profiling

No automate advertising or profiling of users is used, he only automation is within the creation
of invoices.

How to contact us?

Covered in who we are