Smiths News Trading Limited, trading as “Instore” is committed to protecting the data that we hold and use about you and to respecting your privacy. We are confident that you will find the information that you need set out in this policy, but if you need to know more about the data that we hold or the way that we use it, you can contact us in one of the ways specified at section 5 below.
2. Who we are
3. The way that we use your personal data
4. What personal data do we collect?
- How do we collect personal data?
- How do we use personal data and why?
- How do we share your personal data?
5. Security and retention of your personal data
6. Your rights and how to contact us
In this policy, we have sought to ensure that it covers the circumstances in which we may process your personal data to the extent that you are (i) a client receiving services from us or (ii) a self-compliance participant as part of a client campaign.
In both circumstances described above, the “data controller” of your personal data (in other words, the organisation that determines how your data is used) is Smiths News Trading Limited (company number 237811) of Rowan House, Cherry Orchard North, Kembrey Park Swindon SN2 8UH.
Who we are
Smiths News Trading Limited, trading as “Instore” is a wholly owned subsidiary of Smiths News plc, the UK’s largest Newspaper and Magazine wholesaler focused on serving high drop density early morning deliveries. Instore has evolved through the specialist merchandising and field marketing needs of both retailers and publishers to become an outward facing autonomous company.
The Instore business consists of three main services:
- Field Marketing;
- Supply Chain Auditing; and
Smiths News Trading Limited is registered as a data controller with the Information Commissioner’s Office in the UK.
The way that we use your personal data
1. What personal data do we collect?
This policy gives you information about the way that we may use your “personal data”. Personal data is any information that could be used to identify you in some way (even if, in some scenarios such as online advertising, we don’t know your name). The personal data that we may collect from or about you will include the following:
- address (postal and email);
- phone number;
- technical information about the way that you use web, app or mobile services, including the internet protocol (IP) address used to connect your computer to the internet, your login information if you register on our website or via one of our apps, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, device information;
- information about your visit to our websites and apps, including information about how and when you came to visit our websites, how you interacted with the websites (products or services that you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information such as scrolling, clicks, and mouse-overs), and where you went next (including full URLs and methods used to browse away from the site);
- information collected from our websites and elsewhere across the internet through cookies, pixel tags, device identifiers and other technologies including information about your uses and preferences;
- potential recordings of calls that you may make to our main business line;
- location information related to the device that you may use to visit our website;
- aggregate information; and
- demographic information and other information provided by you.
For the avoidance of doubt, we do not intend for any of our sites or services to be used by children, and we do not therefore intend to collect data from children.
Similarly, we do not intend to collect (and we ask you not to disclose) any particularly sensitive data, such as data relating to your health, religion or ethnic background.
2. How do we collect personal data?
We (and other organisations that we work with, such as our suppliers and service providers) may collect personal data in a variety of ways including:
- Directly from you:
- Information such as name, address and telephone number, as well as other information, such as your website registration details and preferred means of communication, may be collected when you voluntarily provide this information to us (for example when you register on the site, search for a product/service or make a campaign request, uploading a review or call our customer service line);
- In circumstances where you are a self-compliance participant as part of a client campaign, such information as you may submit as part of completing a survey, including your details, relevant photographs and data intelligence;
- From other sources:
- We work closely with third parties providing services to us (including, for example, business partners, sub-contractors providing technical, payment and delivery services related to our products or services, advertising networks, social networking platforms, analytics providers, search information providers) and we may also receive information about you from them;
- If you connect your social media accounts via our website or any of our apps, certain personal data from your social media account will be shared with us which may include personal data that is part of your profile or your friends’ profiles;
- In some circumstances related to a particular transaction, we may obtain data from public databases or credit reference agencies; and
- We may combine information that we collect about you from other sources with the information that you give to us directly. We may use this combined information as described in this policy;
Through your browser or device or through our servers:
Certain information is collected by most browsers or automatically through your device, and we also collect your IP address (this enables us to recognise your computer or device when you use the site) via our server log files.
1. How do we use personal data, and why?
We use your personal data for a variety of purposes related to the products and services that we provide. From a legal perspective, there are various reasons for doing so. We have set out an explanation of this below.
|For purposes related to the provision of the products and services that we may offer:
|We use your data in this way either because we have a contract with you (for example, a contract to provide or source products or services to or from you) or because it is in our legitimate interests to do so (for example, it is in our interests to measure customer satisfaction and ‘troubleshoot’ customer issues) but we will always ensure that your rights are protected.
|For advertising and marketing purposes, including to measure how effective our marketing is:
|In order to contact you directly with marketing (particularly electronically), we will make sure that we have your consent. In other scenarios (for example, serving online adverts to you or measuring the effectiveness of our marketing), we will rely on our legitimate interests as a business, always ensuring that your rights are protected.
|For administrative and internal business purposes:
|It is in our legitimate interests as a business to use your data in this way. For example, we have a clear interest in ensuring that our site works properly and that our products and services are high quality and efficient. We will always ensure that your rights are protected.
|For security and legal and compliance purposes:
|In some cases, we will need to use your personal data to fulfil a legal obligation (for example, if we receive a legitimate request from law enforcement agencies), and in other cases (such as the detection of fraud or ensuring the security of the site) we will rely on our legitimate interests as a business to use your data in this way.
|International transfer of your data:
|Whenever we send (or permit a third party to send) your personal data outside of Europe, we will make sure that we take steps necessary to protect your data as required by applicable laws. For example, we will look to ensure appropriate safeguards are provided, such as implementing specific contractual terms with the relevant service providers, or we will look to only use service providers who adhere to certain compliance programmes overseas and maintain relevant certifications, or we may select service providers based in countries with strong local laws to protect your personal data.
Security and retention of your personal data
(i) Security of your personal data:
We take the security of your data very seriously. We have implemented various strategies, controls and measures to keep your data secure and keep these measures under close review. In addition, we ensure that any payment transactions will be encrypted using SSL technology, and that all payment card data is protected according to industry approved security controls (the Payment Card Industry Data Security Standard).
There are ways that you can help – for example, where we have given you (or where you have chosen) a password which enables you to access certain parts of our site or any of our apps, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
(ii) Retention of your personal data:
We have a detailed internal retention policy that sets out varying retention periods for different categories of data depending on our legal obligations and whether there is a commercial need, such as answering customer account queries. After a retention period has elapsed, the data is securely deleted.
(iii) Accuracy of your personal data:
You can help us keep our records up to date by telling us when your contact details and other personal information changes. If you tell us of any changes (either to your personal information or how you wish us to contact you from time to time) it may take a short while for such changes to take effect but rest assured that we respect your rights and will endeavour to process such changes as soon as possible.
Your rights and how to contact us
The law gives you a number of rights in relation to your personal data and our use of it. You have the right:
- (a) to ask us not to use your personal data for direct marketing purposes;
- (b) to ask to see what personal data we hold about you and to find out about the way that we process the data (and in some circumstances, you can ask us to provide a copy to a third party);
- (c) to ask us to correct or update any personal data which is inaccurate;
- (d) to ask for personal data to be deleted in some (but not all) circumstances where there is no good reason for us to continue to use it;
- (e) to ask us to temporarily stop using your data if you don’t believe that we have a right to use it, or to stop us from using your personal data where there is no good reason for us to continue to use it; and
- (f) not to be subject to decisions made solely on the basis of ‘automated processing’ (i.e. the right not to be subject to decisions made solely by algorithms or computers without input from a human) in certain circumstances.
You also have the right to complain about our use of your personal data. You can contact the Information Commissioner’s Office via their website: https://ico.org.uk/concerns/ or by calling 0303 123 1113.
© v3.0 September 2020