Privacy Policy

PupPack's Privacy Information

What’s this?

Information for you about why and how your personal data is processed by PupPack.

FYI: some background details:

When we say “PupPack”, we mean “PupPack”, the company that exists to provide pet products and services.

Our only business is to sell and deliver pet products and services. We don’t trade, swap, or make money from personal data in any other way.

Data protection law gives you rights, and we want to make sure we’re doing right by you. If you have any questions, concerns or requests about your data, please do get in touch with us at woof@PupPack.co.uk or on 01296 394310

The sections below describe how your personal data is processed according to the relationship between you and PupPack. If you think there is any info missing, unclear or incorrect then please let us know so we can fix it.

The sections below tell you about the details of how personal data is processed by PupPack.

ePrivacy details:

We use cookies to see how many new and unique visitors we get to this website, the paths visitors take around the site content and approximately what part of the world our website visitors are coming from. We do this by setting two cookies which act like a 'virtual sticker' on your computer so that we can tell one site visitor from another.

_pk_ses - the Matomo session cookie. Lasts for 30 minutes and allows us to see what path you take through the site content.

_pk_id - the Matomo ID cookie. This lasts for 13 months and lets us know whether you are a new or return visitor to the site.

Trackers

We also use some third-party services to enhance the functions of the site, which result in trackers being active. These don’t set cookies but they do send reporting data to the third party when you land on the page. You can block tracking of your online activity by using a tool such as PrivacyBadger, uBlockOrigin or Ghostery.

Data goes to:

  • Mailchimp because there is an email newsletter signup widget on the page. We will soon be moving our email marketing operations in-house.
  • Google The site uses Google Fonts – we’re working on eliminating that
  • Innocraft This is the cloud hosting for our Matomo server, which we use for site use analytics as described above
  • Cloudflare content delivery and load balancing to support smooth streaming of video content
  • Typekit for Adobe Fonts which are used by the theme plugin we use

Personal data

We will process your personal data to:

1. Keep the site secure and problem-free

How:

Our web hosting provider keeps logs of connections to this site so that we can detect and prevent malicious activity. The logs contain your IP address (which can reveal your geographical location), the date and time of your connection, the pages you’ve visited in what order and for how long, and the browser you’re using (which can reveal the device you’re using as well). We make no use of this data on an individual level unless the traffic looks like an attack, in which case we will block the connection.

Site traffic logs are kept for 3 months then deleted. If we’re investigating suspicious activity then we’ll keep the traffic logs for the time period until the investigation is over.

Why:

It’s in our interest – and yours – that our site is secure and working properly, so this processing of personal data is done on the basis of legitimate interests. We’ve done an assessment of this interest and how we balance that with your rights and freedoms. You can ask us for a copy of this assessment.

You have the right to object to this processing, in which case we will review the assessment and consider whether the security and performance of the website would be at risk if we stopped processing your data in this way.

2. Respond to ‘Contact us’ requests

How:

When you use the ‘Contact Us’ form to get in touch, the data is sent to us automatically by email from the web server. The data stays on the web server for a month in case the email service is interrupted, then is deleted automatically.

Why:

It’s useful for both Protecture and you, for us to be able to respond quickly and easily to enquiries, so this processing of personal data is done on the basis of legitimate interests. We’ve done an assessment of this interest and how we balance that with your rights and freedoms. You can ask us for a copy of this assessment.

You have the right to object to this processing, in which case we will review the assessment and consider what the impact to you and Protecture would be if we stopped processing your data in this way.

3. Understand how the website is used

How:

We use Matomo which is a privacy-respectful analytics platform, for analysing use of this website, . When you visit this site, our Matomo cookies are set on your computer and the following information is sent to our cloud-based Matomo account:

  • your IP address (which reveals your geographical location)
  • the site you came from (referrer)
  • the content you access
  • the type of device, system and browser you’re using
  • the pages you view, in what order and for how long
  • clicks on links within the site

We don’t use this to learn anything about who you are individually, and as a Data Processor, Matomo is not allowed to use the data in any way except to show us statistics about how this site is used. We have a Data Processing Agreement with Matomo that meets GDPR requirements.

Why:

To be able to make improvements to the website, it’s useful to us to know whether some pages or topics are more/less popular, what times of day the site is most accessed and from where in the world. Also, to make best use of our marketing resources; it’s useful for us to know how people arrive at our website in the first place - so this processing of personal data is done on the basis of legitimate interests. We’ve done an assessment of this interest and how we balance that with your rights and freedoms. You can ask us for a copy of this assessment.

You have the right to object to this processing, in which case we will review the assessment and consider what the impact to you and Protecture would be if we stopped processing your data in this way.

Third parties

The website is managed by external developers, and they sub-contract the web hosting to another company. Both providers are located within the UK and we have written GDPR-standard Data Processor requirements into our contract.

Why did we get in touch?

If you've been contacted by PupPack to offer a conversation about our products or services, then it's because our research has indicated that you might be interested in what we have to offer.

How

When we do pre-sales research, we look at:

  • LinkedIn: names, job titles, employers, indications of professional interests based on comments and activity, and contact details to find people with job roles that indicate they are responsible for risk or compliance for their organisation
  • Facebook, Instagram & Twitter: to respond to direct enquiries from people who have been referred to, or heard of PupPack.

Why

We want to offer our products and services to people of whom would benefit from having our products & support and be able to approach the most suitable person to discuss this with, so this processing of personal data is done on the basis of legitimate interests. We’ve done an assessment of this interest and how we balance that with your rights and freedoms.

You have the right to object to this processing, in which case we will review the assessment and consider what the impact to you and PupPack would be if we stopped processing your data in this way.

If you apply to join our team

How

If you approach us to enquire about joining PupPack, or send us your CV in response to an advertised position, then we will review the information you’ve provided to determine whether your experience and/or qualifications indicate that you would be a good fit for the team here at PupPack. We would then get in touch to arrange an interview and tell you more about the process. If you change your mind during the process or your application is unsuccessful, we’ll ask you whether you want us to keep your details in case another opportunity comes up, otherwise we’ll delete them.

Why

It’s in your interest to apply for jobs, and in PupPack's interest to find high-quality team members to join us, so this processing of personal data is done on the basis of legitimate interests. We’ve done an assessment of this interest and how we balance that with your rights and freedoms.

You have the right to object to this processing, in which case we will review the assessment and consider what the impact to you and PupPack would be if we stopped processing your data in this way.

How our email marketing works

If you sign up to our email newsletters, we will send them to you until you unsubscribe or ask us to stop sending them.

Currently, our newsletters contain tracking pixels which tell us whether they have been opened, and unique URLs which tell us who has clicked on the links inside the email. This is the default behaviour of our email provider and we are unable to make the feature work on an opt-in only basis at the moment.

We want to offer our services to people of whom would benefit from having our products & support and be able to approach the most suitable person to discuss this with, so this functionality is useful to us but at the moment we can’t disable it for specific recipients.

We use the information about whether you have opened a newsletter, or clicked on the links inside the email, to help us identify and communicate with the most suitable person.

If you don’t want this kind of tracking to be applied to the emails that you receive from us, you can change the settings in your email program to prevent remote images from being loaded, and access the content directly from our website rather than following the links.

When you sign up to our newsletter, the email provider (MailChimp) also uses your personal data for profiling, targeted advertising and commercial analytics. We want to be able to ask for your consent for this separately, but due to the way that Mailchimp works, that’s not possible. Because of this, we’re making preparations to change our email provider to a more privacy-friendly platform.

Why

We’ll send you the newsletter on the basis of consent; ie you have indicated to us that you want to receive these messages.

We keep records of who has unsubscribed from the newsletter list so that we comply with section 22 of the Privacy & Electronic Communications Regulations (PECR) by suppressing them, so this is a legal obligation.

If you email us directly rather than using the ‘Contact Us’ form on the website, we’ll use the data you’ve included to respond to your message. We’ll also keep the messages exchanged for our internal auditing and accounting records. We’ve done a legitimate interests assessment of our auditing and accounting activities, and how we balance that with your rights and freedoms. You can ask us for a copy of this assessment.

You have the right to object to this processing, in which case we will review the assessment and consider what the impact to you and PupPack would be if we stopped processing your data in this way.

Your rights

Data protection law gives you rights to help you understand and control how personal data about you is used. This section explains what these rights are and what PupPack has in place to help you exercise them.

Your rights are.....

You have the right to have a clear explanation of the processing of your personal data provided to you – we hope that’s what we have achieved with this privacy information!

If you consider that we’ve done a good job with this, please let us know by giving us a thumbs-up in the ‘Feedback’ section. If you’re not satisfied with this privacy information, give us a thumbs-down and do please get in touch to let us know what we can do better. The thumbs indicator is anonymous (we don’t link it to your IP address) and it helps us demonstrate compliance with Articles 12-14 of the GDPR.

Exercising this right is known as "making a subject access request: You have the right to ask us:
  • whether we are processing your personal data
  • why we are doing so
  • under what lawful basis we are processing your data the categories of personal data about you which we are processing
  • whether the data is being sent outside the EU
  • the names of any other Data Controllers your data has been passed to, and the purpose and lawful basis for the transfer
  • how long we’re going to keep the data, or what criteria we’ll use to decide whether to keep it
  • for a copy of the data we are processing.
You can make a make a subject access request by a phone call, a social media message or an email are also ways of making the request. We’ll need to ask you for some information to make sure the request is valid though, so it would save time to use our form from the start.

Objecting to direct marketing

You have the right to ask us to stop processing your personal data for direct marketing purposes, and if you make this request we will stop sending you marketing and exclude your data from any analytics or reporting we do for marketing. We'd rather keep your contact details on our suppression lists so that if we do collect your data again in the future, we can be sure to exclude you from receiving our marketing materials however if tell us that you prefer us to stop all marketing-related processing of your personal data, then we will remove your details from these lists.

Objecting to processing based on legitimate interests

You can object to any processing of your personal data where that processing is based on legitimate interests. When you make an objection, we will revisit the balancing test that was done for the original Legitimate Interests Assessment and decide on a case-by-case basis whether we should cease the processing of your personal data.

If we consider that we have compelling interests that outweigh your preferences (which might be to keep our IT systems secure, or maintain auditing and accounting records) then we will explain our reasoning to you.

This right is sometimes referred to as "the right to be forgotten". It only applies in narrow circumstances, where -

  • you have withdrawn your consent and there is no further legitimate interest in continuing to process the data,
  • your objection to our processing under legitimate interests outweighs those interests,
  • the processing of your personal data is no longer necessary,
  • there is a law that requires the data to be deleted, or
  • the processing is unlawful (we work hard to make sure this is never the case!)

- you have the right to have your data erased from our systems and files.

We can’t erase any data which we are required by law to process, but we will highlight and explain this to you if your request includes this data.

Under some circumstances, you can limit how your personal data is used by us

If -

  • the personal data we are processing is inaccurate
  • our processing is unlawful
  • the data is no longer necessary for the original purpose of processing but needs to be kept for potential legal claims, or
  • you have objected to processing carried out under legitimate interests and we’re still in the process of determining whether there is an overriding need to continue processing

- you have the right to restrict the processing. This means that the data will only be processed:

  • with your consent,
  • for the establishment, exercise or defence of legal claims, to protect someone else’s rights, or
  • if there is an important public interest justification for processing

The right of data portability says that you can ask for any data that we process by automated means (which means ‘using a computer’) which

  • you provided to us either on the basis of consent or
  • because it was necessary for a contract that you are directly a party to;

-to be provided back to you in a computer-based format, or sent directly to another Data Controller.

This is mostly intended for you, the individual end user or consumer, to be able to switch providers without your data being held hostage.

We don’t do any automated decision-making or automated profiling, but if we did, you would have the right to ask us to explain the logic behind any such decisions and for the decision to be reviewed by a human being, if the decision had an effect on your rights or freedoms.

Rectification

If any of the data we hold on you is inaccurate or out of date, please let us know so that we can correct it as quickly as possible.

Complaints

If you’re not happy with any aspect of how we process your personal data, please let us know so that we can make things right. If you’re not satisfied with our response, you can make a complaint to the Information Commissioner’s Office.