Privacy Policy

How Oakline Commerce Solutions Ltd Collects, Uses, and Protects Your Personal Data

1. Introduction

Oakline Commerce Solutions Ltd is committed to protecting your privacy and ensuring you understand how we collect, use, store, and protect your personal data. This Privacy Policy explains our data handling practices in clear, straightforward language. We comply with all applicable UK data protection legislation, including the General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy applies to all personal data we collect through our website, email communications, phone calls, and in the course of providing services to you.

We take data protection seriously and have implemented appropriate technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. If you have any questions about how we handle your data, please do not hesitate to contact us using the contact details provided at the end of this policy.

2. Who We Are

Oakline Commerce Solutions Ltd is the data controller responsible for your personal data when you interact with us through our website or when you request our services. Our company is registered in England and Wales. For questions about this Privacy Policy or to exercise your data protection rights, please contact us using the details provided in Section 14 of this policy.

3. What Personal Data We Collect

We collect personal data only when you voluntarily provide it to us or when it is necessary for us to provide services you have requested. The types of personal data we collect include:

Contact Information

When you contact us through our website, email, or telephone, we collect information including your name, job title, email address, telephone number, company name, and the content of your message or enquiry.

Service Request Information

When you request our services, we collect information necessary to understand your requirements and deliver services effectively. This may include detailed information about your business, your current e-commerce operations, your technical infrastructure, your customer base, and your business objectives.

Website Usage Information

We collect technical information about how you use our website, including your IP address, browser type, operating system, pages visited, time spent on pages, referring website, and your general location (based on IP address, but not precise geographic location). This information is collected through standard web analytics tools and does not identify you personally.

Communication Records

When we communicate with you by email, phone, or other means, we retain records of these communications, including the date, time, and content of communications, for record-keeping and service delivery purposes.

Payment Information

When you arrange to pay for our services, we collect payment information including invoice details, payment method (credit card, bank transfer, etc.), and payment history. Payment card information is handled only by our secure payment processor and is never stored on our systems.

4. Legal Basis for Processing Your Data

Under UK GDPR, we process your personal data only when we have a valid legal basis. The legal bases for our processing include:

Consent

Where you have explicitly consented to us processing your data for a specific purpose, such as adding you to a mailing list or for marketing communications. You can withdraw consent at any time by contacting us.

Performance of Contract

When we are processing data necessary to enter into or perform a service agreement with you, such as your contact information needed to deliver services you have requested.

Legal Obligation

When we are processing data to comply with legal obligations, such as tax requirements or anti-money laundering regulations.

Legitimate Interests

When we have a legitimate business interest in processing data that does not override your privacy rights. For example, we may process website usage information to improve our website and services, or contact information to follow up on enquiries. We carefully balance our business interests against your privacy rights and do not process data in ways you would not reasonably expect.

5. How We Use Your Personal Data

We use your personal data for the following purposes:

Providing Services

To deliver the services you have requested, respond to your enquiries, and provide technical support and ongoing service management.

Business Communications

To send you invoices, service updates, account notifications, and other communications necessary for our business relationship.

Service Improvement

To analyse how you use our website, understand your needs better, and improve our services and website functionality.

Legal Compliance

To comply with legal obligations including tax requirements, anti-money laundering regulations, and law enforcement requests.

Legitimate Business Purposes

To manage our business operations, detect fraud, ensure security, and protect our legal rights and the rights of others.

Marketing (Where Permitted)

If you have consented, to send you information about services similar to those you have already used or enquired about. You can opt out of marketing communications at any time.

6. Who We Share Your Data With

We do not sell or rent your personal data to third parties. We may share your data with:

Service Providers

We may share data with third parties who provide services on our behalf, such as website hosting providers, email delivery services, payment processors, and IT support providers. These service providers are contractually obligated to protect your data and use it only as necessary to provide services to us.

Legal and Regulatory Authorities

We may disclose your personal data if required by law, court order, or government request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Partners

With your explicit consent, we may share limited information with business partners to coordinate services or assist with delivering services you have requested.

When we share data with service providers or partners, we ensure they have adequate data protection measures in place and use your data only for the purposes specified in this policy.

7. How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Retention periods vary depending on the type of data and the purpose for processing:

Service Delivery Data

Data necessary to deliver services and manage your account is retained for the duration of our relationship plus a reasonable period after services conclude (typically six months) to handle any follow-up issues or disputes.

Financial Records

We retain invoices, payment records, and financial data for a minimum of six years to comply with UK tax requirements and accounting standards.

Communication Records

Email and communication records are retained for a minimum of two years for record-keeping and dispute resolution purposes.

Website Analytics

Technical data collected through website analytics is typically retained for no more than 13 months.

When data is no longer needed, we securely delete or anonymize it. You can request deletion of your personal data at any time, subject to legal or contractual obligations to retain data.

8. How We Protect Your Data

We implement comprehensive technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. These measures include:

Encryption

We use SSL/TLS encryption to protect data transmitted between your device and our website. Sensitive data stored on our systems is encrypted using industry-standard encryption protocols.

Access Controls

Access to personal data is restricted to employees and authorized service providers who need access to perform their job functions. All staff with access to personal data receive training on data protection and confidentiality requirements.

Secure Systems

Our systems are protected by firewalls, intrusion detection systems, and regular security updates. We conduct regular security assessments to identify and address potential vulnerabilities.

Backup and Disaster Recovery

We maintain secure backups of personal data to protect against data loss. Backup systems are protected with appropriate access controls and encryption.

Breach Response

In the event of a suspected data breach, we follow established incident response procedures to assess the breach, limit damage, notify affected individuals, and report to regulatory authorities where required.

9. Your Rights Under UK GDPR

You have the following rights regarding your personal data under UK GDPR:

Right of Access

You have the right to request a copy of all personal data we hold about you. We will provide this information in a clear, structured format within 30 days of your request.

Right of Rectification

If you believe any personal data we hold about you is inaccurate or incomplete, you have the right to request correction or completion. We will correct inaccurate data promptly.

Right of Erasure

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected, or when you withdraw consent. However, we may need to retain data to comply with legal obligations or complete service delivery.

Right to Restrict Processing

You can request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to request that we provide your personal data in a structured, commonly used format and transmit it to another organization of your choice.

Right to Object

You have the right to object to processing of your personal data for legitimate interests or marketing purposes. We will stop processing your data for these purposes following your objection, except where we have a compelling legitimate interest or legal obligation.

Right Related to Automated Decision Making

You have rights regarding decisions made based solely on automated processing of your personal data. We do not engage in automated decision-making that has legal or similarly significant effects on you.

To exercise any of these rights, please contact us using the details in Section 14. We will respond to your request within 30 days and will not charge a fee unless your request is excessive or manifestly unfounded, in which case we will notify you of any applicable charges.

10. Cookies and Similar Technologies

Our website uses cookies and similar tracking technologies to enhance your experience and collect analytics information. Cookies are small files placed on your device that allow us to remember your preferences and track website usage. For detailed information about cookies, please see our Cookie Policy. You have the right to decline or delete cookies, though this may affect the functionality of our website. You can manage cookie preferences through your browser settings.

11. International Data Transfers

Oakline Commerce Solutions Ltd is based in the United Kingdom. Personal data we collect is generally stored and processed in the UK. However, some service providers may store or process data outside the UK. When we transfer personal data outside the UK, we ensure appropriate safeguards are in place, including using Standard Contractual Clauses approved by the UK authorities or other appropriate transfer mechanisms. By using our website or requesting our services, you consent to the transfer of your personal data as described in this policy.

12. Marketing Communications

If you have opted in to receive marketing communications, we may send you information about services similar to those you have used or enquired about. We will not send unsolicited marketing communications unless you have explicitly consented. You can opt out of marketing communications at any time by clicking an unsubscribe link in any email we send you or by contacting us directly. Opting out of marketing does not affect transactional communications, such as invoices or service updates, which you must receive to maintain our business relationship.

13. Contact Us About Privacy

If you have questions about this Privacy Policy, wish to exercise any of your data protection rights, or want to report a privacy concern, please contact our Data Protection Officer:

We will respond to all privacy requests and enquiries within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK data protection regulator.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by updating the last modified date of this policy and, where appropriate, by sending you a notice of the changes. Your continued use of our website or services following changes to this policy constitutes your acceptance of the updated policy. We encourage you to review this policy periodically to stay informed about how we protect your privacy.

Last Updated: January 2024