Privacy and cookies

Privacy policy


We have developed this policy because we want you to feel confident about the privacy and security of your personal information and explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe.

Happy Donkey LTD Online Privacy Policy (last updated 22 May 2018).

Happy Donkey LTD may occasionally update this Privacy Policy. When it does, Happy Donkey LTD will also revise the “last updated” date at the top of this Privacy Policy. Those changes will then apply to any future use by you of our website.

  1. When do we collect your personal data?
    When you make an online purchase and check out as a guest (in which case we just collect transaction-based data).
    • When you create an account with us.
    • When you purchase a product or service in store or by phone but don’t have (or don’t use) an account.
    • When you engage with us on social media.
    • When you contact us by any means with queries, complaints etc.
    • When you ask one of our Partners to email you information about a product or service.
    • When you enter prize draws or competitions.
    • When you choose to complete any surveys we send you.
    • When you comment on, or review our products and services.

. When you visit the blog www.happybloggy.co.uk

2. Limiting the Collection or Tracking of Personal Information
Happy Donkey LTD limits its collection or tracking of personal information to only that information which is necessary for the Identified Purposes.
We do not use this information to analyse your visits to any other websites.


  1. Disclosure, Processing and Retention
    Happy Donkey LTD does not sell, rent or disclose your personal information to anyone else, except:
    (a) to someone you have designated to act as your agent, for one or more of the Identified Purposes (listed in Section 2, above);
    (b) to Happy Donkey LTD employees, independent contractors, consultants, business associates, suppliers and agents, acting on Happy Donkey LTD behalf for any of the Identified Purposes;
  • We provide only the information they need to perform their specific services.
    • They may only use your data for the exact purposes we specify in our contract with them.
    • We work closely with them to ensure that your privacy is respected and protected at all times.

(c) when required to do so by law.

 

  1. What are your rights over your personal data?
    An overview of your different rights

You have the right to request:

  • Access to the personal data we hold about you, free of charge in most cases.
  • The correction of your personal data when incorrect, out of date or incomplete.
  • For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end (such as the end of a warranty).
  • That we stop using your personal data for direct marketing (either through specific channels, or all channels).
  • That we stop any consent-based processing of your personal data after you withdraw that consent.
  • Review by an employee of any decision made based solely on automatic processing of your data (i.e. where no human has yet reviewed the outcome and criteria for the decision).

You have the right to request a copy of any information about you that Happy Donkey LTD  holds at any time, and also to have that information corrected if it is inaccurate. To ask for your information, please contact Johnty Mcvay, Data Protection Officer, Happy Donkey LTD , 50 Mount Pleasant, Reading, RG1 2TD, or email subject.access.request help@happydonkey.co.uk

 

To ask for your information to be amended, please update your online account, or contact our Customer services help@happydonkey.co.uk

If we choose not to action your request we will explain to you the reasons for our refusal.


Your right to withdraw consent

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.


Direct marketing

You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.


Checking your identity

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

 

  1. Security

We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.

We keep your information stored on remote information systems protected by passwords in premises secured by 24/7 monitored alarms.

We protect the security of your information while it is being transmitted by encrypting it using Secure Sockets Layer (SSL) – ie we have an SSL Certificate which means we can secure access to all transactional areas of our website using ‘https’ technology.

 

  1. Explaining the legal bases we rely on - Consent for Collection, Use and Disclosure

You do not have to give us any personal information to use the information on this site.
However, your use of the Happy Donkey LTD site constitutes your consent to the terms of this Privacy Policy.

 

Contractual Obligations – In certain circumstances, we need your personal data to comply with our contractual obligations.

For example, we collect your address details to deliver your purchase, and pass them to our courier.

Consent -
In specific situations, we can collect and process your data with your consent.


For example, when you tick a box to receive email newsletters.

If you have given us your details they may be updated, amended or removed at any time – see 4 above.

 

  1. Legitimate Interest
    In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests

    Purposes for Collecting Personal Information (Identified Purposes) We use personal information for the following purposes only:

(a) to communicate with customers and site visitors and to inform you of products and services available from Happy Donkey LTD  


For example, we will use your purchase history to send you, or make available, personalised offers.

(b) to fulfil your requests for products, services or information
(c) to further understand customer needs regarding Happy Donkey LTD 's products and services
(d) to enable us to review the effectiveness of our website and other marketing initiatives
(e) for administration purposes
(f) to allow you to receive newsletters and inform you of events
(g) to process any request for employment
(h) to comply with any applicable law, regulation, legal process or government request
(i) to protect the services, products or rights of Happy Donkey LTD , including but not limited to the security or integrity of the Happy Donkey LTD  site
and
(j) to identify and resolve technical problems concerning Happy Donkey LTD ’s site, products and services.

 

Happy Donkey LTD  Ltd may use personal information in an aggregate form (i.e., not individually attributable to you) for its business analysis, operational, marketing and other promotional purposes.

 

What that means is that we combine the shopping history of many customers to identify trends and ensure we can keep up with demand, or develop new products/services.

If we hire other companies to provide some products or services on our behalf, then we will only provide those companies the personal information they need for the Identified Purposes, and we will limit their rights to use and further disclose your personal information as appropriate in the course of their work for us.

 

  1. Linked sites
    If you follow links to other websites from this website we do not control those sites and are not responsible for the use of your data by those site owners.

    9. General Data Protection Regulation Policy

INTRODUCTION
Happy Donkey LTD  gathers and retains information pertaining to businesses and individuals. This includes customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact.
This data protection policy ensures Happy Donkey LTD :
• Complies with data protection law and follows good practice
• Protects the rights of staff
• Is open how it stores and processes individuals’ data
• Protects itself from the risks of a data breach

DATA PROTECTION LAW
The data protection act 1998 is fully complied with.
We follow the eight most important principles. Data must:
• Be processed fairly and lawfully
• Be obtained only for specific, lawful purposes
• Be adequate relevant and not excessive
• Be accurate and kept up to date
• Not be held for any longer than necessary
• Processed in accordance with the rights of data subjects
• Be protected in appropriate ways
• Not be transferred outside the European Economic Area (EEA) unless that country or territory also ensures adequate protection

PEOPLE RISKS AND RESPONSIBILITIES

POLICY SCOPE
The policy applies to:
• The Offices of Happy Donkey LTD
• The cloud infrastructure of Happy Donkey LTD
• All staff and volunteers of Happy Donkey LTD
• All contractors, suppliers and other people working on behalf of Happy Donkey LTD

It also applies to all data that the company holds relating to identifiable individuals, even if the information technically falls outside of the data protection Act 1998. This can include:
• Names of individuals
• Postal addresses
• Email addresses
• Telephone numbers
• Plus, any other information relating to individuals

DATA PROTECTION RISKS
This policy helps to protect Happy Donkey LTD  from data security risks including:
• Breaches of confidentiality. For instance, information being given out inappropriately.
• Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them.
• Reputational damage. For instance, the company could suffer if hackers successfully gained access to sensitive data.

RESPONSIBILITIES
Everyone who works for or with Happy Donkey LTD  has some responsibility for ensuring data is collected, stored and handled appropriately.
Each person that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles.
• The board of directors are ultimately responsible for ensuring that Happy Donkey LTD  meets its legal obligations.
• Inclusion of data protection within regular management and staff meetings to be updated, reviewed, responsibilities qualified, risks and any issues discussed.
• Arrange data protection training and advice for personal covered in this policy
• Handling data protection questions from staff and anyone else covered by this policy
• Dealing with individual requests to see data that the company holds

Outsourced/third party companies that work with us.
• We monitor all third-party companies that we work with to make sure that no data is removed from a customer site or cloud infrastructure without a customer’s instruction to do so. For instance, copying databases in order to fix corruptions.
• In rare cases where a third party may need to access data, we sign and hold non-disclosure agreements
• When working with Microsoft, we monitor all interaction with a customer’s system. No data is removed from local premise or cloud infrastructure apart from rare instances when event logs are required to repair a customer’s network.

STAFF GUIDELINES
• The only people with access data covered by this policy will be those who need it for their work.
• Data will not be shared informally. When access to confidential information is required employees are to request it from one of the Directors.
• Happy Donkey LTD  will provide training to all employees to help them understand their responsibility when handling data.
• Employees are to keep all data secure, by taking sensible precautions and following the guidelines below.
• Strong passwords are used and will never be shared.
• Multi-Factor Authentication (MFA) will be used by all staff when accessing our systems
• Personal data will not be disclosed to unauthorised people, either within the company or externally.
• Data will be reviewed regularly and updated if it is found to be out of date. If no longer required data will be shredded.
• Employees should seek help from one of the Directors if they are unsure of any aspect of data protection.

DATA STORAGE
When data is stored on paper it will be kept in a secure place where unauthorised people cannot see it.
• When not required any paper or files will be kept in a locked drawer or filing cabinet
• Employees are to make sure paper and printouts are not left where unauthorised people can see them, e.g. on a printer etc.
• Data printouts will be shredded and disposed of securely when no longer required.
• Data stored electronically is protected from unauthorised access, accidental deletion and malicious hacking attempts.
• Electronic data is protected by strong passwords that are changed regularly and not shared between employees. Multi-Factor authentication (MFA) is also used by all staff
• Occasionally data may be stored on removable media, these are kept locked away securely and when no longer required data is deleted.
• Data is stored in our cloud infrastructure environment protected by MFA
• On-site servers containing any personal data are not used
• Data is backed up off site frequently. Backups are done regularly and not held on-site.
• Data is never saved directly to laptops, desktops or other mobile devices.
• All servers and computers containing data are protected by approved software, firewall and MFA security.
• Customer devices held within our office for repairs will also be covered under this policy. Customer data may be backed up, restored and will be deleted when no longer required.

Happy Donkey LTD  all hold a certificate of registration with the Information Commissioners Office.
Happy Donkey LTD  also all hold valid ISO9001 certification.

DATA USE
Personal data is of no value to Happy Donkey LTD  unless the business can make use of it. However, it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption or theft. Therefore the following must be adhered to:
• When working with personal data employees must ensure the screens of their PC’s are always locked when left unattended.
• Personal data should not be shared informally. In particular, it should never be sent by email, as this form of communication is not secure.
• Data must be encrypted before being transferred electronically.
• Personal data should NEVER be transferred outside the European Economic Area.
• Employees should not save copies of personal data to their own PC’s.
• Employees always access and update the central copy of any data.
• No personal data will be copied from a customer site to our own cloud infrastructure. Only configuration data may be held to help support the customer.

DATA ACCURACY
The law requires Happy Donkey LTD  to take reasonable steps to ensure data is kept accurate and up to date.
• Data will be held in as few places as necessary. Staff should not create any unnecessary additional data sets.
• Staff should take every opportunity to ensure data is updated. For instance. confirming contact details when a customer calls.
• Happy Donkey LTD  will make it easy for data subjects to update the information Happy Donkey LTD  holds about them.
• Data should be updated as inaccuracies are discovered. As an example, if a customer can no longer be reached on their stored contact number or email address it should be removed from the database.

SUBJECT ACCESS REQUESTS
All individuals who are the subject of personal data held by Happy Donkey LTD  are entitled to ask what information the company holds on them and why
• Ask how to gain access to it
• Be informed how to keep it up to date
• Be informed how the company is meeting its data obligations.
• All “Opt-in” data saved and used for the purposes of marketing, all individuals are always given an “Opt-out” option. If an “Opt-out” option is received the data is removed and deleted accordingly.

If an individual contacts the company requesting this information, this is called a subject request.

Subject access requests should be made via email to help@happydonkey.co.uk

Staff will provide the relevant data within a reasonable time
Most importantly staff will always verify the identity of anyone making a subject access request before handing over any information.

DISCLOSING DATA FOR OTHER REASONS
In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.
Under these circumstances Happy Donkey LTD  will disclose requested data. However, the Directors will ensure the request is legitimate, seeking assistance from the company’s legal advisor if necessary.

PROVIDING INFORMATION
Happy Donkey LTD  aims to ensure the individuals are aware that their data is being processed and that they understand
• How the data is being used
• How to exercise their rights
• How to “Opt-out” of any/all marketing activity.

Happy Donkey LTD  display’s its privacy and cookie policy in the public domain via its web site www.happydonkey.co.uk




  1. Cookies and our Cookie Policy

Cookies & Our Cookies Policy

Cookies are tiny text / data files stored on your computer when you visit certain web pages. Cookies can help us to provide important features and functionality on our Websites and we use them to improve your customer experience.

Our cookies don't store sensitive information such as your name, address or payment details: they simply hold the 'key' that, once you're signed in, is associated with this information. However, if you'd prefer to restrict, block or delete cookies from happydonkey.co.uk, or any other website, you can use your browser to do this.
Each browser is different, so check the 'Help' menu of your particular browser (or your mobile phone's handset manual) to learn how to change your cookie preferences.

Third Party Cookies

When you visit happydonkey.co.uk you may notice some cookies that aren't related to Happy Donkey LTD. If you go on to a web page that contains embedded content, for example from YouTube, you may be sent cookies from these websites. We don't control the setting of these cookies, so please check the third-party websites for more information about their cookies and how to manage them.