Privacy Policy
1. Introduction and Purpose
Mmilo Modern Furniture, located in Southampton, United Kingdom, establishes this Data Privacy Policy to govern the proper management, retention, and processing of data within the organisation.
2. Regulatory Compliance
This policy adheres to relevant data protection laws and regulations in the United Kingdom, including the Data Protection Act 2018 (which implemented the UK version of the General Data Protection Regulation (GDPR) 2018), ensuring compliance with industry standards and best practices.
3. Your individual rights
- Withdrawal of consent - where our legal ground for processing your personal data is based upon you having given us your consent to do so, you have the right, at any time, to withdraw that consent.
- Right to be informed – you are entitled to be provided with information about certain matters relating to the processing of your personal data and for that information to be provided within certain timescales.
- Right of access - you have the right to obtain:
- confirmation that your personal data is being processed.
- access to your personal data.
- Right to rectification - you are entitled to have your personal data rectified if it is inaccurate or incomplete.
- Right to erasure – (sometimes referred to as ‘the right to be forgotten’). The broad principle underpinning this right is to enable you to request the deletion or removal of your personal data whether there is no compelling reason for its continued processing.
4. Information collection
If you contact us, we will keep a record of that correspondence. We may also collect and process personal data that you provide by filling in forms or making requests for information on our website. This includes information provided at the time of registering to use our website, requesting information from us or subscribing to any of our services. It also includes material contributed through any interactive service, including information that you (or someone authorised by you on your behalf) input into our products and services.
Use of Cookies
- When you visit our website, we may collect information from you automatically through cookies or other similar technology. Cookies are small text files that may be placed on your computer when you visit a website or click on a URL. Cookies (and other similar technologies) may collect your IP address, support security and authentication services, gather information from visitors to websites such as pages visited and how often they are visited and also enable certain features on the website. Cookies may include “single-session cookies” which generally record information during only a single visit to our website and then are erased, and “persistent” cookies, which are generally stored on your computer or other device unless or until they are deleted or are set to expire. We may use our own cookies or third party cookies.
- We may also use various web/analytics tools to understand how our website is being used in order to improve user experience [(such as web beacons, which are a technique delivered through a web browser or in an email, to unobtrusively – and usually invisibly - check that a user has accessed some content and/or track the journey of the user navigating through the website or a series of websites)] as well as tools to provide us with statistics relating to the use of our website and those which show you advertisements for our products and services which we think may be of interest to you as you browse other websites.
The types of information we hold about you:
When we are acting as a data controller, the information we hold about you may include the following:
- your personal details (such as your name, address, email address, landline and/or mobile phone number(s));
- details of any contact we have had with you (for example, when you make an enquiry of us or we provide you with a quote for our products or services);
- details of any products or services provided to you, as well as any associated payment-related information;
- any information you input into our products and services.
5. Retention Periods
- Where we are acting as a data controller, we will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected. Normally this will result in personal data being deleted from our systems no later than 12 months from the date it was last processed (other than to the extent that we need to retain it for the purposes of complying with our legal or contractual obligations including those relating to our statutory and regulatory obligations and our financial, business and tax affairs).
- In assessing whether any longer retention period is appropriate for your personal data, we take into consideration:
- the purposes for which we originally collected the personal data;
- the lawful grounds on which we based our processing;
- the type of personal data we have collected;
- the amount and categories of your personal data; and
- whether the purpose of the processing could reasonably be fulfilled by other means.
- Where we are acting as a data processor, we will retain personal data for the period agreed in our contract with the business that engaged us for that purpose (unless otherwise required or permitted by the Data Protection Legislation).
- Please note that, if you or we terminate any service we provide to you, then (irrespective of whether we are acting as a data controller or a data processor) we do not accept any obligation to retain any or all of the personal data provided to us in connection with or processed by that service and we may delete it from our systems at any time.
Storage and Security
- Information (including personal data) collected through our website and services may be stored and processed in the UK, Europe, the United States, or any other country in which we or our subsidiaries, group companies, affiliates or service providers maintain facilities.
- Regardless of where data is stored and processed, we are committed to taking all reasonable steps to ensure that your personal data is secure. In order to prevent unauthorised access or disclosure, we put in place suitable technological, physical, electronic and managerial procedures to safeguard and secure all personal data stored and processed by us. We also ensure that any subcontractor or other service provider which we engage to support our business activities or help deliver our products and services and which has access to your personal data, commits to us, in writing, to do the same.
- If we transfer your personal data to any country outside of the UK for processing, please be assured that we will only do so in compliance with the Data Protection Legislation.
6. Employee Training
Ensure that employees are educated about and comply with the Data Retention Policy. Provide relevant training and resources.
7. Monitoring and Reporting
Specify how data retention compliance will be monitored, recorded, and reported, including procedures for addressing policy violations.
8. Issue Resolution
Provide avenues and procedures for employees to address data retention-related issues.
9. Marketing
We would like to send you information about our products and services from time to time as well as announcements, articles and press releases that we think you might like.
In some circumstances we may have a legal right to send you marketing material, in others you may have given us your consent to do so. Either way, you always have the right, at any time, to stop us from contacting you for marketing purposes or to stop us passing your personal data to third parties for marketing purposes (assuming you have previously given your consent to us to that).