Thedesignconcept Ltd. offers consultancy services and products to a wide range of private and public enterprises, primarily in the library sector. We provide total solutions as well as specific furniture and accessories, often to the same customers.
Thedesignconcept Ltd. is committed to protecting the confidentiality, integrity and availability of the information provided by our customers, suppliers, partners and our employees, including personal data. We are highly committed to protecting personal data, and we work continuously to ensure our compliance with current data protection legislation, including the General Data Protection Regulation.
As our customer base is BtB, we work primarily with corporate data and we aim to keep the use and registration of personal data to an absolute minimum.
1. GENERAL PROVISIONS
Thedesignconcept Ltd. is the data controller for your personal data. All inquiries to Thedesignconcept Ltd. can be made using the contact details provided in section ‘7’.
2. WHAT PERSONAL DATA DO WE COLLECT?
When you visit our website, we automatically collect data, including by means of cookies (see our separate Cookies Policy), about you and your use of the website, for example about what type of browser you use, what catchwords you use on the web-site, your IP address and data about your computer.
2.1.1 The purpose is to optimise the user experience and functionality of the website. This processing of data is necessary to enable us to handle our interests in improving the website.
2.1.2 The legal basis for processing the data is Article 6(1)(f) of the General Data Protection Regulation.
When you purchase a product or communicate with us on our website by email, telephone or the like, we collect the data you provide yourself, such as your name, email address, telephone number, payment details, data about which products you purchase and may have returned, delivery requests, and data about the IP address from which the order was placed if this concerns an order placed on the website.
The purpose is that we can supply the products you have ordered and otherwise perform our contract with you, including managing your rights to return and complain about products. We may also process data about your purchases to comply with statutory requirements, e.g. for bookkeeping and accounting. Your IP address is collected in connection with purchases for this purpose and to enable us to prevent fraud.
The legal basis for processing these data is Article 6(1)(b), (c) and (f) of the General Data Protection Regulation.
When you register for our newsletter, we collect data about your email address.
The purpose is to enable us to send newsletters to you.
The legal basis for processing the data is Article 6(1)(f) of the General Data Protection Regulation.
3. DOES THEDESIGNCONCEPT LTD. DISCLOSE YOUR DATA TO OTHERS?
TDC does not disclose your data to others for commercial use (sale, rental etc.). We will disclose your data to our partners when this is necessary to ensure you of an optimal purchase and service experience.
TDC transfers your order and your personal data (name, email address, phone number from the webshop to TDC's own accounting system along with the data of the enterprise you represent if the enterprise is not already established in our system. Your personal data are linked to your enterprise’s account with us in connection with the order placed.
Data about your name, address, email address, telephone number as well as order number and specific delivery requests will be disclosed to our partners responsible for handling delivery and installation of the goods purchased. The data are also used for the transmission of tracking details. For purchases of non-stocked products, the above data may be disclosed to the producer or seller of the product in question, which will then perform the delivery. Please note that, in relevant cases, data will be exchanged between our own companies to ensure delivery of the ordered products.
Data may be transferred to external partners which process the data on our behalf. We use external partners for, for example, the technical running and improvements of the website, to send newsletters and for your assessment of our business and products. These enterprises are data processors which process data for which we are the data controller, based on our guidelines. The data processors must not use the data for any purpose other than the performance of their agreement with us, and they are subject to the same confidentiality regarding these data. We have entered into written data processing agreements with all data processors which process personal data on our behalf.
Five of these data processors, Google Analytics by Google LLC., Facebook Inc., Linkedin, Twitter and MailChimp, are based in the United States. The necessary guarantees for transfer of data to the United States have been ensured through the individual data processor’s certification under the EU-U.S. Privacy Shield; see Article 45 of the General Data Protection Regulation.
3.4.1 A copy of Google LLC’s certification can be found > here
3.4.2 A copy of Facebook Inc.’s certification (Face-book/Instagram) can be found > here
3.4.3 A copy of MailChimp’s certification can be found > here
3.4.4 A copy of Linkedin’s certification can be found > here
3.4.5 A copy of Twitter’s certification can be found > here
New information 16.07.2020:
On July 16, 2020, Europe's highest court (the CJEU) invalidated the EU-US Privacy Shield. The European Standard Contractual Clauses (SCCs) continue to provide a valid mechanism for companies to transfer personal data outside the EU/UK.
The above parties are all aware and contractually commits to transfer and process data in compliance with the Standard Contractual Clauses (SCC). The SCC’s are currently undergoing revision and the European Data Protection Board recently issued some FAQs confirming that it’s currently analyzing the CJEU’s decision, and will issue guidance on what those supplemental measures could consist of in the future. The above parties are following the situation and aim to adjust accordingly. So far they all still live up to the EU-US Privacy shield.
4. WHAT RIGHTS DO YOU HAVE?
To ensure transparency in the processing of your data, we, as data controller, must inform you of your rights.
4.2 Right of access
You have the right, at any given time, to request us to disclose the data which we have registered about you, the purpose for which they have been registered, the categories of personal data concerned and any data recipients as well as information about the data source.
You have the right to receive a copy of the personal data that we process about you. If you would like a copy of your personal data, please send a written request to firstname.lastname@example.org. You may be asked to document that you are who you say you are.
4.3 Right to rectification
You have the right to have incorrect personal data about you rectified by us. If you become aware of errors in the data that we have registered about you, please contact us in writing so that the data can be rectified.
4.4 Right to erasure
4.4.1 In certain case, you have the right to have all or some of your personal data erased by us, for example if you withdraw your consent and we do not have another legal basis for continuing the processing. To the extent that continued processing of your data is necessary, for example to enable us to meet our legal obligations or for the establishment, exercise or defence of legal claims, we are not obliged to erase your personal data.
As a company, we enter into long-term BtB customer relationships with an extended delivery warranty, for example for our modular products. In order to meet these warranties and provide the necessary service, we store order and invoice data as well as relevant communication regarding the delivered products and interior design solutions electronically and/or physically for a number of years. In this connection, we should note that we cannot separate your personal data from these files. Both our electronic and physical archives are secured against unauthorised use, and our employees are trained in handling and securing personal data.
4.5 Right to restriction of processing to storage
In certain cases, you have the right to restrict the processing of your personal data to storage only, e.g. if you believe that the data we process about you are incorrect. See section 4.4.1. regarding the right to erasure.
4.6 Right to data portability
In certain cases, you have the right to receive personal data that you have yourself provided to us in a structured, commonly used and machine-readable format and you have the right to transmit those data to another data controller.
4.7 Right to object
You have the right to object to our processing of your personal data at any given time.
Moreover, you have the right to object, on grounds relating to your personal situation, at any given time to our processing of your personal data on the basis of our legitimate interests; see sections 2.1 and 2.3.
4.8 Right to withdraw consent
You have the right to withdraw any consent you have granted us to a given pro-cessing of personal data.
4.9 Right of complaint
At any given time, you have the right to complain about our processing of your personal data to ICO - Information Commissioner’s Office. A complaint may also be filed by via their website www.ico.org.uk. For further information call +44 (0)303 123 1113
5. ERASURE OF PERSONAL DATA
Data collected in connection with purchases you have made on the website (see section 2.2) will, as a general rule, be erased when the webshop profile has been inactive for three years. This will occur after the end of the calendar year in which you made your purchase on the actual website. This applies to both your personal profile and your order history. However, data may be stored for a longer period if we have a legitimate need for longer storage, for example if this is necessary for the establishment, exercise or defence of legal claims or if storage is necessary for us to comply with statutory requirements. Your order history and personal data which are transferred to TDC’s accounting system (see section 3.1.) will remain in TDC’s archives; see section 4.4.1.
Data collected in connection with your registration for our newsletter will be erased when your consent to receive the newsletter is withdrawn, unless we have another basis for processing the data.
We have implemented appropriate technical and organisational security measures against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data.
Only employees who have an actual need to access your personal data to perform their work will have access to these data.
7. CONTACT DETAILS
Thedesignconcept Ltd. is the data controller for the personal data collected via the website.
The Old Bakery, 10 Greenlees Road,
Cambuslang, G72 8JJ
Tel.: +44 (0) 141 643 9690
Fax: +44 (0) 141 643 9699
10 Greenlees Road
Open Monday to Friday: 9 am to 5.30 pm.