1 THE DATA CONTROLLER OF YOUR PERSONAL DATA
1.1 The "data controller" of your personal data (in other words the organisation that determines how your personal data is used) is TOMY UK Co., Ltd (with registered company no. 01634124) Our registered office is Hembury House Pynes Hill, Rydon Lane, Exeter, Devon, EX2 5AZ. Any reference to "you" or "your" means any individual whose personal data we collect and process whether through https://uk.tomy.com/, https://de.tomy.com/, or https://fr.tomy.com/ ("our websites") or otherwise. Any reference to "data controller", "we", "us" or "our" is to TOMY UK Co., Ltd.
2 PERSONAL DATA WE COLLECT ABOUT YOU
2.2 The personal data that we collect from or about you may include the following:
- If you contact us through our websites such as through our TOMY customer enquiry form, we may collect the following personal data about you:
- your name;
- your address;
- your email address;
- your contact telephone number; and
- details about your enquiry, the product you are contacting us about and your query.
- In addition, we may collect and process the following personal data:
- if you contact us through any other channel (such as through our social media accounts), we may keep a record of that correspondence;
- if you complete surveys / feedback forms that we use for research purposes, we may keep a record of your response(s);
- any other information that you provide to us in the context of your communications with us;
- technical information about the way you access our website including but not limited to your IP address, geographical location, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and device information, and the resources that you access; and
- information about your visits to and use of our website (including information about how and when you came to visit our website, how you interacted with the website (products you viewed or searched for; page response times, download errors, length of visit to certain pages, page interaction information such as scrolling, click, and mouse-overs) and where you went next (including full URLs and methods used to browse away from the site).
2.4 Although we offer items or services for purchase which may be relevant to children, we do not intend for any of our sites or services to be used by children, and we do not intend to collect data from children.
3 HOW DO WE COLLECT PERSONAL DATA
3.1 We may collect personal data in a variety of ways including:
Directly from you:
Some personal data is collected when you voluntarily provide this information to us (for example when you fill out our TOMY customer enquiry form or otherwise make an enquiry or engage with us in any form such as through our social media channels or when you send emails to us).
From other sources:
We work with other organisations such as our suppliers and service providers who provide us with personal data which you have given them from time to time.
Through your browser or device, or through our servers:
Certain information is collected by most browsers or automatically through your device, and we also collect your IP address or other device identifier (this enables us to recognise your computer or device when you use the site) via our server log files.
4 OUR USE OF YOUR PERSONAL DATA AND OUR LEGAL JUSTIFICATION FOR OUR USE
4.1 We use your personal data for a variety of purposes related to the products and services that we provide. From a legal perspective, there are various reasons for doing so and we have set out an explanation of this below:
For purposes related to the provision of the products and services that we offer to you:
- to enable you to use any services that we may from time to time provide through the website
- to measure customer satisfaction and provide customer service (including corresponding with you and dealing with delivery, cancellation, enquiries or complaints, as well as troubleshooting in connection with purchases or your requests for services);
- We use your personal data in this way either because we have a contract with you or because it is in our legitimate interests to do so (for example, it is in our interests to measure customer satisfaction and 'troubleshoot' customer issues) but we will always ensure that your rights are protected.
For advertising and marketing purposes, including to measure how effective our marketing is:
- to inform you of and enable you to participate in competitions and offers for certain products and services which may be of interest to you which we host on our website or on our social media channelsand to administer the competition prize where you are a prize winner.
- to send you information about existing and new products and services (including related products or services of selected third parties), or other marketing communications relating to our business which we think may be of interest to you by email or similar technology.
- to measure the effectiveness of our marketing campaigns and our advertising (i.e. so we can tell what interests our customers and what doesn't);
- We rely on your consent to contact you directly about our products, services, competitions and offers (and those of third parties). In other scenarios, we rely on our legitimate interests to email you for such purposes and in each instance we will always ensure that your rights are protected and that you are able to opt-out at any time through 'unsubscribing' .
For administrative and internal business purposes:
- to develop the products and services we offer and develop and improve the website (for example, to ensure our website is provided to you in the most effective and relevant manner) and send you updates about the website;
- for website administration (including for enabling us to respond to any comments on the website or feedback you may give us and for internal operations (such as troubleshooting, data analysis, testing, research, statistical and survey purposes);
- It is in our legitimate interests as a business to use your personal data in this way. For example, we have a clear interest in ensuring that our site works properly and that our products and services are high quality and efficient. We will always ensure that your rights are protected.
For security and legal and compliance purposes:
- as part of our efforts to keep our site safe and secure;
- to detect or prevent fraud or other illegal activity;
- as we believe to be necessary or appropriate in each case in order to comply with laws or legal process (including laws or legal process in other countries);
- to protect our rights or property (or the rights or property of others) and to enforce our rights and pursue available remedies;
- In some cases, we will need to use your personal data to fulfil a legal obligation (for example, if we receive a legitimate request from law enforcement agencies), and in other cases (such as the detection of fraud or ensuring the security of the site) we will rely on our legitimate interests as a business to use your personal data in this way.
5 HOW WE SHARE YOUR PERSONAL DATA
5.1 Please be assured that except for the reasons listed below, we will not disclose your personal data to others, but where we do share your personal data, we will only do this where we have a genuine reason for doing so and only where we are confident your rights are protected.
Sharing data within our group:
We are part of a group of companies that share various operations and business processes. Your personal data may be shared with any member of our group companies in order to fulfil our contractual obligations to you, or because it is in our legitimate interests to do so.
Sharing data with third parties providing services to us:
We engage various third parties to provide services to us for specific functions such as to enable us to provide services to you over the website and elsewhere online, including (but not limited to) the provision of support services and handling queries, analytics and website management (for statistical analysis only). This will often mean that we need to share your personal data with them. In almost all cases, this is because such sharing is necessary in connection with our performance of our contract with you, and in some other cases it may be in our legitimate interests to do this.
Sharing data in connection with changes to our group structure or the ownership of our business:
If we sell or propose to sell our business or part of it, we may need to disclose your personal data to prospective buyers.
Similarly, if there are changes to our group structure or if our ownership changes, we may need to disclose your personal data to the new owners or operators of our business as part of that process.
Sharing data to comply with laws:
There may be scenarios where we are subject to a legal obligation to disclose or share your personal data, such as if we are under a lawful obligation to provide your personal data to a court, the police, regulatory bodies or legal advisers in connection with any alleged criminal offence, or otherwise for the prevention or detection of crime or the apprehension or prosecution of offenders
International transfers of personal data
Sometimes we will share your personal data (for the reasons set out above) to third parties outside of Europe. Wherever we send (or permit a third party to send) your personal data outside of Europe, we will make sure that we take appropriate steps to ensure that the level of protection for the transfer, storing and processing of the personal data in these countries is sufficient as required by applicable laws. For example, we may implement specific contract terms or we may rely on service providers who adhere to certain compliance programmes overseas, or we may select service providers based in countries with strong local laws to protect your personal data.
6 HYPERLINKS TO OTHER WEBSITES
8 SECURITY AND RETENTION OF YOUR PERSONAL DATA
8.1 We take the security of your personal data very seriously and have put in place appropriate measures to safeguard the personal data we hold from unauthorised access or improper use, as required by the law and in accordance with accepted good industry practice. We keep these security measures under review.
8.2 We will only keep your personal data for as long as we need it for the purposes described above and as permitted by applicable laws. This means that the retention periods will vary according to the type of the personal data and the reason that we have the personal data in the first place. For example, when you submit a query using our TOMY customer enquiry form this personal data will be kept for a period of one year (unless the query is likely to involve legal proceedings)..
9 UPDATING YOUR PERSONAL DATA
To the extent that you do provide us with personal data, we wish to keep it up-to-date. Please help us keep our information current and accurate by sending the details of any change to your personal data via email to firstname.lastname@example.org. We will endeavour to incorporate the changes as soon as practicable.
10 YOUR RIGHTS AND HOW TO CONTACT US
10.1 The law gives you a number of rights in relation to your personal data and our use of it. You have the right:
- to ask us not to use your personal data for direct marketing purposes;
- to ask to see what personal data we hold about you and to find out about the way that we process the personal data (and in some circumstances, you can ask us to provide a copy to a third party);
- to ask us to correct or update any personal data which is inaccurate;
- to ask for personal data to be deleted in some (but not all) circumstances where there is no good reason for us to continue to process it;
- to ask us to temporarily stop using your personal data if you don't believe that we have a right to use it, or to stop us from using your personal data where there is no good reason for us to continue to use it; and
- not to be subject to decisions made solely on the basis of 'automated processing' (i.e. the right not to be subject to decisions made solely by algorithms or computers without input from a human) in certain circumstances.
10.3 You also have the right to complain about our use of your personal data. You can contact the Information Commissioner's Office via their website: https://ico.org.uk/concerns/ or by calling 0303 123 1113.