Personal identification information
We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, register on the site, place an order, subscribe to the newsletter, fill out a form, and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address, mailing address, phone number, credit card information. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site related activities.
Non-personal identification information
We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilised and other similar information.
Web browser cookies
How we use collected information
Everything Wood Ltd may collect and use Users personal information for the following purposes:
- To improve customer service
Information you provide helps us respond to your customer service requests and support needs more efficiently.
- To personalise user experience
We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.
- To improve our Site
We may use feedback you provide to improve our products and services.
- To process payments
We may use the information Users provide about themselves when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service.
- To run a promotion, contest, survey or other Site feature
To send Users information they agreed to receive about topics we think will be of interest to them.
- To send periodic emails
We may use the email address to send User information and updates pertaining to their order. It may also be used to respond to their inquiries, questions, and/or other requests. If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.
How we protect your information
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.
Sharing your personal information
We do not sell, trade, or rent Users personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above.
Third party websites
Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website’s own terms and policies.
Your acceptance of these terms
By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.
Everything Wood Ltd
Unit G, Lower Road, Garsington
Oxfordshire OX44 9DP
Data Retention Policy - Added for GDPR Compliance
This data retention policy sets out the obligations of Everything Wood Ltd (“us/we/our”) and the basis upon which we shall retain, review and destroy data held by us, or within our custody or control.
It is necessary to retain and process certain information to enable our business to operate. We may store data in the following places:
• our own servers;
• any third party servers;
• potential email accounts;
• employee-owned devices (BYOD);
• potential backup storage; and/or
• our paper files.
This policy applies equally to paper, electronic media and any other method used to store personal data. The period of retention only commences when the record is closed. We are bound by various obligations under the law in relation to this and therefore, to comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully in respect of their personal data under the General Data Protection Regulation (“the Regulation”).
The Regulation defines “personal data” as any information relating to an identified or identifiable natural person (a data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
This Policy sets out the procedures that are to be followed when dealing with personal data and how we aim to comply with the Regulation in so far as it is possible. In summary, the Regulation states that all personal data shall be:
The Fourth and Fifth Data Protection Principles require that any data should not be kept longer than necessary for the purpose for which it is processed and when it is no longer required, it shall be deleted and that the data should be adequate, relevant and limited for the purpose in which it is processed. With this in mind, this policy should be read in conjunction with our other policies, which are relevant such as our Privacy, Cookie and Terms and Conditions Policy.
Security and Storage
All data and records are stored securely to avoid misuse or loss. We will take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data. We will put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data will only be transferred to a data processor if there is agreement by them to comply with those procedures and policies, or if there are adequate measures in place.
Examples of our data storage facilities are as follows:
– Our Web Server (Hosted by Go Daddy)
- Our accounting software (Quickbooks)
We will maintain data security by protecting the confidentiality, integrity and availability of the personal data, defined as follows:
(a) Confidentiality means that only people who are authorised to use the data can access it.
(b) Integrity means that personal data should be accurate and suitable for the purpose for which it is processed.
(c) Availability means that authorised users should be able to access the data if they need it for authorised purposes. Personal data should therefore be stored on our central computer system instead of individual PCs.
Data retention is defined as the retention of data for a specific period of time and for back up purposes. We shall not keep any personal data longer than necessary but acknowledge that this will be dependent on the different types of documents and data that we have responsibility for. As such, our general data retention period shall be for a period, which is outlined in the table below. Our specific data retention periods are set out below:
Type of data
Type of data subject
Type of processing
Purpose of processing
First Name, Last Name, Email Address, Telephone number, Address, Message Sent Via Website,
Stored on Go Daddy
To respond to enquiries.
Inactive for 5+ years*
First Name, Last Name, Email Address, Telephone number, Address, Website, Company Information, Payment Information, Payment Dates
Stored on Quickbooks
Record of Customer payments
Inactive for 5+ years*
*Inactive meaning they have not interacted (opened, clicked, replied emails, answered phone calls, responded to text messages) that we have sent them. From time to time, it may be necessary to retain or access historic personal data under certain circumstances such as if we have contractually agreed to do so or if we have become involved in unforeseen events like litigation or business disaster recoveries.
Destruction and Disposal
Upon expiry of our retention periods, we shall delete confidential or sensitive records categorised as requiring high protection and very high protection, and we shall either delete or anonymise less important documents.
Our Data Protection Officer is responsible for the continuing process of identifying the records that have met their required retention period and supervising their destruction if needed. The destruction of confidential, financial, and personnel-related records shall be securely destroyed electronically or by shredding if possible. Non-confidential records may be destroyed by recycling.