Cookies are small text files stored on your device by a web browser (e.g Internet Explorer) that hold information about your previous visits to our site. On returning to our site this stored information is fed back to us allowing us to offer you a more personal browsing experience. By using our site you consent to cookies being used in accordance with our policy. For more information on cookies, visit the official ICO website at https://ico.org.uk/, http://www.aboutcookies.co.uk or http://www.whatarecookies.com.
Cookies perform many different tasks within our website; however their key role is to remember your preferences so we can give you an improved service. If you’ve ever placed items in your basket, had to leave our site and returned later to find the items still in your basket, this is an example of one of our cookies in action. Cookies also ensure that any adverts you see online will be more relevant to your interests.
Cookies allow us to treat you as an individual; using knowledge gained from your previous visits and preferences we can tailor our site so that it is more personal to you, allows you greater interactivity and is easier to use.
Data relating to your favourites will be collected and made available to yourself and Sofology staff to assist your progress in feeling at home on a sofa you love. This data will also be anonymised and shared with third-part data analytics companies as part of Sofology’s legitimate interest in the use of the website.
Recent legislation means EU law now requires website operators to ask for permission before using certain kinds of cookies. To ensure you are completely aware of the types of cookies we use and to enable us to continue to bring you the best possible shopping experience, we are giving you a detailed outline of the cookies we use and their unique role in your shopping experience.
It is possible to stop your browser accepting cookies from particular websites. However, disabling cookies from our site will mean you lose a lot of functionality, which will have a detrimental impact on your shopping experience and mean that you only have limited access to personalised areas of the site. Without access to the information on these cookies it is difficult for us to analyse the performance of our site. This is essential for us to continually improve our service.
Cookies are an essential part of how our site works and you will need to have cookies enabled to place an order. If you don’t wish to enable cookies, you’ll only be able to browse the site.
Your personal data is data which by itself or with other data available to us can be used to identify you. We are Sofamax Ltd, the data controllers. This data protection statement sets out how and why we will use your personal data. You can contact our Data Protection Lead, Timothy James Pickering, at [email protected] if you have any questions.
Where there are two or more people named, this data protection statement applies to each person separately.
Whether or not you become a customer, we will use your personal data for the reasons set out below and if you become a customer we will use it in the course of our contractual business with you. We will collect this personal data directly from you. The personal data we use may be about you as a personal or business customer and may include:
We’ll tell you if providing some personal data is optional, including if we ask for your consent to process it. In all other cases you must provide your personal data so we can honour our contract with you (unless you are an existing customer and we already hold those details).
You’re free at any time to change your mind and withdraw your consent. This can be done by recorded delivery sent to our office which is currently 144 Blackburn Road, Accrington BB5 0AE. The consequence of this might be that we can’t do certain things for you.
Subject to applicable data protection law, we may share your personal data with:
We may use your home address, phone numbers, email address and social media (e.g. Facebook, twitter, google) to contact you according to your preferences. You can change your preferences or unsubscribe at any time by contacting us. In the case of social media messages, you can manage your social media preferences via that social media platform.
Your rights are as follows (noting that these rights don’t apply in all circumstances and that data portability is only relevant from May 2018):
Any requests made to Sofamax Ltd in relation to any of the above rights should be directed to our Data Protection Lead Staff Member. If Sofamax Ltd is within its rights under the GDPR to refuse this request, you shall be informed of this decision as soon as possible.
Information given as a response to requests made under the above-named rights will ordinarily be provided free of charge to the requestee. However, Sofamax Ltd reserves the right to charge a reasonable fee when a request is manifestly unfounded or excessive, or where we are asked to comply with requests for further copies of the same information.
The required information will be provided within one month of receipt of a valid request. Sofamax Ltd reserves the right to extend the period of compliance by a further two months where requests are complex or numerous. If this is the case, you will be informed within one month of the receipt of the request and we will explain why the extension is necessary.
Any requests made verbally will be recorded under the terms set out by our data request recording policy below.
If and when Sofamax Ltd undertakes any new project where data processing is likely to result in a high risk to the rights and freedoms of natural persons, Sofamax Ltd will ensure that a Data Protection Impact Assessment is conducted to help identify, mitigate and minimise any privacy risks.
This policy applies to the management of all documents and records, in all technical or physical formats or media, created or received by Sofamax Ltd in the conduct of its business activities. It applies to all staff, contractors, consultants and third parties who are given access to our documents and records and information processing facilities.
Sofamax Ltd makes every effort to create and manage records efficiently, make them accessible where possible, protect and store them securely and dispose of them safely at the right time (in conjunction with our Retention and Disposals Policy).
Sofamax Ltd conducts its records management in line with the relevant legislation, namely:
Records will only be kept when it is necessary for the operation of the business.
Regular reviews of Sofamax’s records management will be undertaken to identify, assess and manage records management risks. Where it is identified that a risk exists, steps will be taken to rectify such risk. Where it is identified that a record in any format is no longer necessary, that record will be erased.
All digital records of personal information will be held on devices secured by our Information Security Policy and internal information security procedure.
Sofamax Ltd will keep a physical copy of any subject access requests made in relation to an individual’s GDPR rights on a designated document.
This will be not be stored digitally, and will include only the very necessary details to make a record of the request.
Sofamax Ltd understands that personal data held by us shall only be used for a legitimate business purpose and shall be disposed of at such time that it is no longer necessary to hold the information.
Personal data held by Sofamax in the performance of a contract will be held for as long as is necessary to ensure the completion of that contract. Where there is an expectation of future work relating to that personal data, Sofamax Ltd will continue to hold the personal data after the performance of a contract has been completed but for no longer than 6 years.
Personal data held by Sofamax Ltd with a person’s express consent is held for as long as is considered reasonable given the nature of that consent and the purpose for which it was obtained. Any personal information held by consent will be regularly reviewed by the company.
Personal data held under Sofamax Ltd’s legitimate interest will be held for the length of time as such a legitimate interest exists but only if that interest is not overridden by the individual’s own overriding personal rights.
Where legal or regulatory requirements apply for the retention of specific data, that data shall be retained for at least the minimum amount of time dictated by those requirements, but will be disposed of on expiry of those requirements.
Where a valid request of erasure is received, Sofamax Ltd will dispose of all the personal data it holds under that request without delay in accordance with our operating procedures.
The retention and disposal of personal data held by Sofamax Ltd shall be the responsibility of the designated Data Protection Lead staff member.
Sofamax Ltd understands the requirements of confidentiality, integrity and availability for the personal data we process.
Sofamax Ltd uses personal computers and mobile devices in the course of our business. These devices will often hold your personal data and so we take the security of these devices very seriously.
All Sofamax Ltd’s computers and mobile devices are secured by anti-virus software and other such digital security measures as we may think fit from time to time. They are also restricted by passwords that staff members are encouraged to keep robust.
Sofamax Ltd also makes sure that we can restore access to personal data in the event of any incidents, such as by establishing an appropriate backup process.
Information Security will regularly be reviewed, and any identified threats, vulnerabilities, and potential impacts which are associated with Sofamax Ltd’s activities and information will be logged and analysed.
Physical copies of any personal or sensitive information shall be stored securely in line with our security procedure.
You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law: ico.org.uk.
For more details on all the above you can contact our Data Protection Lead staff member by phone or email at [email protected] or on 07580426735.
These policies will be reviewed every 12 months or more frequently as required to ensure that the Procedures remain compliant with the General Data Protection Regulation.