Trade Customers

Privacy Summary

No-Minimum.co.uk is jointly operated by the following companies.

Tancia Ltd, trading as The Pen Warehouse. Registered in England and Wales - Company no. 02966120 - Charles Lake House | Claire Causeway | Crossways Business Park | Dartford | Kent | DA2 6QA | UK

Snap Products Ltd. Registered in England and Wales - Company no. 02966120 - Charles Lake House | Claire Causeway | Crossways Business Park | Dartford | Kent | DA2 6QA | UK

We’re a trade-only supplier!

As a trade-only supplier of personalised merchandise, our charter dictates that we can only accept orders from "end users" by allowing one of our trusted distributors to process the order. As such, any orders placed on this website will be processed by a select third-party. You will be notified of the identify of this third-party and given their relevant contact details during the checkout process, before entering your payment information. The third-party's contact information will also be repeated in your order confirmation email. Distributors will have access to your order summary, including your name, shipping address and other personally identifiable information, along with a visual preview of your artwork. They do not receive any information pertaining to your chosen payment method (e.g. credit card information). The distributor may contact you after your order was placed, under the lawful basis of legitimate interest. They may offer you the option of receiving marketing communications from them in the future.

At No-Minimum.co.uk, we believe that privacy is a fundamental human right and that respect for an individual’s privacy should apply in all walks of life but especially so in business. As a trade-only supplier, the company recognises the need to protect not just the privacy of trade customers but also the privacy of all individuals involved in the supply chain.

In order to operate our business, we do need to collect some personal data. We only ever collect what is necessary and we do not store the data for any longer than we need to.

What type of data do we store?

If you choose to place an order with us, we’ll hold some or all of the following types of information in relation to your order.

  • Your name.
  • Your company/employer’s name.
  • Your email address.
  • Your telephone number, which may include direct dial or mobile numbers.
  • Your business/work address.
  • Your IP address.
  • Website cookies.

Legal Basis

We rely upon a number of different legal bases for processing personal information – these include processing personal information where it is in our legitimate interests to do so and where this is necessary for the fulfilment of a contract. Where we rely on our legitimate interests, this means that we use personal information to run our business and to provide the services we have been asked to provide. We only collect information that has been supplied voluntarily; you do not have to provide us with personal information. However, if you do not provide us with information we need by law or require to do work, we may not be able to offer certain products and services.

Your Rights

You have several important rights in relation to your data:

  • The right to be informed – We’ll always try to be as transparent as possible about how your data is being stored and processed by us.
  • The right to access – If you’d like to know what information we store about you, you can exercise your right to access, often known as a “subject access request”. We usually prefer to get these in writing and sometimes we may need to ask for additional proof of identity. We will respond to all access requests within one calendar month but if we do need to ask you for ID, that one month period won’t start until we’ve received it.
  • The right to rectification – If you believe that we hold some incorrect information about you, then you have the right to request that we amend your personal information across all of our systems. We’ll try and complete any such requests as quickly as possible but you should allow us up to one calendar month.
  • The right to erasure – You can ask us at any time to remove your personal data from our systems. In some cases, for example if required to do so by HMRC, we might need to keep a few records even after you’ve asked us to delete your information. We’ll let you know about this when you request removal, as well as telling you how long we’ll be keeping the data for.
  • The right to restrict processing – You can ask us not to use your data in particular ways. This is different than the right to erasure because it lets you specify that you’re happy for us continue using your data in other ways.
  • The right to data portability – You can ask us to export your personal information in a commonly-understood file format, such as CSV. This is particularly useful if you wanted to give the data to someone else to process. The same one-month period and need for identification applies to these requests as it does to a subject access request.
  • The right to object – You can raise an objection at any time to the way in which we’re using your data. For example, you might want to remain a trade customer but opt out of receiving marketing communications. You have the right to do so without it affecting your legal status with us.

You can read more about these rights on the ICO website:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

Who has access to your data?

Within both companies, staff members who might have access to your personal data have all been provided with relevant GDPR training. We only allow our staff access to customer data when it’s absolutely necessary for them to do their jobs.

In regards to electronic communication, all of our email services are provided by Google LLC. Google provide a very secure email platform that encrypts all communications between their servers and our office PCs. In order to provide support on our email services, some Google employees do have access to our email system. This is only to provide technical support and they don’t perform any processing or collection on emails coming through our system.

Please note that we also contract out some I.T. development and support services to the following companies. In order to support our software, employees of these companies will sometimes be granted access to our secure systems on which your data is stored.

Eiger Group Ltd - Company number 03727605 - Kenward House High Street, Hartley Wintney, Hook, Hampshire, RG27 8NY

Eureka Solutions (Scotland) Limited - Company number SC165567 - 29 Portland Road, Kilmarnock, Ayrshire, KA1 2BY

If you visit our websites, then your activities on the site are anonymised and sent to Google Analytics with a tracking cookie. This data lets us know how well our websites are working and which parts still need improvement. If you’d prefer not to take part in this anonymous usage tracking, then you should set your browser to “do not track” mode.

What do we do with your data?

Apart from using your data to process and despatch orders, we’ll also use it to keep in touch about our latest developments and services. We often run reports on our sales orders so that we can spot purchasing trends. Identifying trends helps us ensure that our prices and product range are competitive. You can opt out of any specific types of data processing if you wish to.

When visiting our websites, cookies will be created and stored on your computer. These cookies provide important functionality like allowing you to log in and access trade prices.

Where do we store your data?

Your personal data may be stored in physical files located on one of our premises in Aldershot. Any files that contain personally identifiable information are stored securely, under lock and key. Access to those files is only available to staff members who require it to complete their assigned duties. Physical files are only kept as long as necessary by law and are then destroyed.

Electronic storage of your personal data is mostly situated on our in-house servers. Our I.T. systems are compliant to the Cyber Essentials scheme, meaning that everything is firewalled and encrypted and that access to the systems is highly restricted.

Since we run a few busy websites, we may also have some of your personal information stored off-site in a data centre. Our websites are also compliant with Cyber Essentials and we regularly review the security protocols in place.

Data Breaches

A data breach will be deemed to have occurred whenever an unauthorised party gains access to ours records or systems. Our staff have been trained to recognise a data breach and report them internally. Upon receiving such a report, a thorough investigation will take place. We will assess the severity of the breach and report it to the ICO with 72 hours, including reference to the steps which we will take to prevent future breaches of a similar nature. Where the breach may have allowed the unauthorised third party to gain access to personal information relating to our customers, we will notify affected customers and explain what data may have been accessed and what steps they may need to take (e.g. resetting passwords).

Who should you talk to if you have further questions?

If you’d like to exercise any of your rights in regards to your data or if you simply want to ask us a question about our privacy policy and practices, then please get in touch.

Email: dpo@no-minimum.co.uk

Telephone: +441252 400270

Address:

FAO: Data Protection Officer
The Pen Warehouse
2-4 Mount Pleasant Road
Aldershot
Hampshire
GU12 4NL