Who are Criterium Cycles?
We are a Limited Company (our full name is Criterium Cycle Company Limited), we are privately owned and run and are based just outside Edinburgh, Scotland in the United Kingdom. Our main business is the retailing of bikes, cycle clothing and accessories plus we also provider other services such as custom build of bikes and repair / workshop services.
We love cycling and we try to bring our customers the most interesting stories and experiences from around the cycling world using various means such as our blog, our social media channels and regular emails and other forms of communication which we send to those who have subscribed to receive them.
The law on data protection sets out a number of different reasons permitting a company such as Criterium Cycles to collect and process your personal data. These include:
If you sign up to receive our email newsletters and communications for example, then that is you giving us your consent to process your contact details for this purpose. You can withdraw your consent at any time by contacting us.
If you order buy something from our shop in Edinburgh, we will usually need to take name and address details, primarily so that we can provide you with proof of purchase and warranty support.
Some of our customers acquire bikes through us using the Cycle to Work Scheme. We act as partners of a number of the leading Cycle to Work Scheme providers. We do need to keep some details of Cycle to Work scheme transactions in order to comply with our obligations to the scheme provider.
In certain circumstances we need to use your data in order to run our business. As a business we believe that we have a legitimate interest in doing this but that it does not significantly impact your rights or interests.
Sometimes, we are legally required to pass on information to appropriate agencies. For instance, we are allowed to pass on details of anyone suspected of being involved in criminal activity but we will only do this in compliance with the law.
When do we collect your personal data?
The main ways we collect your data are the ones listed below:
- When you visit our website
- When you purchase anything from our store in Edinburgh
- When you engage with us on social media
- When you enter any competitions we may run from time to time
- When you review our products and services.
- When you’ve given a third party your permission to share with us the information they hold about you.
- When our third party finance supplier shares information with us about the product you have purchased.
- When a Cycle to Work scheme provider shares information with us about the product you have purchased
What kinds of personal data do we collect?
- If you purchase something from us then we will collect some or perhaps all of the following – your name, gender, date of birth, billing/delivery address, orders and receipts, email and telephone number.
- Details of any interactions with us either online or by physical means. We will collect notes from our conversations with you, details of any complaints or comments you make, details of purchases you made.
- Details of your visits to our website and how you found our website in the first place.
- Your comments and product reviews.
Why do we use your personal data?
We want to give you the best possible customer experience and the personal data we collect about you allows us to do that. If you wish to change how we use your data, then you can find out more about this in the section below entitled “Your rights over your data”. Please note though that if you change or restrict what we can use your data for, we may not be able to provide you with all the services you would like or have asked for.
So Why do we do it?
- To process any orders that you place with us – unless we collect your personal data when you purchase something from our store in Edinburgh, we may not be able to process your order and comply with our legal obligations.
- To respond to your queries, refund requests and complaints – we need to keep a record of these to inform any future communication between us and to record how we communicated with you throughout
- To protect us both from fraud and other illegal activities – this is part of our legitimate interest and helps to protect our customers and our business from fraud.
- To keep you informed about products, discounts and services that are personalised to you – you are free to opt out of hearing from us by any of these channels at any time.
- To send you communications required by law – these may necessary to inform you about our changes to the services we provide you.
- To administer any of our prize draws or competitions – you may choose to enter these from time to time
How do we protect your personal data
Data security matters to everyone so at Criterium Cycles so we treat your data with the greatest of care and as if it were our own personal data. We take appropriate steps to protect it.
Our website is protected using ‘https’ technology. Access to your personal data is password-protected and / or encrypted as appropriate, and sensitive data is secured by SSL encryption.
How long do we keep your personal data?
We’ll only keep your personal data for as long as is necessary having regard for the purpose for which it was collected.
We will keep transactional information for 6 years after the transaction has ended after which we will securely delete your data.
If you have signed up for our newsletters, we will send this to you with your consent. If you have not engaged with for 3 years we will ask if you still want to hear from us. If you do not respond we will delete or anonymise your data.
Who do we share your personal data with?
Sharing your data with third parties for them to use for Criterium Cycle’s purposes:
We use a proprietary EPOS (Electronic Point of Sale) system called Ascend which is where all transactional data from our Edinburgh store is kept.
We use a third party to help us manage our marketing dataset and to send messages and emails to our subscribers.
We apply the following policies with any such third party to keep your data safe:
- We only provide third parties with the information they need to perform their specific services.
- The third party may only use your data for the exact purposes we specify in any contract with them.
- The third party will securely delete your data when it is no longer required for the exact purpose.
Companies we work with to provide our service to you
We use V12 Retail Finance to provide you with financial services if requested by you.
We do not store any bank details or card details on our systems (we are fully PCI compliant) and use Global Payments (a partner of HSBC Bank) to provide us with payment services in our Edinburgh store.
Sharing your data with third parties for them to use for their own purposes:
We will only do this in very specific circumstances such as:
- For fraud prevention or regulatory compliance which may include sharing data about individuals with law enforcement bodies or Government agencies. We will only do this if we receive a valid request and we will only provide the data in compliance with the law.
- We may, from time to time, expand, reduce or sell Criterium Cycles and this may involve the transfer of parts of the business or the whole business to new owners
Where your personal data may be processed
Sometimes we will need to transfer your personal data to our third parties and suppliers who are outside the European Economic Area (EEA). We use a third party email marketing data partner based in the US who are GDPR compliant themselves.
If you have any queries about how your personal data is processed and managed, please contact us at [email protected].
Your rights over your personal data
Your rights to access your data and request corrections / amendments
You have the right to request:
- Access to information about the personal data we hold about you and a copy of that personal data.
- The correction of your personal data when it is either incorrect or out of date.
- That we stop using your personal data for certain activities, in certain circumstances and sending you direct marketing in all circumstances.
To ask for a copy of your personal data, please email us at [email protected] and enter the phrase Data Protection Request either in the subject line of the email or as a heading in the body of the email. Alternatively, if you prefer, you may write us at Criterium Cycle Company Limited, Unit 3 Dobbies Garden World, Melville Nurseries, Lasswade, Edinburgh, EH18 1AZ.
To ask for your information to be amended, please either login and update the details in your online account or email us at [email protected] setting out clearly your request. If we choose not to action your request we will explain to you the reasons for our refusal.
You have the right to stop the use of your personal data for direct marketing activity through any or all channels. We will always comply with your request.
To stop us using your personal data for direct marketing you can:
- Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop sending any further marketing emails. Alternatively, if you want to carry on receiving some emails from us but not others, you can access your preference centre at any time from any email we send you and update your preferences.
- Write to us at Criterium Cycle Company Limited, Unit 3 Dobbies Garden World, Melville Nurseries, Lasswade, Edinburgh, EH18 1AZ.
Checking your identity
Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. Please do contact us first, and we will do our best to help you.
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.