Privacy policy
Privacy Notice - THE ICE CO°™ SHOP
1. Introduction
IceCo Limited and its related companies (referred to as “We, “Our”, “Us”, or “The Company”) is committed to protecting the privacy and security of your personal information.
The Company takes every care to protect the personal information of our clients (both online and offline).
As such we have created this privacy notice to inform you of the data that we collect, what we do with that data, how we keep it secure as well as provide you information on your rights and the choices that you have over your personal information.
Within this document we shall refer to Data Protection Legislation which means the Data Protection Act 2018, UK GDPR, Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation that is implemented in relation with the aforementioned legislation.
Where we process your personal data as a controller or processor of people in the European Union, it also includes the EU GDPR. This shall include any replacement legislation coming into effect from time to time.
This notice covers the website https://theiceco.shop and should be read in conjunction with our cookie policy which is available from the website. https://theiceco.shop/cookie-policy
If you would like to change your cookie settings, please click the icon in the bottom left of each page, or navigate to the privacy policy.
Our Registered Office address is:
The Ice Co Ltd
18 Langthwaite Road
South Kirkby
West Yorkshire
WF9 3AP
United Kingdom
2. Purpose
IceCo Ltd is a “data controller”. This means that the Company is responsible for deciding how we hold and use personal information about you.
The ‘Company’ reserve the right to update this privacy notice at any time, the latest applicable versions will be available from the company website or by emailing DataProtection@theiceco.co.uk
We may also notify you in other ways from time to time about the processing of your personal information.
If you have any questions about this privacy notice, please email DataProtection@theiceco.co.uk.
This notice applies to all those who visit and or utilize the services provided by “Company” shop website (https://theiceco.shop).
3. Data Protection Contact Information
If you have any queries or complaints with the contents of this policy, or the “Company’s” data protection practices/processes.
Please feel free to get in touch by email to DataProtection@theiceco.co.uk where we will be happy to assist with your enquiry.
You also have the right to make a complaint at any time to the Information Commissioners Office, the UK supervisory authority for data protection issues.
4. The information that we collect and when.
We only collect the personal information that is necessary for the purposes of running a successful business and in accordance with Data Protection Legislation.
The type of personal information that we collect about you, either from third party services, the “Company” websites/services, information that you have voluntarily provided to the “Company” or from enquiry/contacts forms, event(s)/exhibitions or other methods includes:
- Your Name
- Contact details including, email address, phone numbers, delivery/billing address.
- Your company (if applicable)
- Job Title
- Survey responses
- Cookies; and/or IP Address
- Geo-location (if applicable)
- Purchase(s), service usage/history
- Records of conversations in relation to the use of the offered services
- Payment transaction history for the services offered:
- Service Agreements
- Site Usage Analytics
5. The Lawful Basis for processing your data.
The company has identified the following legal bases for processing your personal information.
- Your specific consent.
- The Performance of a Contract
- The Legitimate Interest of the business
- Compliance with a legal obligation
The “Company” shall not process/store/transfer any personal information unless we have an appropriate and lawful reason to do so.
You are under no obligation to provide us with your personal information.
However, to provide you with the services offered/purchased/entered into or for the successful running of the business, the
“Company” will require at least a minimum amount of personal data to fulfil the services offered/entered into, including ensuring
adequate performance and security of said services.
6. How we use your information and it’s Lawful Basis
|
Processing Activity |
Personal Data Processed |
Lawful Basis |
|
User account creation |
Name, email, phone number |
Consent |
|
Order Placement |
Name, email, delivery / billing address, phone number, Payment/Card Details are not seen by the “Company” and is handled by Shopify |
Performance of a Contract |
|
Processing your order information |
Name, email, delivery / billing address, phone number, Payment/Card Details are not seen by the “Company” and is handled by Shopify, Order History |
Performance of a Contract |
|
Order Confirmation + Order Notifications |
Name, delivery / billing address, phone number, email address, order details |
Performance of a Contract |
|
Order Delivery Instruction (3rd Party Integration - ZenStores) |
Name, delivery / billing address, email address, phone number, “delivery comments, i.e., Leave Safe etc” |
Performance of a Contract |
|
Order Delivery Instruction (3rd Party Integration – ZenStores -> APC Courier Services) |
Name, delivery / billing address, email address, phone number, “delivery comments, i.e., Leave Safe etc” |
Performance of a Contract |
|
Taking payments, refunding and associated financial accounting |
Payment/Card Details (Not seen by the company, only processed by Shopify platform) |
Performance of a Contract |
|
To contact you, following an enquiry or respond to questions |
Name, email, delivery / billing address, phone number, Payment/Card Details are not seen by the “Company” and is handled by Shopify |
Legitimate Interest |
|
Customer Service Activities, reply to messages, issues, complaints you have contacted us about |
Name, email, delivery / billing address, phone number, Order History |
Legitimate Interest |
|
Statistical analysis of services used |
Device Details, location, IP Address |
Legitimate Interest |
|
Analysis of technology used to utilise the services in order to assess security |
Device Details, location, IP Address |
Legitimate Interest |
|
Analysis of product preferences and services you consume so that we can be provide a better service, or to suggest products |
Device Details, location, IP Address |
Legitimate Interest |
|
Contacting you about services from us (B2B/B2C) |
Name, email, order history, product preferences |
Legitimate Interest |
|
Marketing/analytics from our website using cookies |
Name, email, order history, product preferences, device details, location, IP address |
Consent |
|
To allow us to send marketing emails to you with regards our latest news and product information. |
Name, email, order history, product preferences |
Consent |
|
To tailor the online marketing content that we share with you, such as social media adverts and online adverts. |
Name, email, order history, product preferences |
Consent |
|
To remarket our products to you through other online services when you have visited them on our website. |
Name, email, order history, product preferences |
Consent |
|
We monitor reviews on retail and review websites to assess quality control and the feedback of our products |
Name, email, product/” Company” opinions |
Legitimate Interest |
7. Who do we share your information with?
From time to time, we are required to share your information with other third parties in order to provide the services offered, or to ensure the successful running of the business and its related services.
Information will also be shared with other third parties in the following circumstances:
- If the law or a public authority states we need to share personal data;
- In order to establish, exercise or defend the legal rights of the “Company.”
- This may include the sharing of personal data to third parties for the purpose of preventing fraud or other criminal activities.
- Occasionally we shall employ the services of other parties for dealing with certain processes necessary for the operation of the website(s) and or the “Company’s” services. Where appropriate the data will be anonymised so neither you nor your device can be identified from the data.
The Company uses Data Processors who are third parties and help to provide elements of the services offered to you by the “Company”.
The key data processors that we use are as follows:
|
Processor |
Processing Purpose |
Industry |
Location |
|
Shopify International Ltd |
Order Processing |
IT |
Ireland, US, Canada |
|
Shopify International Ltd + MaxMind |
Fraud Prevention |
IT |
International |
|
Shopify International Ltd |
Payment / Refund Processing |
IT |
Ireland, US, Canada |
|
Shopify International Ltd |
Customer Order Notifications (Email) |
IT |
Ireland, US, Canada |
|
ZenStores |
Order Delivery Service Integration |
IT |
Ireland |
|
APC |
Order Delivery Service (via from ZenStores) |
Courier |
EU |
|
Klaviyo |
Marketing Emails |
Marketing |
EEA, UK, US |
|
Microsoft |
Email Storage, (Contact Forms, general enquiries, complaints etc) |
IT |
EEA, Ireland, US |
|
Cookie Bot |
Device / User identification for cookie preferences |
IT |
Ireland, Denmark, US, Slovenia |
|
ReCAPTCHA (Google) |
Security / Bot Detection |
IT |
International |
|
Facebook / Meta Retargeting |
Retargeted Advertising (Opt-in required) |
Marketing |
International |
|
|
Retargeted Advertising (Opt-in required) |
Marketing |
International |
|
Google Ad Words |
Retargeted Advertising (Opt-in required) |
Marketing |
International |
|
Google Analytics |
Visitor site / service usage analytics |
Marketing |
International |
|
Bing Ads |
Retargeted Advertising (Opt-in required) |
Marketing |
International |
|
TikTok |
Retargeted Advertising (Opt-in required) |
Marketing |
International |
Where we share your personal data with organisations located in third countries or without an adequacy decision, we shall rely on standard contractual clauses (SCCs), with the UK Addendum where required as our control to safeguard the transfer.
The “Company” is committed to ensure that we are transparent in the way we collect, store, share and process your personal information within our business.
8. How do we keep you updated on our products and services?
From time to time, we may change the way that we process your personal information.
When there is a significant change in the way in which it is processed, stored, or transferred this privacy notice will be updated to reflect the changes.
Marketing communications including newsletters which you have opted into, or which we might send due to a legitimate interest will feature an “Unsubscribe” link in the bottom of communications that are sent electronically. If you wish to amend your communication preferences, please follow the link in the emails and update your preferences or by emailing DataProtection@theiceco.co.uk
9. Special Categories of Personal Data
“Special categories of Personal Data” are more sensitive personal data including information such as race or ethnicity, religious beliefs or sexual orientation, Trade Union Membership, health including any medical conditions, health and sickness records, genetic information or bio-metric data, or information about criminal convictions.
In the marketing and sales of our products, we do not currently collect and/or store any special categories of personal data.
10. Mailing List
We ask for your explicit consent when signing up to our mailing list, whether this is online or written. There will be an option to unsubscribe on the bottom of each email. We use Klaviyo to send emails and this is where our mailing lists are also stored.
11. Links to other websites
Throughout our websites we may link to other websites for example, on our blog on IceCo Limited website we often work with partners and link to their websites in our blogs. Although we endeavor to put links only to trusted brands and companies, we are not responsible for the way they handle your data once on a third-party website, please refer to the individual privacy policies of the third-party websites when visiting.
12. If you post reviews or share your thoughts
When using our website, you may be able to share information through social networks like LinkedIn, Twitter (‘X’), Facebook (Meta) for example. When you ‘like’ or ‘share’ your thoughts or reviews of our services. It is important to remember that your personal information may be visible to the providers of those social networks and their other users. Dependent upon your settings, it could also be visible to non-members of these services and in “the public domain.”
Please remember that it is your responsibility to set the appropriate privacy settings on your social network accounts and what information you place into the “public domain”. You should make yourself aware of the privacy practices/policies of the social network sites to ensure that you are comfortable with their practices. The “Company” shall not be held responsible for information that you make available on 3rd party website/services in which the “Company” has no control.
13. If you fail to provide personal information
If you fail to provide certain information when requested, we may not be able to provide the services that you have requested.
14. Change of Purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is permitted or required by law.
15. Data Security and Storage
The Company, third-party service providers and other entities within the group are required to take appropriate security measures to protect your personal information. We will put in place appropriate security measures to protect your data proportionate to the type of personal information that we process.
16. Data retention – how long will you use my information for?
We will only retain your personal information for as long as is necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances, we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
If you need to know how long we retain your information for with regards to a specific activity, please contact DataProtection@theiceco.co.uk
17. Your duty to inform us of changes.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes.
18. Your rights over your information
Under certain circumstances, by law, you have the right to;
|
18.1. |
The Right to be informed (Article 13 and 14) You have the right to be informed about the collection and use of your personal data. A privacy notice will be provided to you at the time your personal data is collected and will explain simply and clearly how and why we intend to process your data. This information will be on the website or will accompany the form that you complete. |
|
18.2. |
The Right of Access (Article 15) Individuals have the right to access their personal data (commonly known as a “data subject access request” DSAR). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it |
|
18.3. |
Right to Rectification (Article 16) You have the right to obtain from the controller the rectification of inaccurate personal data. This enabled you to have incorrect, or otherwise incomplete personal data corrected |
|
18.4. |
Right to Erasure / The Right to be Forgotten (Article 17) The data subject shall have the right to obtain from the controller erasure of personal data concerning them in line with the requirements/constraints laid out in Article 17 |
|
18.5. |
Right to Restriction of processing (Article 18) The individual has the right to restrict the processing of personal information. This enables you to request that we suspend the processing of personal information about you, for example if you ant to establish it’s accuracy or the reason for processing it |
|
18.6. |
Right to Data Portability (Article 20) The data subject shall have the right to receive the personal data concerning them which they have provided to a controller in a structured, commonly used and machine-readable format and have the right to transmit the data to another controller without hindrance from the controller to which the personal data has been provided. Conditions apply. |
|
18.7. |
Right to object (Article 21 and 22) Individuals have the right to object to the processing of personal information when the processing is based on point (‘e’) or point (‘f’) of Article 6(1), where the personal data is processed for direct marketing purposes, when the data is processed by automated means or where the data is processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1). The data subject shall also have the Right to Object to “Automated individual decision-marking, including profiling” |
If you want to review, verify, correct, request erasure of your personal information, object to the processing of your personal information, withdraw consent for specific processing, or request that we transfer a copy of your personal data to another party, please contact DataProtection@theiceco.co.uk, as explained in point 3.
You will not have to pay a fee to access your personal data, (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances or if there is an applicable legal basis to do so, for example compliance with an ongoing legal case.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of the other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
If you have any questions about this Privacy Notice or how we handle your personal information, please contact the Data Protection Officer by emailing DataProtection@theiceco.co.uk.