What are Cookies?
A cookie is a small information file that is sent to and stored on your computer, mobile, tablet or other device when you visit a website.
These files are used to ensure each user has the most relevant experience possible when using a website. This includes ensuring all adverts or offers are relevant to you.
Cookies are perfectly safe to be stored on your computer and almost all web browsers have cookie storing enabled as default. However, all browsers have the option of disabling cookies being stored on your computer if you wish to do this.
Please be aware that disabling cookies on your browser will reduce your ability to browse the website as you may not be able to access all or parts of our website.
You are able to check to see if cookies are enabled specifically for PCs by doing for following for each browser type:
Microsoft Internet Explorer versions 6.0, 7.0, 8.0, 9.0
- Click on ‘Tools’ at the top of your browser window (use the cog icon in IE 9.0) and select ‘Internet options’.
- Click on the ‘Privacy’ tab
- Under the Settings section check the level is set to Medium or below, which will enable cookies in your browser
- Settings above Medium will disable cookies and could cause the site to function not as we would expect.
- Click on ‘Tools’ at the top of your browser window and select Options
- Click the ‘Under the Hood’ tab, locate the ‘Privacy’ section, and select the ‘Content settings’ button
- Now select ‘Allow local data to be set’
- Click on ‘Tools’ at the top of your browser window and select Options
- Then select the Privacy icon
- Click on Cookies, then select ‘allow sites to set cookies’
- Click on the Cog icon at the top of your browser window and select the ‘Preferences’ option
- Click on ‘Security’, check the option that says ‘Block third-party and advertising cookies’
- Click ‘Save’
If you use a browser not mentioned above or a mobile device such as a smart phone or tablet please use either their help section or own website to check the cookie settings.
Our cookies collect anonymous information on how people use the website, and don’t store sensitive information such as your name, address or credit/debit card details.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website or book an appointment.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
These cookies enable the function of our data analytics package –Google Analytics. This software helps us track and analyse visitor information such as browser usage, new visitor numbers, response to marketing activity and shopping times. That information helps us to improve the website and your shopping experience, and to make our marketing campaigns relevant. The data stored by these cookies can be seen only by the relevant teams at Kutchenhaus and Google. The information is anonymous and never reveals any personal or financial data.
If you take the opportunity to ‘share’ Kutchenhaus content with friends through social networks – such as Facebook and Twitter – you may be sent cookies from these websites. We don’t control the setting of these cookies, so please check the third-party websites for more information about their cookies and how to manage them.
We use Hootsuite to control our social media activities.
These cookies show us how you found our website and which website you came from. This helps us know which of our online marketing channels is most effective. They also allow us to reward some external websites for directing you to us.
This cookie allows us to actively track the performance of our email.
This cookie allows us to create different types of our website. So we can ensure a high usability.
3rd party cookies
When you visit kutchenhaus.co.uk you may notice some cookies that aren’t related to us. If you go on to a web page that contains embedded content, for example from YouTube, you may be sent cookies from these websites. We don’t control the setting of these cookies, so we suggest you check the third-party websites for more information about their cookies and how to manage them.
Managing your cookies
You have different options to manage the cookies on your computer or device. You can change your browser settings to prevent cookies from being accepted, or, depending on which browser you are using, you might be able to receive an alert when a website is trying to place one on your browser. With most browsers you can allow first party cookies to be set but refuse third party cookies.
If you change your cookie preferences, you will still be able to browse around the website but certain functions will not be available.
Your browsers ‘help’ menu should tell you how to block cookies or change your cookie settings. How you adjust your browser will depend on the browser you are using as mentioned above.
You can delete cookies stored in your browser by using a function in your browser. Whilst this does not mean you won’t collect cookies in the future, it gives you freedom to delete your cookies after you have been online. This function is often known as ‘clearing cookies’.
Clearing your cookies on one browser of one device does not automatically clear them on another. You need to clear all browsers on all channels independently.
You can find some helpful information about controlling your cookies on www.aboutcookies.org. Kutchenhaus is not responsible for the content published on this page.
Kutchenhaus Limited Data Protection Policy
This Data Protection Policy (this “Policy”) sets out how Kutchenhaus Limited (“we”, “us”, “our”) handle the Personal Data we Process in the course of our business activities.
This Policy applies to all Kutchenhaus Limited employees and workers (“Personnel” “You”, “Your”). Your compliance with this Policy is mandatory. Any breach of this Policy may result in disciplinary action.
This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) (“GDPR”).
2. Policy Statement
Kutchenhaus Limited recognises the importance of respecting and protecting the privacy of individuals with whom We work, including our employees, customers, suppliers and other third parties. We are committed to the fair, lawful and transparent Processing of Personal Data and to respecting the rights of individuals whose personal information We Process.
3. Scope & Responsibilities
This Policy applies to all Personal Data Processed by Kutchenhaus Limited whether held in electronic form or in physical records, and regardless of the media on which that data is stored. All Personnel are required to read, understand and adhere to this Policy.
The Data Protection Officer is responsible for implementing and enforcing this Policy. All line managers are responsible for ensuring that Personnel under their management are made aware of and adhere to this Policy.
[The Data Protection Officer is responsible for monitoring compliance with this Policy, with associated policies and procedures and with the GDPR. The Data Protection Officer’s contact detail are as follows: DPO@kutchenhaus.co.uk
If you have any questions about this Policy or about data protection at Kutchenhaus Limited, you should contact DPO@kutchenhaus.co.uk
“Personal Data” means any information relating to an identified or identifiable natural person (a “Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
“Process” or “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Special Category Personal Data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data processed for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
5. Data Protection Obligations
Kutchenhaus Limited is committed to adhering to the data protection principles set out in the GDPR and shall Process Personal Data strictly in accordance with this Policy.
a) Lawful, Fair & Transparent Processing
Kutchenhaus Limited will only Process Personal Data where it is lawful for us to do so in accordance with the GDPR. We will only Process special category Personal Data where is it lawful for us to do so and where permitted by the GDPR.
Data Subjects must be provided with information notifying them of the purposes for which Kutchenhaus Limited will Process their Personal Data (a “Privacy Notice”). When Personal Data is obtained directly, the Privacy Notice shall be provided to the Data Subject at the time of collection. When Personal Data is obtained indirectly, the Privacy Notice shall be provided to the Data Subject no later than one month after obtaining the Personal Data.
Privacy Notes must include information required by the GDPR at Articles 13 and 14 including (without limitation) the identity and contact details for the data controller and, where applicable, it’s data protection officer; the purpose(s) for which the Personal Data is being collected and will be Processed; the legal basis justifying collection and Processing and details of the length of time the personal data will be held (or, where there is no predetermined period, details of the criteria used to define that period).
b) Purpose Limitation
The Processing of Personal Data must match the description given in the Privacy Notice. Where the lawful basis for Processing is Kutchenhaus Limited’s legitimate interests, we may only Process the Personal Data if our legitimate interests are not outweighed by the interests, rights and freedoms of the Data Subjects in question.
c) Data Minimisation
We must collect and Process no more Personal Data than is strictly necessary for the purposes of the Processing (“data minimisation”) as set out in the Privacy Notice provided to the Data Subject and ensure that data minimisation continues to be applied throughout the lifetime of the Processing activities.
We must ensure Personal Data is kept accurate and up-to-date. The accuracy of Personal Data must be checked when it is collected and at regular intervals thereafter. Where any inaccurate or out-of-date information is found, all reasonable steps are to be taken without delay to amend or erase that information, as appropriate.
e) Storage Limitation
Personal Data must not be kept for any longer than is necessary for the purpose for which that data was originally collected. When the data is no longer required, all reasonable steps must be taken to securely dispose of it without delay.
f) Integrity & Confidentiality
Personal Data must be kept secure and protected against unauthorised or unlawful Processing and against accidental loss, destruction or damage.
Kutchenhaus Limited is responsible for meeting and demonstrating compliance with it’s data protection obligations as set out in the GDPR.
a) Records of Processing
Where required to do so by the GDPR, we will keep written internal “Records of Processing Activities” in respect of all Personal Data collection, holding, and Processing. Our Records of Processing Activities shall incorporate the information required by the GDPR at Article 30.
b) Data Protection Officer
Where required to do so by the GDPR, we will designate a suitably qualified and experienced Data Protection Officer.
c) Data Protection by Design
We will implement data protection by design and by default when Processing Personal Data. This will include implementing suitable organisational and technical safeguards to reduce the risks to Data Subjects associated with our Processing activities. Safeguards will be implemented during the design, implementation and lifetime of Processing activities. Organisational safeguards shall include awareness training for all personnel and suitable policies and procedures relating to the Processing of Personal Data.
d) Data Protection Impact Assessments
We will carry our Data Protection Impact Assessments where the risks to Data Subjects of a Processing activity are high, or as otherwise required by the GDPR at Article 35 or by the Information Commissioner’s Office (“ICO”) in its DPIA guidance.
e) Data Processor Contracts
Where we utilise a data processor, we will put a binding contract in place between Kutchenhaus Limited and the data processor to include, as a minimum, the contract terms required by the GDPR at Article 28.
7. Data Subject Rights
In addition to the right to be informed, which is facilitated by providing Privacy Notices as set out above, the GDPR grants specific rights to data subjects in respect of the personal data collected and Processed by Kutchenhaus Limited as a data controller.
a) Right of Access
More commonly known as Subject Access Requests or “SARs”, Data Subjects have the right to request and obtain from information relating to, and to receive a copy of, their Personal Data.
b) Right to Rectification
Data Subjects have the right to obtain the rectification or completion of inaccurate or incomplete Personal Data concerning him or her.
c) Rights to Erasure, Restriction, Data Portability and to Object
In certain circumstances and, in some cases, subject to specific exceptions, Data Subjects have the right to:
- Obtain the erasure of Personal Data concerning him or her;
- Obtain the restriction of Processing of Personal Data concerning him or her;
- Obtain the Personal Data concerning him or her, which he or she has provided to us as a data controller, to transmit to another data controller without hindrance to have us transfer the personal data directly to another data controller where technically feasible;
- Object at any time to Processing carried out in our legitimate interests, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or carried out for direct marketing purposes
d) Automated Decision Making
Data Subjects have the right not to be subject to a decision based solely on automated Processing, including profiling, which produces legal or similarly significantly affects concerning him or her.
e) Facilitating Data Subject Rights
Kutchenhaus Limited is required to provide information on the action we have taken to facilitate a request or, where applicable, the reasons for not taking action (and the data subject’s right to lodge a complaint with the ICO and to seek a judicial remedy) within one month of receipt of the request. The GDPR permits us to extend this period by a further two months in certain circumstances.
Because of the importance of facilitating data subject rights and to ensure we meet the deadlines for responding to requests, you must communicate receipt of a request from a data subject to exercise their rights without delay, by sending an email with details of the request to DPO@Kutchenhaus.co.uk
8. Retention & Disposal
Personal Data shall not be retained for longer than is reasonably required [and in any event, only for as long as set out in the Kutchenhaus Limited retention schedule].
Once Personal Data records have reached the end of their life, they must be securely destroyed in a manner that ensures that they can no longer be used. Hard drives of redundant computers should be removed and destroyed before disposal if they have been used to hold Personal Data.
9. Security, Integrity & Confidentiality
Kutchenhaus Limited shall implement appropriate technical and organisational measures to ensure the confidentiality, integrity, availability, and resilience of Personal Data. Such measures shall be proportionate to the risks to Data Subjects associated with the Processing activities in question, and shall include (without limitation):
- Encryption and pseudonymisation of Personal Data where appropriate;
- Policies relating to information security, including the secure Processing of Personal Data;
- Information security awareness training, including the secure handling of Personal Data;
- Business continuity and disaster recovery capabilities to ensure the ongoing availability of and access to Personal Data; and
- Processes for regularly testing, assessing and evaluating the effectiveness of the technical and organisational measures implemented to ensure the security of the Processing.
10. Data Breach Notification
Personal Data breaches must be reported immediately to DPO@kutchenhaus.co.uk
The Information Commissioner’s Office must be notified of the breach within 72 hours after having become aware of it, if the breach is likely to result in a risk to the rights and freedoms of Data Subjects. Data Subjects must be notified of the breach without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
All data breaches, including those which do not require notification to be provided to the Information Commissioner’s Office, must be added to the Kutchenhaus Limited register of data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken.
11. International Transfers
Kutchenhaus Limited will only transfer (‘transfer’ includes making available remotely) Personal Data to countries outside of the EEA where:
- The transfer is to a country (or an international organisation), that the European Commission has determined ensures an adequate level of protection;
- Standard contractual clauses adopted by the European Commission have been put in place between Kutchenhaus Limited and the entity located outside the EEA;
- binding corporate rules have been implemented, where applicable; or
- the transfer is otherwise permitted by the GDPR.
12. Implementation & Policy Management
This Policy shall be deemed effective as of 25/05/18 and shall be reviewed annually and following any data breach involving Personal Data by the Data Protection Officer.
13. Document Management
|Document Reference:||Data Protection|
|Document Author:||Barry Reed|
|Document Owner:||Barry Reed|
14. Version & Revision History
|Version||Date||Author||Summary of Revisions|