Privacy Notice

 MadlyMotorsport Ltd Privacy Notice

Forward

MadlyMotorsport Ltd is responsible for all legislative and regulatory demands placed upon the company including the safeguarding and security of our stakeholders' data, namely our customers, past, present and future.

We accept that in transacting with MadlyMotorsport, for purchase or return of goods and services, or to simply request further information from us, it's possible that you do so without having first read this Privacy Policy, and that you place this level of trust upon us due to the traditional values we hold for decency, fairness and transparency.

In upholding these levels, we have compiled this Privacy Policy, which sets out our obligations and commitment to you. We also want you to know that you can request to see the data we hold on you, challenge its accuracy or revoke permission by withdrawing your consent at any time.

Throughout your relationship with us, your personal data remains yours; we are simply fortunate to possess it to help us conduct a supportive and meaningful business relationship, which we hope you will continue to value.

Introduction

MadlyMotorsport Limited (12908392). Is registered at; 15 George Street West, Luton, LU1 2BJ

When we refer in this document to, 'We, 'Us' we are referring to MadlyMotorsport Ltd. When we refer to 'stakeholders', 'data subjects', 'consumers' or 'customers' we are speaking about members of the public who have a direct relationship with us and our products and services and in so doing share their data as a result.

General Data Protection Regulation (GDPR)

On 25th May 2018 the Data Protection Bill frequently referred to as GDPR (General Data Protection Regulation) came into force and replaced the Data Protection Act (1998). At the same time as this occurs in the UK, the rest of Europe also be introduced GDPR in each of the respective countries.

There are many similarities between the DPA and GDPR however, there are a few significant differences, which bring positive changes to the way personal data is stored and processed. This applies to data held in digital and printed forms where it is used.

Lawful Basis

The first of the changes under the new regulations requires businesses to confirm on what basis they believe they should have access to your personal data, either 'Legitimate Interest' or full 'Consent'.

At MadlyMotorsport we believe that the most transparent and appropriate way for us to serve your needs is with your full ‘Consent’, which must be given freely, and without coercion or restriction on our part.

At the time you provide your personal data to us we will make it clear to you what you're providing it for e.g. to complete a specific sale, warranty, refund or catalogue sign-up, loyalty scheme or promotional marketing campaign (such as special offers/events/prize draws/surveys etc.). Under this requirement, whatever purpose you initially provide your consent for remains valid for that purpose only. As we continue to serve you, we amalgamate these sources so that we know precisely what we are entitled to use your data for. As consent is the entry basis we have always prescribed to, nothing has changed in that regard.

GDPR Data Inclusions - Personal Data

Under the new regulations the emphasis is that you, our customer and 'data subject' are in control of who you provide your personal data to, granting us permission to use it so that we may provide you with the services you choose in support of a commercial relationship with us. Put simply, you are in effect 'loaning' us the access rights to your personal data until you see fit to change this arrangement.

Personal data, often referred to as personal information, includes things like your name, address, email address, age*, date of birth, telephone number(s) and social media accounts, but it can also include things like your account number(s), or a unique IP address – anything in fact that can link to you as an individual. This all falls under the protection of GDPR. *You may find that in some areas we ask you to confirm that you are 13 years of age or over. This is because under the new regulations the UK Information Commissioner's Office (ICO) has deemed 13 years of age to be the point at which a child can provide consent to allow the processing of his/her own personal data. We are also obliged to ask for proof of age when selling certain products, including (but not limited to) knives, multi-tools, ice axes or fuel. Any third parties used in the processing of our orders have signed up to comply implicitly with our GDPR policy and no personal data will be shared.

GDPR Data Exclusions - Transactional & Location Data

This is different to personal data and includes things related to your purchase history, namely the method you used to make a purchase from us, such as one of our online websites. As GDPR's focus is to protect your personal data, this information is not included under the regulations. However, should you ask to see the data we hold in addition to the personal data we retain, we may still show you examples of this, but this is an extension to our obligations and our way of extending the level of trust and transparency.

GDPR Data Exclusions - Financial Data

This is the third example of data that passes through our business and it includes credit and debit card information. However, the security of this is controlled through other regulations (namely the Payment Card Industry - Data Security Standards), which exists to further reduce your (and our) personal risk. This data bypasses Grandprixme's systems and instead enters a payment gateway to be processed directly between your bank or charge card company, and our financial partner. 

Profiling

Data profiling is a trusted technique that attributes other assumed or known factors to the personal data that you consent to provide us. The process will add things such as: the typical size of your family, the size and approximate value of your home, the occupation you might have, your age range, your propensity to read certain newspapers or respond to email campaigns.

By understanding more about you we believe this will help us to improve the service we offer but we don't believe we should do this without your consent. So, over the course of your consent we will occasionally seek your approval for this periodically. Under GDPR you will always be able to see what data we hold on you by serving a 'SAR' a Subject Access Request upon us (details on this follow below).

Processing Personal Data

Under the Data Protection Bill once your data is passed to us, therefore by definition we become the 'Data Controller'. This definition is the highest definition placed upon us by the ICO and means that we are charged with utmost level of care when it comes to safeguarding your privacy.

To preserve our relationship with you and not cause unnecessary frustration or anxiety to others, MadlyMotorsport will from time-to-time work to maintain the quality and relevancy of the data we hold, processing it against nationally-verified suppression files such as change of address data, gone-away and bereavement registers. Whilst we are not obliged to do this, we believe that in order to fulfil our obligations as 'Data Controller', this remains good business practice and provides a duty of care to our customers and their families.

Accessibility

Personal, location and transactional data is collected through our businesses systems and is the responsibility of the company's Data Controller within MadlyMotorsport Ltd (within our Privacy Team). You can ask to see or amend what you believe are errors within this data or remove your permission for us to retain it, by reading the steps that we describe next e.g. 'Subject Access Request' & 'Right to be Forgotten'. For anything else, you can always contact our Privacy Team by emailing 'sales@madlymotorsport.com'.

Subject Access Request (SAR)

You can ask to receive a copy of your personal data whenever you choose under a process called a 'Subject Access Request'. Under a 'SAR' we will provide you with a FREE copy of all the personal data we hold on you in a machine-readable format (Microsoft Excel) within 30 days of us being able to successfully validate who you say you are. This is particularly relevant in order to avoid any security breaches or false claims for access to your personal data.

If we believe your request is complex or numerous we can extend the process for a further two months, but we will explain to you why this has been necessary within the initial 30 days of us validating who you are. If we deem your requests to be manifestly unfounded, excessive or particularly repetitive we are permitted to charge a reasonable administration fee to comply with requests for further copies of the same information. Should these excessive requests continue we are legally entitled to refuse your request, which should you disagree, you are within your rights to contact the Information Commissioner's Office and state your claim. All SAR requests are logged within our systems to manage the individual frequency of each request.

Right to be Forgotten (RTBF)

Should you ever decide to refuse us permission to use your personal data, you can invoke your 'Right to be Forgotten'. In activating this process, we will need to remove all your personal details from our systems. Once removed, this information will not be available to you, or us again, and should you recommence your relationship with us at a future date and provide us with a fresh set of permissions, none of your previous personal data would be available for re-assignment at that stage.

N.B. Please note that should you decide to invoke your RTBF, we are still required under other company law to store any transactional data that would have once been connected to you as an individual.

Transactional Emails & Consumer Recommendations

In order to process an online order we reserve the right to send a number of transactional emails. These include but are not limited to an order confirmation, order status updates and dispatch confirmation emails. Once dispatched, we may/will also send a combination of email and SMS messages to advise on the progress and status of the delivery.

Mailing & Telephone Preference Service (MPS & TPS)

Once you have given us your consent to communicate with you, any registration of your personal details on the Direct Marketing Association's Mailing Preference Service (MPS) or Telephone Preference Service (TPS) cease to become valid until you rescind your consent directly with us through any of the methods described above. MadlyMotorsport's policy of direct consent remains the only position we will use to communicate with customers.

Privacy & Electronic Communications Regulations (2003)

The PECR is derived from European law (European Directive 2002/58/EC) and is also known as the 'E-Privacy Directive'. This regulation supplements the regulations under GDPR with its primary focus addressing personal privacy across passive or active forms of distributed electronic communication e.g. Email, SMS (Text Messaging), website tracking cookies, apps, digital telephony, etc.

In 2019 this regulation was amended and renamed the ePrivacy Regulation (ePR) and adopted by MadlyMotorsport within this Privacy Policy.

Online Shopping

We accept that in this increasingly complex and joined-up world, consumers may not be au fait with the methods used to gather personal data, but as a Data Controller it is our role to make this as transparent as possible and provide you with a pathway to rescind your permission at any time wherever we can.

The Use of Cookies

A cookie is a piece of computer code - a text file - that is made up of a series of letters and numbers and placed on your device each time you visit one of our websites. Although they may sound sinister to some, they're actually very useful as they allow us to greatly improve your, and the other users of your devices', visits to our sites, simply by understanding more about your preferences and interests. Some cookies are essential because without them the website would not appear correctly in your browser.

The cookie itself does not contain or collect personally identifiable information but instead will remember previous purchases, page visits and account details and will help us to recommend products that suit the users of your devices. These recommendations and preferences are all made automatically and are not associated with any personal information we have previously collected about your interests.
When you first visit the website you will be asked to accept our cookie policy, and you may also remove any cookies by adjusting the software settings of your browser to either delete the cookies which already exist and/or block new ones from being stored or accessed, (see below for more information).

All of the cookies we use are solely for the benefit of you, your device users and us. This is how they can be broken down:

Essential Cookies

These are session specific cookies and expire after you leave the website. They are essential because without them the website wouldn't work properly. For example, the basket page would forget what you've got in your basket; they are not used for marketing or any tracking purposes, and don't store or retain any superfluous data about your visit to the website.

Types of cookies we use:

Cookies Necessary for the Functioning of the Store:

Name Function
_ab Used in connection with access to admin.
_secure_session_id Used in connection with navigation through a storefront.
Cart Used in connection with shopping cart.
cart_sig Used in connection with checkout.
cart_ts Used in connection with checkout.
cart_ver Used in connection with shopping cart.
checkout Used in connection with checkout.
checkout_token Used in connection with checkout.
previous_checkout_token Used in connection with checkout.
previous_step Used in connection with checkout.
remember_me Used in connection with checkout.
Secret Used in connection with checkout.
Secure_customer_sig Used in connection with customer login.
storefront_digest Used in connection with customer login.
_shopify_m Used for managing customer privacy settings.
_shopify_tm Used for managing customer privacy settings.
_shopify_tw Used for managing customer privacy settings.
_storefront_u Used to facilitate updating customer account information.
_tracking_consent Tracking preferences.

Reporting and Analytics

Name Function
_landing_page Track landing pages.
_orig_referrer Track landing pages.
_s Shopify analytics.
_shopify_d Shopify analytics.
_shopify_fs Shopify analytics.
_shopify_s Shopify analytics.
_shopify_sa_p Shopify analytics relating to marketing & referrals.
_shopify_sa_t Shopify analytics relating to marketing & referrals.
_shopify_y Shopify analytics.
_y Shopify analytics.
tracked_start_checkout Shopify analytics relating to checkout.

Shopify’s websites

When visitors load Shopify’s websites, we generally place the following Shopify cookies:

Cookies Necessary for the Functioning of the Sites

Name Function
_Brochure_session Used in connection with browsing through site.

Reporting and Analytics

Name Function
_landing_page Tracks landing pages.
_orig_referrer Tracks landing pages.
_s Shopify analytics.
_shopify_fs Shopify analytics.
_shopify_s Shopify analytics.
_shopify_sa_t Shopify analytics relating to marketing & referrals.
_shopify_uniq Shopify analytics.
_shopify_y Shopify analytics.
_y Shopify analytics.
ab_test_* Shopify analytics.
cart_sig Shopify analytics.
ki_r Shopify analytics.
ki_t Shopify analytics.

Additionally, we use pixels and tags from the following third parties, which may in turn place cookies:

Reporting & Analytics:

Third Party Description Privacy Policy
Alexa Metrics We use Alexa Metrics to help measure how users interact with our websites.</td> https://www.alexa.com/help/privacy
Bugsnag We use Bugsnag to help us troubleshoot and fix issues with our websites. https://docs.bugsnag.com/legal/privacy-policy/
Chartbeat We use Chartbeat to help measure how users interact with our websites. https://chartbeat.com/privacy/
Crazy Egg We use Crazy Egg to help measure how users interact with our websites. https://www.crazyegg.com/privacy
DC Analytics We use DC Analytics to help measure how users interact with our websites. https://dcanalytics.dcmn.com/privacy-policy
Fullstory We use Fullstory to help measure how users interact with our websites. https://www.fullstory.com/legal/privacy/
Google Analytics We use Google Analytics to help measure how users interact with our websites. https://policies.google.com/privacy
Hotjar We use Hotjar to help measure how users interact with our websites. https://www.hotjar.com/legal/policies/privacy
KissInsights We use KissInsights to help measure how users interact with our websites. https://signin.kissmetrics.com/privacy/
LinkedIn Analytics We use LinkedIn Analytics to help measure how users interact with our websites. https://www.linkedin.com/legal/privacy-policy
New Relic We use New Relic to help measure how users interact with our websites. https://newrelic.com/termsandconditions/privacy
Optimizely We use Optimizely to help us test improvements or changes to our websites. https://www.optimizely.com/privacy/

Advertising:

Third Party Description Privacy Policy
Microsoft Advertising We use Microsoft Advertising to deliver targeted advertisements to individuals who visit our websites. https://privacy.microsoft.com/en-ca/privacystatement
Drift We use Drift to help us with conversational marketing to customers while they visit our websites. https://www.drift.com/privacy-policy/
Facebook Custom Audiences We use Facebook Custom Audiences to deliver targeted advertisements to individuals who visit our websites. https://www.facebook.com/policy.php
Google We use Google Ads to deliver targeted advertisements to individuals who visit our websites. https://policies.google.com/privacy
Intercom We use Intercom to manage our relationships with our customers. https://www.intercom.com/terms-and-policies#privacy
Marketo We use Marketo to manage our relationships with our customers. https://documents.marketo.com/legal/privacy/
SourceKnowledge We use SourceKnowledge to deliver targeted advertisements to individuals who visit our websites. http://www.sourceknowledge.com/privacy
Outbrain We use Outbrain to deliver targeted advertisements to individuals who visit our websites. https://www.outbrain.com/legal/privacy#privacy-policy
Quora We use Quora to deliver targeted advertisements to individuals who visit our websites. https://www.quora.com/about/privacy

Social Media & Content:

Third Party Description Privacy Policy
Disqus We use Disqus to provide commenting capabilities on posts on our websites. https://help.disqus.com/terms-and-policies/disqus-privacy-policy
Facebook Connect We use Facebook Connect to allow visitors to our website to interact with and share content via Facebook’s social media platform. https://www.facebook.com/policy.php
Gravatar We use Gravatar to allow visitors to our websites to create avatars. https://en.gravatar.com/site/privacy
Twitter We use Twitter to allow visitors to our website to interact with and share content via Twitter’s social media platform. https://twitter.com/en/privacy
Wistia We use Wistia to display video content. https://wistia.com/privacy