Skip to main content

Privacy Policy

Data Protection & Privacy Policy

The purpose of this privacy notice is to set out how we will lawfully process your personal data for the purposes of applicable data protection laws and practice. We respect your rights as a data subject and so it is crucial that we keep you informed on how we intend to use your data.

1. WHO ARE WE?

J H Haynes & Co Ltd. (Company reg. 1449587) carries out processing of personal data for customers and prospective customers under the lawful processing bases of Contract, Legitimate interest, Complying with a Lawful and Regulatory obligation and Consent. We are registered with the Information Commissioner’s Office as a Data Controller under the registration number of Z6054111. 

2. WHO IS THE DATA PROTECTION OFFICER?

We have appointed a Data Protection Officer, who is the point of contact for enquiries relating to how your personal data is processed. The Data Protection Officer can be contacted at our registered address:

Group Company Secretary

Haynes Publishing

Sparkford

Yeovil

Somerset

BA22 7JJ

Email: dpo@haynes.co.uk

3. WHY IS DATA PROCESSING NECESSARY?

We need to store customer personal data to enable us to run our business effectively and meet our contractual obligations to customers who place orders with us. Storing customer names, addresses, email addresses, telephone numbers and payment details including bank details; ensures that we can meet our contractual obligations to process customer orders for print and online subscription products, take payment and ensure delivery of the product(s) to you. Where you have ordered a subscription product, we will also need to communicate with you to determine whether you wish to renew that subscription. We may also need to communicate with you about your product order for a variety of possible reasons such as delays, cancellations or low stock as well as responding or investigating any queries or complaints that you may have, so have a legitimate interest as a business in processing your personal data to allow us to do this. We also need to store personal data to comply with legal and regulatory compliance activities such as accounting and audit procedures.

Meaning of Legitimate Interest, Performance of a Contract, Compliance with Legal & Regulatory obligations and Consent.

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to. Consent is where you as an individual have expressly consented to receive information from us.

4. WHAT PERSONAL DATA DO YOU COLLECT?

Information you give us:

This may arise from you filling in order forms or marketing information on our websites: www.haynesallaccess.comwww.haynes.comwww.clymer.co.uk; www.bluffers.com or by entering competitions, completing marketing research surveys, sending information via post or corresponding with our employees by phone, email, electronically, in person or otherwise. It is likely to include your name, address, email, telephone number, delivery address, billing address, credit card or bank details for orders. It may also include your birthday and subject topics of interest for marketing purposes.

Information we collect about you from our websites:

With regard to each of your visits to our websites, we may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information. This is statistical data about our users' browsing actions and patterns and does not identify any individual.

A cookie is a small amount of data sent from our server and stored on your browser or your computer's hard drive if you agree. Cookies contain information that is transferred to your computer's hard drive.

We use cookies and other such devices to compile anonymous, aggregated statistics that allow us to understand how users use our sites and to help us improve the structure of our sites (we cannot identify you personally in this way). We use cookies and other such devices to allow us to understand who has seen which pages on our sites, to determine how frequently particular pages are visited, to determine the most popular areas of our sites and generally in order to monitor usage of our sites. This helps us to provide you with a good experience when you browse our sites and also allows us to improve it.

Some of the cookies we use are essential for parts of our sites to operate and are already set. These are strictly necessary for the services that we offer and without them the website cannot operate as intended. You can find more information about the individual cookies we use and the purposes for which we use them in the link at the end of this document.

Where you as an individual have expressly consented to receive marketing information from us; we will also send you information about new products, services and special offers that we think may be of interest to you. You will be able to withdraw your consent to receiving this information at any time by either selecting the unsubscribe link in the email sent to you; by changing your preferences in your account on our website or by contacting us through our contact details on our websites.

5. WILL WE TRANSFER YOUR DATA TO THIRD PARTIES?

We partner with a third-party distribution company to process customer print orders, despatch print products and invoice these orders, so we will need to share some personal information with them to allow them to carry out these functions on our behalf. There may also be some occasions when orders are shipped directly from printers to customers, in which case we will need to supply them with customer details, so they can make their delivery.

We use a range of third party companies who provide hosting, web design, content management, email commerce platforms and credit card processing companies to bill users for goods and services ordered from our websites. These companies do not retain, share, store or use personally identifiable information for any secondary purposes beyond filling your order. For Digital subscription products, your personal information may be stored, so we can contact you to see if you wish to renew your subscription product.

For individuals who consent to receive marketing information and newsletters from us, we will never share your information with third parties with the exception of our own business suppliers that we may use for the operation of our IT systems such as ecommerce marketing software for managing email marketing.

6. HOW LONG WILL MY PERSONAL DATA BE STORED?

Your personal data will be stored for as long as is required for the purposes for which we process it. Our Data Protection Policy requires us as an organisation to regularly review personal data and look to delete it, once it is no longer required. Your rights around requesting the deletion of personal data are outlined in Section 9.

Where we are processing data based on your consent, you have the right to withdraw that consent at any time.

In the event of customer orders, even if you ask us to delete our records, we may still need to retain some information such as copies of sales invoices for the statutory time limits to meet our regulatory and compliance requirements.

7. WHAT WILL YOU DO TO KEEP MY DATA SAFE?

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

We are the sole owners of personal information collected on our websites. We only have access to information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone. However, if you use a link on our website that takes you to a third-party website, please be aware that that website is outside of our control and we recommend that you review their privacy policy to understand what personal information they may store about you.

8. TRANSFER OF DATA OUTSIDE OF THE EUROPE ECONOMIC AREA (EEA)

We will not transfer your data outside of the EEA unless you purchase a print or digital product and we need to either deliver and invoice the print product to you and you are located outside the UK; or in order to enable your access to a subscription product we need to share your details with another company within the Haynes Group.

9. YOUR RIGHTS

Under the General Data Protection Regulation (GDPR) you have a number of rights with regard to your personal data. These include (but are not limited to)

Right of Subject Access

You can request details of all data we hold about you by submitting a subject access request to the Data Protection Officer, at the address provided above.

We aim to comply with such a request from you within one month of the request being made. Where we cannot provide you with this information within one month; we shall inform you of this and provide the reasons why this cannot be achieved, at which point, we shall have a total of 3 months to comply with this request.

In the normal course of business, we shall not charge a fee for a subject access request. However, in the event that you make a subject access request that is of a manifestly unfounded, repetitive or excessive nature, we reserve the right to charge a fee of £10 per request.

Right of Rectification

In the event that your data is incorrect or incomplete; you have the right to have this rectified by us. In the event that any of your data is incorrect, please contact the Data Protection Officer at the address provided above. We shall not charge a fee for your data to be rectified.

Right of Objection

You have the right to object to our processing of your data. Please note, that where we require to continue to process your data for reasons such as the defence of claims, we shall not be required to cease processing your data. In the event that you wish to object to us processing your data, please contact the Data Protection Officer at the address provided above.

Right of Restriction of Processing

If certain conditions apply, you have a right to restrict the processing of your information. This means that we can store your data but not use it. This includes when you contest it as being inaccurate (until the accuracy is proved); if you have objected to the processing (when it was necessary for legitimate interests) and We are considering whether its legitimate interests override your own; if you consider that the processing is unlawful (and if this is true) so that you can oppose erasure and request restriction instead; or we no longer need the personal data for the purposes they held it but you require one or both of them to continue to hold it to establish, make or defend legal claims.

Right of Erasure

You have the right to request that we delete your data provided that; we no longer require your data; or there is no legitimate legal basis for us to process your data; or we have unlawfully processed your data; or the data must be erased in order to comply with the law. If you have grounds to request that we delete your data (and you wish to do so) please contact the Data Protection Officer at the address provided above, however please bear in mind that erasure may not be possible if your data is needed for compliance reasons. We shall not charge a fee for your data to be deleted from our databases.

If you have any queries with regard to the processing of your data; would like us to transfer your data to another service provider or would like more details about your rights, please contact the Data Protection Officer at the address provided above in section 2.

10. CAN A COMPLAINT BE MADE?

If you have any complaints about how we process your data, please contact the Data Protection Officer; at the address provided above in section 2. In the event that we are unable to resolve your complaint; you have the right to make a complaint to the Information Commissioner’s Office, if you believe that your information has been mishandled by us.

The Information Commissioner’s Office can be contacted as follows:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Tel: 0303 123 1113

11.CHANGES TO OUR PRIVACY POLICY

This policy was last updated on May 25th 2018. Any changes to this policy will be posted on our websites.

Additional Information About Cookies

Most internet browsers are automatically set up to accept cookies, but you can set your browser to refuse a cookie or ask your browser to show you where a cookie has been set up. Certain services are only activated by the presence of a cookie and, if you choose to refuse cookies, particular features or parts of our sites may not be available to you. To see our Cookie Policy, please click here (insert link) For further information about cookies, including how to refuse cookies, please visit the Interactive Advertising Bureau UK's website, www.allaboutcookies.org.

Haynes Website Cookies

Cookie name

Purpose

Persistence

utmα

These are Google Analytics cookies where α is a letter. These cookies collect visitor activity data for the purpose of analysing website performance.

 

utma

Records the number of visits a visitor makes.

Lasts for 2 years

utmb

Takes a timestamp of the moment a visitor arrives.

Expires at the end of each session

utmz

Keeps a record of a visit’s source.

Lasts for 6 months

utmc

Takes a timestamp of the moment a visitor leaves.

Expires at the end of each session

utmv

Classifies a visitor (our classifications are unique to haynes.co.uk).

Expires at the end of each session

REFERRER

This stores information if a user has been referred from another location.

Lasts for 14 days

WCS_UNIQUE_ID

Holds a unique ID for a WebSphere Commerce session instance.

Expires at the end of each session

WC_ACTIVESTOREDATA

A record of the active store (haynes.co.uk) in WebSphere Commerce.

Expires at the end of each session

WC_USERSESSION_nnnnn

This is a WebSphere Commerce user session cookie with nnnnn being the user ID (guest or registered).

Expires at the end of each session

JSESSIONID

This is created/sent whenever a JavaScript web page session is created.

Expires at the end of each session

WC_AUTHENTICATION_nnnnn

This is created/sent when a checkout and/or login session is created with nnnnn being the authentication ID.

Expires at the end of each session

hbbααααα

These are for our forum pages where α is a letter.

 

hbblastvisit

Tracks the last visit

Lasts for 12 months

hbblastactivity

Tracks activity in the last session

Lasts for 12 months

hbbsessionhash

Tracks activity of a guest visitor

 

hbbpassword

Keeps a record of login if user checks ‘Remember Me?’

Lasts for 12 months

hbbuserid

Keeps a record of user ID if

Lasts for 12 months

PHPSESSIONID

This ‘session cookie’ tells us that you are actively using our sites so that we can track, at any given time, how many users we have.

Expires at the end of each session

PREF

Used by YouTube to store user preferences when viewing pages containing video content.

Lasts for 10 years

GEO

Used by YouTube to store user preferences when viewing pages containing video content.

Expires at the end of each session

VISITOR_INFO1_LIVE

Used by YouTube to store user preferences when viewing pages containing video content.

Lasts for 8 months

use_hitbox

Used by YouTube to store user preferences when viewing pages containing video content.

Expires at the end of each session