Aram respects your privacy rights and recognises the importance of protecting the information that we collect about you. We therefore have embraced the General Data Protection Regulations 2018, which safeguard how we collect, store and use the information with which you provide us. We promise to handle your information fairly and legally at all times, and we are dedicated to being transparent about what data we collect about you and how we use it.
What personal data do we collect?
- Your full name and contact details: postal address including billing and delivery addresses, telephone numbers (including mobile numbers) and e-mail address
- Purchases and orders made by you
- No sensitive personal data is ever collected
- No financial data, such as payment card details, are stored electronically. Hard copy payment card details are stored securely and accessed only by authorised personnel, in accordance with certified PCI DSS v4
- Contact details and order history as above, along with your IP address
- Registered customers: your password and wishlist
- No financial data, such as payment card details, are stored online by Aram. They are stored by our payment processing provider, which is certified PCI DSS compliant level 1
- Newsletter subscribers: only your name, email address and IP address are collected and stored, along with the ‘read’ history of our newsletters
- On-site cookies collect browsing information but this is not personally identifiable and can be disabled at any time through your browser settings
How and why is personal data collected?
Personally identifiable information is provided to us voluntarily by our customers and visitors when making a purchase. This may be in person, by mail, by telephone or by email. It is collected online when voluntarily completing the checkout process or registering an account, or when subscribing and providing explicit consent via opt-in to receive our newsletter.
Aram collects and uses customers’ personal data because is it necessary for:
- the purposes of complying with our duties and exercising our rights under a contract for the sale of goods to a customer
- complying with our legal obligations
- the pursuit of our legitimate interests, which are the supply of products and services; promoting, marketing and advertising our products and services; understanding our customers’ preferences, and needs; handling customer contacts, queries, complaints or disputes.
How is personal data stored and protected?
Aram is committed to keeping your personal data safe and secure. Our onsite servers contain stringent security controls to protect from unauthorised access and are constantly monitored and updated. Online data is stored by our service partners who have a proven commitment to the highest levels of network security (details of these service partners can be provided upon request). Hard copies such as printed sales orders are always handled with care and conscientiousness in accordance with internal security policies, which are regularly reviewed.
How is personal data used and with whom is it shared?
Aram uses your personal data:
- to provide goods and services to you
- to manage any registered online account(s) that you hold with us
- to manage customer service interactions with you
- with your consent via opt-in, and through legitimate interest, to contact you electronically about promotional offers and products and services which we think may interest you
- to verify your identity
- for crime and fraud detection and prevention
- where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute)
Aram will not disclose your personal data to any third party, except as set out below. We will never sell or rent our customer data to other organisations for marketing purposes. In order to make certain services available to you, we may need to share your personal data with some of our service partners. These include:
- IT such as website hosting and payment processing providers. Your anonymised IP address (only) is shared with Google Analytics.
- delivery and installation solutions (only your contact details will be shared)
- email marketing service providers and online support platform providers (eg, chat)
Details of these third party service partners can be provided upon request. All third party service partners are within the EEA.
We may share your data with credit reference agencies, governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so to comply with our legal obligations or to exercise our legal rights.
Aram uses your personal data for electronic marketing purposes (with your explicit consent via opt-in confirmation, account registration or order placement) and may occasionally send you postal mail to update you on the latest offers, products and events. You can opt out of receiving promotional communications at any time, by using the ‘unsubscribe’ link in our newsletters or by contacting the Store at the address shown below.
How long do we keep your data?
We will not retain your data for longer than necessary for the purposes set out in this statement. Different retention periods apply for different types of data, however the longest we will normally hold any personal data to comply with accounting regulations is 6 years.
You have the right to request what data we hold, in writing to the Store and we will respond within one calendar month.
You have the right to request that your data be deleted – in accordance with this statement – in writing to the Store and we will respond within one calendar month.