Data Protection Notice

Last updated: 6th November 2018

About this Data Protection Notice

This Data Protection Notice (referred to in this policy as “Notice” or “DPN”) is aimed at the users of this website and our consumer customers. We have a separate Data Protection Notice for our Retail Partners which is communicated separately.

At Clogau, we are committed to protecting the privacy and security of personal data. In this Notice we’ve tried to strike a balance between providing enough detail so you can see what data is collected from you, how it is used, who it’s shared with and how it’s kept secure, but not so detailed that it becomes needlessly lengthy or difficult to follow. If you need more detail than is provided in this Notice or have a suggestion for improvement, please get in touch.


About Us

The data controller is Clogau Gold of Wales Limited (referred to in this policy as “Clogau”, “we” or “us”), a company registered in England and Wales under company number 2146156. “Clogau” is the trading name of Clogau Gold of Wales Limited.

Clogau is registered on the Information Commissioner’s Office Data Protection Register with number Z7225337.

Clogau’s registered UK address is: Clogau Gold of Wales Ltd, Sherbrooke House, 5 Kinmel Park, Abergele Road, Bodelwyddan, Rhyl, LL18 5TX, UK. enquiries@clogau.co.uk Tel: 0345 606 88 77. If you would like to contact Clogau’s Data Privacy Manager, please see the How to Contact Us section.


The Personal Data We Collect & Where it Comes From

The personal data we collect depends, in large part, upon the type of interaction you have with us at Clogau. For instance, we will receive different information from you if you place an online order (such as your name, address, email, items ordered, ring size, gift card message, engraving information and payment card details) than if you enter a prize draw (which will usually be restricted to your name, address, email and date of entry). Exactly what data you provide to us will be clear at the point of entering your details.

However, in addition to what you provide directly to us, we may initially obtain personal data from a third party or supplement what we already have with additional data. All of this is to deliver better products, services and communications to our customers.

Generally, we receive two broad types of information: namely, personally-identifiable information and information which cannot be used to identify an individual.

  • Personally-identifiable information is data that can be used to identify you either in its own right (such as your name and address) or data that can be supplemented with other data to identify you as on individual (such as your Clogau account code, which can be linked to your name and address in our system and used to identify you as a customer).

    Personally-identifiable information includes information provided directly by you to us, as well data which we receive from third parties, data processors and data we create about you.


    Data provided by you

    This is the most straight-forward of all the data types to describe and understand. It is data provided directly from you to us. It happens when you input data during such tasks as creating an online account, placing a website order, requesting a brochure, registering for warranty, submitting a return, completing an in-store competition form, or contacting our customer services team using your email address, amongst other tasks.

    Depending on the type of interaction you have with us, the data can include your name, address, email address, telephone number, payment card details, items ordered, ring size, place of purchase, date of birth, reason for your return, and so forth. Exactly which pieces of information you provide will be apparent at the time the information is asked for and given, and we will tell what information is required and which is optional on the form which you fill-in.


    Data provided by a third-party or data processor

    We may collect personal data about you from third parties who have your consent to pass your details onto us, data processors or we may access publicly available sources.

    Some of the information we hold on our customers and website users will come to us from a third party or data processor such as an address-cleansing agency (who inform us of change of addresses and goneaways, amongst other things), email service providers or social media networks.

    In some cases, this information is initially provided by you to the third party (and then shared with us) such as:


    • When you … enter a Clogau competition on another website and agree to share your data

      We occasionally run Clogau competitions on social media websites like Facebook or in partnership with other companies, and they will share the personal data of those who have consented to share their data with us. We do not receive or see the data of those that haven’t opted in to share their data with us.


    • When you … agree to share your data from an Abacus Alliance member

      Clogau are members of the Abacus Alliance (“Abacus”) which is a co-operative of multichannel retail organisations who contribute their customer transactional data with a view to making their marketing campaigns more effective and relevant to consumers through data insight.

      We use Abacus for prospecting and buying new marketing leads. Although Abacus may hold transactional information about you from your purchases with other companies in the alliance, we only receive a limited amount of information on you each time we purchase new leads. The Abacus Alliance database gives members a deeper understanding of consumer purchase patterns to make marketing campaigns more relevant and interesting to the consumer.

      Abacus also helps members to manage and think through privacy and is committed to upholding all relevant data protection laws and best practice. They are members of the Direct Marketing Association.

      There are benefits to allowing your data to be shared with Abacus. Watch this 1m 27s video from Abacus (or view on YouTube):





      If you are on the Abacus marketing list and would like your details to be deleted, please get in touch with Abacus directly.

Examples of where we supplement what we already have with third party or data processor data include:

  • When you … leave a product review

    Following most online and Clogau store purchases, you will receive an invitation to leave a product review via our review partner, Feefo. If you respond to this invitation and leave a review, we will be able to see your submission, and your review will be published on our website and on our profile page on Feefo’s website.

  • When you … respond to one of our marketing emails

    We use a dedicated email service provider (ESP), dotmailer, to send our marketing emails. An email service provider is the software and service we use to send our marketing emails. They help us to follow email marketing best practice, by processing and upholding unsubscribe requests, removing “hard bouncing” email address, removing persistently “soft bouncing” email address and helping to ensure our content does not have any of the features of spam.

    The personal data we receive from our ESP is data observed following tracking what actions you perform with your emails, such as opening, clicking on the links, placing an order as a result of visiting the website directly from the email, whether you unsubscribed from a particular email, and so forth. The information is used so we can see how engaging our emails are to our subscribers, and to improve the content, timing and frequency of our marketing emails.

  • When you … are selected to receive a direct mail piece and your postal address details need correcting or suppressing

    We use an agency to help us to maintain correct and up-to-date postal address information. We use the agency to help keep us informed of change of addresses (in which case we update the addresses on our system), goneaway addresses (in which case we suppress from the mailing if the agency can’t confirm the individual still lives at the address), whether a death has been registered (in which case we suppress from future mailings), whether the address we hold on file for you is complete and whether the address is valid against Royal Mail’s “Postal Address File”.

    It allows us to help keep addresses as clean as possible and to fulfil our obligations to keep data accurate and up-to-date.

  • When your … postal mailing pack fails to deliver and Royal Mail send it back to us

    When we send out postal mail, Royal Mail return mailing packs that cannot be delivered to the final destination. In such cases, they will generally tell us the reason for the failure to deliver, such as a goneaway, refusal to accept mail or an incomplete address, and we will update our systems accordingly to help ensure the addresses we hold are as accurate as possible.

  • When your … address details need checking and correcting

    During times when we need to check address, we occasionally access publicly-available online services to verify and correct address information, such as Royal Mail’s online “Find an address” service.

  • When you … follow us on a social media site or react to one of our posts

    If you follow us on a social media site, such as Facebook, Instagram or Twitter, we can see who follows us, and likewise if you respond to a post, such as adding a comment or “liking” the post.

  • When you … respond to an advert of ours on a social media platform

    You may see an advert of ours on a social media platform such as Facebook, Instagram or YouTube. If you react to that advert, such as pressing a button to share your email address with us, we will receive that data via the social media site and then subscribe you to our email newsletter, as requested.


  • Data created by us

    Depending on the interaction you have with us, we will usually create data which will allow us to identify you in our data sets, such as an account number and unique personal ID numbers.


    Cookies

    This website uses a ‘session cookie’. Your computer is allocated a random ID number by our web server for the duration of your visit. Session cookies allow you to store your chosen items in your shopping basket, without losing them, and to make the checkout process faster by having your delivery details ready to use.

    The session cookie is only active while you are connected to clogau.co.uk and is instantly removed from your computer when you close your browser window.

    Other cookies are also used for statistics (statistic cookies help website owners to understand how visitors interact with website by collecting and reporting information anonymously), and marketing (marketing cookies are used to track visitor across websites with the intention to display ads that are relevant and engaging for the individual user).

    Depending on the type of cookie, the cookies on our site usually have an expiry time frame of between a single session and 2 years.


    • Non-personally identifiable information, which is data that comes from you but which cannot be used to identify you as an individual and is usually aggregated with other customers or users of our website. This Notice restricts itself to personally-identifiable information.

    These lists and examples are not exhaustive and, in certain instances, we may need to collect additional data for the purposes set out in this Notice. We will always endeavour to ensure it is clear what information we are asking for and why, and to keep this Notice up to date. If you have any questions or suggestions for improvement, please contact us on any of the methods in the How to Contact Us section.


Children

Our website and marketing is not aimed at, or intended for, persons under 16 years of age and we do not knowingly collect data relating to children. If we are marketing to a person under 16 years of age and you have parental responsibility for the child and would like to stop our marketing reaching that child, please contact us – see the How to Contact Us section.

We will endeavour to stop future emails, direct mail, targeted social media advertisements and other forms of direct marketing addressed specifically to the person. Please be aware that brochures and postal mail pieces are always printed in advance of being sent and therefore it takes several weeks for someone to stop receiving postal communications, and that it can take several working days to stop receiving other forms of communications.


How We Use Personal Data & It’s Lawful Basis for Processing

Clogau collects and uses customers’ personal data because is it necessary for:

  • the purposes of complying with our duties and exercising our rights under a contract for the sale of goods to a customer;
  • complying with legal obligations (Legal Obligation);
  • the pursuit of our legitimate interests (as set out below) (Legitimate Interests).

In general, we only rely on consent as a legal basis for processing in relation to sending marketing emails to prospective customers.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purposes. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please get in touch.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Apart from Consent, we also rely on Legal Obligation and Legitimate Interests to process personal data. In this section, we aim to provide you with a guide as to when each is used.


Legal Obligation

If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity affecting the Company to law enforcement, or with regulators (like the Information Commissioner’s Officer or HMRC), when demanded to do so.

We also have a legal duty to hold certain personal data to comply with HMRC requirements.

Please note that we may process your personal data without your knowledge or consent where this is required by or permitted by law.


Consent

If you are a prospective customer, and have not purchased Clogau jewellery previously, we rely on your consent via an opt-in tick-box, in order to send your marketing emails.

For customers, warranty registrants and warranty recipients – those that have purchased our products – we rely on Legitimate Interests, through a “soft opt-in” for permission outlined by the Information Commissioner’s Office, on the assumption that customers have purchased a product, they are likely to be interested in hearing about future products, services and offers via email and post. The term “soft opt-in” is used to describe the idea that if an individual bought something, gave their details and didn’t opt out of receiving marketing messages, they are likely to be happy to receive marketing about similar products or services even if they haven’t specifically consented.

However, we never want you to receive information you don’t want to receive and if this is the case, please contact us so that we can remove your from our marketing list. Please be aware that you cannot opt out of service-based emails.


Legitimate Interests

We believe we have a legitimate interest to process personal data so that we can:

  • process orders, returns, refunds and exchanges;
  • provide goods and services to you, including the despatch of goods to your designated delivery address (so long as the delivery address complies with our despatch policy);
  • record communications with our sales team and Customer Services, and collect all applicable information relating to the query, including the information you directly submit to us. 
  • send postal marketing (otherwise referred to as “direct mail”) to all types of customer and prospect about promotional offers and products and services which we think may interest you (please be aware you can opt out of receiving such communications);
  • communicate service-based messages to you via email and SMS text messaging;
  • provide a tailored website available to you and your browsing habits;
  • promote, market and advertise our products and services to you, including to you on other websites as part of “retargeting” campaigns (see the Retargeting section);
  • remind you of items left in your online shopping basket;
  • process and uphold suppression requests;
  • manage any registered account(s) that you hold with us;
  • to verify your identity;
  • help prevent and enhance detection of crime and fraud, and related purposes;
  • conduct analysis and market research, to understand our customers’ behaviour, activities, preferences and needs as they relate to purchasing our products; and
  • disclose your information (for example in relation to an investigation by a public authority or in a legal dispute) where we have a legal right or duty.

This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Notice.

For enhanced transparency on particular areas, we’d like to outline extra details relating to:


Service-based Emails

Service-based emails are those such as order confirmations, notifications of an online account being created, password reminders, enquiry confirmations, returns acknowledgments and eVouchers (amongst other emails). If you have you registered a valid email address with us, you’ll receive service-based emails even if have unsubscribed from our marketing emails. This is because these emails contain important information and confirmations, and are sent in response to an action taken by you. Furthermore, we believe they are in our legitimate interest of our business and provide a level of service our customers expect. They are sent directly from our own email server using an @clogau.co.uk address.


“Do not mail me” Requests and Processing for Suppressions

We believe we have a legitimate interest to hold data to fulfil suppression requests.


How We Keep Data Safe

We follow many practices and techniques to make personal data as secure as possible. Much of this information is available in a dedicated webpage at https://www.clogau.co.uk/securityprivacy.aspx


Who We Share Personal Data With, And Why

We chose which companies and organisations we work with very carefully. Some we are required to work with as a matter of law. So that you can better understand these data processors and third parties and how we work with them, here are some examples:


With regulators and law enforcement agencies when required to do so by law

Occasionally we may be required to share personal data with the police, with legal authorities in the case of legal dispute or with regulators like the Information Commissioner’s Office and HM Revenue & Customs.


Service Providers for Payments, Delivery, Anti-Fraud Prevention and IT

We rely on a set of external companies to provide us with services that enable our business to run and to provide you with the product you ordered. Our core service providers which handle personal data at some stage include:

  • banks and clearing houses to process your payments;
  • companies to carry out fraud protection;
  • postal and courier companies (usually FedEx and Royal Mail, depending on the postal service you select) to deliver products to you, and to keep you updated of the progress of your parcel by email and/or SMS text messaging if your order is shipped via Royal Mail Special Delivery Guaranteed®;
  • IT services providers to process customer transactions and services.

Data cleansing agency

We use an agency to help us to maintain correct and up-to-date postal address information. We use the agency to help keep us informed of change of addresses (in which case we update the addresses on our system), goneaway addresses (in which case we suppress from the mailing if the agency can’t confirm the individual still lives at the address), whether a death has been registered (in which case we suppress from future mailings), whether the address we hold on file for you is complete and whether the address is valid against Royal Mail’s “Postal Address File”.

It allows us to help keep addresses as clean as possible and to fulfil our obligations to keep data accurate and up-to-date.

From time to time, we supplement this data with demographic data, such as gender, age or date of birth, in order to help send our marketing communications as relevant as possible to recipients.


Abandon basket and shopping recommendations partner

We partner with a company who will email you the contents of your online shopping basket on your request, and will deliver more on-page product suggestions as you browse our website, to make the products you see more relevant to your previous browsing history, where possible.

Depending on which feature is used, personal data can be minimal and only include IPs, sessions IDs and other less sensitive data. No sensitive (including special categories) data

The data processing infrastructure use Amazon Web Services (core SaaS functionally) and SendGrid (for email delivery). These sub-processors are located in the U.S. and transfer of personal data is governed by relevant Standard Contractual Clauses and/or Privacy Shield-framework and Data Processing Agreements.


Clogau Retail Partners

Personal data is also captured and processed in partnership with our network of Clogau Retail Partners. This happens in a couple of ways; if you purchase a Clogau item within a Clogau retail partner store, you will be asked to complete a Warranty registration form in order to cover your item for manufacturing faults for an additional two years. This data is captured because it is necessary to provide a service and customers cannot opt out of any service-based emails. You are also given the opportunity to opt-in to receive marketing communications both from Clogau directly on behalf of the retail partner from whom you purchase the item, and also from the retail partner themselves with information on Clogau events and promotions in store. This data is controlled by Clogau and shared with the retail partner.

Secondly, if you purchase from a Clogau retail partner selling Clogau items online using our ‘Retail Web Platform’; personal data is also captured at point of creating your account and placing the order. The websites referred to are those with a domain such as: clogauretailpartner.clogau.co.uk. This data is captured because it is necessary to invoice and deliver the purchased item appropriately and customers cannot opt out of any service-based emails. Again, you are given the opportunity to opt-in to receive marketing communications both from Clogau directly on behalf of the retail partner from whom you purchase the item, and also from the retail partner themselves with information on Clogau events and promotions in store. This data is controlled by Clogau and shared with the retail partner.

All communication sent from Clogau and our retail partners will always be relevant to you and you can choose to unsubscribe from the marketing communications at any time by contacting Clogau directly or following the ‘Unsubscribe’ link on an email you receive.


Online “retargeting” and “remarketing” advertising

Clogau partner with Criteo for “retargeting” (sometimes referred to as “remarketing”) advertising campaigns. Criteo specializes in creating personalized advertisements through “Criteo Dynamic Retargeting”. They work with online partners to build advertisements for users who visit our website in order to display personalised advertisements on other websites on the internet.

Their aim is to deliver advertisements by displaying products that you might be interested in, based on your recent browsing behaviour on our website. As a result, you should receive personalised ads that are more relevant for you than the standard advertising.

Criteo do not know who you are. At no point does Criteo collect identifying personal data such as your name or address. They only collect and use technical data relating to your browsing navigation to display personalised advertisements. If you want to learn more about how Criteo works, what data is collected and how to opt-out out of Criteo ads, click here.


Hotjar

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link.

You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following the instructions here.


Facebook, Instagram, Google and YouTube

As part of our marketing activities, we run advertising campaigns on Facebook, Instagram, Google and YouTube, for specific segments of customers and prospects. In such cases, your email address will be uploaded into the platform via the platform’s secure method and be used solely for the purposes of running our advertising campaign.

Read Facebook and Instagram’s data policy here. Read Google and YouTube’s privacy policy here.


Epsilon Abacus

We work with Epsilon Abacus (registered as Epsilon International UK Ltd), a company that manages the Abacus Alliance on behalf of UK retailers. We share customer and prospect data with Abacus for the purposes of suppression and for campaign measurement. Your data will not be used by another member of the Alliance without your consent.

The participating retailers are active in the clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors categories. They share information on what their customers buy. Epsilon Abacus analyses this pooled information to help the retailers understand consumers’ wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy.

There are benefits to allowing your data to be shared with Abacus. Watch this 1m 27s video from Abacus (or view on YouTube):




If you are on the Abacus marketing list and would like your details to be deleted, please get in touch with Abacus directly.


XCM

XCM (registered as ‘X Channel Marketing Ltd’) are a marketing services company which (under our instruction) compliantly process our customer related data with supporting insight analysis, to be used for relevant marketing communications and the benefit of our customers.


Mailing Houses for Postal Mail

We send postal mail to carefully selected customers and prospects at different points during the year (who haven’t already opted-out from postal mailings or known to be deceased; other suppressions may apply), usually about promotions or product launches. To do this, we send mailing lists to mailing houses so that they can print the name and address onto the carrier letter or outer envelope, and prepare the mailing packs to be collected for postal distribution.

There are a number of mailing houses used by Clogau. We only work with carefully-selected mailing houses that meet our requirements for data security. 


Email service provider

We use a dedicated email service provider (ESP), dotmailer, to send our marketing emails. An email service provider is the software and service we use to send our marketing emails. They help us to follow email marketing best practice, by processing and upholding unsubscribe requests, removing “hard bouncing” email address, removing persistently “soft bouncing” email address and helping to ensure our content does not have any of the features of spam.

We upload information such as email address, name or salutation, date of birth and post code into our dotmailer (which is not accessible to other companies using the platform), in order to personalise your emails and make them as relevant to you as when we.

You can unsubscribe from our marketing emails at any time by clicking the unsubscribe link at the bottom of a marketing email.


When We Send Personal Data Outside of The European Economic Area (EEA)

From time to time we may use service providers who transfer data outside the European Economic Area ("EEA"), in particular for the provision of IT services. It may also be processed by staff operating outside the EEA who work for one of our suppliers or data processors. Such processing may, for example, be required in order to fulfil your order, process your payment details or provide support or marketing services.

If we do share your personal data with service providers outside the EEA we will ensure reasonable safeguards are put in place to protect your personal data.


How Long We Keep Personal Data

We will not retain your data for longer than necessary for the purposes set out in this Notice. Different retention periods apply for different types of data and for different customer types. In general, we retain the information either while your account is in existence, or as needed to be able to provide services to you. We may keep different types of personal data for different lengths of time (for instance, we may need to keep certain personal data relating to your purchases in order to comply with HM Revenue & Customs’ VAT reporting requirements).


Your Data Rights

You have a number of rights under data protection laws. These are summarised below, along with information on how you can exercise these rights.


See the data we hold on you – the right to access

You have a right to know as to whether or not personal data about you is being processed, and, where that is the case, access to the personal data.

You can request and access the personal data we hold on you by contacting us using the How to Contact Us section. This is called a “Subject Access Request”. We may ask you for proof of identity to ensure we are releasing personal data to the right person.

We try to process all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case we will notify you and keep you updated.

If we consider the frequency of your requests is unreasonable, we may refuse to comply with your request. In those circumstances, we would notify you of your right to complain to the Information Commissioner's Office.


Ask us to correct mistakes with your data – the right to rectification

You have the right to ask for corrections to be made to inaccurate personal data.

We welcome feedback from you to ensure our records are as accurate and up-to-date as possible. If you think that the information we hold about you is inaccurate or incomplete please ask us to correct it by contacting us.

We will process your request as soon as we receive it or within one month of receipt at the latest.

You can also update many of your personal details held in your online account at any time through the My Account section of this website.


The right to erasure

You can ask us to delete your personal data; however, this is not an absolute right. We can refuse to erase personal data which we need to keep (i) to comply with a legal obligation (for instance, we are required by HMRC to keep certain personal data for up to 6 years for VAT reporting purposes); and (ii) in relation to the exercise or defence of any legal claims.

When you ask us to delete your personal data, we assume that you do not want to hear from us again. To ensure that we do not send you any special offers in the future (for example, if we purchased your details from a third-party list), we will retain enough of your personal data for suppression purposes.

Other than as described above, we will always comply with your request and do so promptly. We would also notify any third parties with whom we have shared your personal data about your request so that they could also comply.

Some customers would still like to order our products but do not want to receive any marketing communications from us. This is not a problem as you can simply update your marketing preferences by contacting us.


No processing for marketing purposes – the right to restriction of processing

You have the right to object to your personal data from being processed for marketing purposes. If you would like us to stop processing your personal data for marketing purposes, please let us know by contacting us using the How to Contact Us section.

We put a lot of effort into personalising your experience with us to ensure that the offers we send you are interesting, relevant and timely. To do this we look at your previous purchases plus any preferences, ratings, reviews and favourites you may have indicated to build a profile of what you are most likely to want to buy. This is known as 'profiling'.

If you don't want us to carry out any profiling using your personal data please let us know by contacting us. However, please be aware that if you ask us to stop profiling your personal data you will stop receiving personalised offers.

We will update your preferences as soon as we can but please be aware that brochures and postal mail pieces are always printed in advance of being sent and therefore it takes several weeks for someone to stop receiving postal communications, and that it can take several working days to stop receiving other forms of communications.


You can transfer your data. The right to transfer your personal data (known as data portability)

You have the right to move, copy or transfer your personal data from one organisation to another. If you ask for a data transfer, we will give you a copy of your personal data in a structured, commonly used and machine-readable form (for instance, in an Excel file format). We can provide the personal data to you directly or, if you request, to another organisation.

Please note that we are not required to adopt processing systems that are compatible with another organisation, so it may be that the recipient organisation cannot automatically use the personal data we provide.

When making a transfer request, it would be helpful if you can identify exactly what personal data you wish us to transfer.

We will comply with your request within one month or, if the request is complex or there are a number of requests from you, within three months.


How to Contact Us

If you have any questions about how we use or look after your personal data that are not answered in this Data Protection Notice, you can contact us by:

  • E-mail: dpm@clogau.co.uk Please use a clear subject line to help us deal with your enquiry efficiently
  • Post: Data Privacy Manager, Clogau, Sherbrooke House, 5 Kinmel Park, Abergele Road, Bodelwyddan, LL18 5TX, UK (stamp required).

Your enquiry will be routed to our Data Privacy Manager, who look into the enquiry and organise for you to be contacted (usually by the Customer Services team) within one month of your enquiry being received.

In most cases, we will be able to provide the necessary information back to you within one month. However, if the matter is particularly complex, or we are in receive of a large number of requests, this may be extended by up to a further two months. If this happens, we will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.

The UK’s supervisory authority is the Information Commissioner’s Office (“ICO”). As a data subject, you have the right to lodge a complaint with the ICO. Further information, including contact details, is available on the Information Commission Office website.