Privacy policy

Last updated: 27th July 2023

Privacy policies can be complex. We have done our best to write ours in a way that is quick and easy to understand, but there is a lot we need to cover and so we would like to precede it by making a brief and clear promise to you, our customer.

We have been in business for over 160 years, which is not a claim that many businesses can make. We have achieved that longevity, in part, by maintaining the trust of our customers - not just over months or years but over decades and centuries.

Things have changed a lot since we started out and there are more companies competing for your attention than ever. Modern marketing allows businesses to reach you in a more personalised way; in the right hands we believe that is a good thing but we also believe that when we use people’s data to personalise our marketing, we should always act not just within the law, but also with the utmost integrity.

We are a family business that has always believed in going above and beyond; producing the best products and delivering the best service. We promise to treat your data in the way we would want our own data to be handled, so that we can continue to earn the trust of our customers for the next 160 years and beyond.

Jurisdiction:

We fully support your Data Privacy Rights under the General Data Protection Regulations (GDPR) and embrace the changes required to ensure that your experience with Gilbert is fully aligned to your expectations and wishes.

Why do we need to collect, store and use your personal data?

To enable us to:

  1. respond to your enquiries
  2. process your orders
  3. provide aftersales services
  4. communicate our marketing to you by either telephone, post, email or social media
  5. in certain examples manage contracts (e.g sponsored players)

(i.e. legitimate business reasons for using personal data;).

Consent:

When we have your consent, we aim to personalise your experience and share details of offers, promotions, news about new products and tell you about our amazing team of Gilbert ambassadors.

If we do collect personal data that you have provided to us, either directly or via a 3rd party platforms e.g facebook, this data will be recorded in our secure customer service systems.

What data do we store and when?

When we processing your order (a purchase from one of our websites), we collect the following data and use it in our order fulfilment and after sales service systems: 

  • Name
  • Delivery Address
  • Email Address
  • Telephone number
  • Details of your order or enquiry

At checkout, the payment provider (e.g. PayPal or Stripe) will use the above information and details of your billing address and payment card. We only use large, trusted payment providers such as PayPal and Stripe who comply with PCI DSS Tier 1 - the highest standard of card protection in the industry. We NEVER see or store your credit card information; payments are handled directly by the provider. For business orders we also store your Organisation’s name.

With your specific consent, we may also collect the sports you are interested in and interests related to this, such as your favourite club. Unless you opt-in to marketing, the data given during the order process will only be used for processing that order.

Marketing:

If you opt-in to marketing, we will send you relevant offers that relate to our products and services. We will NEVER sell your data to a third party. You can withdraw this consent at any time.

We use 3rd party service providers to help us market to you so we can:

  • collate, manage and store your data
  • contact you, e.g via email or social media
  • manage your marketing preferences

These providers have their own data processing agreements; whilst we cannot be held liable in any way if they fail to uphold their legal obligations under these separate agreements, rest assured that they must contact us if there has been any mishandling of your data. This privacy policy forms our promise to you that in such a case, we will protect your data under the direct agreements we have in place with them.

Who do we share your data with? 

  • We share your delivery address data with transport couriers if required.
  • We share your billing address with payment providers, who will ask for payment.
  • If you come to our website via a third-party organisation, such as a sport governing body, then we may share details of your purchases on our website with them. However, you would have already agreed to do this engagement in your Data Privacy agreement with them.

Your data account with us

If you wish, you can create a user account on our website so that you do not have to re-enter your details the next time you buy from us. The benefits of this are that we offer loyalty points on everything you buy, we can contact you about your account status and we will spot trends so we can offer you products/services that will genuinely be of interest to. You can unsubscribe from email marketing at any time by clicking the unsubscribe link in any marketing email we've sent you; don’t worry though, we will still contact you about important matters relating to your account/orders.

How to control and access your data 

You can send requests to us for visibility of transactional data. You can send requests to us to delete your data from our records or to stop using the data for any purposes at all. You can ask for a copy of your records or ask for a digital file with data from your records. Any paper records will be supplied as paper copies or pdf scans.

To do any of the above send an email to gdpr@grays-int.co.uk or call +44 (0)1580 880357 and detail your request.

You can manage addresses and email contact preferences yourself, directly within your online account with us.

Cookie Policy: 

A cookie is a text-only string of information that we store on your computer’s hard disk. 
We use per session cookies, which are temporary cookies that remain in the cookies file of your browser until you leave the site and persistent cookies, which remain in the cookies file of your browser for longer. We use persistent cookies to remember your login when you move between different Grays websites. We use per session cookies to remember that you have logged in when you move between different pages on a Grays of Cambridge (Int) group website. If you do not wish to receive cookies you can easily modify your web browser to refuse cookies, or to notify you when you receive a new cookie. Instructions on how to stop cookies being installed on your browser are available at https://www.wikihow.com/Disable-Cookies

For more information about cookies, visit www.allaboutcookies.org

In order to enjoy the Gilbert website to the fullest, we recommend that you leave cookies SWITCHED ON.

Analytics: 

We collect data when you browse our websites so that we can analyse how our site is used in order to improve our performance and your enjoyment in using our site, but this data is consolidated and your personal identifiable data is not known to us; analytics help us to analyse trends rather than individual actions.

Javascript: 

We use several scripts provided by trusted partners on our websites. The contents and capabilities of these Javascripts are hosted and controlled by our partners and are subject to change without notice. As such, we can’t accept liability for their contents or functions.

Shopify: 

Our website runs on an ecommerce technology platform called Shopify. One of the main reasons we selected Shopify is because it is one of the largest and most trusted platforms of its kind, with hundreds of thousands of stores running on it. Shopify and its trusted partners may have visibility of your data we hold on their systems. Shopify maintains some of the highest data protection practices in the industry and is GDPR and PCI DSS tier 1 compliant - some of the highest standards of data and credit card protection available. We never see or store your credit card information - payments are handled directly on Shopify and our payment partner’s (such as PayPal and Stripe) systems.

Technology and Data Protection Policies: 

The following technologies may collect or process your data as part of our business activities. Your personal data will only be used for marketing purposes with your permission:

Shopify - ecommerce platform 
https://www.shopify.com/legal/privacy 
https://help.shopify.com/en/manual/your-account/GDPR/subprocessors

Aftership - Returns management and shipping labels 
https://www.aftership.com/privacy

Back In Stock - Notifications for out of stock products 
https://backinstock.org/privacy/

Smile.io - Loyalty Points and rewards 
https://smile.io/privacy-policy

Instant Search - Advanced Search 
https://www.instantsearchplus.com/privacy/

Mailchimp - Email Marketing 
https://mailchimp.com/help/about-the-general-data-protection-regulation/

Shopify Reviews - Product Reviews 
https://www.shopify.com/legal/privacy

Store Locator - Store Locator Functionality 
https://boldcommerce.com/privacy

Zendesk - Customer service 
https://www.zendesk.co.uk/company/customers-partners/privacy-policy/

Hotjar - Surveys, Analytics and User Journey Analysis 
https://www.hotjar.com/legal/policies/privacy

Facebook - Social Media functionality and marketing 
https://www.facebook.com/policy.php

Google Tag Manager - Website management 
https://www.google.co.uk/analytics/tag-manager/use-policy/ 
https://www.google.com/about/company/user-consent-policy.html

Google Website Optimiser - Testing tool 
https://policies.google.com/privacy?hl=en&gl=ZZ

Google analytics - Summary trend analysis 
https://support.google.com/analytics/answer/6004245?hl=en  

Google Analytics Advertising Features
https://policies.google.com/technologies/ads?hl=en-UK
https://support.google.com/analytics/answer/9445345?hl=en-GB&utm_id=ad#zippy=%2Cin-this-article

Google Adwords - Advertising 
https://privacy.google.com/businesses/controllerterms/

Falcon – Social Media
https://www.falcon.io/privacy-policy/

Tik Tok - Social Media functionality and marketing 

https://www.tiktok.com/legal/privacy-policy-eea?lang=en

Children's Privacy 

We realise many children visit our websites and we do encourage children to participate in sport.

Children should always ask a parent for permission before sending personal information to anyone online, and we advise under 18-year-olds not to submit a personal address or telephone information. However, as we are unable to verify the age of a people using our site, it is ultimately the responsibility of parents or legal guardians to supervise children when online.

How to complain 

The Information Commissioner’s Office (ICO) are the governing body related to the implementation of GDPR. They issue guidance on how to raise an issue with anyone who is storing or processing your personal data. They recommend that you contact us and try and resolve the issue with us directly. We will make every effort to resolve any issues to your satisfaction, however, there are certain legal obligations we also must comply with.

You can contact us by; 
Email : gdpr@grays-int.co.uk 
Tel : +44 (0)1580 880357 
Post : GDPR, Grays of Cambridge Ltd, Station Road, Robertsbridge, East Sussex, TN32 5DH

If you are not satisfied that we have resolved your issue then you can contact ICO for advice. Go to their website at https://ico.org.uk/concerns/ or telephone them on 0303 123 1113. To see the GDPR regulations visit: www.ico.org.uk 

For business customers 

For business customers, we may hold additional information regarding the organisation that you are associated with. The organisation may also have additional delivery addresses stored on our website. There is also likely to be a full contract under which we perform business activities. We would also recommend that individuals working on behalf of a business customer store their details under a business email account and that for personal use they use a personal email account. This helps to give a clear separation between personal details and business-related details.

Affiliated Individuals 

Where individuals have a formal contract in place with Grays of Cambridge (Int), there will be further details stored concerning this contract. If you believe there are adjustments required to your personal data then please contact your normal relationship manager and inform them.

This website is secured using an SSL Certificate. This ensures that all information you send to us via the World Wide Web will be encrypted.