Why eSpares Ltd collect your information
When eSpares Ltd collects and processes Personal Data it is conducted under the legal basis of performance of a contract to provide goods or services to you that you purchase.
What information eSpares Ltd collects & how it is used
Personal Information - When you place an order with eSpares Ltd, your name, e-mail address, home address, delivery address, your contact telephone numbers and payment details, which may include credit or debit card number, expiry date & security code are collected in order to authorise your payment, process and fulfil your orders and to notify you of your order status.
eSpares Ltd may also use this information to carry out security checks which may involve sharing your personal information with credit reference agency Experian to help prevent fraudulent activity.
eSpares Ltd may also use your information to contact you for your views on our services and to notify you occasionally about important changes or developments to the site or to our services.
If you have provided prior consent eSpares Ltd may also use your name and email address to send you special offers, updates and other promotions.
Should you later wish to withdraw consent you may do so using the unsubscribe link in any email you receive from us or you may use our contact details to make this request.
Cookies hold the following information:
- A unique identification number in order to keep track of your order
- A unique reference number to help identify your order as a whole
- Product information
- Computer IP address
- Web Browser & version
- Page views & visit information
Other Information Pertaining to you eSpares Ltd may collect other information from you such as any email messages you send to us, transcripts of any live chats you take part in and eSpares Ltd may also record any telephone conversations you may have for training, legal obligations, warranty and improvement purposes.
Your consumer rights
As a customer of eSpares you have several rights in relation to the processing of your personal information, these are:
Right to Access – You may contact eSpares Ltd at any time to ask what information is held about you free of charge. eSpares Ltd are obliged to provide this to you without undue delay up to a maximum of 30 days. Depending on the initial request eSpares Ltd will issue a Subject Access Request (SAR) form in order to better and more quickly identify you and your records. Should eSpares Ltd require more than 30 days to process your request eSpares Ltd will contact you within the 30 day period and let you know.
Right to Accuracy – eSpares Ltd takes all necessary steps to ensure information collected is accurate, however should you believe or discover the information held about you is inaccurate you can contact us using the details in the Contact Us section below and ask us to correct it.
Right to Object – If you are not satisfied in any way with how eSpares Ltd is processing your information you may communicate using the details/methods provided in the Contact Us section and explain why you object. You may ask eSpares Ltd to restrict or completely stop processing your information. Dependent on the legal basis upon which we are processing it, if eSpares Ltd should not agree to this we will let you know together with the reason why. If you are still not satisfied with our response you may then further appeal this decision by escalating the matter to the ICO whose details are also listed in the Contact Us section.
Right to Erasure – You may ask eSpares Ltd to remove all information that relates to you using the details listed in the Contact Us section. Dependent on the legal basis upon which your personal data is being processing should we not agree to this eSpares Ltd will let you know together with the reason why. If you are still not satisfied with the response you may then further appeal this decision by escalating the matter to the ICO whose details are also listed in the Contact Us section.
Right to Portability – You can ask eSpares Ltd to provide any information held about you to another organisation in a universally compatible format. Again you may make this request using the details shown in the Contact Us section.
You can exercise any of the rights listed above, this is known as a Data Subject Request (DSR) and should be made in writing by completing the form available as a PDF here
This should be printed, completed, signed & returned to eSpares Ltd together with 2 forms of ID, one of which must include your address.
Proofs of identity can include:
- Your full name and address
- Your Order Reference Number
- Birth Certificate
- Driver's License
- Credit or debit card statement
- Utility bill
- Child benefit book
- Pension book
Return this information to us by post:
Data Protection Office
Small Heath Business Park
Alternatively you can email us using: firstname.lastname@example.org
We recommend that postal communications are sent by Recorded Delivery, but this is not compulsory.
We will process your request and respond to you no later than 30 days after receipt of your communication.
Should you not be satisfied with eSpares decision you may of course escalate the matter to:
The Information Commissioners Office (ICO)
Tel: 0303 123 1113
We are a secure site
eSpares Ltd uses various organisational and technical measures to protect your personal information and is proud to be certified against BSI EN ISO9001 for business processes.
Organisational Measures – eSpares Ltd have company policies and handling procedures in place which employees and business partners with whom we may share your information must follow. Regular training is also undertaken to ensure policy and procedures and all applicable regulations and laws are followed.
Access Control & Authentication – eSpares Ltd use access control systems to ensure only authorised employees and business partners have access to your information that is limited to what is needed for carrying out their job. Each individual with access has to provide access credentials in order to gain access to the systems which are monitored.
Just as eSpares Ltd employees and business partners can gain access to your personal information, eSpares Ltd site may also provide you with account facilities where you can customise and improve your user experience and manage any customisable settings as well as view your own account information.
In order to provide this service eSpares Ltd invite you in the first instance to create a username and password. eSpares Ltd would ask that you maintain the confidentiality of these credentials just as we do ours to help prevent unauthorised access.
eSpares Ltd offer the following tips to keep your log in details secure:
Make your password strong – the longer and more complicated it is the harder it is for others to guess or crack, we suggest using a passphrase (a random selection of words you can easily remember) or why not use a password manager (there are many freely available on line that can create one for you and remember it so that you don’t have to
Don't share passwords with anyone - even someone you know, passwords can be easily compromised especially if they are known to others
Don't reuse passwords across multiple on line accounts - once a password is compromised a crook can try these credentials on other websites that you may use and gain unauthorised access allowing them learn more about you which can then be used for fraud or identity theft
Encryption - eSpares Ltd use data encryption to ensure safe and secure transactions. eSpares Ltd site is secured using industry standard Secure Sockets Layer (SSL) or Transport Layer Security (TLS) technology which creates an encrypted link between the web server and your browser ensuring that all data passed between us remains private and secure.
In order to be able to generate this encrypted link a web server requires an SSL/TLS Certificate. SSL/TLS certificates confirm two essential factors:
- That you have a secure SSL/TLS (encrypted) link with our website.
- That the website owner is a valid and legitimate organisation.
Payment Card Data – In addition to eSpares Ltd using your payment details to process your order, the organisation that processes the payment together with your card issuer may do additional fraud checks to verify the card and the transaction is legitimate.
Visa & MasterCard in particular may interrupt the order process after you enter your payment details and will prompt you for an additional security password where you are using one of these cards and are enrolled in either the "MasterCard SecureCode" or "Verified by Visa" schemes. Where you are not enrolled you will be asked to enrol. Once this process is completed you will be returned to our website to complete the transaction.
MasterCard® SecureCode™ Explained
MasterCard® SecureCode™ is a simple and secure method of payment at online stores, for which you will have a private code known only to you and to your bank. Your SecureCode™ enhances your existing MasterCard® account by safeguarding against unauthorised use of your card when shopping at participating online retailers. Every time you make a payment with these retailers, you will be automatically prompted to enter your own private SecureCode™ - just like entering a PIN at a cash machine. In seconds, you gain added protection while shopping online.
Verified by Visa Explained
Verified by Visa is a simple password-protected identity-checking service that takes the risk out of online shopping for both retailers and customers. Retailers are protected against fraudulent transactions and the costs associated with it, while customers can spend with confidence knowing that their payment details are safe.
Data Storage & Retention – In order to minimise the risk of exposure to your information Espares Ltd only keep your information for as long as needed in accordance with our policies, industry best practice and to comply with the law. Espares Ltd current internal retention policy is set to a maximum of 7 years this allows us to comply with financial regulations and provides ample time for customers to make enquiries about previous orders and to deal with queries regarding any guarantee and warranty period on products or services sold to you.
Personal information collected via this website is stored on servers located within the EU and therefore is subject to both UK and EU privacy and data protection regulations; eSpares Ltd will not store your information on systems outside of the EU without permission from you unless international data sharing treaties or specialist contracts are in place.
Information Sharing – eSpares Ltd will not disclose your personal information to anyone other than businesses within the CDSL group and to reputable third party contractors engaged by eSpares Ltd to perform a variety of functions such as delivering and processing your orders, assisting with promotions, fraud management, handling complaints or providing technical services such as Live Chat and hosting.
eSpares Ltd require all such third parties to sign a data sharing agreement which means they agree to treat your personal information as fully confidential and to fully comply with all applicable UK and International data protection laws and consumer legislation from time to time in place. Additionally eSpares Ltd will never sell or pass your personal information to anyone without informing you and gaining your consent.
Disclaimer – eSpares Ltd provide links to other resources & websites such as review sites, social media pages and blogs hosted on other platforms amongst others. By visiting these sites you recognise that these other websites to which eSpares Ltd link to will be governed by their own terms and conditions & privacy policies. We accept no responsibility or liability for the content and data protection policies of websites which are not within eSpares Ltd control.
There are lots of misconceptions about cookies and what they are for.
If you would like to manage your cookies, you have the ability to turn them on/off and save your choices. If you ever want to change them in the future, please click on Cookie Settings and change your choices accordingly and click save.
The cookies we use are:
Strictly Necessary Cookies
These cookies are needed to run our website and to keep it secure.
|Source of Cookie
[Name of Cookie]
|Session ID is a unique number which is used to identify a user that has logged on to a website||Upon expiry of session|
|This cookie is used to identify and store which currency the user is choosing to browse the site with||One year|
|This cookie is used to identify and store which delivery destination the user selects||One year|
|This cookie is used to identify the user's basket and its contents. This allows us to keep track of all changes to the basket||One year|
|Request Verification Token
|This cookie is used for anti-forgery purposes||Upon expiry of session|
|This cookie is used to ensure that the user has successfully authenticated and has logged in successfully||Upon expiry of session|
|YouTube||Third Party Cookies. Cookies are used by YouTube to allow users to view product videos embedded on to our site.
|Varies from upon expiry of session to ten years from set/update|
|Set by the load balancer for sticky sessions||Upon expiry of session|
|Google Tag Manager||Third Party Cookies. Google Tag Manager does not personally set cookies, however the services it hosts will contain cookies|
|PayPal||Third Party Cookies. These cookies are required for secure transactions when placing an order with PayPal.
These cookies allow us to provide enhanced functionality and personalise content for you. For example they're used to recognise you when you return to our website. If you do not allow these cookies then some or all of these services may not function properly.
|Source of Cookie
[Name of Cookie]
|WhosOn Live Chat
|This cookie is issued by the WhosOn live chat application. It's used to link a visitor to a 'visitor record' which stores the IP address and UserAgent||Maximum of seven years|
These cookies help us decide which products, services and offers may be relevant for you. We use this data to customise the marketing content you see on websites, apps and social media. They also help us understand the performance of our marketing activities. These cookies are set by us or our carefully-selected third parties.
|Source of Cookie
[Name of Cookie]
[tms_VisitorID, tms_wsip, newsPopup]
The tms_VisitorID cookie stores a unique id for the device, this is used to keep track of your shopping
The tms_wsip cookie records whether you are using a modern web browser that supports a more efficient communication channel called "web sockets"
The newsPopUp cookie is the default cookie used by PopOver SmartBlocks to suppress a PopOver x days after it is last seen, where x is configurable for each PopOver. The duration is also the same value as x
tms_VisitorID - Five hundred and fifty nine days
tms_wsip - One day
newsPopup - One month
These cookies tell us how customers use our site and provide information to help us improve the website and your browsing experience.
|Source of Cookie
[Name of Cookie]
[__utma, __utmb, __utmc, __utmt, __utmz, _ga, _gat, _gid]
|Third Party Cookies. We use Google Analytics to help us understand how visitors navigate to and through our website||
__utma - Two years from set/update
__utmb - Thirty minutes from set/update
__utmc - Upon expiry of session
__utmt - Ten minutes
__utmz - Six months from set/update
_ga - Two years
_gat - One minute
_gid - Upon expiry of session
|Third Party Cookies. Convert.com is a Conversion Rate Optimisation platform, we use this to conduct A/B testing in order to make improvements to the site||
_conv_s - Twenty minutes
_conv_v - Maximum of six months
|Google AdWords Conversion Linker
|Third Party Cookies. Google uses this cookie to help customise adverts on Google Properties such as Google Search||
_gcl_au - Three months
_gcl_aw - Ninety days
|Third Party Cookies. Hotjar tracks visitors moving around the site. This helps us to make improvements to the site||
_hjIncludedInSample - Upon expiry of session
_hjid - One year
|Visual Website Optimiser (VWO)
[_vis_opt_s, _vis_opt_test_cookie, _vwo_ds, _vwo_sn, _vwo_uuid, _vwo_uuid_v2, __cfduid]
|Third Party Cookies. VWO is a Conversion Rate Optimisation platform, we use this to conduct A/B testing in order to make improvements to the site||
_vis_opt_s - One hundred days
_vis_opt_test_cookie - Upon expiry of session
_vwo_ds - Depends on retention period of account
_vwo_sn - Thirty minutes and reset again to thirty minutes on user activity
_vwo_uuid - Ten years
_vwo_uuid_v2 - Three hundred and sixty six days
__cfduid - Thirty days