DRNC UPHOLSTERY CUSTOMER PRIVACY NOTICE

DRNC UPHOLSTERY, of 1808 Emmanuel Church Road, Conover, NC 28613, USA and their other affiliates (together, the “Group”, “we”, or “us”), collect and process personal information that is provided to us by you, as our customer or prospective customer, or generated by you in your purchase of our products and/or use of our services. This Privacy Notice is provided to you in accordance with applicable privacy laws, including, but not limited to, the General Data Protection Regulation 2016/679 (“GDPR”), the UK Data Protection Act 2018, and other laws implementing or supplementing the GDPR (together, the “Data Privacy Laws”). This Privacy Notice explains what information you provide to us, and how we use your information to provide our products and/or services to you. As we primarily do business with companies, rather than individuals directly, this Privacy Notice is primarily aimed at our business customers’ staff. This Privacy Notice is effective as of September 2023, and may be updated or replaced from time to time. The latest dated version is the applicable Privacy Notice. The collection and use of personal information on our websites are governed by a separate Website Privacy Notice, available in the next accordion section below.

Your Personal Information

Your personal information includes any information relating to you from which you are identified or identifiable. This includes your name, contact information, information about where you work and, if applicable, where you live, payment information, purchasing history, and about your use of our products, services, and website. We may also have information such as passport information, family details, and/or travel information in limited situations where, with your express consent, we are facilitating travel for you and/or your family members.

As of the date of this Privacy Notice, and for the 12-month period prior to the date of this Privacy Notice, we explain here what categories of personal information we collected, from where we collected the information, the purpose of collection and legal bases for processing, and with whom we have shared it.

Category of Personal Information Collected

 

Source

Purpose for Collection and Legal Bases for Processing

 

Categories of Recipients

Contact Data: name, contact information, information about where you work and, if applicable, where you live, and information about your use of our products, services, and websites.

 

Provided by you directly to us when you use our website, or obtain products or services provided by us; or otherwise provided about you by our business customers or our distributors.

 

 
  • To contact you: and send you communications relating to your use of our services, website, or purchase of our products;
  • For marketing purposes: we rely on legitimate interests for marketing purposes (this is the interests of the Group and/or the business customer or, in limited circumstances and only where applicable, the interests of the individual data subject).
  • Business partners, to make an initial determination of the services you may need, or to conduct other associated business activities;
  • service providers, as necessary, for whose services you have requested our assistance; and
  • government bodies that require us to report processing activities.

Communications: communications we have with you. Please note that we record calls to our customer service team for training and quality control purposes.

 

 

From you.

To handle your requests, to contact you when necessary or requested, including responding to your questions and comments, and providing customer support, and to obtain customer feedback, and improve our customer service and the customer shopping experience.

The Group and our service providers who help us communicate with our customers.

Purchase and order information: contact information, together with purchase details online and in store through e-receipts, delivery details, payment details, and any communications we have received about your order or purchase.

From you when you purchase from us.

For contractual purposes: we will use your personal information to perform our contractual requirements and obligations, and to take any required pre-contractual steps.

 
  • Service providers, as necessary, for whose services you have requested our assistance;
  • Freight forwarders and shipping carriers.

Payment information: name, card issuer and card type, credit or debit card number, expiration date, CVV code, and billing address.

From our clients and their payment card issuers.

Authorizing of credit card and other financial transactions for our customers.

Our service providers who process payments for us—they are prohibited from using personal information for any other purposes, and are contractually required to comply with all applicable laws and requirements, which includes the Payment Card Industry Data Security standards.

Travel, Scheduling & Sensitive Information: Some of the personal information you provide to us may include health information, or other sensitive or special categories of personal information where provided by you, with your consent, such as disability information or religious data for purposes required by you.

Provided by you or your colleagues or business partners.

For purposes directed by you, such as scheduling meetings, travel and food arrangements, and access to Group premises.

Our business partners and service providers based on the purpose provided.

On premises privacy: CCTV images of you in and around entrances and exits to our facilities and offices.

From you, our CCTV.

To keep you, other customers, our staff, buildings, systems, and data safe and secure, to investigate potential theft, fraud, or misconduct.

Our service providers who help us with fraud protection, law enforcement, and other governmental authorities in accordance with applicable law.

Legal information: details of your identity, image, name, and address, suspected or alleged thefts, fraud, assault, or other criminal behavior.

From crime and fraud prevention agencies, from you, from witnesses, and from the police.

To protect customers, the public, and our business against risks and crime.

Law enforcement, professional advisors, including lawyers, bankers, auditors, and insurers.

All the personal information we collect from you, or which is generated by you, is used to provide the services you have requested, or for communications to which you have subscribed, or otherwise as described in this Privacy Notice. The Group will safeguard the privacy and security of your personal information as required under Data Privacy Laws. 

Processing in the U.S.

Some of your personal information is processed by us in the USA. By using our services, purchasing our products, and providing your personal information to us via the website or directly, you expressly acknowledge and agree to the transfer of some of your personal information to the USA, which may have a lower standard of data privacy laws than in your country of residence. Our security measures are described below in this Privacy Notice.

Additional Information about Sharing Your Personal Information with Third Parties

We do not allow any third parties to have access to your personal information, except as required or permitted by applicable laws, or in accordance with this Privacy Notice. We may disclose your personal information to our subcontractors, agents, or payment service providers (who may be located in the USA or other countries that do not have stringent data privacy laws equivalent to the standards of the GDPR) with whom we contract to assist us in providing the products or services. We require such subcontractors or agents to agree in writing to comply with the privacy and security standards described in this Privacy Notice. We have safeguards in place to protect your personal information that are agreed to by our business partners.

There may be instances when we disclose your personal information to other recipients:

  • to comply with the law, or respond to compulsory legal process (such as a search warrant or court order) or a request for information from a regulator, or otherwise for legal purposes;
  • to verify or enforce compliance with the policies governing the services;
  • to fulfill contractual requirements, or for legitimate interests of the Group or a third-party or
  • to protect the rights, property, or safety of the Company, or any of our respective affiliates, business partners, or customers, or otherwise in the legitimate business interests of the Company and/or our affiliates, and in accordance with Data Privacy Laws.

We may share your personal information with other entities in connection with the sale, assignment, merger, or other transfer of all or a portion of the Group’s business to that other entity.

In any instance where we need to share your personal information with third parties, such as legal or financial advisors, including auditors, distributors, vendors, suppliers, and other third parties, we will restrict the nature and categories of personal information to that which is required to comply with our contractual obligations to you, or our legal and/or regulatory requirements. We may de-identify your personal information to protect your privacy, where appropriate to do so.

How We Protect Your Personal Information 

The Group understands that storing data in a secure manner is essential. The Group stores personal information and other data using reasonable physical, technical, and administrative safeguards to secure data against foreseeable risks, such as unauthorized use, access, disclosure, destruction, or modification. Although we make good-faith efforts to store the information we collect in a secure operating environment that is not available to the public, we cannot guarantee complete security. Further, while we work to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party “hackers” from illegally obtaining this information.

How Long We Keep It

We will store your Personal Data (i) as long as is necessary to process your Personal Data for the purposes mentioned above, and as long as the legal basis applies, (ii) as long as you make use of our services and have not deleted your account, and a legal basis and purpose applies for the processing, or (iii) as long as we are legally obliged to store your Personal Data.

European Data Privacy Information

The Group companies are the data controllers under the Data Privacy Laws. This European Data Privacy Information section applies to residents in the European Economic Area, Switzerland, and the UK who purchase our products and/or use our services, or who otherwise are residents in these territories, and whose personal information is used by the Group for commercial purposes, and also to other customers or prospective customers of our European affiliates.

Under the GDPR, you have certain rights to make requests regarding your Personal Data, which are all subject to the exemptions and qualifications under the Data Privacy Laws. You have the right to ensure your personal information is accurate; we request that you let us know if your personal information changes. You have the right to request that we delete your personal information (although we may still need to retain your personal information as described above in this Privacy Notice for contractual and/or legal purposes). You have the right to request that we restrict the processing of your personal information (although we will still need to process your personal data during the duration of the contract and beyond for legal purposes). You have the right to access a copy of your personal information (this is limited to information that is your personal information only, not to the underlying document or remaining information, and subject to the exemptions and qualifications under the Data Privacy Laws). You have the right to object to the processing of your Personal Data. However, in certain circumstances where we rely on legitimate interests, we may still be able to process your Personal Data, if we have compelling grounds to do so. If you wish to raise a complaint about how we have handled your personal information, you can contact us, and we will investigate the matter and respond to you promptly. If you are not satisfied with our response, or if you prefer not to engage with us first, you can complain to any applicable data privacy authority in your country of residence. The Belgian Data Protection Authority is the supervisory authority: https://www.dataprotectionauthority.be or any other authority replacing the Belgian Data Protection Authority.

Haas transfers your Personal Data within the Group, and/or to other third parties, such as our third-party service providers outside of the EEA/UK. When we do so, we transfer the information in compliance with applicable data protection laws. In particular, we have implemented safeguards in the form of standard contractual clauses as adopted and amended by the implementing decision of the European Commission 2021/914.

California Data Privacy Information

If you are a resident of the State of California, you have certain rights under California law.

California law permits California residents to request from a business with whom the California resident has an established business relationship, certain information about the types of personal data the business has shared with third parties for those third parties’ direct marketing purposes, and the names and addresses of the third parties with whom the business has shared such information during the immediately preceding calendar year.

To submit a request for this information, please refer to the “Contacting Us” section of this Privacy Notice.

If you are a California resident, California law provides you with the following additional rights with respect to your personal information:

  • The right to know what personal information we have collected, used, disclosed and sold about you. To submit a request to know, you may call us at +1-828-346-8660, or visit our Data Request Form. You also may designate an authorized agent to make a request for access on your behalf using our Data Request Form.
  • The right to request that we delete any personal information we have collected about you. To submit a request for deletion, you may call us at +1-828-346-8660, or visit our Data Request Form. You also may designate an authorized agent to make a request for deletion on your behalf using our Data Request Form.

When you exercise these rights and submit a request to us, we will verify your identity by asking you for your email address, telephone number, or the last four digits of a credit or debit card used to make purchases from us. We also may use a third-party verification provider to verify your identity. 

Your exercise of these rights will have no adverse effect on the price and quality of our goods or services.

You may learn more about your rights under California’s privacy laws at https://oag.ca.gov/privacy).

Contacting Us

If you have any questions about this Privacy Notice, or about the Group’s handling of your information, please contact the Privacy Officer by email at: sales@drnchome.comOur full details are:

Legal Name: DRNC UPHOLSTERY.
Our principal place of business: 1808 Emmanuel Church Rd Conover, NC 28613
You can contact us:

  • By post at the address provided above;
  • Via our Social Media Accounts;
  • By Telephone: +1-828-346-8660; or
  • By Email: sales@drnchome.com