Your privacy is a top priority for us. For this reason, our site does not collect any personally identifiable data about you other than the information you provide to us.
This policy explains who we are, what data we collect, how we use your data, who has access to your data and your personal rights to your data under the GDPR (General Data Protection Regulations May 2018).
Our website now uses encryption permanently on all pages - This prevents your activity from being watched and keeps your session secure. Check for the padlock at the top of your browser.
Who is XMASNET?
- XMASNET is a trading name of Capatex Ltd - A limited company that manufacturers textiles and medical products
- Our legal address is: Capatex Ltd, 127 Northgate, New Basford, Nottingham, NG7 7FZ UK
- Our main telephone number is 0115 9786 111
- Our email address for this site is firstname.lastname@example.org
- Capatex Ltd is the data controller for this website. Enquiries about data should be submitted to Capatex Ltd.
- When you provide personal information to us, for example you send us an email, this is consent to use the data you provide in our interactions with you.
- When you place an order with us we ask you to consent to this policy which contains the data we request and how we use it.
- If you would like to join one of our mailing lists we require your explicit consent, this is asked for usually in the form of a check box. Our mailing list provider will also send you a "double opt in" email which you must respond to to give your consent.
How We Collect Data
- When browsing our website we will be able to see and record your IP address, this is normal in providing services over the Internet.
- Our website will set cookies to help us address the performance of our website. These cookies are anonymised and provide only general information about usage, not tied to specific customers.
- Our website will set a cookie to provide a better customer experience. This remembers the contents of shopping carts, recently browsed products, site specific settings and other features to improve the usability of our website. We don't read these cookies, they are for your benefit.
- When you contact us by any means we will collect personal information - for example if you telephone us we will have your telephone number and may ask for your name and other information in the process of helping you with your enquiry. When you email us we will have your email address and the content of the email you send. When you leave a blog post comment or interact with us on social media you will also provide personal information.
- We may explicitly ask if we can contact you via a mailing list.
- When placing an order you will be required to give us personal data as required to administrate your order. This is explained in greater detail below.
What Data Do We Collect?
Depending on your interaction with us we record part or all of the following:
- Your IP Address
- Your email address
- Your telephone number
- Your name
- Your home address
- Your delivery address (when placing an order)
- Personal information about you as provided by you to help us administrate your order, for example, order comments like "leave in the porch when out" or the contents of an email that explain your situation to help us find the right product for you.
- The last 4 digits of your payment card are provided to us by our payment provider when you place an order online
- We may ask you for your payment card data over the phone if you have called up to place an order
- Your comments on blogs or product reviews
- Data about your web browser, operating system and technical information about your device are collected to help us improve our website and ensure it's working correctly for all users.
In all of these cases we collect data where required and where provided, not indiscriminately. We don't ask you for data we don't need to place an order or help with an enquiry.
How do we use your data?
- We need to use your data to process transactions - for example we will need your billing address to take your payment, and we will need your delivery address so we know where to send your products.
- If you don't consent to your data being used in this way we will be unable to provide services to you.
- We will also need to use data you provide to us to answer specific enquiries, such as which products will be the best choice or whether something is in stock
- With your consent we will keep you informed of product changes, special offers or other useful information
- We use anonymous information about how people use our websites to improve our services. This data is not personally identifiable.
- We may contact you by email, telephone or mail about your order, this means automatic emails when your product has been shipped, and tracking emails sent from our courier service provider.
- In some cases we may contact you if you have purchased a combination of products that doesn't look right to our admin team, for example if you have purchased children's nappies and extra large nappies of a different brand we may call you to double check that you have purchased the right product. Our customers typically respond well to this proactive management of their order.
Who has access to your data
- Employees of Capatex Ltd will have access to your data in the course of dealing with your orders or enquiries. For example, our sales admin team may call you if there is a problem with your address.
- Access to your data is controlled within the company by role, for example our warehouse staff can't look at your purchase history. Our factory staff don't have any access to your data at all. Our sales admin staff have access to your order information and our IT team may look at your browser data when diagnosing issues with our websites.
- Capatex uses a number of third parties who may have access to some of your data as provided by us:
- Payment providers, SagePay and PayPal use your payment card data, billing address, and order details such as what was purchased, how much it cost and your contact information.
- Courier service providers ParcelHub and DX Freight have access to your email address (for providing tracking updates), telephone number to call in case of problems, delivery address so they know where to deliver from, name and any other data you provide for example an order comment "leave in porch if out"
- Our web developers have access to our website databases which is required to carry out their tasks. We have received their GDPR statement which provides adequate assurances about how data is used, destroyed and stored.
- We use a number of third party IT providers for things like hosting, email processing and business IT support.
- We only provide the minimum data required to third parties to allow them to complete their tasks.
- Our site collects anonymous usage statistics through a system called Google Analytics. This information is not personally identifiable to you.
- Our mailing list system is run by a third party supplier, but they do not have access to your email address.
- We do not store credit card details nor do we share customer details with any 3rd parties
- Your order details will be sent to you via email, we use multiple email providers for inbound and outbound email servers.
Companies that provide services to us:
- DX Freight
- Welford Media
- Microsoft Office 365
- New Relic
- Google Analytics
- Google Tag Manager
- Solutions for Accounting
How We Protect Your Data
- All of our websites use SSL as a minimum measure, our ecommerce websites use EV SSL certificates as well. Visits to any of our sites are encrypted and have been since 2012.
- Our web servers are maintained to Zero Day level, meaning that as soon as new security patches are released they are applied.
- We use server monitoring systems to alert us to downtime so that we can take action immediately. We follow industry best practises for server security.
- We have servers and terminals in our office, our servers are kept in a strong room to prevent physical access. Our office is protected by CCTV, alarms, locks and roller shutters leading to a good level of physical security.
- Our staff maintain policies to lock workstations when they are away from their desks. Encryption is used on systems that support it.
- Paperwork that isn't required is shredded immediately.
- We destroy digital data where possible.
- We collect and keep paper copies of orders to store securely to meet our obligations under the law (specifically HMRC).
Your rights over your personal data
You have the following rights:
- To see information we have about you
- To make changes to data we hold about you
- To withdraw your consent of our use of your data
- To request that we delete your information
To exercise any of those rights please email email@example.com. Please provide us enough information in your request to adequately respond to your request. The personal information we hold on our website can be updated through your account.
- When ordering you will need to give us your personal information.
- You can choose for us to hold your details for next time by registering an account. If you would prefer not to open an account you can check out as a guest.
- You will be offered the choice at the checkout to sign up to our newsletter.
- We are required by law to hold information about purchases made for 7 years.
- Your credit card information is never seen by us, and is handled by PayPal or SagePay, who both have a reputation for being safe and secure.
- When you buy from us with SagePay you will see an entry in your bank statement for Capatex Online - XMASNET will not appear on your bank statement.
- Our website uses SSL (Secure Socket Layer) across all pages. This secures the connection between your computer and our server. Please check for the padlock on your browser.
- When dealing with your account or dispatching orders we will have access to your personal information, but only as required to provide a service.
- Our newsletter mailing list is held on a secure sever, as is your customer information.
- You are given the choice to sign up to the mailing list, and you can unsubscribe at any time.
- The newsletter may contain news that we think will be relevant to you, and may also contain details of new products or special offers.
- We do not give your email address to any other third party.
Your Usage of the Site
- We might use information about how you use the site in our communications with you.
- For instance, we might alert you if there is a special offer on an item you previously purchased.
- If you have any concerns about privacy, please let us know and we will answer your questions.
- We might send an email to anyone that uses our site. This would be a one time email to let you know about price or product changes or other important information
- We will pass your address details and contact information to our couriers, this is important to allow them to carry out their services. This data is only used for delivering your order
- Couriers have your email address and telephone number to help resolve delivery queries
- Orders are always packed discreetly either in a plain white mailing bag or a cardboard box with all identifying marks scrubbed out
XMASNET will store a number of cookies on your computer, these include but are not limited to:
- XMASNET cookie for storing your shopping basket and login information
- Double Click cookie for tracking response to advertising
- Google Analytics cookie to monitor site visits
- Social cookies - Some pages of our site will allow you to post to social media, these pages will set cookies for social media companies and some third party tracking.
We are happy to explain how we use your data if you have questions or wish to exercise your rights under GDPR.
Please write to:
Data Protection Officer
or email firstname.lastname@example.org or call us on 0115 9786 111 and ask for the Data Protection Officer.