Data Protection Policy

O’Reilly’s Wholesale Limited a company incorporated in Northern Ireland whose registered number is NI 605127 and whose registered office is 1 Ashtree Enterprise Park, Rathfriland Road, Newry, Northern Ireland, BT34 1BY, Phone: 0044 28 30 250 650 hereinafter “we” or “us”, attaches great importance to the protection of your personal data.

This privacy statement provides you with information on how we deal with personal data information that is collected and processed during your visit to www.elzoor.com and when you place orders via our Web shop.

Any data processing is carried out in accordance with the provisions of the European Data Protection Law (Regulation (EU) 2016/679 (GDPR)), the provisions of the national data protection law, the Data Protection Act 2018, and in compliance with the Privacy and Electronic Communications Regulations and the Telecommunications (Data Protection and Privacy) Regulations 1999, each as amended.

If you have any questions regarding the processing of your data, please contact us at dpo@orys.biz or alternatively at:

The Data Protection Officer, O’Reilly’s Wholesale Ltd, 1 Ashtree Enterprise Park, Rathfriland Road, Newry, Co. Down, Northern Ireland, BT34 1BY

Phone: 0044 28 30 250 650 – ask for the Data Protection Officer

By providing your personal data to us, you signify your acceptance of our Privacy and Cookie Notice and agree that we collect, use, and disclose your personal data as described in this Privacy and Cookie Notice. If you do not agree to this Notice, please do not provide your personal details to us.

This Privacy Policy and Cookie notice covers the following areas:

  • What is personal data
  • Personal data that we collect from you and use of data collected
  • Cookie Policy
  • How we protect your personal data
  • Contacting us and your rights to access and update your personal data
  • How changes to this Privacy Policy and the Cookies Policy will be made

What is personal data

Personal data is information about an identifiable individual, as defined by applicable law, such as name, email address and telephone number. We have various automation-supported systems for the administration, storage and processing of our customers’ data and use them for different purposes (e.g. providing our Web shop and processing the order).

We collect personal information about you when you access our website, register with us, contact us, send us feedback, purchase products via our website, post material to our website and complete customer surveys.

We collect this personal information from you either directly, such as when you register with us, contact us or purchase products via our website or indirectly, such as your browsing activity while on our website (see ‘Cookies’ below).

Certain personal data must be collected, stored and processed when visiting our Web shop and for the processing and fulfilment of your order. Other data which do not have to be processed for the fulfilment of your order may be processed in line with our legitimate interests or owing to receipt of your consent.

We will delete your personal data as soon as the purpose of the processing ceases to apply, provided that we, as the controller, are not obliged by law to store the data beyond the period required to fulfil the purpose. Furthermore, we reserve the right to store your personal data for as long as concrete legal claims are asserted against us and data retention is required.

  1. Processing activities

In detail, the following data processing activities exist:

  1. Visit to the website

When visiting our website, personal data is processed.

  1. Scope of processing of personal data

When you access our website, we automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type
  • Browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Date and time of the server request
  • IP address

 

  1. Purpose of the data processing

We process these data for the purposes of IT services for logging system usage, the authorization process and evaluating the server log files for problem analysis and information protection purposes. If you do not provide us with your data, it may be the case that access is not possible under certain circumstances.

  1. Legal grounds for the processing of personal data

The processing of the above-mentioned data is in our legitimate interest as operators of the website in accordance with Art 6 (1) (f) GDPR. In principle, the individual data records are not merged, but we reserve the right to evaluate the data in case of concrete indications of illegal use, in particular harmful attacks.

You can object to the processing of your personal data in accordance with Art 21 GDPR at any time by stating your reasons. Please send your objection to dpo@orys.biz

  1. Recipients of personal data

 

  • Legitimate Interests

We reserve the right to disclose the data processed for this purpose to the competent authorities and courts in the event of reasonable suspicion. This is due to our legitimate interest in proper prosecution in accordance with Art 6 (1) (f) GDPR. 

 

  • Service Providers

For the operation of our website, including hosting, and to ensure the security of our IT systems, we use the following service providers, who may, under certain circumstances, gain access to your personal data:

 

  1. Coca-Cola HBC Northern Ireland Limited, Knockmore Hill, 12 Lissue Road, Lisburn BT28 2SZ
  2. CCB Management Services GmbH, Am Euro Platz 2, Wien,1120 Austria
  3. SCALE FOCUS AD, 90 Tsarigradsko shose blvd., Sofia 1784, Bulgaria

The aforementioned service providers are contractually obliged to always protect your personal data, to take appropriate technical and organisational measures with regard to the security of the data and under no circumstances to process your data for their own purposes or disclose your personal data to third parties.

  • Recipients in third countries

 

third country is a country other than the EU member states and the three additional EEA countries (Norway, Iceland, and Liechtenstein) that have adopted a national law implementing the General Data Protection Regulation (GDPR).

 

We do not transfer your Personal Data to 3rd countries

 

  1. Duration of storage

The data processed for this purpose is automatically stored for a period of six (6) years plus current. If we have reasonable suspicion of abusive behaviour and forward the data to the competent authorities and courts, the data will be stored on a separate data medium and deleted after the end of the legal proceedings.

  1. Further processing of data

The data processed for this purpose will not be processed for any other purpose.

  1. Automated decision-making

The data processed when you visit our website is neither processed for automated decision-making nor do we carry out so-called “profiling”. 

  1. Webshop and orders

The following data is processed during visits to our webshop and any orders placed through it.

  1. Scope of processing of personal data

We collect, generate and process the following personal data during visits and for processing orders:

  • For the registration of a user account in our webshop we ask you to provide the following personal data: title, first name, last name, company name, delivery address, billing address, e-mail address, username, password, fields of interest.

 

  • To access the user account, we ask you to enter your username and password. In the course of the log-in, the date and time of the log-in and log-out will be processed as well as the time spent in the Web shop.

 

  • The purchase of products subject to an age restriction requires the provision of the customer’s date of birth as soon as the item is in the shopping cart and the order is to take place.

 

  • In addition, we automatically collect and process the following data in the course of your order processes: information on orders placed, information on the shipping method and address, log data on the date of the last action in the user account, status of an order in the Web shop, information on the selected means of payment, information on bank details, information on payments, information on reversal transactions.

 

  1. Purpose of the data processing

The collection and processing of customer takes place in order to manage the registration in the Web shop and to process orders and returns online. The prospective customer may register online as a user and thus open a user account, which enables him/her to place orders and perform other functions. This data, which is necessary for registration and for the processing of the order, is only used for this purpose.

  1. Legal grounds for the processing of personal data

 

  • The processing of personal is necessary for the use of the webshop and the processing of the order; the legal basis for processing the personal data is the fulfilment of (pre-)contractual measures in accordance with Art 6 (1) (b) GDPR. This also applies if you select the payment option purchase on account. In this case your identification data is processed and forwarded to the applicable payment service provider.

 

The above-mentioned data are necessary to enter into a contract. The failure to provide the personal data means that we cannot enter into a contractual relationship.

 

  • If you order products which are subject to an age restriction, your date of birth will be processed as the verification date in fulfilment of our legal obligations in accordance with Art 6 (1) (c) GDPR in conjunction with the Data Protection Act 2018.

 

  1. Recipients of personal data

We disclose your personal data to several recipients on a need to know basis in the course of processing orders via our Web shop.

  • Legal grounds

We are obliged on the basis of legal provisions according to Art 6 (1) (c) GDPR to disclose personal data to the following recipients:

  • SCALE FOCUS AD, 90 Tsarigradsko shose blvd., Sofia 1784, Bulgaria
  • Sage Pay

 

  • Legitimate interests

Furthermore, we reserve the right to forward the data collected for this purpose to the competent authorities and courts. This is due to our legitimate interest in proper prosecution in accordance with Art 6 (1) (f) GDPR and the Data Protection Act 2018.

 

  • Transfer to third countries

Under certain circumstances, personal data may be transferred to third countries that do not apply the same data protection standards as within the European Union. If this is the case, the transfer of the data is subject to stricter conditions. If the recipient is located in a state for which the European Commission has not issued an adequacy decision, the transfer takes place subject to appropriate guarantees created by us in accordance with Art 46 GDPR or on the basis of the transfer for the fulfilment of (pre-)contractual obligations in accordance with Article 49 (1) (b) of EU Data Protection Law.

Data transfers post-Brexit

Your personal data may be accessed, transferred to, and/or stored at, a destination outside the EEA, however, we always seek to ensure that your personal data receives the same level of protection as it would had it stayed within the EEA, including seeking to ensure that it is kept secure and used solely in accordance with the agreed purpose(s).

Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EU data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions. In countries that do not have these approvals, we will either ask for your consent to the transfer or transfer it subject to European Commission approved contractual terms (SCCs) that impose equivalent data protection obligations directly on the recipient unless we are permitted under applicable data protection law to make such transfers without such formalities.

Service Providers  (if applicable)

In order to ensure the performance of our services, we make particular use of service providers who support us in making our internal procedures smooth and efficient. These are:

  1. Coca-Cola HBC Northern Ireland Limited, Knockmore Hill, 12 Lissue Road, Lisburn BT28 2SZ
  2. CCB Management Services GmbH, Am Euro Platz 2, Wien,1120 Austria
  3. SCALE FOCUS AD, 90 Tsarigradsko shose blvd., Sofia 1784, Bulgaria

The service providers are contractually obliged to always protect your personal data, to take appropriate technical and organisational measures with regard to the security of the data and under no circumstances to process your data for their own purposes or to pass it on to third parties

  1. Duration of storage

Personal data are stored until the customer relationship is terminated or until the user account is closed or until consent is revoked (in case personal data are processed on consent). However, we are obliged to store in particular tax-relevant data and business letters according to the Data Protection Act 2018 for a period of at least six (6) years plus current. In addition, the data will be kept as long as concrete claims are made against us. If we have reasonable suspicion of abusive behaviour and forward the data the data to the competent authorities and courts, the data will be stored on a separate data medium and deleted after the end of the legal proceedings.

  1. Further processing of data

The data processed for this purpose will not be processed for any other purpose.

 

  1. Automated decision-making

The data processed when you visit our website is neither processed for automated decision-making nor do we carry out so-called “profiling”. 

Cookies Policy

When you access our website, technical information is stored on your end device in the form of a so-called “cookie”. Cookies are small text files that a website leaves on the computer of your terminal device when you visit it. We use Cookies to ensure that our website and our services can be used to your full satisfaction. You also have the option of using our website without the use of cookies, but please note that the range of functions is limited in this case.

Cookies depending on how long they are maintained are separated to Session cookies and Persistent Cookies

  • Session cookies These cookies are temporary and expire once you close your browser (or once your session ends).
  • Persistent cookiesThis category encompasses all cookies that remain on your hard drive until you erase them, or your browser does, depending on the cookie’s expiration date. All persistent cookies have an expiration date written into their code, but their duration can vary.

By accepting the Privacy and Cookies notices, the following cookies are used

  • Strictly Necessary cookies These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site and placing an order. Cookies that allow web shops to hold your items in your cart. See below table for a complete list of the cookies:

Cookie Name

Description

Validity duration

catAccCookies

We use these cookies to record the fact that this site uses cookies

1 month

woocommerce_age_confirmed

Cookies used by the store in order to enable customers to order products in the shop

1 day

woocommerce_cart_hash

Cookies used by the store in order to enable customers to order products in the shop

1 day

woocommerce_items_in_cart

Cookies used by the store in order to enable customers to order products in the shop

1 day

woocommerce_post_code_autopopup

Cookies used by the store in order to enable customers to order products in the shop

1 day

wp_cerber_ *

Random ID used for security purposes

1 day

wp_woocommerce_session_*

Cookies used by WordPress in order to operate

session

wordpress_*, wp_*, wp-*, wordpresspass_*, wordpressuser_*

Cookie used by the store to identify logged in users.

session

w3tc_*

Cookie used by the store to manage delivery of assets to the users.

session

 

Strictly necessary 3rd party cookies – this sort of cookie is used when page feature or functionality depend on external service, for example reCAPTCHA to protect the forms data.

See below table for a complete list of these cookies:

Cookie Name

Description

Validity duration

NID

This domain is owned by Google Inc. This specific cookie is used within the shop for reCAPTCHA functionality to protect contact forms and data.

6 months

 

You may prevent the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website.

How do I disable/enable cookies?

If you have accepted our privacy and cookie notices, you agree to the use of these cookies. Most browsers are set by default to accept all cookies. However, you have the option of setting your browser to display cookies before they are saved, to accept or reject only certain cookies or to reject cookies in general. If you object to the use of individual cookies or deactivate them (single opt-out), this may lead to functional restrictions of our website and services malfunction.

We have to inform you, that the adjustment in settings only concerns the browser you are currently using. Should you use a different browser or change your device, you have to adjust the settings again. Furthermore, you can delete cookies from your storage medium at any time. Please refer to the help function of your web browser for information on cookie settings, how to change them and how to delete cookies

There are a number of ways to manage cookies. Please refer to your browser instructions or help screen to learn more about these functions. For example, in Internet Explorer, you can go to the Tools/Internet options/Security and Privacy Tabs to adapt the browser to your expectations. If you use different computers in different locations you will need to ensure that each browser is adjusted to suit your cookie preferences.

Some modern browsers have a feature that will analyse website privacy policies and allow a user to control their privacy needs. These are known as ‘P3P’ features (Privacy Preferences Platform).

You can easily delete any cookies that have been installed in the cookie folder of your browser. For example, if you are using Microsoft Windows Explorer:

  • Open ‘Windows Explorer’
  • Click on the ‘Search’ button on the tool bar
  • Type “cookie” into the search box for ‘Folders and Files’
  • Select ‘My Computer’ in the ‘Look In’ box
  • Click ‘Search Now’ Double click on the folders that are found
  • ‘Select’ any cookie file
  • Hit the ‘Delete’ button on your keyboard

If you are not using Microsoft Windows Explorer, then you should select ‘cookies’ in the ‘Help’ function for information on where to find your cookie folder.

How we protect your personal data

Users aged 13 and under in Northern Ireland/UK

If you are aged 13 or under, please get your parent’s or guardian’s permission before you provide any personal data to us. Users without this consent are not allowed to provide us with personal data.

Users aged 16 and under in Ireland

If you are aged 16 or under, please get your parent’s or guardian’s permission before you provide any personal data to us. Users without this consent are not allowed to provide us with personal data.

Other websites

Our website contains links to other websites which are outside our control and are not covered by this Privacy and Cookie Notice. If you access other sites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their Privacy Policies, which may differ from ours. We do not accept any responsibility or liability for their policies or processing of your personal data. We encourage you to read the privacy and cookie notices and terms and conditions of any linked, referenced, or interfacing websites you enter before you submit any personal data to such third party websites.

Security of data collected and data retention

We employ strict physical, electronic, and administrative security measures to protect your data from access by unauthorized persons and against unlawful processing, accidental loss, destruction and damage both online and offline. We will retain your data for as long as necessary for said purpose of the collection and after that we will retain your data as long as the law requires.

O’Reilly’s Wholesale Limited retains personal data in an identifiable format only for the interval that is necessary as identified by the purposes of processing for which data are collected.

O’Reilly’s Wholesale Limited must not keep personal data for longer than necessary to fulfil the identified lawful business purposes or as long as required by applicable law.

O’Reilly’s Wholesale Limited establishes a personal data retention period in accordance with relevant laws and regulations as part of the record of processing activities.

O’Reilly’s Wholesale Limited must justify the requirements to retain personal data for periods longer than the maximum retention period as per business and regulatory requirements if required.

Some data must be retained in order to protect the company’s interests, preserve evidence, and generally conform to good business practices. Some reasons for data retention include:

  • Litigation
  • Accident investigation
  • Security incident investigation
  • Regulatory requirements
  • Intellectual property preservation

Internet-based transfers and disclaimer

Whereas O’Reilly’s Wholesale Limited employs reasonable measures to protect against viruses and other harmful components, the nature of the internet is such that it is impossible to ensure that your access to the website will be uninterrupted or error-free, or that this website, its servers or emails which may be sent by us are free of viruses or other harmful components.

Contacting us and your rights to access and update your personal data

  • Rights of Data Subjects

As a data subject being affected by our data processing activities you may exercise the following rights:

  1. Right of access

You have the right of access to all personal data, together with additional information  such  as the purposes for which the data was processed as well as the recipients, the criteria for determining the duration of retention, the existence of the right to deletion and rectification, right to restrict or right  to object the processing, the existence of a right to   lodge a complaint, information on the origin or source of the data and information on  automated decision-making including the logic involved. In addition, you have the right to gain access to information as to whether the personal data will be transferred to a third country or to an international organisation, including the right to be informed of the appropriate safeguards pursuant to Art. 46 of the EU Data Protection Law (GDPR) and the Data Protection Act 2018.

  1. Right to rectification and right to restriction of processing

You have the right to demand the correction or completion of incorrect or incomplete data. Under certain circumstances, such as when the accuracy of data is in dispute, you have the right to demand restriction of data processing activities until the correctness has been verified to the effect that data may be processed only with prior given consent or for the purpose of asserting, exercising or defending a right or protecting the rights of another natural or legal person or for reasons of important public interest.

  1. Right to data portability

It may be required that you – or as far as this is technically feasible, a third party – receive a copy of the personal data in a structured, common and machine-readable format, as far as these have been made available to us.

  1. Right to erasure

You may exercise the right to demand erasure of personal data under certain circumstances, such as when personal data are not processed in accordance with data protection requirements.

  1. Right to object

You have the right to object to the processing of personal data at any time to grounds relating to a particular situation. In case of an objection, we will no longer process your personal data unless compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims can be demonstrated.

  1. Right to withdraw your consent

You may exercise the right to withdraw a prior given consent to data processing activities at any time without stating reasons by sending the withdrawal to dpo@orys.biz. The withdrawal of the consent does not affect the lawfulness of the processing carried out on the basis of a consent up to the withdrawal.

  1. Supervisory authority

 

Complaint

You have the right to lodge a complaint before the national data protection authority by sending your claim to it. Country Data Protection Authority contacts can be found at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

If you feel that O’Reilly’s has not processed your data in the correct manner and has not handled your complaint effectively regarding your data, you have the right to lodge a complaint with the ICO (Information Commissioner’s Office) – contact details can be found via the following link: https://ico.org.uk/

How changes to this Privacy Policy and the Cookies Policy will be made

Please check this Privacy and Cookie Notice periodically to be informed of any changes. Although we reserve the right to modify or supplement this policy, we will provide notice to you on this website of any major changes for at least 30 days following the change and, where appropriate, through email notification.