How we collect personal information from you
We may collect information directly through the website, or through the browser information provided when you connect to the website, or when you communicate with Romo directly via email, phone or correspondence.
What information we collect about you
The personal data we collect depends on whether you just visit our website or use our services. If you visit our website, you do not need to provide us with any personal data. However, your browser transmits some data automatically, such as the date and time of retrieval of one of our web pages, your browser type and settings, your operating system, the last web page you visited, the data transmitted, the access status, and your IP address.
If you use our services, personal data is required to fulfil the requirements of a contractual or service relationship, which may exist between you and our organisation.
Depending on the services used, we may collect the following information:
- Email Address
- Name, address, phone number and postcode
- Language preference
- Newsletter subscription preferences
- Favourite product information
- Browser location (Country), Browser information (Type and Version)
- IP Address
A cookie is a small file which asks permission to be placed on your computer's hard drive. Cookies allow web applications to respond to you as an individual. The website can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
Overall, cookies help us provide you with a better website. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
We also use Google Analytics to monitor the use, performance, and reach of our website. Google uses its own cookies for this purpose.
How we might use your information
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- The Sales and distribution of products and services
- Improvement of our products and services
- Communicate to resolve any sales or support issues
- Personalisation of the website according to your interests
- Information, system, and network security
When we share your information
To maintain and improve our services, your personal data may need to be shared with or disclosed to service providers, other Controllers or, in some cases, public authorities. We may be mandated to disclose your personal data in response to requests from a court, police services or other regulatory bodies. Where feasible, we will consult with you prior to making such disclosure and, in order to protect your privacy, we will ensure that we will disclose only the minimum amount of your information necessary for the required purpose.
If you have purchased any of our goods, we may disclose data to the following:
- UPS, for parcel deliveries.
- FIRA (Furniture Industry Research Association), for product support issues
How long will we keep your information?
Information collected through the website will be retained in accordance with the following:
- A website account is active if someone has logged into the account within a 5 year period, after which the account is considered dormant.
- All customer data is retained while the account is active.
- Dormant accounts are automatically deleted.
- Any 3rd party addresses provided by website customers are treated as customer data.
- Expired Access tokens (used for website log-in) are retained for 1 month.
- Explicit consent will be required before sending newsletters via email to the customer.
- If you don’t have a website account, newsletter unsubscribe information is held for 12 months, then deleted.
- Basket data will be held for no longer than 1 month
- If a sale is completed, data will be kept for a minimum of 5 years, and in line with relevant laws and legal requirements.
- Long term data will be anonymized to be used for statistics.
- Postal addresses are treated as customer information.
- Press download information is treated as customer information
- Performance, operation, security, and support logs, also security and support emails will be kept for no longer than 24 months.
How do we look after personal data (Security)
We limit the amount of personal data collected only to what is fit for the purpose as described above. We restrict, secure and control all of our information assets against unauthorised access, damage, loss or destruction; whether physical or electronic. We retain personal data only for as long as is described above, to respond to your requests, or longer if required by law. If we retain your personal data for historical or statistical purposes we ensure that the personal data cannot be used further. While in our possession, together with your assistance, we try to maintain the accuracy of your personal data.
All sales transactions are secured by 256 bit SSL encryption when communicating with the server. This can be seen by the use of 'https' in the website address and the padlock icon / green text used next to the website address in the browser. Optionally by clicking on the padlock icon you may be able to see details of our security certificate issued by GlobalSign, to Romo Ltd (this functionality is browser dependant).
Credit Card Details
We do not store or process credit card details on our site. Any credit card details you provide are processed by our payment provider, SecureTrading, via an 'iframe'. Secure Trading hold and process any credit card details provided. Once a transaction is complete we may hold a reference to the previous transaction, which is held against your account details. This then allows you to use the same credit card again in any subsequent transactions.
We are PCI compliant at SAQ level A.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Your right to change/remove information
If you receive our marketing emails but no longer wish to, please click on the "unsubscribe" link at the bottom of any marketing email, which you may have received from us.
If you have a website account with us, you can log-in to our website and update and change your marketing preferences at any time by going to the “Newsletter Subscriptions” section. Alternatively, simply contact our Customer Services team to change any of your marketing preferences.
Please note that it may take up to 72 hours for all our systems to process and update your email marketing preference changes.
When working with partner charities, we will not make unreasonable intrusions into privacy, are not unreasonably persistent and will not place undue pressure on anyone to donate to the charity we have chosen to work with.
We request candidates submit CVs containing name, address, contact details, employment history, and qualifications, in addition to a covering letter and in some cases a portfolio of work. This information is held in a central recruitment inbox as candidates applications are processed, and are removed from our internal systems after a 2 year period from the date of application.
Changes to this policy
Our Contact Information (Data Controller)
Data Protection Officer