Privacy Policy

Who we are

Our website address is: https://tillex.co.uk, owned by Smokin Donut Ltd

About this Policy

This policy describes how we use your personal data when you use our website (https://tillex.co.uk) or utilise our software or when we provide services to you. We have provided this policy to ensure that you understand what personal data we may collect and hold about you, what we may use it for, and how we keep it safe. You have legal rights to access the personal data that we hold about you and to control how we use it, which are also explained. You can read and print this whole policy or click on the links below to see specific information about:

Data controller

Smokin Donut Ltd
Avon House
82 Wellington Street
Thame OX9 3B

01844 212577
hello@tillex.co.uk

Access and activity logs (“server logs”)

Each access to this website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual.

Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the website. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when the unlawful use of the software is suspected.

Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the website is collected. The scope of this log process does not exceed the common log scope of any other site on the web.

These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. 

When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon the occurrence of the respective error message and/or specification is collected.

These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this website. They are small text files that are stored on the device with which you access this website. Different categories of cookies are used:

  • Necessary cookies are necessary for ensuring the core functionality of our website
  • Functional cookies are cookies that are used for tracking user behaviour on our website to improve the functionality of our website
  • Marketing cookies are cookies we are using for serving interest-based ads
  • External media cookies: These cookies serve the purpose of displaying external media (such as videos or maps)

The legal basis for the use of essential cookies is Art. 6 (1) (f) GDPR -a legitimate interest. Our legitimate interest in the usage of these cookies is providing a functioning website.

The legal basis for the usage of the other cookies is Art. 6 (1) (a) GDPR — your consent. Without your consent, no non-essential cookies will be set. You can withdraw your consent anytime with effect for the future. 

Use of third-party provider tools

In order to provide and continuously improve our services, we are using the services of the following third-party providers which may also process personal data. These third-party providers have been selected diligently and in line with the requirements of the GDPR.

a. Google

Unless otherwise stated in the data privacy policy, the operator of all Google services mentioned here is Google Ireland Limited,Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

i. Google Maps

This website incorporates the API service “Google Maps” in order to be able to depict geographical information. The use of Google Maps makes it possible for Google to collect, process and use data on your use of the service.  By using Google Maps, information about the use of this website including your IP address and the (start) address entered in the route planner function can be transmitted to Google in the USA.  The map content is transmitted by Google directly to your browser and integrated by it into the website. Personio has no influence on the scope of the data collected by Google in this way. Personio also has no influence on the further processing and use of the data by Google. We have no influence and therefore cannot accept any responsibility for this.You can find further information on the processing of your data by Google at the Google data privacy information.

The following data is collected and processed:

  • IP addresses
  • Location information
  • Usage data
  • Date and time of visit
  • URLs

The legal basis for this data processing is your consent according to Art. 6 (1)(a) GDPR.If you do not want Google to collect, process or use data about you via our website, you can refuse your consent or withdraw it at any time with effect for the future. 

The data will be stored for as long as it is necessary for the purpose of the procession. The data will be deleted as soon as it is no longer needed for the processing purposes.

As part of the processing, the data may be transferred to the following recipients besides Google Ireland Limited:

  • Google LLC.
  • Alphabet Inc.

Data may be transferred to the USA as part of processing by Google Maps. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, we will obtain your consent in accordance with Art. 49 (1)(a) GDPR prior to the data processing.

ii. Google Tag Manager 

This website uses the service “Google Tag Manager”. The tag manager is a tool for managing so-called tags that are used during tracking in online marketing. In doing so, the tag manager does not process any personal data, since it merely serves to manage other services – e.g., Google Analytics, etc. 

You can find further information on the tag manager at: https://www.google.com/intl/de/tagmanager/use-policy.html

iii. Google Analytics

This website uses the service “Google Analytics”. The operator of this service is the company Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Analytics is a web analysis service, and, by placement of cookies and the information acquired by this, it enables us to make inferences about user behavior on our website.  The information generated by the cookies is sent to a Google server in the USA and stored there. Our website uses the service Google Analytics on an exclusively pseudonymous basis. Your IP address is only recorded in abbreviated form and is hence anonymized.

The following data is collected and processed:

  • IP-Addresses (anonymized)
  • Usage data
  • Click path
  • App updates
  • Browser information
  • Device information
  • JavaScript support
  • Pages visited
  • Referrer URL
  • Downloads
  • Flash-version
  • Location information
  • Purchase activity
  • Widget interactions
  • Date and time of visit

The legal basis of the processing is your consent according to Art. 6 (1)(a) GDPR.. If you do not want Google Analytics to collect and process the aforementioned data, you can refuse your consent or withdraw it at any time with effect for the future.

The data will be stored for as long as it is necessary for the purpose of the procession. The data will be deleted as soon as it is no longer needed for the processing purposes.

As part of the processing, the data may be transferred to the following recipients besides Google Ireland Limited:

  • Google LLC.
  • Alphabet Inc.

Data may be transferred to the USA as part of processing by Google Analytics. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, we will obtain your consent in accordance with Art. 49 (1)(a) GDPR prior to the data processing.

iv. Google Audiences / Remarketing

This website uses the service “Google Audiences/Remarketing”. The operator of this service is the company Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. The purpose of this service is to display advertising to users based on their interests. This requires conducting an analysis of website use, which is carried out using cookies. In this process, the cookies store anonymized or pseudonymized data regarding the use of the website.  If you visit additional websites that also use these services, then you will be shown advertising that matches your previous interests. You can find more information at https://www.google.com/privacy/ads/

The following data is collected and processed:

  • Pages visited
  • IP Addresses
  • Duration of visit
  • Other data on use of websites
  • Content user is interested in

The legal basis of the processing is your consent according to Art. 6 (1)(a) GDPR. If you do not want Google Audiences to collect and process the aforementioned data, you can refuse your consent or withdraw it at any time with effect for the future.

The data will be stored for as long as it is necessary for the purpose of the procession. The data will be deleted as soon as it is no longer needed for the processing purposes.

As part of the processing, the data may be transferred to the following recipients besides Google Ireland Limited:

  • Google LLC.
  • Alphabet Inc.

Data may be transferred to the USA as part of processing by Google Audiences. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, we will obtain your consent in accordance with Art. 49 (1)(a) GDPR prior to the data processing.

v. Google Ads (formerly GoogleAdwords) and Google Ads Conversion Tracking

This website uses the service “Google AdWords”. The operator of this service is the company Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. The purpose of this service is so-called conversion tracking, i.e., we can detect what happened after you clicked on our advertisements. Cookies are placed for this purpose, but they are only valid for a limited time.

The following data is collected and processed:

  • Cookie-ID
  • Visited Pages
  • IP Addresses
  • Duration of visit
  • Usage data
  • Content user is interested in
  • Clicked Ads
  • Web requests
  • Cookie information
  • Referrer URL
  • Browser language
  • Browser type

The legal basis of the processing is your consent according to Art. 6 (1)(a) GDPR. If you do not want Google Ads to collect and process the aforementioned data, you can refuse your consent or withdraw it at any time with effect for the future.

The data will be stored for as long as it is necessary for the purpose of the procession. The data will be deleted as soon as it is no longer needed for the processing purposes.

As part of the processing, the data may be transferred to the following recipients besides Google Ireland Limited:

  • Google LLC.
  • Alphabet Inc.

Data may be transferred to the USA as part of processing by Google Ads. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, we will obtain your consent in accordance with Art. 49 (1)(a) GDPR prior to the data processing.

vi. YouTube

This website uses the service “YouTube” to insert videos into the page. The operator of the software necessary for this purpose is the company Google Ireland Limited Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. 

The integration of YouTube content is carried out in “extended privacy mode”. This ensures that YouTube does not initially store cookies on your device. As a result, YouTube no longer stores any information about visitors until you watch the video.

When you click on the video, your IP address is sent to YouTube, which tells YouTube that you have watched the video. If you are logged in to YouTube, this information is also associated with your account. This can be prevented by logging out of YouTube before viewing the video.

Accordingly, the following data can be collected and processed:

  • IP Addresses
  • Referrer URL
  • Device Information
  • Watched videos

The legal basis of the processing is your consent according to Art. 6 (1)(a) GDPR. If you do not want YouTube to collect and process the aforementioned data, you can refuse your consent or withdraw it at any time with effect for the future.

The data will be stored for as long as it is necessary for the purpose of the procession. The data will be deleted as soon as it is no longer needed for the processing purposes.

As part of the processing, the data may be transferred to the following recipients besides Google Ireland Limited:

  • Google LLC.
  • Alphabet Inc.

Data may be transferred to the USA as part of processing by YouTube. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, we will obtain your consent in accordance with Art. 49 (1)(a) GDPR prior to the data processing.

vii. Adobe Type Fonts

On this website the service Adobe Type Web Fonts is used. More information on their Privacy Policy can be found here.

b. Facebook Custom Audiences and Facebook Pixel

This website uses the service “Facebook Custom Audiences”. For this service Facebook-Pixel is used. Operator of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland. This service enables us to show the user advertising related to their interests on the social network – Facebook.

For this purpose we have implemented the Facebook Remarketing Tag on our website. When you visit the website, this tag creates a direct link with Facebook’s servers. This gives Facebook information on the pages that you have visited our website. Facebook then compares this with your Facebook user account. The next time that you visit Facebook, you will be shown customized advertisements – Facebook Ads – related with your interests. You can find further information in Facebook’s data privacy instructions: https://www.facebook.com/about/privacy/.

The following data is collected and processed:

  • Facebook-User-ID
  • IP Addresses
  • Browser information
  • Non-sensitive custom data
  • Facebook cookie information
  • Referrer URL
  • Pixel specific data
  • Pixel ID
  • Social media friend network
  • Usage Data
  • Views and interactions with content and ads
  • Viewed content
  • Device information
  • Success of marketing campaigns
  • transaction information
  • Hardware/software type
  • Browser type
  • Device operating system
  • Location
  • Cookie ID
  • Information from third party sources
  • User agent
  • Conversion

The legal basis of the processing is your consent according to Art. 6 (1)(a) GDPR. If you do not want Facebook to collect and process the aforementioned data, you can refuse your consent or withdraw it at any time with effect for the future.

The data will be stored for as long as it is necessary for the purpose of the procession. The data will be deleted as soon as it is no longer needed for the processing purposes.

As part of the processing, the data may be transferred to the following recipients besides Facebook Ireland Limited :

  • Facebook Inc.

Data may be transferred to the USA as part of processing by Facebook. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, we will obtain your consent in accordance with Art. 49 (1)(a) GDPR prior to the data processing.

 

HubSpot

On this website we use HubSpot for different purposes. HubSpot is a software company from the USA with a branch office in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telephone: +353 1 5187500.

Hubspot is an integrated software solution that we use to cover different aspects of our online marketing. This includes, among others:

Email marketing, social media publishing & reporting, reporting, contact management (e.g., user segmentation & CRM), landing pages and contact forms. 

Our registration service enables visitors to our website to find out more about our company, to download contents and to provide their contact information, together with further demographic information. This information, together with the contents of our website are stored on the servers of our software partner HubSpot. We can use it to make contact with visitors to our website and to determine which of our company’s services are interesting for them. All information collected by us is subject to this data privacy policy. We use all information collected exclusively for optimizing our marketing measures. 

More information about the Privacy Policy can be found here.
More information about Hubspots  regarding the EU-Data Protection Regulations can be found here.

More Information about HubSpots Cookies can be found here and here.
As part of the optimization of our marketing activities, Hubspot may collect and process the following data:

  • Geographical position
  • Browser type
  • Navigation information
  • Reference URL
  • Performance data
  • Information about how often the application is used
  • Mobile apps data
  • HubSpot subscription service credentials
  • Files that are displayed on site
  • Domain names
  • Viewed pages
  • Aggregated use
  • Version of the operating system
  • Internet service provider
  • IP address
  • Device identification
  • Duration of the visit
  • Where the application was downloaded from
  • Operating system
  • Events that occur within the application
  • Access times
  • Clickstream data
  • Device model and version

We also use HubSpot’s contact forms. More information about this can be found at 7. of this Privacy Policy

The legal basis of the processing is your consent according to Art. 6 (1)(a) GDPR. If you do not want Hubspot to collect and process the aforementioned data, you can refuse your consent or withdraw it at any time with effect for the future.

The data will be stored for as long as it is necessary for the purpose of the procession. The data will be deleted as soon as it is no longer needed for the processing purposes.

Data may be transferred to the USA as part of processing by Hubspot. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, Art. 49 (1)(a) GDPR can serve as a legal basis. Please note the reference to the risk of data transfer to an unsafe third-country under sub-item “7. Forms”.

 

Forms

We use the service HubSpot to provide you with the following online forms. For this purpose, we forward your data to HubSpot, which processes the data exclusively at our request. See data privacy policy on “HubSpot””.

Please note: If you contact us via contact forms, personal data may be transferred to service providers in third countries. These third countries do not have an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes, without you possibly being entitled to legal remedies. The security of the transfer is regularly ensured by so-called standard contractual clauses and, by Binding Corporate Rules, which ensure that the processing of personal data is subject to a level of security equivalent to that of the DSGVO. If the standard contractual clauses and binding corporate rules are not sufficient to establish an adequate level of security, your approval of this privacy policy will be deemed to be consent within the meaning of Art. 49 (1)(a)  GDPR, which justifies data transfer to unsafe third countries.

a. Regsister for Tilliex Online ordering app.

In order to provide you with onboarding onto our software, we collect personal data from you. Below we explain these data.

  • Collected data (Not all compulsary): Email address, last name, first name, job title, company name, mobile phone number, location, VAT number, country, Annual Revenue, Industry Sector and image assets.
  • Purpose of use: So we can initially get in contact with you and onboard you as quickly and efficiently as possible
  • Storage period: As a general rule, the data is stored unless you explicitly request its removal.
  • Legal basis: article 6 (1) b) GDPR

b. Newsletter

If you subscribe to our newsletter, then we store your email address and use this to send the newsletter. Your email address is not made public or disclosed to third parties.

  • Collected data: Email address, first name, last name, company name
  • Purpose of use: Sending of the newsletter requested
  • Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. For the newsletter, the data are stored as long as it is expected that a newsletter will be sent and as long as you have not objected to the use of your data. 
  • Legal basis: article 6 (1) a) GDPR – consent
  • Revocation: You can unsubscribe from our newsletter at any time using a link included in each issue. We will then delete your email address from our distribution list. As an alternative, you can also unsubscribe from our newsletter at any time by sending an email to hello@tillex.co.uk.

c. Book a demo (Meet with Annie)

If you request an appointment for a demo, then we use your data to contact you and coordinate together with you an appointment and to hold the appointment.

  • Collected data: Email address, last name, first name
  • Purpose of use: Coordination and holding of the demo, as well as preparation for and follow-up on the demo
  • Storage period: As a general rule, the data is only stored for as long as is needed to fulfill the purpose. The data are stored as long as is needed to prepare, hold and follow-up on the appointment. 
  • Legal basis: article 6 (1) b) GDPR