This policy is designed to ensure that we safely handle your personal data in accordance with relevant regulations and legislation such as Data Protection Act 1998 and EU General Data Protection Regulations 2018 (the “Data Protection Regulations ”).
Section 1 - What We Do With Your Information?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system. Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
Legal Basis for Processing Your Information
The legal basis for processing your information is either your specific consent or where we are not legally required to ask for consent, we may process this data for our legitimate interests, namely:
- the performance of the services you have requested through the website;
- the monitoring and improving our website and services; or
- for the delivery of relevant website content and advertisements to you; or
- to measure or understand the effectiveness of the advertising we serve to you.
Cookies are very small text files that are stored on your computer when you visit some websites.
You can disable any cookies already stored on your computer, but these may stop our website from functioning properly.
We use the cookies on our Websites for a number of purposes, including:
- to authenticate and identify you on our Websites and applications so we can provide you with the services you request;
- for ‘email’ purposes such as storing, updating and emailing our users and customers we currently use Mailchimp, a popular communications provider who are compliant with the latest GDPR legislation.
- to deliver adverts and information more relevant to you and your interests and also to help measure the effectiveness of our advertising campaigns;
- to compile reports on Website activity and providing other services relating to Website activity and internet usage. We may also transfer this information to third parties where required to do so by law, or where such third parties process the information on our behalf; and
- pages of our Website and our e-mails may contain web beacons, bugs, pixels, and software tokens (and other related technologies) in order to facilitate use of our Services and which may allow us to collect statistics on our Website and emails (such as number of users who have visited a page or opened an email).
The following is strictly necessary in the operation of our website.
This Website Will:
- Remember what is in your shopping basket
- Remember where you are in the order process
- Remember that you are logged in and that your session is secure. You need to be logged in to complete an order.
The following are not Strictly Necessary, but are required to provide you with the best user experience and also to tell us which pages you find most interesting (anonymously).
This Website will:
- Sometimes offer Live Chat Support (If available)
- Track the pages you visit via Google Analytics
This Website will:
- Allow you to share pages with social networks such as Facebook (If available)
- Allow you to share pages via Add This (If available)
This website will not:
Section 2 - Consent
How do you get my consent?
When you provide us with personal information to complete a transaction, place an order, arrange for a delivery or return a purchase, you are agreeing to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will ask you directly for your expressed consent and provide you with an opportunity to say change your preferences at any time.
You are discouraged from submitting any personally identifiable information to our public community forum. However, if you do submit any such information to a community forum or other public section of our website, such as comments or feedback, you do so in accordance with the terms applying to ‘User Content’ as set out in our Terms of Service. Accordingly, you agree that such information may be posted or published on our website (or as otherwise set out in our Terms of Service) and will therefore be publicly available.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, in relation to marketing, or for the continued collection, use or disclosure of your information, at any time, by contacting us at email@example.com or using the links at the bottom of any email we send you to manage your contact preferences or unsubscribe. As set out in our Terms of Service, this does not apply to User Content which is submitted to our community forum, which we may not be in a position to remove once it has been posted as it is hosted by a third party provider.
Section 3 - Types of Information We Collect
Some parts of the website are public and you may visit these anonymously. We will collect personal identification information from you only if you voluntarily submit such information to us. You can always refuse to supply personally identification information, except that it may prevent you from engaging in certain website related activities or accessing parts of the Platform.
Without limitation, the type of information we may collect includes that as specified by the General Data Protection Regulation:
- Personally Identifiable Information. We may collect personal details such as an individual’s name, shipping address, billing address, email address, telephone and other information, internet address (IP address), device used to access website, etc, . We may utilize this information in order to fulfill a contract (like fulfilling an order), adapt and optimise our service to our users’ needs;
- Financial Information. We may collect financial information related to an individual such as any bank or credit card details used to transact with us and other information that allows us to transact with the individual and/or provide them with our Software;
- Social Media Information. We may collect Twitter, Facebook or other social media Usernames if you connect to these social networks through the Software;
- Statistical Information. We may collect information about an individual’s online and offline preferences, habits, movements, trends, decisions, associations, memberships, finances, purchases and other information for statistical purposes;
Section 4 - Where we store your personal data
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by third parties acting on our behalf, operating outside the EEA. Such third parties maybe engaged in, among other things, the processing and fulfilment of your order and the provision of support services.
We permit this transfer outside the EEA only where: (a) where the organisation receiving the personal data has provided adequate safeguards; or (b) where you have specifically consented to this transfer, or (c) where the transfer is necessary for the performance of a service requested by you.
Section 4 – Disclosure
We may disclose your personal information if we are required by law to do so.
Section 5 - Platform
If you choose a direct payment gateway to complete your purchase, then Stripe or PayPal stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Section 6 - Third-Party Services
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
Section 7 - Security
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Section 8 – Retention of Information
Personal data that we process for any purpose shall not be kept for longer than is necessary for that purpose. This means that unless there is a good reason to do so we won't keep your personal data more than 6 years after our business relationship has ended.
It is not possible for us to specify in advance the periods for which your personal data will be retained. However, we will determine the period of retention based on your continued use of our website or services and based on our requirements for proper record keeping and accounting and legal purposes.
Notwithstanding the other provisions of this section, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your legal interests or the legal interests of another person.
Section 9 - Your Rights
Your principal rights under the Data Protection Regulations are: (a) the right to access; (b) the right to rectification; (c) the right to erasure; (d) the right to restrict processing; (e) the right to object to processing; (f) the right to data portability; (g) the right to complain to a supervisory authority; and (h) the right to withdraw consent.
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data.
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
Section 10 - Age of Consent
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
Section 12 - Governing Law
Questions and Contact Information
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at firstname.lastname@example.org