Updated: 29th April 2019
It applies to personal information we collect through our email, website, online store, through social media and in person at any events we attend.
By sharing your personal information with us we take responsibility for the information we collect about you, and we aim to be transparent about how we handle it, and to give you control over it.
A reminder of your rights...
The EU General Data Protection Regulation (GDPR) effective from 25th May 2018 gives all EU citizens more rights and protections for their personal data.
More information is available here.
These regulations include
- The right to be informed: Companies must publish a privacy notice, in addition to explaining transparently how they use this personal data.
- The right of access: Individuals will have the right to demand details of any of their data that a company may hold. This information must be provided within one month of request at no charge to the individual.
- The right to rectification: If a person’s data is incorrect or incomplete, he or she has the right to have it corrected. If the company that holds the information has passed any of that information to third parties. The company must inform the third party of the correction and inform the person which third parties have their personal data.
- The right to be forgotten: A person may request the removal of his or her personal data in specific circumstances.
- The right to restrict processing: Under certain circumstances, an individual can block the processing of his or her personal data.
- The right to data portability: A person can access their data for their own use anywhere they prefer.
- The right to object: A person can object to the use of their personal data for most purposes.
- The right not to be subject to automated decision-making, including profiling
What personal information do we collect?
When you set up an account and/or purchase something from our online store as part of the buying and selling process, we collect the personal information you give us such as your name, address, email address, telephone number, chosen payment method, shipping name and address (if different).
We also automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the store, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the store, and information about how you interact with the store.
Our payment gateways collect your relevant personal information so that they can process your transaction. We use three payment providers – Stripe and PayPal and AmazonPay. We have no access to your personal payment information through any of these gateways, they manage the payment transactions securely on their platforms for the purposes of payment and/or refunds. You can view more information about what data our payment providers collect here: PayPal Stripe AmazonPay
When you visit our sites we receive, collect and store any information you enter on our website or provide us in any other way. For example, we collect personally identifiable information (including name and email) when you opt-in to receive newsletters and/or specific promotions, product updates, set up an account, or when you contact us directly through the ‘contact’ emails on our sites.
We collect and store limited personal information and some anonymous data from all visitors to all our sites whether you actively provide us with that information or merely browse our websites. The information we collect includes the internet protocol (IP) address of the device you are using, the browser software you use, your operating system, the date and time of access, the internet address of the website from which you link through to our website and information on how you use our websites.
We use this information so that we can see how well our websites are working, how they are used, what users look at most and audience information such as traffic volumes and locations.
We also collect and handle information about how you engage with our promotional campaigns outside of our own websites, for example, on Google, YouTube, Facebook, Instagram and Twitter, Mailchimp.
How do we use your personal information?
When you visit our store we use your order information that we collect to fulfil any orders placed through the store, including processing your payment information, arranging for shipping, returns processing, refunds and providing you with invoices and/or order confirmations, parcel tracking etc.
We also use this order Information to communicate with you, screen our orders for potential risk or fraud, and, when you have ‘opted in’ to marketing during the account set up process we understand that we can provide you with information and updates relating to our products or services.
We use your personal information as part of our financial accounting process and VAT reporting.
We use device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our store (for example, by generating analytics about how our customers browse and interact with the store, and to assess the success of our marketing campaigns).
We never sell or share any personal data we collect with any third-parties for commercial purposes.
Social Media – YouTube, Facebook, Instagram - no personal data is collected directly by us from any social platform. Interaction with followers is managed on each platform and any analysis is managed within each platform.
Collection and use of non-personal information
Our online store (hosted on Shopify) and website platform (Wix) automatically collect non-identifiable information from our visitors - this information does not enable us to identify the visitor from whom it was collected. This kind of information mainly consists of technical and aggregated usage information, such as visitors’ activity on the website, session info, non-identifying information regarding your device, operating system, internet browser, screen resolution, language and keyboard settings, internet service provider, referring/exit pages, date/time stamps, etc.
We use Google Analytics to capture unidentifiable visitor traffic to our online store and website. All data is anonymous to us and Google Analytics monitors general visitor activity so that we can understand how our website is being used and where our traffic is coming from around the world.
Within Google Analytics we have disabled data collection for advertising purposes such as remarketing and advertising reporting. Data is deleted after 50 months.
More information on Google Analytics data practices and security is available HERE
Cookies and other technologies
“Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. Some cookies are required for our sites to work, others you can choose to accept or not.
Under the new EU General Data Protection Regulations (GDPR) effective 25th May 2018, the law requires your consent to the use of ‘cookies’ when you visit our sites.
As a result both our sites have clear cookie consent banners. You can choose to opt into accepting all the cookies our platforms use, or you can choose to accept only those that are necessary for the site to work properly. Our website consent banner provides you with a clear list of all the cookies the site uses so you can be fully informed before you give consent.
Our store currently does not provide a full list of the cookies but we expect an update to this shortly and in the interim you can email us for a full Cookie Report which is updated monthly. Please email us at email@example.com
We store all consents using two third-party apps. They track your consent and ensure that the option to consent is renewed at sensible intervals. You are only identifiable only by IP address and you can change your mind and update your consent preferences at any time – simply email us at firstname.lastname@example.org.
We can provide a report of all cookies on our sites which is updated monthly – please emails us for a copy at email@example.com.
Our online store is hosted by Shopify which collects device information using the following technologies:
“Log files” track actions occurring on the store, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
“Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the store.
Our website is hosted by Wix and uses two types of cookies:
Session (Transient) cookies: these cookies are erased when you close your browser, and do not collect information from your computer. They typically store information in the form of a session identification that does not personally identify the user.
Persistent (Permanent/Stored) cookies:these cookies are stored on your hard drive until they expire (i.e. based on a set expiration date) or until you delete them. These cookies are used to collect identifying information about the user, such as Web surfing behaviour or user preferences for a specific site.
More information on Wix cookies can be found HERE
For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
What personal information do we share with third-parties?
We never sell or share your personal data for commercial gain.
Third-party service providers are used for the following activities:
- our store platform
- our payment gateways
- our shipping provider
- our email provider
- our website platform
- our financial accounts/reporting system
- our accountants
- our email marketing platform
- our data/analytics services
- our ‘patron’ platform
- our email marketing platform
If you would like more information on who we work with and how we share your information, please email us at firstname.lastname@example.org
How long do we keep your personal information?
The actual period for which we store your personal information will vary depending on the type of personal information and how it is used.
Access and control of your personal information
You have the right to access, update and amend personal information that we hold about you at any time.
In certain circumstances, you can also:
- Object to our use of your personal information for certain purposes;
- Ask us to limit or restrict our use of your personal information;
- Ask us to correct, remove or delete personal information about you; or
- Ask us to provide your personal information to a third-party provider of services.
Please note that those rights do not always apply and there are certain exceptions to them and we will need to confirm your identity before acting on certain requests.
If the law in your country allows us to impose a fee for giving you access to your personal information, or to exercise any of your other rights in relation to your personal information, we will let you know.
If you would like to exercise any of your rights in relation to your personal information, please email email@example.com
Data transfers, storage and handling of your personal information
We, and the third parties that we share your personal information with, then host, store and otherwise handle that information.
We have taken steps to check that all third-party service providers we use are adopting GDPR compliant standards to manage your personal data.
Please be aware that the information which you provide to us may be transferred to countries outside the European Union (“EU”). As an example our website platform is hosted in data centres in both the United States and Europe. From time to time, they may transfer hosting from one location to another. Regardless this platform complies with the EU-US Privacy Shield Framework and the Swiss-US privacy shield framework regarding the collection, use, and retention of personal information transferred from the European Union to the United States.
In addition, we take steps internally to protect your data, for example, only authorised personnel have access to your data and only for the purpose of carrying out their roles. We enable two-step authentication across all accounts, data lives in a minimum number of locations, data downloading is kept to a minimum, any printed materials containing personal data (eg. accounts related reports) are stored in locked cupboards, we use a document shredder etc.
We will report any unlawful data breach of our website’s database or the database(s) of any of our third-party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
Communication, engagement and actions taken through external social media platforms are subject to the terms and conditions and the privacy policies held with each social media platform respectively.
We will never ask for personal or sensitive information through social media platforms and encourage users wishing to share personal details to contact us directly.
Our sites may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using these buttons that they do so at their own discretion aware that the social media platform may track and save your request.
If we have your e-mail address, we may also e-mail you with information on those changes if we feel they are significantly important in which case we will also ask you to confirm that you are happy with those changes.
How to contact us
If you have any questions, comments or concerns, or would like to make a complaint about how we use the personal information we hold about you, please email us at firstname.lastname@example.org