When you order with us, we make the protection of your privacy and security when processing your order or your data our primary focus.
Data Protection Policy
We will always respect your rights to privacy.
We will only use or hold personal information if you have given us your consent. Placing an order with us would be permission to hold your data. Any data that you agree to us holding will be destroyed when the reason for its collection has ceased to exist.
When is Information Collected
We collect information about you when:-
You register on our website to make a purchase
Sign up for promotion offers or surveys
Communicate with us via phone or email
What information is collected
When you place an order with us, return a purchase or arrange for deliveries we will ask for personal information to enable us to complete the transaction. We will ask for:-
An email address
Credit or debit card details
A delivery address
We may also ask for a contact telephone number so that we may contact you if there is a problem with your order.
If we ask for your information for any other reason like marketing we will always ask for your express permission or provide you with an opportunity to decline.
How is the Information Used
The information that we collect via our website or any other communication with you may be used for:
Dealing with orders
Processing payments and accounts
Credit reference checking and fraud detection
Improving the customer experience of the website
Tailoring and Improving our service
Market Research and Product Development
At any time you can change your mind and withdraw your consent to us holding any information about you by emailing our GDPR Officer on email@example.com
If you are not sure about the information that we hold about you, your account or wish to update the details please email our GDPR Officer on firstname.lastname@example.org
We will never pass on your details to a third party for marketing purposes except for our own.
We will only pass your data to third parties who are involved in processing your order such as a courier service or where we are required by law or if you violate our terms of service.
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that we operate on and that allows us to sell our products and services to you. Your data here is stored through Shopify’s data storage, databases and the general Shopify application. Shopify store your data on a secure server behind a firewall and comply with GDPR.
Information Held on our Internal Systems
Access to any customer information is limited to those who need access to the information to perform their job.
Access to customer information requires a login and password to our system.
All staff are expected to adhere to the confidentiality policy of the company and sign up to a confidentiality clause as part of their employment contract.
Calls may be recorded for training and security purposes.
We regularly review and update our database access protocols.
If you are concerned that we have breached a privacy law or code binding on us, please send an email marked “Urgent” to Catherine Lane, CEO at email@example.com. We aim to respond in a reasonable time (normally 24 hours). Our GDPR Officer will manage your complaint and will give you additional information about how it will be handled.
You have the right to complain to the Information Commissioner’s Office (ICO) if you believe we have not handled your request in an appropriate manner. For information on contacting the ICO please see their website www.ico.org.uk.
When you purchase from us we want you to know that we take your security seriously. When you complete your transaction though our payment gateway then Shopify stores and encrypts your credit card data through the Payment Card Industry Data Security Standard (PCI – DSS) The information is encrypted using secure socket layer technology (SSC) and stored within AES256 encryption.
Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more information you may wish to read Shopify’s terms of service (http://shopify.com/legal/terms) and Shopify’s privacy statement (http://shopify.com/legal/privacy) .
We feel confident that the processes we have in place will ensure that the credit or debit card information will not be accessed by any unauthorised person or company.
Phishing is the attempt of obtaining sensitive information such as usernames, passwords or credit card details which will be used for fraudulent or improper activities. We will never ask for your personal details by email. If this happens contact us on firstname.lastname@example.org
Changes to our Policy
We reserve the right to change the policy at any time without notice so please review it frequently. If we make material changes we will notify you here that it has been updated.
If our store is acquired or merged with another company your information may be transferred to the new owners so that we may continue to sell products to you.