We are registered as a Data Controller, Registration Number ZA001155, in accordance with the General Data Protection Regulations (the “GDPR”).
When you register for a service provided by us (such as being a registered member or subscribing to our Newsletter or Journal posts), make an order from us, complete a transaction, verify your credit/debt card details, arrange for a delivery or if you email us or report a problem about our Website to us we will ask for and, if provided, collect and process information about you. We may collect the following information from you:
When you make an order from us, complete a transaction, verify your credit/debt card details, arrange for a delivery or if you email us or report a problem about our Website, it is implied that by providing us with personal data at that time, you are consenting to our collecting of your personal data.
Where we ask for your personal data for subscribing you to our Newsletter or Journal Posts, we will ask you directly for your expressed consent.
In the event that, after you have opted-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at email@example.com or writing to us at:
Such & Such
Wood End, Widdington
We may also collect information about your computer including, where available, your IP address, operating system and browser type, this is for system administration and to report aggregate information to any advertisers we may have now or in the future. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
We use information held about you in the following ways:
If you do not want us to use your data in this way please email us at firstname.lastname@example.org notifying us that you do not wish us to hold the personal data we have collected about you.
Whilst Shopify store your personal data and other data, we reserve all rights to your personal data and other data and Shopify will never contact you directly, or use your personal data for their own business advantage. We may, from time to time, download the personal data and other data stored by Shopify on our behalf. We will take reasonable care to maintain appropriate safeguards to ensure the security, integrity and privacy of your personal data, as defined in the GDPR, in accordance with the GDPR.
When you pay for a product on our Website the transaction is carried out using Shopify’s secure payment gateway. Shopify encrypt the card information through the Payment Card Industry Data Security Standard and your purchase transaction data is stored by Shopify only as long as is necessary to complete your transaction. After the transaction is complete the purchase transaction information is deleted.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will take reasonable care to protect your personal data, we cannot guarantee the security of the personal data you provide to us; any transmission is at your own risk.
We may disclose your personal data to third parties, as follows:
in order that we may deliver any ordered products to you we must disclose your name, delivery address and telephone number to the delivery company or companies we use;
payment for all products ordered on our Website is made through Shopify. This means that Shopify handle the transaction on our behalf and we do not at any time gain access to your credit/debit card details, except your address which is necessary in order for us to fulfil your order. Shopify receive your credit/debit card details and encrypt every transaction using 128-bit SSL certificates. Once on their system, Sage Pay secure all sensitive data using 256-bit encryption standards.
Shopify and Mail Chimp may use third party providers to carry out the services they provide to us and may disclose personal data to the extent necessary to allow them to perform their services. For more information on how these three parties handle personal data, we recommend that you read their privacy policies:
in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
If our business or substantially all of its assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions of supply and other agreements; or to protect the rights, property, or safety of our business, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We will take reasonable steps to ensure that all third party partners to whom we transfer and personal data will provide sufficient protection of that personal data.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your information) if we intend to use your personal data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your personal data. You can also exercise the right at any time by contacting us at Ketteridges, Wood End, Widdington, Saffron Walden, CB11 3SN OR at: email@example.com
Our Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
The GDPR gives you the right to access information held about you. Your right of access can be exercised in accordance with the GDPR.
Last updated on: 24 May 2018