PRIVACY STATEMENT
SECTION 1 – FAIR PROCESSING NOTICE
WHAT PERSONAL DATA DO WE COLLECT AND HOW WE USE IT
Minimum Data Set Required
In order to comply with General Data Protection Regulation (GDPR) rules, we have taken steps to ensure that all personal data that we record and store from you is the minimum amount of data needed to fulfil the purposes it is required for, and that we do not ask for more personal data than we need.
Purchasing
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us, including your name, address, email address, telephone number, order number, products purchased, IP address and card data. This data is used to process your transaction and fulfil your order. Some of your personal data may also be shared with our suppliers in order to fulfil your purchase. We may also share your information with our printer app to print invoices or packing notes for you. Under the GDPR, we have a lawful basis of the contract of the sale in order to collect, store and process your data in this way.
For the processing of your order, your data may be sent to or used by software from Google, Microsoft and Apple in order for us to undertake the administration of processing your order. Under the GDPR, we have a lawful basis of the contract of the sale in order to collect, store and process your data in this way.
For the fulfilment and delivery of your order, some of your personal data such as name, address, telephone number and email address, may be used by Royal Mail and My Hermes to track and send your parcel. Under the GDPR, we have a lawful basis of the contract of the sale in order to collect, store and process your data in this way.
For all orders, personal data will be held and processed by WooCommerce in order to store your account/customer details, track your purchase history, save your address details and track any updates in the order/delivery process. WooCommerce may also use your data to process your transaction.
No financial data (eg. Card number etc) is stored by us, but is processed during the course of the transaction, by our card payment provider iZettle.
All personal data gathered from the website through transactions is gathered directly from the user and processed and held by iZettle. This data is used to process and fulfil orders, refunds and queries. Under the GDPR, our lawful basis for sharing and processing this personal data is the contract of sale.
If you purchase a digital product, such as a downloadable pattern, from our site, we will share your information with our Digital Downloads app in order to allow us to deliver your digital product to you. Under the GDPR, our lawful basis for sharing and processing this personal data is the contract of sale.
When you purchase from our site, you will have the option to sign up for our newsletter to send you more information about further products and services. To sign up, you will need to give us your consent by reading our privacy policy and ticking the box. You will be given the option to opt-out of receiving our marketing emails in your welcome email and can also opt out at any time by using the unsubscribe link at the bottom of every email. We are using the lawful basis of consent under the GDPR to collect, store and process your data in this way.
Transaction amount and order number is also shared with and stored with accounting package QuickBooks and our accountants Springtide Accounting for accounting purposes. Under the GDPR, our lawful basis for sharing and processing this personal data is our legal obligation to provide statutory accounts to HMRC.
Website accounts
If you choose to create an account on our site, we will collect and store the following personal data on you: name, email address. We may also store your address if you wish to add this to your account for quicker checkout. This personal data is collected and stored by WooCommerce, and we will only use it to contact you about your account, or to process your order if you use this information at checkout. The information in the account is password protected by you, so please ensure you choose a strong password to avoid putting your data at risk. Under the GDPR, we have a lawful basis of the contract of providing a service (of an account on our site) to collect, store and process your data in this way.
Email marketing
With your explicit consent, we may send you emails about our store, new products and other updates, when you supply us with your name and email address on our pop-up form, on the form on our newsletter page, or if you consent at checkout when making a purchase. In each case, we ask for your explicit consent to do so by asking you to tick the box to give your consent, and encouraging you to read our privacy policy to understand how this data will be used, as well as your personal data rights.
The personal data you supply on this form will be stored and processed by our email provider MailChimp in order to fulfil our marketing. Under the GDPR, we are allowed to use your personal data in this way due to the lawful basis of your consent, by ticking the consent box when you sign up and the opt-in double confirmation email.
You will also be able to give permission for us to send you more targeted and personalised emails through customer profiling/segmentation and customised online advertising. You can opt-out of these at any time.
Other
From time to time we may also use Survey Monkey to help us gain insight into our customers and how they use our site. As such, we may ask for your personal data (name and email address) through Survey Monkey in order to identify responses. In such cases, this personal data will be processed and stored by Survey Monkey.
You will need to give consent for us to use this data in this way, if you choose to participate. Under the GDPR, our lawful basis for using your data in this way would be consent. In each case, you will be required to consent upon initiating participation of a survey, and not before. Your consent will be required for each individual survey.
HOW LONG WE HOLD YOUR PERSONAL DATA?
For personal data collected, used and stored from purchases on the site, we will hold your personal data for 2 years from your last order date. After this time, it will be deleted as we presume you will not buy from us again.
For personal data collected, used and stored from your consent to email marketing purposes, we will hold your personal data for one year from the date of your last opened email, before removing it from our records. After this time, it will be deleted as we presume you are no longer interested in receiving further marketing information about our goods and services.
For personal data collected, used and stored from cookies on the site, we will hold this personal data for 26 months, in order to help us analyse site performance, site issues and potential development areas to help improve the site.
For personal data stored in QuickBooks and our accounts, we will hold this personal data for 7 years, in order to allow us to supply statutory accounts for HMRC.
For personal data collected, used and stored from Survey Monkey, we will hold your personal data for 2 years from the end of the survey, in order for us to analyse business performance and product development.
YOUR PERSONAL DATA RIGHTS
In the EU, you should know that your personal data rights are protected under law. These include rights as specified in the General Data Protection Regulation, which are the right for your personal data to be accessed, corrected or changed, and erased.
To learn more about your rights under GDPR, visit the Information Commissioners Office website.
CHANGING YOUR PERSONAL DATA
Under the GDPR, you have the right to correct or change the personal data we hold on you at any time. If you would like to do so, please send us an email or write to us using the contact details at the end of this document.
RIGHT TO BE FORGOTTEN
Under the GDPR, you also have the right for your personal data to be removed or ‘forgotten’. If you would like the personal data we hold on you to be erased, please send us an email or write to us using the contact details at the end of this document.
SECTION 2 – CONSENT
How do you get my consent?
To consent to our email marketing, you must fill in the form, tick the box to say you give permission, and click submit to make it clear that we have your explicit consent to be contacted by the email address and name you provide. This may be done on either through our email pop-up, the form on our newsletter page or during check out.
When signing up to our email marketing, you can also choose whether to give your consent for us to use your data for customised advertising and customer profiling – by consenting to these, you allow us to give you more personalised content that we think you will like.
If we want to use, share or collect any of your personal data for any other reason, we will contact you first to explicitly ask for it, and wait for your permission or rejection of consent before doing so.
We also require your consent to use cookies on our site – to give your consent, please accept the banner when you land on the site and your preference will be remembered. You can opt-out at any time.
How do I withdraw my consent?
If you change your mind, you may withdraw your consent for us to use, share or contact you for the continued collection, use or disclosure of your information, at any time, by contacting us using the contact details at the end of this document.
You can also use the unsubscribe link at the bottom of every email we send to you.
Please allow up to 28 days for this change to take effect.
To opt-out of cookies, simply use decline button in the banner on site to switch them off.
SECTION 3 – DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service. Under the GDPR, our lawful basis for doing so would be a legitimate interest for security or criminal concerns, and we may disclose your personal data to the authorities (such as the police), in order for them to investigate further and ensure no crime is committed.
Subject Access Requests
You may ask to access the personal data we hold on you at any time. To do so, please send us an email or write to us using the contact details at the end of this document.
Please allow one month for us to complete your request.
Data Portability
Upon receiving your request, we will supply you with the data you have requested to access in an easily readable format, such as a Word document or physical letter.
SECTION 4 – E-COMMERCE PLATFORM
Our store is hosted on WooCommerce. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through WooCommerce’s data storage, databases and the general WooCommerce application.
Their privacy policy can be viewed here: https://automattic.com/privacy/
Payment
If you choose a direct payment gateway to complete your purchase, then WooCommerce stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read WooCommerce’s Terms of Service or Privacy Statement.
SECTION 5 – THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.
All of our suppliers and service providers agree to terms set out in this Privacy Policy and are GDPR compliant.
Links
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 – SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Additionally, personal data sent collected and stored by Shopify through us, may be sent to networks in Canada/the USA. We have ensured that the relevant Privacy Shield or Binding Corporate Rules documentation is attained by any company we send your data to outside of the EEA, to ensure the highest standards of data security and to comply with GDPR rules on data security.
If a breach of data is discovered, you will be notified immediately of any data breach and risk to your personal data. This is also the case for any supplier that we may share your personal data with.
SECTION 7 – COOKIES
What are cookies?
A cookie is a small amount of information that’s downloaded to your computer or device when you visit certain websites. We use a number of different cookies on the website, including strictly necessary, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-in to cookies or not.
WooCommerce – Essential cookies Some cookies are essential for our site to run properly, such as remembering what is in your basket and performing checkout.
WooCommerce Non-Essential Cookies We use non-essential cookies for things like analytics and reporting, to help us analyse the site usage and make improvements to help better your experience of the site.
These are as follows, with a description of their function:
Third party non-essential cookies
We also use third party cookies for a range of different purposes – please see below to find out more about what cookies we use and what they do.
Reporting & Analytics Google Analytics We use Google Analytics to help measure how users interact with our websites.
Advertising Facebook Pixel We use the Facebook pixel, and any cookies it places for this, to help us deliver and measure targeted advertising
Social media & content Facebook Connect We use Facebook Connect to allow visitors to our website to interact with and share content via Facebook’s social media platform.
We use Pinterest to allow visitors to our website to interact with and share content via Pinterest’s social media platform. Twitter We use Twitter to allow visitors to our website to interact with and share content via Twitter’s social media platform.
Youtube
We use Youtube to allow visitors to our website to interact with and share content via Youtube’s social media platform.
Cookie Duration
The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.
Opting in and out of cookies
You can opt in, and opt out, of non-essential cookies at any time during your visit on our website – simply use the cookies banner to adjust your preference settings.
You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.
Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as: www.allaboutcookies.org.
Many of the third party advertising and other tracking services listed above offer you the opportunity to opt out of their tracking systems. You can read more about the information they collect and how to opt out through their privacy policies.
SECTION 8 – AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
SECTION 9 – CHANGES TO THIS PRIVACY POLICY
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
CONTACT INFORMATION
Email: info@haberdasherdo.co.uk
Postal Address:
Haberdasherdo,
32a Southbourne Grove,
Bournemouth,
BH6 3RA,
United Kingdom
Telephone:
01202 428612