PRIVACY STATEMENTDate updated: 10th September 2018
SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Orders and Invoices
When you place an order through our website, the invoice is stored on EKM’s platform. Invoices are stored indefinitely on this platform by default to enable us to locate information relating to your order at a later date if needed. For example, if a refund or replacement is necessary, we would then be able to locate the order in question to confirm any details. If you wish, we can delete invoices that are stored in EKM. For more information about the service that EKM provide us, please see Section 4.
With your consent, we may send you emails about our store, new products and other updates. We use the MailChimp platform to create and send our email marketing emails with a double opt-in system. The double opt-in means that after you have signed up, you will then receive an email asking you to click a link to verify your subscription.
If you sign up to our mailing list, you will be asked for your first name, last name, an email address, your birthday and what type of email communication you give consent for us to send to you. You are not required to provide your date of birth in order to sign up, this is simply so we can send you a birthday special offer if you wish us to do so. MailChimp stores the date, time and the IP address that you subscribed from to help us log your consent. Details of orders that you have placed (value and contents) may be shared with MailChimp for analytics, and, if applicable, remarketing purposes.
You will receive an email shortly after subscribing asking you to confirm your consent for us to send you email newsletters. All of our email newsletters will have a link at the bottom to allow you to unsubscribe from the list or manage your information at any time.
MailChimp is based in the United States and therefore information you supply us for the purposes of email marketing is sent to and stored in the USA. MailChimp adhere to the Privacy Shield Principles. Privacy Shield was set up by the US Department of Commerce, European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to ensure compliance with data protection laws when transfering data from the European Union and Switzerland to the United States. You can find out more about Privacy Shield and what it means for your data here.
SECTION 2 - LAWFUL BASIS FOR DATA PROCESSING
Under the definitions outlined in the General Data Protection Regulation (GDPR), we process information under the lawful bases of Consent, Contract and Legitimate Interest.
When you place an order on our website, or, begin to and abandon the basket, arrange a delivery or request to return a purchase, we process your information under the definition of “Contract” (the sale or request for a quote, services or information relating to a sale). This means that the information you give us, such as billing information, delivery information and contact information is necessary for us to provide you with a service, and this is how it is used by ourselves and it shall only be shared when necessary to fulfill our end of the contract, for example, with Royal Mail for the purposes of delivering your order. Your delivery information is required for us to complete delivery of your order, and your contact information will only be used in relation to order or delivery updates. If we wish to use your information for other purposes, we will ask for your consent.
After you have placed your order and we have fulfilled it, invoices containing the details of what you have ordered, your address(es) and contact information are stored on the EKM system. This allows us to refer back to the information at a later date if necessary for a return, refund or other query you may make relating to your previous orders. In this sense, we store this information because we have a Legitimate Interest in doing so.
When it comes to secondary purposes, such as marketing, we will always ask for your consent with a positive opt-in action. Our email marketing activities (using MailChimp’s platform, see Section 1 for more information) will always ask for consent and then reaffirm this with the use of a confirmation opt-in email.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent at any time. If the withdrawal is specific to our email marketing activities, you can do so by clicking through here, and entering the subscribed email address.
If the withdrawal request relates to information that is stored about you as a customer outside of email marketing purposes, please send us a request to firstname.lastname@example.org or by post to:
46 Richard Hillary Close
SECTION 3 - DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 4 - EKM
Our store is hosted by EKM. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through EKM’s data storage, databases and the general EKM application. They store your data on a secure server behind a firewall.
SECTION 5 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
When you click on links on our store, they may direct you away from our site. Where necessary, we encourage you to read their privacy statements.
We use a variety of Google’s services to help us run our website and to find ways that we can improve our service. The services we use include Google Tag Manager (used to inject code and cookies into our website), Google’s AdWords (advertising services) and Google Analytics. During some shopping activities on our site, you may encounter forms that are provided by Google Forms. We use these forms to collect information from you that we need to provide you with the requested service, for example, a wedding stationery package quotation. If you do not want to submit your information through these forms, you are more than welcome to send us an email instead to email@example.com.
Our website uses Google’s Analytics service to track our visitors behaviour whilst they are shopping or browsing on our site. From the 25th May 2018, our Google Analytics account will only retain any user data for 14 months. Any data that reaches this 14 month point will be automatically deleted by Google, from the Google servers, once a month. To find out more about how Google store and safeguard data, including data stored in Analytics, you can view the information here.
You can find out more about Google’s Ad services here and you can manage your preferences relating to Google’s Ads online at https://adssettings.google.com/.
We use TypeForm to create forms within our website including the proofing forms for our wedding stationery ranges. The information that you provide within a Type Form will only be used for the purposes we describe in the form and will not be used for a secondary purpose.
We use HubSpot’s service to create forms within our website that are used by our visitors to get in touch with us, request quotes for custom work and to request more information. The information submitted through these forms is stored in HubSpot. Our HubSpot service allows us to manage contact we have with our clients and contacts. Any information you give us that is stored within HubSpot will only be used for the purposes we describe at point of collection. If we want to use any of your information for an additional purpose, we will always get consent for this separately.
SECTION 6 - PAYMENT GATEWAYS
SECTION 7 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
When you browse or place an order on our website, your data is protected through a secure socket layer (SSL). Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Your data is stored in EKM’s (our e-commerce provider) datacentre.The EKM platform and its content and databases are located on our own servers, housed within a secure datacentre in Manchester which is ISO27001 and PCI-compliant, and has BS5979 security on-site.
SECTION 8 - SOCIAL MEDIA
Any information that you provide us with, for example about your order or a query you have through these platforms will be processed according to the policy laid out here. We strongly recommend that if you do contact us through a social media platform about an order or a query that involves giving us personal information, that you do so through the private messaging facility (where possible) to prevent your data being open to the public.
SECTION 9 - COOKIES
SECTION 10 - AGE
We do not market our site or services to those under the age of 16, and therefore we request that individuals younger than 16 do not use our services or submit information through our site.
SECTION 12 - INDIVIDUAL RIGHTS
The General Data Protection Regulation (GDPR) reaffirms the rights that individuals have relating to their data. In this section, we clarify these and how you can go about taking advantage of these Rights with relation to our website and activities.
Rights to Access, Right to Rectification and Right to Erasure
Orders and data that we have stored about our customers can be edited or deleted where necessary. Customers will also be able to manage their preferences and any information stored about them within our email marketing automation platform, MailChimp. For more information on MailChimp, please see Section 1.
Right to Restrict Processing
Under the GDPR, you have the right to request that ongoing processing of your data ceases. Under the definitions of the GDPR, the only data we process in an ongoing fashion is for our e-mail marketing activities. If you make this request, we will, to the best of our ability and under the guidelines of the GDPR, cease processing your data without actually removing it from our MailChimp database.
Right to data portability
In some circumstances, you can request that we provide you with your personal information in a structured, commonly used and machine readable format. The data that is stored in both our EKM and MailChimp databases can be exported as a CSV file. If you request this to be supplied to yourself or transferred to another provider of a similar service to us, we will comply with such a request as far as is technically feasible.
Right to object
Under the definitions outlined in the GDPR, you are entitled to object to processing of your data. As soon as an objection request is received, all processing will cease for all bar necessary processes. For example, if you have objected to processing but have placed an order that has not yet been fulfilled, all processing related to secondary purposes will cease, but processing of the order (including arranging delivery) will continue unless you request we cancel the order too.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact us at firstname.lastname@example.org or by mail at
46 Richard Hillary Close