What we collect
The personal information collected when you place an order includes your name, email, address, postcode, phone number, which products you ordered, and your VAT number if applicable. When you place your order you will also be asked to provide payment details. We use Stripe Checkout to collect payment data and process your order. Following Stripe’s best practices, we are not storing credit card data. The payment related data we do store is the amount paid with discount if applicable, and any taxes. As part of our analytics we also store your IP address.
What we do with the information we gather
Here is how we use your information:
- Address and phone number is used when we book the delivery. The shipping company we use stores your shipping details and associates it with a generated order number and a tracking number. The tracking number is used to check the status of your order and if any issues arise, we are able to contact the shipping company and provide the tracking number for your order.
- Internal record keeping. Occasionally there is a typo in a discount code, or the address provided is not found in shipping company lookup system. We use your order data to verify and fix any issues which may arise.
- Your name and email is used to send your order confirmation.
- Also we use your name and email to send you occasional updates and asking your feedback.
- We may use IP addresses of visitors to our website for the purposes of protecting our website from hacking attempts or email SPAM.
- Sensitive payment details, such as credit card details are handled by Stripe and we follow their best practices to make sure your payment details never reach our server.
- We keep cost of the order, which includes shipping cost, taxes and discount where applicable, so we can generate an order confirmation for you and check that total amount is calculated correctly.
How long do we keep this data for?
We will hold your personal information on our systems for as long as is necessary for the relevant activity. We review our retention periods for personal information on a regular basis.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
Transfer of personal data outside of the EU
There may be occasions where data may be transferred outside of the EU for storage or processing. Where necessary, we will take steps to ensure that there are adequate safeguards in place to protect your personal data. For example, for servers located in the US, we would look for compliance with the EU-US Privacy Shield Framework, which offers compliance with EU data protection requirements when transferring personal data from the European Union to the United States. You can find more information about Privacy Shield at https://www.privacyshield.gov/welcome.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and helps us to identify ways to improve our website in order to tailor it better to our customer needs. We only use this information for statistical analysis purposes. Overall, cookies help us provide you with a better and more usable website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may however limit some functionality and prevent you from taking full advantage of the website. For details on how to do this, please refer to aboutcookies.org, provided by international law firm Pinsent Masons. We use Google Analytics to collect data on how our users are using our website and their demographics (age, gender) and interests which enables us to evaluate how our users’ behaviour varies by demographics and interests in order that we can improve our website content, marketing and services for our clients. The information generated by the cookies about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google undertakes not to associate your IP address with any other data held by Google. The Google Analytics features we implement may be based on Display Advertising (e.g. Remarketing, Google Display Network Impression Reporting, the DoubleClick Campaign Manager integration, or Google Analytics Demographics and Interest Reporting). Users can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings. If you prefer that Google Analytics does not collect any data from you when you visit a website that has it incorporated, information for opting out can be found on Google Analytics’ currently available opt-outs for the web.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling your personal information
Under the General Data Protection Regulations (GDPR), you have the following rights:
- the right to be informed
- the right of access
- the right to rectification
- the right to erasure
- the right to restrict processing
- the right to data portability
- the right to object
- the right not to be subject to automated decision-making including profiling
You may choose to restrict the collection or use of your personal information in the following ways:
- whenever you are asked to fill in a form on the website, look for a box, or boxes, that you can select to indicate your consent.
- if you have previously agreed to us using your personal information for direct marketing or other purposes, you may change your mind at any time by emailing us at email@example.com.
We will not sell, distribute or lease your personal information to third parties. We do not create derived or inferred data about people by profiling.
You may request details of personal information which we hold about you under the GDPR (previously the Data Protection Act 1998). If you would like a copy of the information held on you please email us at firstname.lastname@example.org.