Privacy issues are very important to us, given the current regulatory and technical environment and we are committed to protecting your privacy.
Use of Personal Data and GDPR
We as a company adhere to The EU General Data Protection Regulation (GDPR), effective 25 May 2018. We take your privacy issues and use of personal data very seriously. Details of how we use your data is listed below.
GDPR replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe. This includes replacing the Data Protection Act 1998 in the UK (regardless of the situation of the UK leaving the European Union). We as a company will have to continue to abide by the rules of the GDPR due to the fact that we deal with customers in the European Union.
One of the main changes brought into effect by the introduction of the GDRP is that now you, as a customer, will have to opt for us to use your details for marketing purposes. Previously, websites were able to have a pre-ticked box on their website to add you into mailing lists. This is no longer the case. Now if you would like to hear from us, you will need to explicitly authorise us to do so.
Upon making a purchase we will require the following information from you:
Credit/Debit card number
Credit/Debit card expiry date
This information is used to complete your order and to ship it to your delivery address. We ask for your email address and phone number to be able to contact you with updates on your order status, as well as to inform you if there are any issues.
Unless you have explicitly given us permission (opted in to receiving marketing and promotional information from us) we will not be using your personal details for any other purpose.
How We Use Your Data
As a company we will need to hold some of your data as well as share some with other companies. This is done to allow us to function as a business. A list of the companies that will be able to see your personal data are listed below:
eshop (Business platform)
OpenCart ((Business platform)
Google Analytics (Analytical data, number of page views etc.)
Royal Mail (Courier)
AcyMailing (Bulk emailing system. Only used if you have chosen to receive promotional material from us).
All of these companies in turn will also be regulated and adhere to the GDPR rules. Only relevant information is shared with these companies.
As an e-commerce business we take the protection of all of your personal data very seriously and have several protocols in place to protect it from accidental and malicious leaking.
In the unlikely event that there is a breach of these protocols and we suspect that your personal data may have been compromised we will inform you as soon as feasibly possible in order to allow you to take any necessary precautions.
This notification will include the following:
The nature of the personal data breach
Recommendations for you to mitigate potential adverse effects.
Under the new GDPR rules, we are now obligated to inform the Information Commissioners Office (ICO) of any data breaches with 72 hours of us becoming aware of it (wherever feasible). This is a new piece of legislation that wasn’t previously required under the Data Protection Act (1998).
Right To Be Forgotten
Also included in the GDPR you as a customer has a “Right to be forgotten”. This means that you will be able to make a request to us for your personal data to be erased. This will only work for data that is no longer necessary. (This may mean that should you have made a request to be forgotten, we will remove your phone number, name, email address etc. but may need to retain what items you have bought for accounting purposes. Once this information is no longer required it will be removed).
Protection of Personal Data
We have taken every possible precaution to create a secure environment to protect the personal information supplied by you to us when making an order or opening an Account. When an order is placed or Account opened we offer the use of a secure service. Essentially we have adopted the industry standard encryption methods in that the secure service software (SSL) encrypts all information input before it is sent to us. In order to comply with the GDPR and for maximum peace of mind we can advise that we have implemented strict security procedures in relation to the storage and disclosure of information which you have given to us for the purpose of preventing unauthorised access. For security reasons and to protect your right to privacy we may occasionally request proof of identity from you before disclosing any sensitive information to you or accepting any order from you.
We do not store customer’s financial details (Credit or debit card numbers).
Cookies are small pieces of information that websites transfer to your computer hard drive and we use to enable our website to provide features such as automatic login, personalised greetings and storage of items in your Shopping Basket. Cookies can be turned off in your browser or you can be notified when you receive a cookie so you choose whether to accept it. The Help menu of your browser should contain information on how to do this. However, changing these settings may mean that you will not be able to take advantage of some of the advanced features on the site. If you do wish to remove cookies after a visit to the site, perhaps because you are using a shared computer, you can clear the cookies by clicking on the sign out link.
Disclosure of Information to Third Parties
We do not sell, trade or rent your personal information (data) to others. We may choose to do so in the future with carefully selected and trustworthy third parties. Should you not wish us to do so then kindly advise us by sending an e-mail to firstname.lastname@example.org .We may provide statistics or analytical records about our customers, sales, traffic patterns to reputable third party vendors but this information will not include any personally identifying information on you.
We employ third parties and individuals to perform certain functions on our behalf. Examples of these might be a courier delivering your goods to you, analysis of data, provision of marketing assistance, processing credit card payments and provision of a customer services department. Please rest assured that those companies and individuals who have access to any such personal information are not permitted to use this information for any other purposes and they are required to process any such data in accordance with the GDPR.
Transfer of Data
Access to Information
You may obtain details of the personal information we hold on you by e-mailing us at email@example.com. Our Data Protection Officer will revert to you within 28 working days.
If you have any comments, suggestions or concerns, please e-mail firstname.lastname@example.org