For the purposes of the data protection laws, I am the “data controller”, meaning that I am responsible for deciding how your personal data is used and for keeping your data safe.
What data do I collect about you?
You may provide me with the following types of personal data when you directly interact with me through the website or otherwise:
· Basic – first name, surname, account log-in information, country of residence, email address, telephone numbers and address
· Financial – billing address, purchase information, payment history
Please note that you are not required to provide any of the above data but if you don’t, it may not be possible to purchase products from me and your customer experience may be otherwise affected.
I may also collect the following information from you when you use my website (using cookies or other tracking technologies), which can be categorised as personal data:
· Usage – information about how you use our website, including time spent on page, click-throughs, download errors, browsing patterns
· Technical – browser type, device information, IP address, hardware type, network and software identifiers, operating system and system configuration
Why do I use your data and what are my legal grounds?
Reason why I use the data What data Legal ground for using the data
Register you as customer and enable
you to log-in once you have registered Basic, Profile Perform my contract with you Necessary for legitimate interests (to make your purchase experience more user friendly)
To enable you to put products in your
basket and save for later Basic, Technical, Usage Same as above
Verify your identity and detect fraud and
security issues All Necessary for legitimate interests (to prevent and detect fraud, security incidents and criminal activity)
Process payments for products and to
action refunds Basic, Financial Perform my contract with you
Deliver your purchases Basic Same as above
Send you service messages by email,
including receipts and product
information Basic Same as above
Administer our website, including
trouble shooting, testing and analysis
and to facilitate interactive features of
my website All Performance of my contract with you Necessary for my legitimate interests (to ensure that my website is fully functional
and operating in the most effective way for you)
Providing customer support All Performance of a contract with you Necessary for my legitimate interests (to ensure our customers are informed and satisfied)
Notify you of changes to my Privacy
Policy or other changes to my products Basic Performance of my contract with you Necessary to comply with a legal obligation
For internal administration and record
keeping purposes All Performance of my contract with you Comply with my legal obligations Necessary for my legitimate interests (to effectively operate my business)
Sharing your data
I do not pass your personal data to any third parties for the purpose of third party marketing. If in the future I want to do this, I will only do so if you have given your permission.
However, I do need to share your data with the following third parties as an essential part of being able to provide my services to you. In each case, I will only ever share the minimum amount of information required, and ensure that the relevant third parties are bound by suitable obligations of confidentiality and security. Relevant third parties will include payment service providers.
In addition to the above, I may also need to share your personal data with third parties if we are legally obliged to.
Do I send your data outside of the EEA?
The European Economic Area or “EEA” is seen as having high standards of data protection. As such, I currently do not transfer or handle your data outside of the EEA.
Links to third party websites
Security of your data
I implement industry standard security processes to ensure your data is kept safe and secure and to prevent unauthorised access or use or loss of your data, including ensuring access to your account is controlled by a password and a user name. I also make sure that when I am required to share your data with third parties, they are subject to suitable confidentiality and security standards.
Despite these measures, the transmission of data via the internet is not completely secure. As such, I cannot guarantee that information transmitted to me via the internet will be completely secure and any transmission is at your own risk. If you suspect any misuse or loss or unauthorised access to your personal data, please let me know at firstname.lastname@example.org.
How long do I retain your data for?
You have various rights under data protection laws which entitle you, in certain situations, to: (i) ask me for a copy of the personal data I hold about you; (ii) correct or update your personal data, which you can do yourself by logging into your account or if you would prefer, please contact me and I can assist; (iii) request that i delete your personal data; (iv) object to the handling of your personal data where I am relying on a legitimate interest (as set out in the above table); (v) restrict the processing of your personal data; (vi) request the transfer of your personal data to a third party data controller; or (vii) where you have provided your consent for something, in certain circumstances, you may withdraw this consent (but note that I may continue to use your personal data if I have legal grounds for doing so).
Please contact us at email@example.com if you would like to exercise your rights, which you can do for free.
If you are concerned about the way I am handling your personal data you may also contact the ICO (Information Commissioner’s Office).
Changes to this policy
I may change this policy from time to time and will upload these updates onto my website.
How to contact me
If you would like to discuss anything in this policy, wish to exercise your rights or have any issues with the way I am handling your data, please email me at firstname.lastname@example.org.
Last Updated – May 2021