Last Updated: 17/04/2018
Data Protection Officer: David MacLeod - firstname.lastname@example.org
We take Privacy concerns very seriously and we are committed to protecting your privacy both online and offline. This policy sets out how and why we use, store and process your data, and who we may pass this data onto in the normal course of managing your account and processing your orders and payments.
We store, process and pass on your data only in accordance with both the UK Data Protection (Charges and Information) Regulations 2018 and the EU General Data Protection Regulation, and we only pass data to third parties that are also compliant with these regulations.
Protecting Personal Data
We take every possible precaution to protect the personal information supplied by you to us when placing an order or opening an account with us. Whichever method you choose to place your order with us all payments and account creation/maintenance forms are encrypted using secure 128bit or better SSL software. This is the industry standard level of security which encrypts all information before it is sent to us to prevent it from being intercepted. We have implemented strict security procedures in relation to the storage and disclosure of the information you provide us, in order to prevent theft of data and unauthorised access to your details.
Cookies are small pieces of data that websites store on your computer which enable our website to provide features such as keeping users signed in and storing items in your Shopping Cart for later checkout. Cookies can be turned off in your browser or you can be notified when you receive a cookie so you choose whether to accept it or not. Please contact your browser provider for instructions if you wish to do this. Disabling cookies may prevent you from taking advantage of some features on our site.
Collection and Sharing of Data
We do not transfer your personal data to any third party other than those set out below, and only do so to enable us to manage your account and/or newletter subscription and process and deliver your orders and payments. We will never sell, trade or rent your personal data to any other party. Please note that if you hold an account of your own with one of the parties below you should contact them of refer to their own Privacy Policies linked below to find complete information about how they use and store your data as the information below only refers to how they handle your data in relation to your order(s) with us.
An online store software provider that we use to manage our online shopping cart and newsletter. If you place an order through our website BigCommerce will collect and store your full name, company name (if provided), billing and shipping addresses, telephone number (if provided), email address and IP address for the purposes of processing your order and providing customer service. If you choose to register an account before or during the checkout process then for the purpose of supplying and maintaining that account BigCommerce will collect and store the above information as well as the password you enter during the registration process, which will be encrypted and not accessible by us or BigCommerce staff. If you sign up to our newsletter BigCommerce will collect and store your name and email address for the purpose of distributing the newsletter. BigCommerce does not collect or store payment details, the payment method you choose will determine who collects and processes your payment details.
An online payment processor that we use to collect payments. If you choose to pay by PayPal your payment details (which may include bank account or debit/credit card details depending on how you choose to fund the payment) as well as your order information such as full name, company name (if provided), billing and shipping addresses, telephone number (if provided), email address and IP address will be collected, processed and stored by PayPal for the purpose of taking payment, and maintaining your PayPal account if you choose to register for one. If you pay with another method none of your information will be shared with PayPal.
An online payment processor that we use to collect payments. If you choose to pay by Credit/debit card your card details will be collected, processed and stored by Squareup International for the purpose of taking payment, providing customer service and maintaining your Square account if you choose to register for one. If you pay with another method none of your information will be shared with Squareup International.
A sales channel and online payment processor that we use to advertise and sell our products, and collect payments. If you choose to pay for an order on our website with Amazon Pay, or you place an order with us through Amazon's own website, your payment details (which may include bank account or debit/credit card details depending on how you choose to fund the payment) along with your order details such as full name, company name (if provided), billing and shipping addresses, telephone number (if provided), email address and IP address will be collected, processed and stored by Amazon for the purpose of taking payment, processing the order, providing customer service and maintaining your Amazon account. If you pay with another method none of your information will be shared with Amazon.
A sales channel that we use to advertise and sell our products. If you place an order with us through eBay your order details such as full name, company name (if provided), billing and shipping addresses, telephone number (if provided), email address and IP address will be collected, processed and stored by eBay for the purpose of processing the order, providing customer service and maintaining your eBay account. If you do not order through eBay none of your information will be shared with eBay.
A multi-channel inventory management software that we use to syncronise our stock and process, manage and book deliveries for our orders. Whether you order on our BigCommerce store or through a sales channel such as eBay or Amazon, the order details and personal information outlined above for that sales channel will be passed to Linn Systems for the purpose of processing your order and booking delivery of your item(s).
An online accounting system we use to prepare our tax records and accounts. When you place an order with us through any channel some of your order details, including name and address, will be passed to Xero for the purposes of creating invoices and storing them for tax records and aftersales customer services.
Transfer of Data Outside the European Economic Area
Some of the third parties that we use outlined above are based outside the European Economic Area so your data may be transferred outside the European Economic Area for the purposes of processing your order and maintaining your account with us. These companies are still required to store and processs your personal data securely and in compliance with the EU General Data Protection Regulation.
Data Breaches & Notification
In the event that a security breach leads to your personal data being unlawfully accessed, disclosed, lost, destroyed or altered, we will contact the individual(s) whose data may be affected and report the indicent to the UK Information Commissioner's Office where required to do so.
Access to Information (Data Subject Access Requests)
You may request details of all the personal information we hold on you, and which of our 3rd Party providers also hold information about you, by e-mailing email@example.com. Our Data Protection Officer will respond within 14 working days.
For data security purposes we may need to verify you are the subject before we can give out such information.
We do not charge a fee for providing this information, unless the requests are more than once per month in which case a fee of £12 will be charged for each separate request.
You have the right to be provided with the personal data we hold about you in an easily portable format, such as a Comma Separated Values (CSV) file, to aid in the transfer of this data elsewhere.
Data Retention & The Right to be Forgotten
We will not keep data for longer than is necessary, though in some cases data will be kept indefinitely unless we are notified otherwise. For example, if you open an account with us your account details such as name, address, email address, telephone number etc will be stored so that you can use them for future orders, unless you close that account.
We can delete all personal data we hold about you on request at any time, and also provide assitance with having your data deleted by any of the third parties listed above should you need it. Please email us on firstname.lastname@example.org to request this.
Comments & Concerns
If you with to make a complaint or have concerns about our personal data practices that we have not been able to address you can also contact the ICO - https://ico.org.uk/concerns/