At Hedley Field and Amy & Ivor we are committed to safeguarding the privacy of our website visitors. We make every effort to handle data lawfully, fairly and transparently and protect personal information by using reasonable security safeguards against loss or theft, as well as unauthorised access, disclosure, copying, use or modification.
We collect limited and relevant information that is necessary for our specific legitimate business purposes and we are committed to conducting our business in accordance with the new general data protection regulations (GDPR). Your personal data is only stored as long as is necessary for the purposes outlined below. We have systems in place to ensure that confidentiality of personal information is maintained.
We may update this policy from time to time by publishing a new version on our website. This Policy was last updated on 24 May 2018.
CONTRACTUAL & LEGAL DATA WE COLLECT FROM WEBSITE USERS
We collect the following information for the purposes of lawfully processing orders and entering into a contract with you.
We collect identity data such as names and surnames in order to identify website users and customers. We collect information for the single purpose of fulfilling the sales contract we are about to, or have, entered into with you. This can include delivery address, billing address, email, telephone number in order to fulfil orders placed on our site and deliver goods.
We collect financial data, which can include payment details, bank and card payment information and PayPal account information. We collect this in order to process payments for goods on our website. Payments are processed via third party encrypted payment services, including Shopify, Stripe and PayPal. See third party websites for individual privacy policies.
In order to fulfil orders and deliver your orders, we collect specific order information, which includes information about items purchased from us.
THIRD PARTIES WE WORK WE SHARE DATA WITH
For the purpose of processing your order we share your information with relevant, trusted, third party service providers we work with. This information is shared solely for the purpose of processing orders and delivering goods and services.
We select the third parties we work with to deliver our services very carefully. We only work with third parties we trust to respect the security of your personal data.
Here is the list of whom we may share your personal information with and why: Shopify, host our website and process all transactional data; Stripe, the gateway we use for card payments; PayPal, processing PayPal payments; Royal Mail - postal service we use to deliver goods; UPS, postal service we use to deliver goods; Xero software we use for accounting. All partners are working towards GDPR compliance for 25 May 2018, see websites privacy policies.
DATA FOR OUR OWN BUSINESSES DEVELOPMENT AND ANALYSIS
As well as collecting legal and contractual personal data laid out above, we also collect data relating to our website visitors, location data, IP addresses, profiling and analytics data and monitor online behaviour via cookies. We use Shopify cookies, and Google Analytics to do this. We collect this data, so we can understand how people use our website in order to improve our services.
We only send marketing emails where you have agreed to receive them. You can opt into our newsletter on our website or by accepting to receive marketing emails when you place an order. You can withdraw your consent at any time via the unsubscribe link at the bottom of our newsletter emails or by emailing us email@example.com.
We will never share your email address or personal information with any third party that is not necessary for our business purposes. We use MailChimp to manage our email subscribers list and send emails. We also use Privy to manage subscriber pop-ups.
AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence. We never knowingly collect information or send marketing emails to individuals under the age of 13 without parental authorisation.
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
DATA SECURITY AND REPORTING
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
We make every effort to secure personal data against unauthorised processing and accidental loss, destruction or damage. If any breach of security does occur, we will report the breach to the ICO within 72 hours of becoming aware of it. In the unlikely event there exists a high risk to an individual’s rights and freedoms we will also inform anyone affected immediately.
YOUR PRIVACY RIGHTS
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at firstname.lastname@example.org