1 OUR APPROACH
1.2 If you have any questions about this Policy, please contact us at email@example.com.
2 what is PERSONALLY IDENTIFIABLE INFORMATION (PII) / personal data?
Personal data or PII means any information relating to a person who can be identified either directly or indirectly; it may include name, address, email address, phone number, credit / debit card number, IP address, location data, purchase or sales history (“Personal Data”).
3 how is your Personal Data collected?
We use different methods to collect data from and about you including through:
3.1 Direct interactions. You may give us your Personal Data by filling in forms or by corresponding with us on the website, on our app or by phone, email or otherwise. This includes Personal Data you provide when you:
• sign up to our newsletter;
• submit an application to become a registered customer;
• enter a competition, promotion, or survey;
• give us some feedback; or
• take part in one of our market research projects.
3.2 Automated technologies or interactions. As you interact with our app or website or open our emails, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this Personal Data by using cookies, and other similar technologies.
3.3 Third parties or publicly available sources. We may receive Personal Data about you from various third parties and public sources as set out below:
· Technical data from Squarespace (our website host), Facebook and from Google Analytics including details about your use of our website, browsing actions and patterns.
· Contact, preferences, financial and transaction data from providers of technical and payment services such as Stripe who are our payment service provider, Typeform which provides our online surverys, Groselha Limited who operates our website and Eventbrite who manage ticketing for our events.
4 PURPOSES FOR WHICH we process PERSONAL data
4.1 We will only process your Personal Data, in accordance with applicable law, for the following purposes:
4.1.1 creating and maintaining your customer account, if you become a registered customer;
4.1.2 offering our website and app to you in a personalised way, for example, we may provide suggestions based on your previous searches. This may also include, where legally permitted, processing data related to your location;
4.1.3 enabling our suppliers and service providers to carry out certain functions on our behalf, including payment processing, verification, technical, logistical or other functions, as may be required, in order operate our website;
4.1.4 resolving any disputes, if you lawfully exercise your rights or if you wish to dispute any part of our offering;
4.1.5 sending you personalised marketing communications, where you have agreed that we may do so, in order to keep you informed of our and our selected partner’s products and services, which we consider may be of interest to you;
4.1.6 serving personalised advertising to your devices; delivering ads based on your interests ascertained from your past searches, website visits and purchases on our website, and other data obtained through the use of "cookies" placed on your devices. Please see our Cookie Statement below;
4.1.7 ensuring the security of your account and our business, preventing or detecting fraud or abuses of our website, for example, by requesting verification information in order to reset your account password;
4.1.8 developing and improving our products and services, for example, by reviewing visits to our website and its various subpages, demand for specific products and user comments;
4.1.9 to comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.
4.2 Your consent, as the Data Subject, to the processing as specified in this Policy is the primary legal ground for our processing of your Personal Data. However, there may be circumstances where we may also rely on other valid legal grounds for the processing of your Personal Data, such as:
4.2.1 legitimate interests pursued by us as a business, except where such interests are overridden by your interests and fundamental rights. We will rely on this legal ground in relation to the processing set out in paragraphs 4.1.7 and 4.1.8, in which we have a legitimate interest; and
4.2.2 compliance with a legal obligation to which we are subject, such as, for example, the processing for the purposes set out in paragraph 4.1.9.
5 DISCLOSURE OF CUSTOMER INFORMATION
5.1 There are circumstances where we wish to disclose or are compelled to disclose your Personal Data to third parties. This will only take place in accordance with the applicable law and for the purposes listed above. These scenarios include disclosure:
5.1.1 to our outsourced service providers or suppliers to facilitate the provision of our services or products to our customers, for example, the disclosure to our webhosting provider through which your Personal Data may be collected and/or our payment processing provider Stripe;
5.1.2 to third party service providers and consultants in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons;
5.1.3 to public authorities where we are required by law to do so; and
5.1.4 to any other third party where you have provided your consent.
6 INTERNATIONAL TRANSFER OF PERSONAL DATA
We have no intention to transfer your Personal Data to a third party in countries outside the country in which it was originally collected. However, if this changes we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organisation, contractual or other lawful means.
7 RETENTION OF PERSONAL DATA
7.1 Your Personal Data will be retained until your last purchase and normally for a period of three years thereafter, unless longer retention is required by applicable law or where we have a legitimate and lawful purpose to do so. However, we will not retain beyond this period any of your Personal Data that is no longer required for the purposes set out in this Policy. The retention of your Personal Data will be subject to periodic review.
7.2 We may keep an anonymised form of your Personal Data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.
8 DATA SUBJECT RIGHTS
8.1 Data protection law provides you, as the Data Subject, with numerous rights, including the right to: access, rectify, erase, restrict, transport, and object to the processing of, your Personal Data. Data Subjects also have the right to lodge a complaint with the relevant data protection authority if they believe that their Personal Data is not being processed in accordance with applicable data protection law.
8.2 Right to make subject access request (SAR). Data Subjects may, where permitted by applicable law, request copies of their Personal Data. If you would like to make a SAR, i.e. a request for copies of the Personal Data we hold about you, you may do so by writing to firstname.lastname@example.org. The request should make clear that a SAR is being made. You may also be required to submit a proof of your identity and a fee.
8.3 Right to rectification. You may request that we rectify any inaccurate and/or complete any incomplete Personal Data.
8.4 Right to withdraw consent. You may, as permitted by applicable law, withdraw your consent to the processing of your Personal Data at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you may not be able to benefit certain service features for which the processing of your Personal Data is essential.
8.5 Right to object to processing. You may, as permitted by applicable law, request that we stop processing your Personal Data.
8.6 Right to erasure. You may request that we erase your Personal Data and we will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping your Personal Data, such as, a legal obligation that we have to comply with, or if retention is necessary for us to comply with our legal obligations.
8.7 Your right to lodge a complaint with the supervisory authority. We suggest that you contact us about any questions or if you have a complaint in relation to how we process your Personal Data. However, you do have the right to contact the relevant supervisory authority directly. To contact the Information Commissioner’s Office in the United Kingdom, please visit the ICO website for instructions.
Please note that this website is not intended for children under the age of 16.
10 LINKED WEBSITES
11.2 We use the following cookies:
11.2.1 Necessary cookies. These are required for the operation of our website e.g. cookies that enable you to log into your account.
11.2.2 Analytical or performance cookies. These teach us how customers are using our website so that we can improve it.
11.2.3 Functionality cookies. These help us recognise you when you return to our website so that we can personalise it for you and remember your preferences.
11.3 For details about the specific cookies that we use on our website please see: https://support.squarespace.com/hc/en-us/articles/360001264507
11.4 You can block cookies by activating the relevant settings on your internet browser. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.
12.1 We keep our Policy under regular review. This version was last updated on [25 June 2019].
12.2 It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.