Spa Cookshops Ltd t/a doggily (“we”, “us”, “our”) are committed to the protection of your privacy and the security of your personal data.
This policy explains how we handle and use the data we collect from you in order to fulfil our obligations in a manner consistent with your rights under the law, including the General Data Protection Regulation (GDPR), effective from 25th May 2018.
The data controller is Spa Cookshops Ltd t/a doggily, company number 11841009; registered office address: Alexandra Villa, 3 Victoria Avenue, Harrogate, North Yorkshire, United Kingdom, HG1 1EQ.
Our ecommerce platform is also provided by Shopify.
WHAT INFORMATION WE COLLECT FROM YOU
We collect information you give us voluntarily when you place an order, create an account on our website, enter a competition or contact us directly by email, phone, letter or via social media. This information may include your name, address, email address and phone number.
Our website also collects information about each visit you make using cookies. Cookies are small text files that are placed on your device to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping baskets, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or looking at https://www.aboutcookies.org/ which offers guidance for all modern browsers
HOW WE USE YOUR INFORMATION
We only use your information for the specific purpose indicated at the point of consent i.e. when you provide information voluntarily in order to receive goods, services or information from us. For example, if you have placed an order with us, we may contact you to update you on the status of that order, but you will not receive other communications from us unless you have explicitly asked to receive them.
In order to fulfil our obligations to you when supplying goods, services or information, we will share your information with certain third-party service providers:
- Couriers: we use APC Overnight https://apc-overnight.com/site-information/privacy-policy/ and Royal Mail https://www.royalmail.com/privacy-policy who will process name, address, email address and telephone number for the sole purpose of tracking and delivering customer orders.
- Marketing services: our email newsletters are managed through MailChimp https://mailchimp.com/legal/privacy/ who will process name and email address if you subscribe to receive this information. MailChimp is a reputable email marketing software company that enables us to manage our email newsletter. Your record on MailChimp will tell us when you subscribed, when you were emailed, if you looked at the email, if you opened any links in the email. This is not meant to be intrusive, just to help us put together better, more engaging emails in the future.
All payments made on our website are processed through Shopify and PayPal. These companies process your payment details on our behalf – you can view their data protection policies at https://stripe.com/gb/privacy and https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev
We do not store any customer payment information (i.e. debit or credit card details) on our own servers – these details are held in our accounts with Stripe and PayPal and are tokenized, ensuring they cannot be viewed by any third-party, including us.
We take the issue of data security very seriously and have put all reasonable measures in place to prevent your personal information from being lost, stolen or otherwise accessed, altered or transferred without your authorisation.
Our website is SSL certificated, which means all data you provide is fully encrypted to prevent it being read by third parties. Your web browser will indicate that our site provides a secure ecommerce environment by showing a locked padlock icon. Once we have received your information we will use strict procedures to keep it secure and safe – please be aware however that the transmission of data via the internet can never be 100% secure and is done entirely at your own risk
We also advise that when creating an account with us you use a strong password (a mixture of uppercase and lowercase letters, numbers and symbols) and take care to keep this password confidential – do not share it with anyone.
Access to your information is strictly limited to those employees and aforementioned third-parties who have a need to know in order for us to fulfil our obligations to you.
We have put processes in place to identify any suspected security breach and will notify you and the Information Commissioner’s Office (ICO) of any such breach in cases where we are legally required to do so.
WHERE AND HOW WE STORE YOUR DATA
Your data is stored on our secure servers hosted in the UK, or, where you have given consent, either by entering payment details to complete a purchase, or by opting in to our email newsletter, it will be handled by our third-party processors both inside and outside the EU to fulfil the specific purpose understood at the point of consent. This includes PayPal (EU), Stripe (US) and MailChimp (US). Stripe and Mail Chimp are certified to the EU-US and Swiss-US Privacy Shield Framework.
We will retain your data for as long as is necessary to fulfil our obligations to you, or as long as you permit us to keep it. We will review the data we hold on an annual basis and delete any personal information that no longer serves a purpose useful to you.
YOUR RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATION
You have the following rights under the GDPR:
- Right to withdraw consent – you can withdraw consent previously given at any time by contacting us directly or opting out from marketing emails
- Right to access – you can request a copy of the personal information we hold on you to check that we are lawfully processing it
- Right to rectification – you can request that we correct any incomplete or inaccurate information we hold on you
- Right to erasure (the right to be forgotten) – you can request that we delete or remove your personal data where there is no legitimate reason for us to continue to process it, both from our database and those of any third-parties who have accessed your information
- Right to object to processing – you can request that we stop processing your personal information where you believe your situation warrants it, even though we have a legitimate reason to do so. You can request that we suspend processing of your personal information if you want us to verify its accuracy or the reason for processing it. You can also object to certain types of processing, e.g. direct marketing and decisions based solely on automated processing
- Right to data portability – you can request that we transfer or copy your data to another party
By using our website, you (the visitor) agree to allow third parties to process your IP address, in order to determine your location for the purpose of currency conversion. You also agree to have that currency stored in a session cookie in your browser (a temporary cookie which gets automatically removed when you close your browser). We do this in order for the selected currency to remain selected and consistent when browsing our website so that the prices can convert to your (the visitor) local currency
We make no guarantee that our website and social media pages are free from errors, defects or viruses and accept no liability for any losses that may occur from reliance on information contained within those sites.
Our website may contain links to the websites and/or social media pages of other organisations, such as retailers or media outlets. Please note that we bear no responsibility for the web content or privacy policies of these organisations and advise caution when visiting them.
To exercise your rights as laid out in this policy, or to make any other enquiry or request, please email us at firstname.lastname@example.org
This policy was last updated in September 2019.