All payments made on our website are processed through Shopify and PayPal. These companies process your payment details on our behalf – you can view their data protection policies at https://stripe.com/gb/privacy and https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev
We do not store any customer payment information (i.e. debit or credit card details) on our own servers – these details are held in our accounts with Stripe and PayPal and are tokenized, ensuring they cannot be viewed by any third-party, including us.
We take the issue of data security very seriously and have put all reasonable measures in place to prevent your personal information from being lost, stolen or otherwise accessed, altered or transferred without your authorisation.
Our website is SSL certificated, which means all data you provide is fully encrypted to prevent it being read by third parties. Your web browser will indicate that our site provides a secure ecommerce environment by showing a locked padlock icon. Once we have received your information we will use strict procedures to keep it secure and safe – please be aware however that the transmission of data via the internet can never be 100% secure and is done entirely at your own risk
We also advise that when creating an account with us you use a strong password (a mixture of uppercase and lowercase letters, numbers and symbols) and take care to keep this password confidential – do not share it with anyone.
Access to your information is strictly limited to those employees and aforementioned third-parties who have a need to know in order for us to fulfil our obligations to you.
We have put processes in place to identify any suspected security breach and will notify you and the Information Commissioner’s Office (ICO) of any such breach in cases where we are legally required to do so.
WHERE AND HOW WE STORE YOUR DATA
Your data is stored on our secure servers hosted in the UK, or, where you have given consent, either by entering payment details to complete a purchase, or by opting in to our email newsletter, it will be handled by our third-party processors both inside and outside the EU to fulfil the specific purpose understood at the point of consent. This includes PayPal (EU), Stripe (US) and MailChimp (US). Stripe and Mail Chimp are certified to the EU-US and Swiss-US Privacy Shield Framework.
We will retain your data for as long as is necessary to fulfil our obligations to you, or as long as you permit us to keep it. We will review the data we hold on an annual basis and delete any personal information that no longer serves a purpose useful to you.
YOUR RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATION
You have the following rights under the GDPR:
- Right to withdraw consent – you can withdraw consent previously given at any time by contacting us directly or opting out from marketing emails
- Right to access – you can request a copy of the personal information we hold on you to check that we are lawfully processing it
- Right to rectification – you can request that we correct any incomplete or inaccurate information we hold on you
- Right to erasure (the right to be forgotten) – you can request that we delete or remove your personal data where there is no legitimate reason for us to continue to process it, both from our database and those of any third-parties who have accessed your information
- Right to object to processing – you can request that we stop processing your personal information where you believe your situation warrants it, even though we have a legitimate reason to do so. You can request that we suspend processing of your personal information if you want us to verify its accuracy or the reason for processing it. You can also object to certain types of processing, e.g. direct marketing and decisions based solely on automated processing
- Right to data portability – you can request that we transfer or copy your data to another party
We make no guarantee that our website and social media pages are free from errors, defects or viruses and accept no liability for any losses that may occur from reliance on information contained within those sites.
Our website may contain links to the websites and/or social media pages of other organisations, such as retailers or media outlets. Please note that we bear no responsibility for the web content or privacy policies of these organisations and advise caution when visiting them.