WHAT PERSONAL DATA DO WE COLLECT & WHEN?
We fully respect your right to privacy and will not collect any personal information about you on this website without your clear permission. Any personal information which you volunteer to us will be treated with the highest standards of security and confidentiality in full compliance with the provisions of the Data Protection Acts (DPAs) and the General Data Protection Regulation (GDPR).
Personal data is requested from you in order to fulfil the products or services you request, e.g. when you buy products from us, create an account or contact us via our online forms. This personal data can include your:
We do not collect any personal data about you on this website other than the information that you volunteer, whether by using our online forms, our e-mail subscription list or otherwise. Any information which you provide in this way will not be made available to any third parties unless we have received your express permission in this regard before doing so or unless we are obliged by law to pass on any such information. We may use data which you have submitted to us for statistical, market research, search engine optimisation (“SEO”) or promotional purposes. However, if we do use any of your data in any of these ways we will ensure that it will not be possible for any third party to identify the data as being attributable to you.
When using our site, certain data is automatically collected from your device or web browser, such as:
Additional data may be collected from you by means of in-time notices or pop-up boxes that will always ask for your consent prior to asking for the information. For example, mailing list or newsletter sign-up.
WHY & HOW IS YOUR PERSONAL DATA USED?
Your personal data is used in the following ways:
To enable us to provide the features of the site and services you request:
To communicate with you, but not limited to, new products, events or other promotions:
To operate, maintain and improve our business, products & Services:
If your personal data is to be used by us in other ways, we will provide in-time notice of collection and obtain consent where applicable.
Depending on how you interact with our site, we are obliged to rely on certain legal grounds to process your personal data. Each processing that we do of your personal data must rely on a lawful basis such as:
SHARING OF YOUR PERSONAL DATA
We share your personal data with:
When using third parties, we do not use any services, apps or plug-ins that we deem unnecessary or unsafe. We perform due diligence on third party services to ensure they are conforming to GDPR and other DPA requirements to protect your personal data.
Some data may be shared about you in the event of a business re-organisation, e.g. if we sell all or part of our business or in the event of liquidation.
HOW WE PROTECT & MANAGE YOUR PERSONAL DATA
Shopify and payment details:
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. If you are based in the European Economic area, your personal data will be processed by Shopify’s Irish affiliate, Shopify International Ltd, to fulfil an order contract or otherwise pursue our legitimate interests as outlined above. Please note that your information will be transferred outside of Europe including to Canada and the US in compliance with the relevant data protection legislation for those countries. For all users of the site, your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data for a short time. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard and American Express. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Encryption and Security:
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
RETENTION OF YOUR PERSONAL DATA
Your RIGHTS regarding your personal data:
We extend all rights not just to European customers or site users in an effort to provide the best privacy practices to everyone. Please note these rights are not absolute. Where we have obtained your consent for the processing of your personal data (e.g. newsletter sign up etc), you have the right to withdraw your consent at any time. This can be done via email to firstname.lastname@example.org or via the contact form on our website.
You have the right to request the following:
With any such request, you should include any personal identifiers which you supplied earlier via the website (such as your name, address, phone number, e-mail address etc). If you make a request in respect of your personal data, we will comply with this request within one month of receiving it in writing. This will be free unless it is deemed by law to be ‘manifestly unfounded or excessive’, in which case an administrative charge may apply. If you are concerned about how we are handling your information, you have the right to complain to the Information Commissioner’s Office (ICO).
To opt out of direct marketing emails sent by us, you can do so using the ‘unsubscribe’ or ‘opt out’ link at the bottom of the email. Alternatively, you can contact us directly as outlined above in this section to ask us to remove your details from our mailing list.
COOKIES & PIXEL TAGS
We collect information, that may include personal data, from your browser when you use out website. Methods include cookies and pixel tags. Information collected includes:
Cookie types used on our website:
The Google Analytics cookies included on this site are enabled for Display Advertising features (e.g., re-marketing, Google Display Network Impression Reporting, the DoubleClick Campaign Manager integration, or Google Analytics Demographics and Interest Reporting). Using the ‘Ads Settings’ you can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads. You can also refer to Google Analytics’ currently available opt-outs for the web.
As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your web browser. Do remember that if you disable cookies, you may lose access to certain features on our site and some functions may not work properly.
INTERCEPTION BY THIRD PARTIES
While we will treat any personal data received from you in accordance with the terms set out in this privacy statement and we will take all reasonable steps to store the data securely, we cannot ensure that your data is not intercepted by third parties in the course of being transmitted to us. In the event that any information is intercepted when being transmitted to us via the internet we will bear no responsibility or liability to you for the manner in which any such intercepted data is used by any third parties.
CHANGES TO OUR POLICY
Last modified – May 2018