PRIVACY & COOKIE USE POLICY

 

This privacy policy describes the personal data collected or generated (processed) when you use our website (“site”). It also explains how your personal data is used, shared and protected, and the choices you have. Pongoose Ltd is referred to as “our”, “we” or “us” in this privacy policy. When visiting our site, you will be able to access this policy at the bottom of the homepage and when navigating through the checkout process if purchasing a product from us.


WHAT PERSONAL DATA DO WE COLLECT & WHEN?

We fully respect your right to privacy and will not collect any personal information about you on this website without your clear permission. Any personal information which you volunteer to us will be treated with the highest standards of security and confidentiality in full compliance with the provisions of the Data Protection Acts (DPAs) and the General Data Protection Regulation (GDPR).

Personal data is requested from you in order to fulfil the products or services you request, e.g. when you buy products from us, create an account or contact us via our online forms. This personal data can include your:

  • Contact details including name, email, telephone number, shipping and billing addresses;
  • Login and account information, including user ID and password;
  • Payment or credit card details (only when placing an order);
  • Personal preferences, including marketing and cookie preferences.

 We do not collect any personal data about you on this website other than the information that you volunteer, whether by using our online forms, our e-mail subscription list or otherwise. Any information which you provide in this way will not be made available to any third parties unless we have received your express permission in this regard before doing so or unless we are obliged by law to pass on any such information. We may use data which you have submitted to us for statistical, market research, search engine optimisation (“SEO”) or promotional purposes. However, if we do use any of your data in any of these ways we will ensure that it will not be possible for any third party to identify the data as being attributable to you.

When using our site, certain data is automatically collected from your device or web browser, such as:

  • Cookies, which are small data files placed on your device that include an anonymous identifier to help our site provide a better user experience. Some cookies last the duration of your visit to a site and are immediately deleted once exiting, others are called ‘persistent cookies’ that may stay on your computer for much longer periods of time to enable services if you return to a site. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. You can read more information about cookies in the “Cookies and Pixels” section below;
  • Log Files, which collect data and actions that occur on the site such as your web browser and version, internet service provider, IP addresses and referring/exit pages;
  • Web beacons, pixels and tags that record information about how you use the site.

Additional data may be collected from you by means of in-time notices or pop-up boxes that will always ask for your consent prior to asking for the information. For example, mailing list or newsletter sign-up.

 

WHY & HOW IS YOUR PERSONAL DATA USED?

Your personal data is used in the following ways:

To enable us to provide the features of the site and services you request:

  • When using our site, your personal data will be used to provide the product or service you request. If you purchase a product on our site or sign up to a promotion, we will use the personal data you provide us to fulfil an order or communicate with you about the request. If a problem arises with an order, we will use this information to identify you and fix the issue;
  • To voluntarily share our products or blogs on social media, you may be required to provide your details to sign-in.

To communicate with you, but not limited to, new products, events or other promotions:

  • If you consent to it, we will send you marketing communications about our products, special offers, events and other communications. You can always opt-out at any time after your consent has been given. Consent will usually be gained by an initial sign-up box and a follow-up email with a clickable confirmation link which provides the double opt-in function for compliance with the GDPR;
  • We may also use the information you provide us with to personalise our communications that may apply specifically to you or that we think you may be interested in.

To operate, maintain and improve our business, products & Services:

  • In order to operate our business, we use your personal data. When you purchase products from us and enter into an order contract, we use that information for internal processes including accounting and audits. The information may also be used to enhance the experience of our site users and to diagnose and fix any technical problems with our site;
  • We may use your personal data about how you use our site to protect our or other’s rights, property or safety, such as to prevent and detect fraud, abuse, illegal use of our site, breaches of our Terms and Conditions, or to be in compliance with court orders, government requests or any applicable law;
  • We will use data of how visitors use our site for general research and behavioural analysis purposes. The purpose of this is to understand customer behaviour and product preferences. For example, the popularity of certain products or colour options, popularity of blogs or product instructional information. This information may be used from time to time in retargeting advertising with Facebook and Instagram which you can opt out of by adjusting your settings at https://www.facebook.com/settings/?tab=ads

Other purposes:

If your personal data is to be used by us in other ways, we will provide in-time notice of collection and obtain consent where applicable.

LEGAL GROUNDS

Depending on how you interact with our site, we are obliged to rely on certain legal grounds to process your personal data. Each processing that we do of your personal data must rely on a lawful basis such as:

  • Contract – this is where your personal data is required to fulfil our contract with you, e.g. we need your contact details to process and deliver your order;
  • Consent – we rely on your consent for data processing for a specific purpose, e.g. marketing and retargeting and the use of certain cookies on our website;
  • Legitimate Interests – this is our legitimate interests as a business, to comply with a legal obligation or to protect our, your or another 3rd party’s legitimate interests.

 

SHARING OF YOUR PERSONAL DATA

We share your personal data with: 

  • Third party service providers processing personal data on our behalf. This includes processing of credit cards and payments, shipping and deliveries, hosting and management of our data, email distribution, research and analysis, brand and promotion management and other features and services;
  • Shopify, who we use to power our site and store. You can read more about how Shopify uses your personal data at https://www.shopify.com/legal/privacy;
  • Google Analytics to help us understand how our customers use our site and you can read more about how Google uses your personal information at https://www.google.com/intl/en/policies/privacy/ You can also opt-out and adjust your preferences at https://tools.google.com/dlpage/gaoptout
  • Other third parties where necessary to comply with law, government request or court order; prevent illegal use of our site or violation of our Terms and Conditions; defend ourselves against any third party claims and assist in fraud prevention;
  • Any other third party that you have provided explicit consent for the sharing of your personal data.

When using third parties, we do not use any services, apps or plug-ins that we deem unnecessary or unsafe. We perform due diligence on third party services to ensure they are conforming to GDPR and other DPA requirements to protect your personal data.   

Some data may be shared about you in the event of a business re-organisation, e.g. if we sell all or part of our business or in the event of liquidation.

 

HOW WE PROTECT & MANAGE YOUR PERSONAL DATA

Shopify and payment details:


Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. If you are based in the European Economic area, your personal data will be processed by Shopify’s Irish affiliate, Shopify International Ltd, to fulfil an order contract or otherwise pursue our legitimate interests as outlined above. Please note that your information will be transferred outside of Europe including to Canada and the US in compliance with the relevant data protection legislation for those countries. For all users of the site, your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.

If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data for a short time. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard and American Express. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

Encryption and Security:

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.


If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption.  Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

 

RETENTION OF YOUR PERSONAL DATA

The information provided to us by you will be kept as long as necessary for us to carry out the purposes set out in this privacy policy, unless the law requires a longer retention period. For product purchases, we retain data for longer periods to comply with legal obligations including HMRC or tax laws, or for warranty purposes.

Your RIGHTS regarding your personal data:

We extend all rights not just to European customers or site users in an effort to provide the best privacy practices to everyone. Please note these rights are not absolute. Where we have obtained your consent for the processing of your personal data (e.g. newsletter sign up etc), you have the right to withdraw your consent at any time. This can be done via email to pongoose.climbing@gmail.com or via the contact form on our website.

You have the right to request the following:

  • Access to your personal data (unless this is restricted by section 5 of the DPA);
  • Electronic copy of your personal data in an acceptable IT format that can be transferred;
  • Correction of any incorrect information held about you;
  • Deletion or restriction of personal data in certain circumstances provided by applicable law.

With any such request, you should include any personal identifiers which you supplied earlier via the website (such as your name, address, phone number, e-mail address etc). If you make a request in respect of your personal data, we will comply with this request within one month of receiving it in writing. This will be free unless it is deemed by law to be ‘manifestly unfounded or excessive’, in which case an administrative charge may apply. If you are concerned about how we are handling your information, you have the right to complain to the Information Commissioner’s Office (ICO).

To opt out of direct marketing emails sent by us, you can do so using the ‘unsubscribe’ or ‘opt out’ link at the bottom of the email. Alternatively, you can contact us directly as outlined above in this section to ask us to remove your details from our mailing list.

 

COOKIES & PIXEL TAGS

We collect information, that may include personal data, from your browser when you use out website. Methods include cookies and pixel tags. Information collected includes:

  •  IP address;
  • Unique cookie identifier and cookie information;
  • Unique device identifier and device type;
  • Domain, browser type and language;
  • Country and time zone;
  • Other websites visited previously;
  • Information about how you interact with our site, i.e. click behaviour and purchases;
  • Site visit times and the referring URL.
Third party plug-ins may collect information through the site. This information will be collected directly from your web browser and data processing will be subject to their own privacy policies.  

 

We use cookies and pixel tags to better understand our customers’ preferences based on their site usage to allow us to improve their experience as an online retailer. Cookies and pixel tags are also used to obtain larger more general information about site traffic, trends and gain statistics.

Cookie types used on our website:

  • Functional cookies – these relate to basic site function and are always enabled. Some of these cookies allow you to be remembered by our site during a single session or from session to session. This includes returning to view an order status. They allow the cart and checkout processes to function and assist in security and regulatory compliance.
  • Performance cookies – These track usage so we can improve the function of our site, such as the speed of functions and requests and remembering preferences you may have selected. If you refuse these cookies, you may experience slow site performance and non-relevant suggestions.
  • Social media and Advertising cookies – Social media cookies allow you to connect to your social media accounts via our site and share products and blogs. Third party advertising cookies collect information to help tailor adverts appropriate to your interests and may occasionally include some of your personal data. You can disable these but be aware that you may see non-relevant advertising or experience problems linking or sharing content on social media.

The Google Analytics cookies included on this site are enabled for Display Advertising features (e.g., re-marketing, Google Display Network Impression Reporting, the DoubleClick Campaign Manager integration, or Google Analytics Demographics and Interest Reporting). Using the ‘Ads Settings’ you can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads. You can also refer to Google Analytics’ currently available opt-outs for the web.

Disabling cookies:

As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your web browser. Do remember that if you disable cookies, you may lose access to certain features on our site and some functions may not work properly.


INTERCEPTION BY THIRD PARTIES

While we will treat any personal data received from you in accordance with the terms set out in this privacy statement and we will take all reasonable steps to store the data securely, we cannot ensure that your data is not intercepted by third parties in the course of being transmitted to us. In the event that any information is intercepted when being transmitted to us via the internet we will bear no responsibility or liability to you for the manner in which any such intercepted data is used by any third parties.


EXTERNAL LINKS

This privacy statement relates only to the website of Pongoose Ltd. We may have links to external websites on our website which are clearly identifiable as such, either with logo pictures or in text. We do not have any control over the privacy policies or the terms of use of any of these external websites. The sites involved will have their own privacy policies and consent methods and you should review these before accessing their services or products. If you do not want to have any data collected by these sites, please do not click on their image as this will take you directly through to their websites. In the event that you visit any of these sites, whether by means of following the link on our page or otherwise, we will bear no responsibility or liability to you in respect of any such external websites, whether in respect of the manner in which your personal data is processed or otherwise. The fact that we have placed a link to an external website on our website does not signal that we agree with or endorse or are desirous of publishing any statement which is contained on any such external website.

 

CHANGES TO OUR POLICY

We may make changes to this privacy policy from time to time. Any such policy changes will be reflected in our privacy statement which will be posted on this page. Accordingly, if you visit this website regularly you should consult this page periodically to ensure that you are aware of our current policy.

 

Last modified – May 2018