This Privacy Notice details how I collect and process your personal data through using my site www.fionapurves.co.uk, including information you provide when visiting the site, and when making a purchase.
As a sole-trader, I’m a small operation, and always seek to work in the most secure ways possible.
Since it’s just me on the team, I’m also the data controller, and I am responsible for your personal data.
When I talk about “Personal Information” in this Privacy Notice, I am referring to both Device Information and Order Information, which are explained in the first two sections below.
Cookies & Site Analytics
When you visit the Site, it automatically collects certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, it collects information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. I refer to this automatically-collected information as “Device Information.”
I collect Device Information using the following technologies:
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
The device information enables Squarespace, the hosting platform, to analyse visitor activity so I can easily track visitor use of the website and log statistics on website activity. For example, this information allows me to see which areas of my website are the most popular, and which areas need to be improved. I do not use any of these technologies to record or store any personal information such as your name, address or contact details, and no attempt is taken (by me or by Squarespace) to personally identify anyone with this automatically collected information.
Making a Purchase
When you make a purchase from the shop, I will collect information you provide - your name, e-mail address and postal address - so I can fulfil your order and get it sent to you. A phone number is also collected, and will only be used if it's essential and I can't get hold of you via e-mail - for example, to notify you of a workshop cancellation. I don’t collect any information I don’t need, including or any sensitive information such as gender, race or age. This is information is referred to as ‘Order Information’.
Order information you provide is stored within the e-commerce platform on our website host, Squarespace. Secure Socket Layer (SSL) technology is in place to keep everything secure.
I’m required by law to keep all my customer information for 6 years after the date of purchase; after this period has elapsed the information will be deleted.
The order information you provide when making a purchase is not used for any purpose other than fulfilling your order and dealing with any issues that may arise.
Payments are taken either directly through my website, or are externally directed to Paypal. You are given the option at the checkout to choose which you’d prefer.
Payments taken directly through my website are processed by Stripe, who will securely store any credit card data you provide. This information is encrypted with Secure Socket Layer (SSL) technology and is stored with AES-256 encryption.
When you sign up to my mailing list, you opt-in to receive e-mails about news such as product launches and events. I'll use your information to send regular e-mail newsletters, or to ensure your details are up to date and you're satisfied with the service. It is possible to unsubscribe from the mailing list at any point, using the 'unsubscribe' link at the bottom of any newsletter e-mail, or by e-mailing me directly on email@example.com. Your information will not be rented, traded or sold to any other parties.
Mailchimp is the platform I use to deliver my mailing list. Statistics are gathered via Mailchimp about e-mail opening and clicks, with industry standard practises. This is just to allow me to see how successful my newsletters are, so I can keep improving the service. You can read more on Mailchimp's Privacy Notice by clicking here.
I only share your information with third parties as necessary to help use your personal information for the purposes it was provided for, as described above. I use Squarespace to power my online shop - you can read more about how Squarespace uses your personal information here: https://www.squarespace.com/privacy/. Stripe is used to process payments directly through my online shop - you can read more about how they use your personal information here: https://stripe.com/gb/privacy.
I also use Google Analytics to help us understand how our customers use the Site - you can read more about how Google uses your personal information here: https://www.google.com/intl/en/policies/privacy/.
You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Mailchimp is used to create and deliver my newsletter via e-mail. See their Privacy Notice here; https://mailchimp.com/legal/privacy/.
The Site may, from time to time, contain links to and from other third party Sites. If you follow a link to any of these Sites, please note that these Sites have their own privacy and cookies policies and that I do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these Sites.
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Many of our third parties service providers (including Squarespace, Stripe and Paypal) are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever there is a transfer your personal data out of the EEA, I will ensure a similar degree of security of data by ensuring at least one of the following safeguards is in place:
- Only transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
- Where I use certain service providers, I may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
- If I use US-based providers that are part of EU-US Privacy Shield, data may be transferred to them, as they have equivalent safeguards in place.
If none of the above safeguards is available, I may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
As detailed above, I only share your information with third parties when it is necessary to fulfil the purposes it was collected for. Otherwise, your personal information will not be shared, sold or rented to anyone, unless it is required under the special circumstances as detailed below;
- Professional advisers, such as lawyers, bankers, auditors and insurers.
- HM Revenue & Customs, regulators and other authorities in the UK and any relevant jurisdictions who require reporting of processing activities in certain circumstances.
- Third parties to whom I sell, transfer or merge parts of my business or my assets.
- Service providers for IT and system administration services.
All third parties with whom I must share your data are required to respect the security and comply with the law. Access to your data is only allowed for specific purposes and as per my instructions.
Your legal rights
Under certain circumstances, you have the right under data protection laws regarding your personal data, which include the right to:
- Request access to your personal data
- Request correction of your personal data
- Request erasure of your personal data
- Object to processing of your personal data
- Request restriction of processing your personal data
- Request transfer of your personal data
- Right to withdraw consent.
You can find out more here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
If you would like to exercise any of the rights as above, email firstname.lastname@example.org and I will respond to all legitimate requests within one month.
I reserve the right to make changes to this policy if necessary. Any changes will be posted on this page. This policy was last modified on 30/05/18.
Fiona Purves, 15 Trefoil Avenue, Glasgow, G41 3PD.