SECTION 1: WHAT WE DO WITH YOUR INFORMATION
1.1 The Buyer’s information (Name, Email Address, Mailing Address) will be collected when an order is placed through the website or Etsy shop. This is necessary to process orders. This information is stored securely and will not be sold or shared to any third parties. If the Buyer has entered an alternative shipping address (such as to send a direct gift) this information will also be stored in the same way.
1.2 With your permission, if you have opted in to our mailing list, we may occasionally send you emails about our store, new products and other updates. You can choose to opt-out at any time.
1.3 By using this site, you represent that you are at least 18 years (or age of majority in your state or province of residence) and therefore we do not hold any sensitive or personal information of minors.
SECTION 2: HOW WE STORE YOUR INFORMATION
2.1 Any documents containing personal information are password protected and stored on a local device, not on cloud storage. We do NOT hold any paper copies of this information. Any personal information will be stored for the duration of the tax year. This is for personal accounting purposes only.
2.2 Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
2.3 Your credit/debit card details are not available to us. We use a payment gateway service providers such as Shopify Payments or PayPal for your safety and security. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
2.4 If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
2.5 To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. We are aiming to be GDPR compliant when the legislation comes into force on 25th May 2018. Should there be any kind of security breech, no matter how small it will be reported to ICO (https://ico.org.uk/) and the correct procedures will be followed.
SECTION 3: CONSENT AND DISCLOSURE
3.1 When you provide us with personal information to complete a transaction, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only. If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent.
3.2 If after you opt-in, you change your mind, you may withdraw your consent for us to contact you by contacting us by email at firstname.lastname@example.org or by post to: 14 Sandown Road, Brislington Bristol BS4 3PN United Kingdom
3.3 We may disclose your personal information if we are required by law to do so.