General Data Protection Regulation (GDPR) Compliance
The EU General Data Protection Regulation (GDPR) effective from May 2018 gives all EU citizens more rights and protections for their personal data, to minimise the possibility of theft and fraud.
These regulations include provisions for the following areas:
• The right to be informed: Companies must publish a privacy notice, in addition to explaining transparently how they use this personal data.
• The right of access: Individuals will have the right to demand details of any of their data that a company may hold. This information must be provided within one month of request at no charge to the individual.
• The right to rectification: If a person’s data is incorrect or incomplete, he or she has the right to have it corrected. If the company that holds the information has passed any of that information to third parties, the company must inform the third party of the correction and inform the person which third parties have their personal data.
• The right to be forgotten: A person may request the removal of his or her personal data in specific circumstances.
• The right to restrict processing: Under certain circumstances, an individual can block the processing of his or her personal data.
• The right to data portability: A person can access their data for their own use anywhere they prefer.
• The right to object: A person can object to the use of their personal data for most purposes.
1.0 Personal information that this website collects and why we collect it
This website collects and uses personal information for the following reasons:
1.1 Site visitation tracking
Like most websites, this site uses Google Analytics (GA) to track user interaction.
This data is used to determine the number of people using our site, to better understand how they find and use our web pages and to track their journey through the website.
Although GA records data such as your approximate geographical location, device, internet browser and operating system, none of this information personally identifies you to us.
GA also records your computer’s IP address, which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor (see section 2.0 below).
Our website uses the Wix implementation of GA.
Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.
1.2 Email newsletter
If you choose to join our newsletter mailings (which is sent via email), the email address that you submit to us will be stored in our MailChimp website platform in their database, which we use for our email marketing. We consider MailChimp to be a third party data processor (see section 2.0 below). The email address that you submit will be stored within their website’s own database but not in any of our internal computer systems.
Your email address will remain within the MailChimp database for as long as we continue to use the MailChimp platform for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.
If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter.
While your email address remains within the MailChimp database, you will receive occasional newsletter-style emails from us.
2.0 Our third party data processors
We use two third parties to process personal data on our behalf. The third parties we use are Paypal (via PayHip) and MailChimp.
Paypal process payments for any products purchased from our digital store. Neither us or PayPal retain any financial information you may submit as part of the purchasing process. PayPal monitor every transaction, 24/7 to prevent fraud, email phishing and identity theft. Every transaction is heavily guarded behind PayPal's advanced encryption. If something appears suspicious, their dedicated team of security specialists will identify suspicious activity and help protect you from fraudulent transactions. PayPal and MailChimp will never ask for any sensitive information.
Your data as mentioned below is encrypted before transmission to prevent misuse of the transmitted data by third parties. SSL (Secure Socket Layer) is a security technology which guarantees that your personal data, including credit card information, login data and payment method, are securely transferred via the Internet. The data is encrypted so that is only readable by the PayPal payment system.
Your data which is encrypted, is as follows:
· personal data (address data, telephone number, etc.)
· login data (username and password)
· all methods of payment selected, credit card and bank account
3.0 Data breaches
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
4.0 Data Controller:
The Data Controller of this website is: David Hailwood (firstname.lastname@example.org)
We keep this Policy under regular review. This Policy was last updated in May 2018.