Firstly, you need to know that we take your privacy VERY seriously. As seriously, or actually rather more seriously, than we take our own privacy, and that’s pretty seriously. So please understand that the information below is set out in good faith and that it is always our intention to do the right thing by you, our customer. If you see anything below that you don’t understand or which worries you, please drop us an email and we’ll do our best to reassure you or correct our policy if necessary.
To summarize our policy: We do gather certain information about you when you visit and use our store such as, for example, your address when you buy something, or your email address if you sign-up to our newsletter. Like ALL ecommerce companies, we contract with other companies for certain services (e.g. processing credit cards) and we do need to share some of your information with them for these tasks. We promise to only use trusted companies for these tasks, to only to share what we have to to enable them to carry out their tasks.
However, what we won’t do, and won’t allow any of our contractors to do, is sell or exchange your information with any other party for their commercial use.
WHAT INFORMATION DO YOU COLLECT AND WHAT DO YOU DO WITH IT?
In operating our store, it is essential for us to capture some information about your device, such as your IP address and information related to your visit when you browse our store. For example, this might include a time-stamp, the last page or product you visited, or an indication that you logged in to an account We do that in order to:
- remember who you are after you log in so that you do not need to log in again on each page;
- monitor if our website is running with the high performance we are dedicated to providing;
- let you browse between products without having to start back from the home page at each click; and
- remember if you put something in your shopping cart before you decide to checkout;
Order information you expressly provide
If you buy something from our store, we will need more specific information about you. This shouldn’t be a surprise! To fully process your order and ship the merchandise you selected, we need your personal data such as your first and last name, your email address and your shipping and billing address. We also use your contact and order information to send you any communication related to the processing of your order. We will ask you to provide this information in our “checkout page” before letting you finalize your purchase with the payment.
If you have started to buy one of our products, but have not completed the purchase, you may have provided partial information, such as your email. In that case, we might send you an email to remind you about your interest. If you are not comfortable in receiving further emails of this kind, we will give you a simple opportunity to opt-out. Your privacy means a lot to us and we will stop sending you these communications right away.
If you have completed a purchase, we will send you an email to ask you to review the product you bought. We want to be sure that whether you love your purchase or have a complaint, you can share your opinion with other customers. If you don’t want to receive this email let us know, and you won’t.
HOW DO YOU GET MY CONSENT?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we infer that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
Our website won't work without cookies, but the only personal information that these gather are your IP address, which could be used to identify the town or area you live in and which (with the help of a court order) could be used to get your address. I can't think of any likely scenario where we would be granted such a subpeona, but it is theoretically possible.
HOW DO I WITHDRAW MY CONSENT?
If you opt-in to receive our newsletter or similar emails, but then you change your mind, you may withdraw your consent for us to send these emails at anytime by contacting us at firstname.lastname@example.org. Alternatively you can opt-out from your store account or by simply clicking the ‘unsubscribe’ link on one of our emails. (We’d be grateful if you didn’t report us as ‘spam’, unless you genuinely feel that our emails were unsolicited, because this makes it harder for us to send emails to customers who do want them. Therefore we’d be grateful if you would use one of the other methods).
You can also require us to remove any data we might hold about you or to stop processing such data, provided it is legal for us to do so. See below.
We may (actually probably will) disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
HOW DO YOU PROCESS MY INFORMATION?
We use an external provider to run our store, BigCommerce. BigCommerce is based in the US and is a participant in the EU-US Privacy Shield Framework and committed to providing best-in-class service and data protection. You can check its participation in the Privacy Shield here on the official site of The International Trade Administration (ITA), U.S. Department of Commerce. 11305 Four Points Drive / Building II, Third Floor / Austin, TX 78726.
Through BigCommerce, we also use other, highly specialized external providers to provide the most competitive services. For example:
- Payment: Our store is PCI-DSS compliant (a very strict industry standard with requirements for the security of credit card information), but we use accredited companies to process your credit card information. In our case we use Paypal and Paypal group companies to provide secure payment services, and also Stripe.
Please understand that your payment information is collected by the payment processor, not by us. We don’t see your payment information and we don’t want to see it. Please do not send credit card details to us in emails. Our website is as secure as we can practically make it and we’d prefer you to use that, because the alternatives are much less secure.
- Shipping: We integrate with efulfillment service inc to fulfill some orders. Partnering with highly specialized external companies allows us to focus on what we do best: awesome handmade cups and tankards!
- Digital analytics and marketing: Our website uses tiny pieces of code from Facebook, Google, and Lucky Orange to help us understand how our visitors reach us. We sometimes use these pieces of code to show you marketing messages on the Facebook platform or on other websites.
WHAT ABOUT LINKS?
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SO HOW IS MY DATA PROTECTED?
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide our trusted payment provider with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-128 bit (or higher) encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
HOW CAN I CONTROL MY PERSONAL DATA?
You have specific rights with regard to your data that we are honored to enforce without undue delay:
- Access, i.e. the right to find out what data we hold relating to you, if any.
- Correct, i.e. the right to correct any incorrect data that we hold relating to you, if any.
- Erasure, i.e. the right to require us to remove any data we hold relating to you (that is not being used for a current transaction)
- Port, i.e. the right to receive a copy of any data we might hold on you in a machine readable format, if any.
- Object, i.e. the right to object to our collecting or processing personal information relating to you.
If you cannot exercise your choice on your account page or if you do not have an account with us, please reach out to us, at the contact details at the bottom of this page. We will be more than happy to help.
HOW LONG DO YOU KEEP MY PERSONAL DATA?
We keep your data for as long as you have an account with us. We also keep some data for security investigation. Most importantly, we have specific obligations for fraud detection and tax reasons. Therefore, we might need to retain certain data even if you ask to delete it (but in this case we won’t keep anything that we are not required to retain).
DO YOU HAVE ANY LEGAL OBLIGATIONS TO KEEP MY DATA?
Yup. Sometimes. We might need to share your personal information to comply with applicable legal obligations. For example, if you buy any of our fine cups then we might be required to keep some information on that purchase so that the government can check we have paid our taxes properly.
If our store is acquired or merged with another company (this isn’t in our plan), your information may be transferred to the new owners so that we may continue to sell products to you.
HOW DO I COMPLAIN?
If you have any privacy complaint, you have the right to lodge a complaint with our supervisory authority, the Information Commissioner’s Office. You can contact them here – but if you do have a complaint we’d be grateful if you could contact us first and give us an opportunity to make whatever is concerning you right!
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information then please contact us at email@example.com or by mail at The Crafted Cup Company Ltd
Re: Privacy Compliance
36 Stotfold Road, Arlesey, United Kingdom, SG15 6XT