GENERAL DATA PROTECTION REGULATION (GDPR):
As of 25th May 2018, the new European General Data Protection Regulation (GDPR) comes into effect. The GDPR changes how personal data can be used, and also allows individuals to be able to find out what information organisations have about them, and to have that data deleted in certain circumstances.
Shark Alley is a small independent business selling hand made craft products and is not owned by or affiliated to any other business.
This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us.
It also explains how we’ll store and handle that data, and keep it safe.
We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how we use your data. We hope the following sections will answer any questions you have but if not, please do get in touch with us. Contact details are given at the end of this page.
2. THE LEGAL BASES WE RELY ON
Shark Alley uses personal data in several different ways:
• To see how users, in general, view our website in order to make improvements to this website and improvements to the variety of products we offer.
• To respond to enquiries.
• To fulfil any contractual agreement with a customer (ie process their order).
• To fulfil our legal requirements for reporting of income to the UK tax authority.
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
In specific situations, we can collect and process your data with your consent.
• Contractual obligations
In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you order an item from us for home delivery, we’ll collect your address details to deliver your purchase, and pass them to our courier.
• Legal compliance
If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement.
• Legitimate interest
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
We also combine the shopping history of many customers to identify trends and ensure we can keep up with demand, or develop new products/services.
We will also potentially use your address details to send you direct physical marketing by post covering products and services that we think might be of interest to you - such as invitations to craft fairs and events that we are taking part in which are taking place in your area
We take the utmost care and take all appropriate steps to protect your data.
We use industry best practices to keep any information collected and/or transmitted secure. This includes the use of HTTPS with TLS (Transport Layer Security), which encrypts all transmitted data. All transactional areas of our websites operate as secure access only, using HTTPS technology and follow all guidelines from our payment gateway providers.
Our website is hosted and operated by SupaDupa (SupaDupa.me) who regularly monitor their systems for possible vulnerabilities and attacks, and carry out regular testing to identify ways to further strengthen security.
Our company-wide commitment to your privacy
To make sure your personal information is secure, we communicate our privacy and security guidelines to all employees and strictly enforce privacy safeguards within the company.
4. WHEN DO WE COLLECT YOUR PERSONAL DATA?
• When you visit our websites and purchase products or services.
• When you make an online purchase.
• When you engage with us on social media.
• When you contact us by any means with queries, complaints etc.
• When you choose to complete any surveys we send you.
• When you enter prize draws, competitions or sign up to our mailing list.
5. HOW LONG DO WE KEEP YOUR DATA?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
When you place an order, we’ll keep the personal data you give us for at least seven years so we can comply with our legal and contractual obligations (such as our UK tax declarations). At the end of that retention period, your data may be retained, deleted completely or anonymised - for example, by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning. If you wish your information to be deleted or anonymised after this period, please contact us using one of the methods given at the bottom of this page.
6. HOW AND WHY DO WE USE YOUR PERSONAL DATA?
We use your personal data for the following general purposes:
• To process any orders that you make through website.
We will need to collect some personal data from you during the checkout process.
The data we require may include - but not limited to - your name, delivery details, phone number, email address, billing information including billing name and address, credit card number, among other personal data.
• To comply with legal obligations.
To be able to provide some of our products and services to you, we may be required by law to request and hold some personal data - ie for UK tax collection purposes
• Additionally, we may use the order details to:
Communicate with you
Screen our orders for potential risk or fraud
When in line with the preferences you have shared with us (ie opting into receiving newsletter) to provide you with information or advertising relating to additional products or services that might be of interest to you.
You can opt out of providing this additional information by simply not entering it when asked or you could stop using this website.
• To better understand how visitors use our website.
We may also collect other information regarding your use of the website.
We collect and use certain information from your computer or mobile devices to monitor the activities and performance, and more generally to improve and optimise our website (for example, by generating analytics about how our customers browse and interact with the site).
We receive automatic emails regarding messages sent through this website via our contact form. The type of personal data that we receive through these types of messages are:
• Email address
Any direct emails, messages and sales confirmation emails will be kept until such time as deletion has been requested. Please note that due to legal requirements for UK income reporting, emails pertaining to orders will be kept for a period of no less than seven years.
Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide you with the products or services you have asked for.
7. THE DATA WE RECEIVE AND COLLECT
When you use this website, place orders or communicate with us, we collect some personal data about you such as:
• First name and last name
• Email address
• Shipping & delivery address(es)
• Your billing details and any necessary other information to complete any financial transaction. When making purchases through the checkout, we may also collect your credit card or PayPal information
• Your IP Address and, when applicable, timestamp related to your consent and confirmation of consent
• The geographic area where you use your computer and mobile devices
other information submitted by you through various methods (phone, email, online forms, surveys, in-person meetings, etc)
• Information we may receive relating to communications you send us, such as queries or comments concerning our products or services
Information relating to an individual’s real time location
• The type of hardware and software you are using (for example, your operating system or browser)
8. COOKIES AND TRUSTED THIRD PARTIES
We use a number of trusted third-party services or companies to enhance or personalise your journey through our website. For these services to work, we sometimes share your personal data with them.
We provide only the information they need to perform their specific services.
For example, we use SupaDupa to power this website.
These are the third-party services we currently work with that will process your personal data as part of their contracts with us:
SupaDupa - we use the SupaDupa ecommerce platform to power this website and online checkout.
Google Analytics - we use Google Analytics to monitor site traffic and user behaviour.
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilises the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualise and personalise the ads of its own advertising network.
You can learn more about privacy at Google and to opt-out of this feature by installing the Google Analytics Opt-out Browser Add-on.
Facebook Pixel - we use Facebook Pixel to monitor site traffic and user behaviour
Facebook Pixel is a web analysis service provided by Facebook, Inc. Facebook Pixel utilises the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Facebook services.
YouTube video widget
YouTube is a video content visualization service provided by Google Inc. that allows us to incorporate video content on our pages.
Vimeo video widget
Vimeo is a video content visualization service provided by Vimeo Inc. that allows us to incorporate video content on our pages.
New Relic - used to monitor website performance and customer experience to inform improvements to our website.
Addthis - we use Addthis to offer social sharing tools to visitors of our website.
We use PayPal as our payment provider. The type of personal data that PayPal provides us with is:
• Email address.
PayPal holds payment details on their secure servers and NEVER provides us with any card payment data.
Our site may contain links to and from other websites. If you follow a link to any of these websites, please note that they have their own privacy policies and we do not accept any liability for these policies.
9. WHERE YOUR PERSONAL DATA MIGHT BE PROCESSED
Sometimes we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA), such as Australia, Canada or the USA.
The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway. We may transfer personal data that we collect from you to third-party data processors in countries that are outside the EEA. For example, this might be required in order to fulfil your order, process your payment details or provide support services. If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA.
SupaDupa, the service that powers this website, is a British company with its head-office located in London, England. For the purposes of EU data protection law, the United Kingdom is considered a country which provides adequate protections for Personal Information, as confirmed by the European Commission in Commission Decision 2002/2/EC.
The service is run mainly from their offices in London. However, by the very nature of the service, the data that is viewed, collected, stored or posted on or through their platform also needs to flow from wherever you are located in the world, to where they are storing the data (i.e. in most cases, in the United States). In addition, SupaDupa also uses third-party service providers (such as managed hosting providers, card processors, sub-processors of Customer Content and technology partners) to provide the necessary hardware, software, networking, storage and other services that we use to operate their services. These third party providers may process, or store, the same Customer Content on servers outside of the EEA, including in Canada or the US.
10. HOW 'DO NOT TRACK' REQUESTS ARE HANDLED
This website does not support "Do Not Track" requests.
To determine whether any of the third-party services we use honour the “Do Not Track” requests, please read their respective privacy policies.
11. YOUR RIGHTS
If you are a EEA resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us using the contact information given at the bottom of this page.
You have the right to contact us to obtain a copy of the personal information we hold about you. This may be subject to a fee not exceeding any prescribed fee permitted by applicable law. Please note that certain personal information may need to be retained for a period of time following cancellation of your account where this is necessary for our legitimate business purposes or required or authorised by applicable law.
Additionally, if you are a EEA resident we note that we are processing your information in order to fulfil contracts we might have with you (for example if you make an order through the website), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of the EEA, including to Canada and the United States.
12. DATA RETENTION
When you place an order through the website, we will maintain your order Information for our records unless and until you ask us to delete this information.
14. HOW TO CONTACT US
For purposes of EU data protection law, I, Sarah Kelly, am the data controller of your personal information. If you have any questions or concerns regarding your personal data, or would like to make a complaint, you may contact me at any time using the following methods:
• By using the shop website contact form
• By emailing firstname.lastname@example.org
• By writing to Sarah Kelly, Cross Street Studios, 14 Cross Street, Hove, East Sussex, BN3 1AJ, UNITED KINGDOM.