PRIVACY POLICY & GDPR (General Data Protection Regulation)

1 – What does this privacy policy cover.

Your privacy is very important to us and we want to assure you that we take the privacy of your data very seriously.  This privacy policy covers data collected by us through our website, emails and telephone communications.  Our privacy policy explains the following:

  • What data we collect and how we collect it.
  • How we use this data.
  • Our lawful processing of your personal data.

We endeavour to keep this privacy policy up to date and recommend you review this policy from time to time.

2 – What data we collect.

  • We collect personal data from you when you use our website including making purchases, browsing the website or contacting us via the website.

Personal data provided by you when making a purchase:

  • Contact details including name, billing address, shipping address, telephone number, email address and details associated with the products you order.

Additional personal data for account holders:

  • Stored details including name, billing address, shipping address, telephone number, email address, details associated with the products you order and purchase history.

Additional personal data obtained when you use our website:

  • Details of activities on our website.
  • Details of the type of device used to access our website, your IP address and device location.

Additional personal data gathered through contact with us:

  • A record of correspondence including your name and contact details.

Our website is only intended for use by persons over the age of 18 and our terms and conditions require that a person be 18 years or over when placing an order.  If you believe we have collected personal data from someone under the age of 18 please notify us using the information provided in section 13.

3 – What we do with the personal data we collect.

We will use your personal data for the following purposes:

  • To fulfil your order.
  • To process your order.
  • To process payment via a third party processor.
  • To provide order confirmation and delivery status notification of your order.

Customer Care

  • To address any customer care issues with products, services, or delivery.
  • To contact you regarding any changes, cancellations, or other issues with your order.

NB you will receive communications regarding fulfilment of your order even if you are not subscribed to receive marketing emails.  These will be in the form of; order confirmation email, order dispatched notification and delivery notifications via the delivery company.

For marketing through third parties.

  • If you use our website, your may receive personal adverts for our products when using the same computer or device. This marketing is enabled through the cookies collected from the use of our website operated by ourselves or a third party advertisement provider.

You can remove or disable cookies at any time by modifying your browser settings.  See cookies policy at the end of this page.

For internal business purposes.

We use the personal data collected to help us understand how many people use our website, how well the website is performing and to make judgements over improvements we can make to the website to improve the user experience.  It also helps us determine what products you or other customers may wish to purchase from us in the future as well as the following:

  • To review your browsing and purchasing activity on our website including search terms you may have used to locate specific items.
  • To analyse the demographic data we collect when you place an order or use our website including your name, address, IP address and browser type in order to offer you better products and improve our business.
  • To analyse delivery location data when you place your order to understand the delivery logistics required.
  • To analyse your responses to our opt-in marketing communications to ensure our online content is available in the most effective manor for you and your device, i.e. tailored for computer, tablet or mobile device.
  • To comply with any legal obligation

4 – Marketing communications

We will not automatically opt you in to receive any marketing materials from ourselves.  If you wish to receive email newsletters, postal catalogues or any other form of marketing correspondence that is available please ask for details.

5 – How we protect your data

We are committed to ensuring that your personal data is safe and secure and protecting your privacy rights.  We regularly test our websites, systems and other assets for security vulnerabilities as well as involving appropriate technical and organisational measures including encryption services, review of our data collection, storage and processing policies.

Although we do not handle any payment processing information handled by our website (this is handled by third party card payment processors) all card information for telephone payments is processed in keeping with the payment card industry data security standard (PCI DSS).

6 – How you can protect your personal data.

We will never ask you to confirm any bank, credit card or other financial details in writing or email.  If you receive any correspondence claiming to be from us requesting this information, please ignore it.  If you are using a computer in a public location, you should always log out and close the browser when you finish.  If you create an account with us, you must keep your password private and avoid using the same password for multiple on-line accounts.  We recommend changing your password regularly, this can be done from your account once logged in to the website.

7 – Lawful process for processing personal data.

We rely on different lawful basis for processing personal data depending on individual circumstances.  In some cases, multiple lawful basis may apply to the dame personal data.

Contract.

  • We collect and process personal data to fulfil your order. Such personal data includes the items above in section 2 under the title ‘Personal data provided by you when making a purchase’.

Consent.

  • If you choose to opt-in to receiving marketing communications from us you can unsubscribe at any time. If you choose to unsubscribe we may have another lawful basis which requires us to contact you again such as a new purchase.

Legal Obligations.

  • Processing of your personal data may be necessary for us to comply with applicable laws, rules and regulations. For example, we create and maintain records of orders received to maintain accounting and tax records required by law.

8 – When we share your personal data with third parties.

We share your personal details with third parties to fulfil and process your order, provide our website and provide marketing.  These third party providers are required to handle your personal data in accordance with the appropriate data protection and security controls.

Types of third parties:

  • Financial / payment service providers: To process payment for orders and to ensure the security of your transaction details of your purchase are passed to payment processors (Worldpay, Paypal) who process the payment.
  • Delivery companies: To enable the delivery of your order your contact details are passed to delivery companies (Royal Mail, UPS etc.).
  • IT suppliers and vendors: In order to manage our operations we occasionally work with third parties who provide security and technical services to protect our websites and maintain databases of personal data, outlined in this privacy policy.

9 – How long we keep your personal data.

We will only keep your personal data for the purposes explained in this policy and for as long as required legally.  Different time frames apply to different types of personal data, the longest period normally being seven years for tax purposes.  These time periods are subject to applicable laws, rules and regulations, the type of information and the requirements of individual regulatory authorities.

10 – When we might transfer your personal data abroad.

Your personal data may be send outside of the European Economic Area (EEA) for the purposes of fulfilling orders, for national and international delivery, customer care and as otherwise outlined in section 8.

11 – Your rights to access your data and rectify any inaccuracies.

Right of access (subject access request):

  • To receive a copy of the personal data that we hold about you please contact us. Please understand that you will be required to provide a copy of two of the following for identification purposes: passport, driving licence, current vehicle registration document, recent utility bill, recent bank statement.

Right to rectification:

  • You may ask us to update or correct any personal data that we hold about you, or to complete incomplete personal data. To update your personal data please contact us.

12 – Your additional rights to your personal data.

You may have the following additional rights:

  • Right to erasure (the right to be forgotten): for a limited list of reasons you may request that your personal data is removed from our systems.
  • Right to restrict: For a limited list of reasons you may request that we cease using or suppress your personal data.
  • Right to object: You may object to our use of your personal data.
  • Right to data portability: Where we use your personal data based on your consent or to enter or perform a contract with you and our processing is carried out by automated means you may request that your personal data that you have provided to us be transmitted electronically to you or another supplier (to the extent feasible).
  • Right to lodge a complaint: you have the right to lodge a complaint with the supervisory authority: the information commissioner’s office (www.ico.org.uk).

NB if we erase all information about you and you make a future purchase or otherwise become a future customer we will not be aware of your prior request or objections.  In respect of the additional rights outlined above we request that you contact us and we will provide you with additional information regarding your rights in respect of your specific request.

13 – Contact details.

Our data protection officer should be your first point of contact if you have queries or concerns about your personal data.  They can be contacted at:

The Data Protection Officer
Craftyplants
Hortivation
21 Woodgreen Drive
Radcliffe
Lancashire
M26 1BF

By email to sales@craftyplants.co.uk (please include Data Protection Officer in the subject line of your email).

14 – Updates to this policy

We endeavour to keep this policy up to date and recommend that you review this policy periodically.

15 – Cookie policy

We use technology to track the patterns of behaviour of visitors to our website.  This includes using ‘cookies’ which are small files stored on your browser.  The information collected in this way can be used to identify you, your location, your behaviour pattern on the website unless you modify your browser to prevent this from happening, guidance on which is set out below.  We also aggregate this data to perform statistical analysis of the characteristics and behaviour of visitors to our website.

Cookies are also used as a further means of ensuring private and secure sessions are operated within websites.  We may use third party advertising companies to serve advertisements on our behalf.  These companies may also employ cookies to measure advertising effectiveness.  Information collected by these third party cookies is anonymous.  You can modify your browser to not accept cookies, guidance for which is set out below.

You have the ability to accept or decline cookies by modifying the settings in your browser (for example, using internet explorer, from the tools menu click security then click custom level and select disable cookies).  You may not be able to use all the interactive features of our website if cookies are disabled.  For more information about cookies including how to set your internet browser to reject cookies please visit www.allaboutcookies.org.