Copy of Privacy-Policy


Skinny Sprinkles – Privacy Policy – May 2018

 

HOW WE COLLECT YOUR INFORMATION

We collect your personal information when you interact with us or use our services, such as when you use our Site to place an order.

We also look at how visitors use our Site, to help us improve our services and optimise customer experience.

We collect information:

when you create an account with us or you change your account settings; 

when you place an order with us and during the order process (including for payment and order delivery);

when you contact us directly via email or message, and;

when you browse and use our Site (before and after you create an account with us).

We also collect information from third party sites, such as advertising platforms and our fraud detection provider.

INFORMATION THAT WE COLLECT FROM YOU

As part of our commitment to the privacy of our customers and visitors to our Site more generally, we want to be clear about the sorts of information we will collect from you. 

When you visit the Site, or make an order through the Site, you are asked to provide information about yourself including your name, contact details, delivery address, order details and payment information such as credit or debit card information.

We also collect information about your usage of the Site and information about you from any messages you post to the Site or when you contact us or provide us with feedback, including via e-mail. If you contact us by phone, we record the call for training and service improvement purposes, and make notes in relation to your call.

We collect technical information from your mobile device or computer, such as its operating system, the device and connection type and the IP address from which you are accessing our Site.

We also collect technical information about your use of our services through a mobile device, for example, carrier, location data and performance data such as mobile payment methods, interaction with other retail technology such as use of NFC Tags, QR Codes and/or use of mobile vouchers. Unless you have elected to remain anonymous through your device and/or platform settings, this information may be collected and used by us automatically if you use the service through your mobile device(s) via any mobile application, through your mobile's browser or otherwise.

USE OF YOUR INFORMATION

We will only process the data we collect about you if there is a reason for doing so, and if that reason is permitted under data protection law. We will have a lawful basis for processing your information: if we need to process your information in order to provide you with the service you have requested or to enter into a contract; we have your consent; we have a justifiable reason for processing your data; or we are under a legal obligation to do so.

Where we need to in order to provide you with the service you have requested or to enter into a contract, we use your information:

to enable us to provide you with access to the relevant parts of the Site;

to supply the services, you have requested;

to enable us to collect payment from you; and

to contact you where, necessary concerning our services, such as to resolve issues you may have with your order.

We also process your data where we have a justifiable reason for doing so— for example personalisation of our service, including processing data to make it easier and faster for you to place orders. We have listed these reasons below:

to improve the effectiveness and quality of service that our customers can expect from us in the future;

to tailor content that we or advertising partners display to you, for example so that we can make sure you see the advertising which is most relevant to you, based on characteristics determined by us;

to enable our customer support team to help you with any enquiries or complaints in the most efficient way possible;

to contact you for your views and feedback on our services and to notify you if there are any important changes or developments to the Site or our service.

to analyse your activity on the Site so that we can administer, support, improve and develop our business and for statistical and analytical purposes and to help us to prevent fraud;

to enforce our contractual terms with you and any other agreement, and for the exercise or defence of legal claims and to protect the rights of eBeauty limited. and

if you submit comments and feedback regarding the Site and the services, we may use such comments and feedback on the Site and in any marketing or advertising materials. We will only identify you for this purpose by your first name and the city in which you live.

We will also analyse data about your use of our services from your location data to create profiles relating to you and for you. This means that we may make certain assumptions about what you may be interested in and use this, for example, to send you more tailored marketing communications, to present you with products/services that we think you will prefer, or to let you know about special offers or products which we think you may be interested in. This activity is referred to as profiling. You have certain rights in relation to this type of processing. Please see 'Your Rights' section below for more information.

Where we are under a legal obligation to do so we may use your information to:

create a record of your order(s);

comply with any legal obligation or regulatory requirement to which we are subject.

SHOPIFY

Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.

Payment - If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

For more insight, you may also want to read Shopify’s Terms of Service

(https://www.shopify.com/legal/terms) or Privacy Statement

(https://www.shopify.com/legal/privacy).

DIRECT MARKETING

If you have given us your contact details, we may use these (in accordance with any preferences you have expressed) to send you marketing messages by email, post, phone and social media to keep you aware of what we're up to and to help you see and find our products. This includes sending details of special offers and promotions from Skinny Sprinkles.

We will promote our products using marketing messages to existing customers and/or those in a negotiation with us for a sale, unless you have asked us not to.

When we collect your personal data, we give you the opportunity to opt-out of receiving those marketing messages by simply ticking the box. We also have lots of other ways you can stop marketing messages in the future, which we've set out below in section 5.f.

If you are currently opted-out of our marketing, you can always choose to opt-in to receive our emails by ticking the box at checkout or by amending your My Account preferences.

If you are logged-in, then your current email marketing preferences (which you can find in your My Account) will be displayed at checkout. You can change these preferences in My Account or using the options detailed below at any time.

How to stop marketing messages from Skinny Sprinkles

You can stop receiving marketing messages from us at any time.

For email marketing, the best way to do this is to click on the 'unsubscribe' link in any email you receive. You can also do this through your My Account settings on our website.

For phone and direct mail contact our Customer Care Team care@skinnysprinkles.co.uk

For targeted or personalised adverts – you can update your Cookie preferences at any time           

It might take some time for all our systems to be updated, so you might get messages from us while we fully process your request, but we will ensure that we mark you as having opted out on our database as soon as we receive your request.

We are always working looking to improve upon our customers experience to allow you to opt-out easily of our communications and cookies. This policy will be updated once this is in place. and we will update this policy and our cookies policy as soon as we have this in place.

Please be aware that stopping marketing messages will not stop our service communications (such as order updates).

Banner messages and personalised adverts on other websites

Like other retailers, we also target Skinny Sprinkles banners and ads to you when you are on other websites, apps and social media. We do this using a range of advertising technologies such as ad tags, cookies, and mobile identifiers, as well as specific services offered by some sites and social networks, such as Facebook, Twitter and Pinterest

If you don't want to see these ads, then you can either disable cookies in your browser, or reject cookies from the site you're visiting. Please see our Cookies Policy for further details.

AUTOMATED DECISION MAKING

We conduct fraud checks on all customers. Where we believe we may detect fraudulent activity we may block you from placing an order and using our Site.

Given the volumes of customers and orders we deal with, we use automated systems including a third-party fraud detection provider, which analyses your order data. We find this is a fairer, more accurate and more efficient way of conducting fraud checks since human checks would simply not be possible in the timeframes and given the volumes of customers that we deal with.

The checks and decisions that are made look at various components including known industry indicators of fraud, as well as fraud patterns we have detected on our Sites. When combined, these generate an automated score indicating the likelihood of a fraudulent transaction. If our systems indicate a high score for you. then we may decline an order or even block you from our services. The specific fraud indicators are dynamic so will change depending on what types of fraud are being detected in the wider world, country and our Sites at any particular time.

d. You have certain rights in respect of this activity - please see 'Your Rights' section below for more information. Our fraud detection is in place to protect all of our customers as well as eBeauty Limited. You have the right to contest any fraud decision made about you and to be given more information about why any such decision was made by contacting us as set out in section 1 above.

7. RETENTION OF YOUR INFORMATION

We will not retain your information for any longer than we think is necessary. 

Information that we collect will be retained for as long as needed to fulfil the purposes outlined in the ‘Use of my information’ section above, in line with our legitimate interest or for a period specifically required by applicable regulations or laws, such as retaining the information for regulatory reporting purposes.

When determining the relevant retention periods, we will take into account factors including:

 

our contractual obligations and rights in relation to the information involved;

legal obligation(s) under applicable law to retain data for a certain period of time;

statute of limitations under applicable law(s);

our legitimate interests where we have carried out balancing tests (see section on 'How we use your personal information' above);

(potential) disputes; and

guidelines issued by relevant data protection authorities.

Otherwise, we securely erase your information where we no longer require your information for the purposes collected.

DISCLOSURE OF YOUR INFORMATION

The information we collect about you will be transferred to and stored on our servers located within the EU. We are very careful and transparent about who else your information is shared with. 

Sharing your information with third parties

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the way your personal information will be handled by these providers.

Certain providers may be located in or have facilities that are located a different jurisdiction, if they’re based in a different country for example. So, if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.

Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

We share your information with third party service providers. The types of third party service providers whom we share your information with includes:

Payment providers (including online payment providers and fraud detection providers): for the purposes of providing services to us, for example when they process information such as credit card payments for us, provide support services to you or carry out fraud checks for us;

IT service providers (including cloud providers): for the purposes of data storage and analysis;

Customer support partners: who will help us to resolve any issues you may have with our services; and

Marketing and advertising partners: so that they can ensure that you see advertising which is more relevant to you and send you email marketing on our behalf.

eBeauty Ltd will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy when it is transferred to third parties.

If our business enters into a joint venture with, purchases or is sold to or merged with another business entity, your information may be disclosed or transferred to the target company, our new business partners or owners or their advisors. 

We may also share your information:

if we are under a duty to disclose or share your information in order to comply with (and/or where we believe we are under a duty to comply with) any legal obligation or regulatory requirement. This includes exchanging information with other companies and other organisations for the purposes of fraud protection and prevention;

in order to enforce our contractual terms with you and any other agreement;

to protect the rights of eBeauty Limited and with such third parties as we reasonably consider necessary in order to prevent crime, e.g. the police.

SECURITY

We adopt robust technologies and policies to ensure the personal information we hold about you is suitably protected. 

We take steps to protect your information from unauthorised access and against unlawful processing, accidental loss, destruction and damage.

Where you have chosen a password that allows you to access certain parts of the Site, you are responsible for keeping this password confidential. We advise you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will take steps to protect your information, we cannot guarantee the security of your data transmitted to the Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

YOUR RIGHTS

Under data protection law, you may have a number of rights concerning the data we hold about you. If you wish to exercise any of these rights, please contact our Data Protection Officer using the contact details set out above. For additional information on your rights please contact your data protection authority.

COOKIES

Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.

_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).

_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits

_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.

cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.

_secure_session_id, unique token, sessional

storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.

12. AGE OF CONSENT

By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.

13. CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.

14. QUESTIONS AND CONTACT INFORMATION

If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at care@skinnysprinkles.co.uk or by mail at

Skinny Sprinkles, eBeauty Limited, Regus House, Malthouse Avenue. Cardiff Gate Business Park. Cardiff CF23 8RU

This privacy policy was last updated: 22/05/2018

15. COMPLAINTS

If you’re not satisfied with our response to any complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO) using the following details:

Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Telephone number: 0303 123 1113

Website: www.ico.org.uk

[Re: Privacy Compliance Officer]