Use of private information policy (GDPR)

Last updated: June 2018

Summary

We respect the EU's General Data Protection Regulations (GDPR) and this policy explains how we collect and treat any information you give us.

PRIVACY POLICY CONSENT

The Website and its Content is owned by Heidi Burton (“Company”, “we”, or “us”). The term “you” refers to the user or viewer of heidiburton.co.uk (“Website”).
Please read this Privacy Policy carefully. We reserve the right to change this Privacy Policy on the Website at any time without notice. Use of any information or contribution that you provide to us, or which is collected by us on or through our Website or its Content is governed by this Privacy Policy. By using our Website or its Content, you consent to this Privacy Policy, whether or not you have read it. If you do not agree with this Privacy Policy, please do not use our Website or its Content.

How we collect information

  • To fulfil your order, you must provide us with information such as your name, email address, postal address, payment information, and the details of the product you're ordering. You may also choose to provide additional personal information (e.g. for a custom order), if you contact us directly.
  • We ask for contact information including your name and email address on our website so that we can reply to your enquiry.
  • Our website doesn't use cookies or scripts that were designed to track the websites you visit.
  • We collect your email address when you sign up for one of our newsletters.
  • Occasionally, we might receive your contact information from one of our partners. If we do, we protect it in exactly the same way as if you give it to us directly.
  • Some information is collected automatically when you use our website (heidiburton.co.uk) on the Squarespace platform (e.g. cookies, browser, demographics, ISP, operating system, etc).

Use of “Cookies”

We may use the standard “cookies” feature of major web browsers. We do not set any personally identifiable information in cookies. You may choose to disable cookies through your own web browser’s settings. However, disabling this function may diminish your experience on the Website and some features may not work as intended. We have no access to or control over any information collected by other individuals, companies or entities whose website or materials may be linked to our Website or its Content.

Why I Need Your Information and How I Use It

Unless you have opted in to our mailing list, we will only use your information to send you invoices, delivery/order updates, statements, or reminders. We occasionally use your contact information to send you details of our products and services IF you have opted in to the mailing list. You have the option to unsubscribe from these communications and we won’t send them to you again.

We rely on a number of legal bases to collect, use, and share your information, including:

  • As needed to provide our services, such as when we use your information to fulfil your order, to settle disputes, or to provide customer support.
  • When you have provided your affirmative consent, which you may revoke at any time, such as by signing up for our mailing list.
  • If necessary to comply with a legal obligation or court order or in connection with a legal claim, such as retaining information about your purchases if required by tax law.
  • As necessary for the purpose of our legitimate interests, if those legitimate interests are not overridden by your rights or interests, such as providing and improving our services. We use your information to provide the services you requested and in our legitimate interests to improve our services.

What information we hold

  • When you contact us by email or through our website, we collect your name and email address in the first instance.
  • If you sign up for a newsletter, we collect your name and email address.
  • When you buy something from us, we collect your name, email address, phone number, and delivery address.
  • If you do business with us, we also collect your business name and Stripe collects your bank details. We keep records of the invoices we send you and the payments you make.
  • All purchases are processed by Squarespace, our ecommerce platform, and Stripe, our payment processor, and we never have access to your credit card information.

Email marketing campaigns published by this website or its owners via a third-party email platform (e.g. Mailchimp) may contain tracking facilities within the actual email. Subscriber activity may be tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity [this is by no far a comprehensive list].
This information is used to refine future email campaigns and supply the user with more relevant content based around their activity.

Information Sharing and Disclosure

Information about my customers is important to our business. We share your personal information for very limited reasons and in limited circumstances, as follows:

  • Service providers. We engage certain trusted third parties to perform functions and provide services to our business, such as delivery companies. We will share your personal information with these third parties, but only to the extent necessary to perform these services.
  • Business transfers. If we sell or merge our business, we may disclose your information as part of that transaction, only to the extent permitted by law.
  • Compliance with laws. We may collect, use, retain, and share your information if we have a good faith belief that it is reasonably necessary to: (a) respond to legal process or to government requests; (b) enforce our agreements, terms and policies; (c) prevent, investigate, and address fraud and other illegal activity, security, or technical issues; or (d) protect the rights, property, and safety of our customers, or others.
  • Note that whenever you voluntarily make your Confidential Information or Other Information available for viewing by others online through this Website or its Content, it may be seen, collected and used by others, and therefore, we cannot be responsible for any unauthorised or improper use of the Confidential Information or Other Information that you voluntarily share.

Where we store your information

When you contact us by email or through our website, your information is stored within the website and email provider. If you sign up for a newsletter, we store your email address in Mailchimp and occasionally on an Excel spreadsheet on one computer. When you buy something, your information is stored in our website on Squarespace, our ecommerce platform, and if we do business, we store your information in an Excel spreadsheet for accounting purposes. Your financial information may be stored within the Stripe payment processing system. You can view Stripe's Privacy Policy here.

Data Retention

We retain your personal information only for as long as necessary to provide you with our services and as described in our Privacy Policy. However, we may also be required to retain this information to comply with our legal and regulatory obligations (e.g. tax accounting), to resolve disputes, and to enforce our agreements. We generally keep your data for the following time period: 6 years.

Transfers of Personal Information Outside the EU

We may store and process your information through third-party hosting services in the US and other jurisdictions. As a result, we may transfer your personal information to a jurisdiction with different data protection and government surveillance laws than your jurisdiction. If we are deemed to transfer information about you outside of the EU, we rely on Privacy Shield as the legal basis for the transfer, with Privacy Shield certified companies.

Who has access to information about you

When we store information in our own systems, only the people who need it have access. Our management team (currently of one person - me!) has access to everything you’ve provided, but individual employees (currently zero persons!) has access to only what they need to do their job.

The steps we take to keep your information private

Where we store your information in third-party services, we restrict access only to people that need it.

The computers we use are all protected by passwords. These computers ask for authentication whenever they’re started or after 5 minutes of inactivity. Our mobile devices are also protected by passwords. The website back-end is also protected by a password.

Confidentiality

We aim to keep the Confidential Information that you share with us confidential. Please note that we may disclose such Confidential Information if required to do so by law or in the good-faith belief that: (1) such action is necessary to protect and defend our rights or property or those of our users or licensees, (2) to act as immediately necessary in order to protect the personal safety or rights of our users or the public, or (3) to investigate or respond to any real or perceived violation of this Privacy Policy or of our Disclaimer, Terms and Conditions, or any other terms of use or agreement with us.

Your Rights

If you reside in certain territories, including the EU, you have a number of rights in relation to your personal information. While some of these rights apply generally, certain rights apply only in certain limited cases. I describe these rights below:

  • Access. You may have the right to access and receive a copy of the personal information we hold about you by contacting us using the contact information below.
  • Change, restrict, delete. You may also have rights to change, restrict our use of, or delete your personal information. Absent exceptional circumstances (like where we are required to store data for legal reasons) we will generally delete your personal information upon request.
  • Object. You can object to (i) our processing of some of your information based on our legitimate interests and (ii) receiving marketing messages from us after providing your express consent to receive them. In such cases, we will delete your personal information unless we have compelling and legitimate grounds to continue using that information or if it is needed for legal reasons.
  • Complain. If you reside in the EU and wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local data protection authority.

Changes to the policy

If we change the contents of this policy, those changes will become effective the moment we publish them on our website.

Affiliates and Partners

Please see Privacy Policies from companies we are using:
Squarespace - website platform.
Stripe - payment processor.
Etsy - external web shop.
Thortful - external web shop.

How to Contact Me

For purposes of EU data protection law, I, Heidi Burton, am the data controller of your personal information. If you have any questions or concerns, you may contact me at heidi.burton(at)gmail.com