Use of private information policy (GDPR)
Last updated: June 2018
We respect the EU's General Data Protection Regulations (GDPR) and this policy explains how we collect and treat any information you give us.
The Website and its Content is owned by Heidi Burton (“Company”, “we”, or “us”). The term “you” refers to the user or viewer of heidiburton.co.uk (“Website”).
How we collect information
- To fulfil your order, you must provide us with information such as your name, email address, postal address, payment information, and the details of the product you're ordering. You may also choose to provide additional personal information (e.g. for a custom order), if you contact us directly.
- We ask for contact information including your name and email address on our website so that we can reply to your enquiry.
- We collect your email address when you sign up for one of our newsletters.
- Occasionally, we might receive your contact information from one of our partners. If we do, we protect it in exactly the same way as if you give it to us directly.
- Some information is collected automatically when you use our website (heidiburton.co.uk) on the Squarespace platform (e.g. cookies, browser, demographics, ISP, operating system, etc).
Use of “Cookies”
We may use the standard “cookies” feature of major web browsers. We do not set any personally identifiable information in cookies. You may choose to disable cookies through your own web browser’s settings. However, disabling this function may diminish your experience on the Website and some features may not work as intended. We have no access to or control over any information collected by other individuals, companies or entities whose website or materials may be linked to our Website or its Content.
Why I Need Your Information and How I Use It
Unless you have opted in to our mailing list, we will only use your information to send you invoices, delivery/order updates, statements, or reminders. We occasionally use your contact information to send you details of our products and services IF you have opted in to the mailing list. You have the option to unsubscribe from these communications and we won’t send them to you again.
We rely on a number of legal bases to collect, use, and share your information, including:
- As needed to provide our services, such as when we use your information to fulfil your order, to settle disputes, or to provide customer support.
- When you have provided your affirmative consent, which you may revoke at any time, such as by signing up for our mailing list.
- If necessary to comply with a legal obligation or court order or in connection with a legal claim, such as retaining information about your purchases if required by tax law.
- As necessary for the purpose of our legitimate interests, if those legitimate interests are not overridden by your rights or interests, such as providing and improving our services. We use your information to provide the services you requested and in our legitimate interests to improve our services.
What information we hold
- When you contact us by email or through our website, we collect your name and email address in the first instance.
- If you sign up for a newsletter, we collect your name and email address.
- When you buy something from us, we collect your name, email address, phone number, and delivery address.
- If you do business with us, we also collect your business name and Stripe collects your bank details. We keep records of the invoices we send you and the payments you make.
- All purchases are processed by Squarespace, our ecommerce platform, and Stripe, our payment processor, and we never have access to your credit card information.
Email marketing campaigns published by this website or its owners via a third-party email platform (e.g. Mailchimp) may contain tracking facilities within the actual email. Subscriber activity may be tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity [this is by no far a comprehensive list].
This information is used to refine future email campaigns and supply the user with more relevant content based around their activity.
Information Sharing and Disclosure
Information about my customers is important to our business. We share your personal information for very limited reasons and in limited circumstances, as follows:
- Service providers. We engage certain trusted third parties to perform functions and provide services to our business, such as delivery companies. We will share your personal information with these third parties, but only to the extent necessary to perform these services.
- Business transfers. If we sell or merge our business, we may disclose your information as part of that transaction, only to the extent permitted by law.
- Compliance with laws. We may collect, use, retain, and share your information if we have a good faith belief that it is reasonably necessary to: (a) respond to legal process or to government requests; (b) enforce our agreements, terms and policies; (c) prevent, investigate, and address fraud and other illegal activity, security, or technical issues; or (d) protect the rights, property, and safety of our customers, or others.
Note that whenever you voluntarily make your Confidential Information or Other Information available for viewing by others online through this Website or its Content, it may be seen, collected and used by others, and therefore, we cannot be responsible for any unauthorised or improper use of the Confidential Information or Other Information that you voluntarily share.
Where we store your information
Transfers of Personal Information Outside the EU
We may store and process your information through third-party hosting services in the US and other jurisdictions. As a result, we may transfer your personal information to a jurisdiction with different data protection and government surveillance laws than your jurisdiction. If we are deemed to transfer information about you outside of the EU, we rely on Privacy Shield as the legal basis for the transfer, with Privacy Shield certified companies.
Who has access to information about you
When we store information in our own systems, only the people who need it have access. Our management team (currently of one person - me!) has access to everything you’ve provided, but individual employees (currently zero persons!) has access to only what they need to do their job.
The steps we take to keep your information private
Where we store your information in third-party services, we restrict access only to people that need it.
The computers we use are all protected by passwords. These computers ask for authentication whenever they’re started or after 5 minutes of inactivity. Our mobile devices are also protected by passwords. The website back-end is also protected by a password.
If you reside in certain territories, including the EU, you have a number of rights in relation to your personal information. While some of these rights apply generally, certain rights apply only in certain limited cases. I describe these rights below:
- Access. You may have the right to access and receive a copy of the personal information we hold about you by contacting us using the contact information below.
- Change, restrict, delete. You may also have rights to change, restrict our use of, or delete your personal information. Absent exceptional circumstances (like where we are required to store data for legal reasons) we will generally delete your personal information upon request.
- Object. You can object to (i) our processing of some of your information based on our legitimate interests and (ii) receiving marketing messages from us after providing your express consent to receive them. In such cases, we will delete your personal information unless we have compelling and legitimate grounds to continue using that information or if it is needed for legal reasons.
- Complain. If you reside in the EU and wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local data protection authority.
Changes to the policy
If we change the contents of this policy, those changes will become effective the moment we publish them on our website.
Affiliates and Partners
How to Contact Me
For purposes of EU data protection law, I, Heidi Burton, am the data controller of your personal information. If you have any questions or concerns, you may contact me at heidi.burton(at)gmail.com