SECTION 1 – WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
SECTION 2 – CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at email@example.com or mailing us at: Ewhurst Holdings 97 Honeycrock Lane, Redhill, SRY, RH1 5JN, United Kingdom
SECTION 3 – DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
If you choose a direct payment gateway such as PayPal to complete your purchase, then Paypal will store your credit card data. It is encrypted and is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
We store information about your session (referrer, landing page, etc).
We note your visit, persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits. Also we count the number of visits to a store by a single customer, expires midnight (relative to the visitor) of the next day,
Our cart and unique token is persistent for 2 weeks, Stores information about the contents of your cart.
Your unique token is stored indefinitely when you have used a password, this is used to determine if the current visitor has access.
AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
(a) to the extent that we are required to do so by the laws of England and Wales and the EU’s GDPR;
(b) in connection with any legal proceedings or prospective legal proceedings;
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); and
(d) to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling.
International Data Transfers
Depending on the nature of your enquiry and relationship with us, personal information that you consent to provide to us may be processed in the UK and or in locations outside the UK in order to deliver our service to you.
For instance, if you are based in the United States and submit information to us via email, from an email account hosted in the US, your email hosting provider will have processed the data you sent. If we reply to that email address, even though we are in the UK, we may be transmitting your data across international boundaries.
Anonymous website analytic data that is collected from your use of our website may also be transferred, processed and stored, for example, on Google’s servers outside the UK and EU.
We have taken reasonable technical and procedural precautions to prevent the loss, misuse or inadvertent alteration of your personal data. We will store all the personal data you provide in secure servers or systems.
However, we cannot guarantee the security of any data you choose to send to us over the internet. Our website does however use an SSL certificate to help ensure that any information sent to us through it, is more secure than it otherwise would be.
If you look in the address bar of your browser, when visiting our site, you will see the letters https. The S stands for secure and means that information sent to us through our site is sent to us through an encrypted channel.
Key Rights according to General Data Protection Regulation
The GDPR gives you important rights over your data. This means you can:
- Object to your data being processed
- Ask us to delete it
- Ask us to rectify it
- Ask us to restrict the use of it
- Ask for access to it
- Ask for it to be ported (transferred)
- Confirm what data we process and why
You can submit what’s called a Subject Access Request to us – at any time – in relation to your rights above by contacting us. We comply with these requests within one month (unless there are mitigating circumstances e.g. legal reasons not to.)
Giving and Withdrawing your Consent to be Contacted
In certain circumstances, we may need to have your consent to process your data.
- We may ask for your consent, for example, when you fill in one of our contact forms and you provide your consent by ticking the box on the form.
- We also keep a record of your consent until we no longer need to.
Porting and Providing you with Confirmation of what Personal Data we Process
You may instruct us at any time to confirm or port (transfer) any of the personal data we process about you. Please tell us the following:
- Whether you want to port your personal data or confirm what personal data we process, or both.
- What information you require to be ported or confirmed e.g. all your personal data or a specific detail.
- What format you would like your personal data to be confirmed in e.g. spreadsheet, PDF, Word doc etc.
- Which email address you would like us to send it to, or if not email, an alternate electronic medium or system.
- When you would like to receive it i.e. a date and time.
- Any urgency associated with the request.
We will endeavour to carry out your instructions within 30 days of receiving your request, but this is subject to your having provided us with all the detail above along with any other relevant information that is necessary to be able to carry out the work.
Also, if you would like us to port (transfer) your personal data, please be aware that if we don’t think your chosen medium and format will be secure, or put your personal data at risk, we will tell you and discuss alternatives with you.
Purging (deleting) Your Personal Data
You may also instruct us to purge (delete) any and all information we hold about you at any time.
We will endeavor to do this with respect to your wishes and compliance with the applicable laws of England and Wales and or EU laws and regulations i.e. GDPR.
We will endeavour to delete all the information we hold about you in the time frame you request, but depending on the nature of your request, and any third parties involved, this may not be possible.
This is because of our legal obligation to retain certain types of customer information for certain time periods e.g. for tax and or accounting purposes, we may need to keep your contact details on file for longer periods if they appear on an invoice or receipt for example.
In any and all cases, we only ever keep information on file for as long as it is needed with respect to the services you have enquired about and or that we have agreed to provide you, or to meet a legal requirement.
Updating Your Personal Data
You can and should instruct us to correct or update any personal information we hold about you e.g. if you change your name or address for instance.
Social Media Advertising
We may from time to time advertise websites we have built on Social Media such as Twitter, Facebook, Google+ and Instagram, along with links to those sites, this could include yours. We only publish the company details and do not publish your personal details on these posts. We do not publish personal sites on Social Media.
Finding out More About Your Rights under GDPR
You can find out more about your rights according to GDPR by visiting the Information Commissioner’s website (UK).
Changes to this Policy
You should check this page occasionally to ensure you are happy with any changes. If you have any questions about this policy, please contact us as soon as possible and we will endeavour to answer your question as quickly and clearly as we can.
More Information About Data Protection
The website of the Information Commissioner’s Office (UK) also has to more detail about data protection and your rights.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our GDPR Compliance Officer at firstname.lastname@example.org or by mail at Ewhurst Holdings 97 Honeycrock Lane, Redhill, SRY, RH1 5JN, United Kingdom
This policy was updated on the 11th June 2018