Nicola's Fabrics may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 18th Dec 2018.
1.0 OUR CORE BELIEFS REGARDING USER PRIVACY AND DATA PROTECTION
- User privacy and data protection are human rights
- We have a duty of care to the people within our data
- Data is a liability, it should only be collected and processed when absolutely necessary
- We loathe spam as much as you do!
- We will never sell, rent or otherwise distribute or purposefully make public your personal information – that’s a promise
2.0 RELEVANT LEGISLATION
Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
- UK Data Protection Act 1988 (DPA)
- EU Data Protection Directive 1995 (DPD)
- EU General Data Protection Regulation 2018 (GDPR)
This site's compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether this site is compliant with your own country of residences' specific data protection and user privacy legislation you should contact our data protection officer (details of whom can be found in section 9.0) for clarification.
3.0 PERSONAL INFORMATION DATA WE COLLECT AND WHY WE COLLECT IT
We only collect personal information data that is relevant to the purpose of our website. This information allows us to provide you with a customised and efficient experience. We collect the following types of information from our users:
3.1 Order Information Data
When ordering from this website your personal information, including your name, address, contact number, email address, credit card number, expiration date and security code is collected. This information is necessary to take payment for your order, assist us with identifying you, delivering your purchase and contacting you regarding your order.
Your debit or credit card details are verified and processed by our secure, reliable and fully PCI DSS compliant online payment processing gateway, PayPal. All data is encrypted to ensure it cannot be read by anybody else. We consider PayPal to be a third party data processor (see section 6.0 below). Please note we will never ask you for your payment information via email.
3.2 Account Details Data
When making a purchase, during checkout, you are given the option to create an account. Doing this will mean we store your personal information, including your name, address, contact number, email address and delivery addresses in our database. The details held in this account are manageable by you and can be updated (or deleted) at any time. Your account also keeps a record of any previous orders you have placed with us.
The password you use to login to your account is encrypted, meaning the version stored in our database is not saved as “plain text”. It is still important to choose a complicated password when setting up your online account as this is one of the best ways to protect your personal information.
3.3 Contact Form Data
If you choose to contact us via our contact form you will submit your personal information, including your name, contact number, email address and whatever message you choose to send. This information is sent securely using smtp to our email address. No information is stored in our website or database.
3.4 Site Visitation Tracking Data
Like most websites, this site uses Google Analytics (GA) to track user interaction. We do this to determine the number of people using our site, to better understand how they find and use our web pages and help us to build a better service.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this and they are considered as a third party data processor (see section 6.0 below).
5.0 SECURING DATA TRANSFER & THIS WEBSITE'S SERVER
The connection your web browser has to our site is secured with an SSL certificate from Let’s Encrypt meaning any data transferred from our server to your browser (or from you to us) is encrypted and secure. The website is hosted by Siteground within a UK data centre located just outside London.
6.0 OUR DATA PROCESSORS
7.0 DATA BREACHES
Any unlawful data breach of this website's database or the database(s) of any of our third party data processors will be reported to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
8.0 CONTROLLING YOUR PERSONAL DATA
8.1 Data Handling
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen. You may request details of personal information which we hold about you, if you would like a copy of the information held on you please contact us. You may also request that we delete or anonymise any data we hold about you, if you would like us to do this, please contact us.
8.2 Data Controller
The data controller of this website is: Nicola's Fabrics
Whose operating office is:
26 St Thomas Street Lymington Hampshire SO41 9NE
8.3 Data Protection Officer
9.1 Change Log
31st January 2019 - policy instigated