Data Protection, Privacy & Cookie policies

Sharon Windebank is the individual that owns and manages this website.I am committed to protecting your privacy and maintaining the security of any personal information I receive from you. I strictly adhere to the requirements of the data protection legislation under EU General Data Protection Regulation (Regulation (EU) 2016/679) and EU ePrivacy Regulation (ePR).

GDPR and ePR

This privacy policy sets out how Sharon Windebank uses and protects any personal information that you give when you use this website or buy my products. I respect and protect your privacy. If I ask for information that enables you to be identified when using the website, I will only use it in accordance with this privacy statement.

The GDPR and ePR gives specific rights to people with regard to their personal data and duties to those collecting and processing it as follows:

For those collecting data (me):

– the data must be collected lawfully and transparently
– it must be used only for the reason stated for its collection
– data collection should be limited to that necessary data for the stated purpose
– data must be kept accurate and up to date
– data must only be stored as long as necessary for the purpose for which it was collected
– data security and integrity must be maintained

Individuals providing data (you) have the following rights:

– the right to be informed of the data held
– the right of access to that data
– the right to rectification of any incorrect data
– the right to erasure
– the right to restrict processing
– the right to data portability
– the right to object; and
– the right not to be subject to automated decision-making, including profiling.

This means that I will request explicit consent for the collection and holding of personal data and for processing it for specific purposes, as described below.

I may collect the following information:

– name
– contact information, including email address and telephone number
– geographic information like an address and postcode
– legally required information such as business VAT numbers
– past order history
– other information such as where you heard about me
– product reviews and feedback on my service

I collect the information in order to provide you with a better service and products, in particular for the following reasons:

– to provide you with the goods and services you have ordered from me
– internal record keeping and accounting, including legal obligations such as VAT numbers
– to improve my products and services
– if you consent, I may use your email address to contact you with news or promote new products, special offers or other information I think you may find interesting

If you create an account in the online shop this will enable you to place orders more quickly.

If you sign up for the newsletters, this is done directly into the Mail Chimp database so I rely on their confirmed compliance for this, and check it regularly.

If you follow me on third party platforms such as Facebook, Twitter or Instagram, you will be relying on their data protection and not mine.

Managing your information

I do not pass any information I collect to anyone else for any purpose with the following exceptions:

– to our delivery partners (Royal Mail, Parcel Force, TNT) solely for the purpose of effecting delivery of your order.

– to specific third parties such as Mail Chimp in order to deliver my newsletters, and I check with them that the data is secure and used only for the stated purpose

– where legally obliged to do so

I undertake impact assessments for any new information streams or processing methods.

I normally store most information electronically in a computer system, which has encryption, anti-virus and malware protection measures, and back-up facilities. Some information is stored remotely in the cloud.

Some information such as past orders, is additionally stored in paper format and I do store this for as long as possible to make it easier to discuss future orders with customers. Normally I will not destroy this paper or electronic information unless and until notified by you that it should no longer be kept as I know that some of my customers rely on this for future orders even after a gap of several years. I will not give past order information to anyone other than the specific customer unless requested to do so by that customer.

Iwill normally archive information on people who have not been in touch with me for six years and destroy information on people who have not been in touch with me for more than ten years unless I am legally obliged to retain it.

Transactions using bank information

Where I receive payments in the online shop, I use a secure payment service, PayPal or Stripe, so that all your data is protected by their systems. I am obliged to undertake regular monitoring to comply with the PCI-DSS (Payment Card Industry Data Security Standard) system run by banks and payment processors to ensure this.

I do not accept any payment information by email or post so please do not send it to me.

Security

I am committed to ensuring that the information you give me is secure. In order to prevent unauthorised access or disclosure, I have put in place suitable physical and electronic measures that safeguard and secure any information I collect on-line.

As keeping information about you secure is important to me, the website uses SSL encryption, or a comparable standard, for data transmission.

If I become aware of a data breach I will inform the Information Commissioner’s Office (ICO) and also notify anyone I believe may have been affected.

Cookies

A cookie is a small text file stored by your browser that is used to hold information related to your visit to my website. It may include shopping basket items and data that helps me analyse web traffic.

Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

Overall, cookies help me provide a better website. They enable me to monitor which pages you find useful and which you do not. A cookie in no way gives me access to your computer or any information about you, other than the data you choose to share with me.

You can accept or decline cookies. Most web browsers automatically accept them, but if you prefer you can usually modify your browser setting to decline cookies. But this may prevent you taking full advantage of the website.

I use the information collected from these cookies to compile reports and to help me improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. This information is used for statistical analysis purposes only. It is then removed from the system.

If you are unsure of how to disable cookies I suggest visiting the aboutcookies.org website which offers guidance for most modern browsers.

Links to other websites

The website contains links to other websites that you may find of interest.Please note that once you have used these links to leave my site, I do not have any control over the other website.I can not, therefore, be responsible for the protection and privacy of any information which you provide while visiting other sites not governed by this privacy statement.Please exercise caution and look at the privacy statement applicable to the website in question.

Controlling personal information

You may choose to restrict the collection or use of your personal information in the following ways:

– Whenever you are asked to fill in a form on the website, tick only the boxes for which you are giving consent

-If you have previously agreed the use of your personal information to receive the newsletter but wish to unsubscribe from it you may do so by using the link provided in any of the newsletters.Alternatively, let me know in writing, or email me at mail@sharonwindebank.com .

I will not sell, distribute or lease your personal information to third parties unless I have your permission or are required to do so by law.

You may request details of personal information which I hold about you under the Data Protection Act 2018 and GDPR 2016/679. If you would like a copy of the information held on you please write to me at 24 Deer Park Road, Stoke Fleming, Dartmouth, Devon, TQ6 0QW, UK. I am obliged to respond within a month

If you believe that any information I am holding on you is incorrect or incomplete, please write or email as soon as possible.I will correct any incorrect information as soon as I can.

You may ask me to remove all or part of the information about you and I will do so, confirm to you that I have done so and then hold a record to show that I have done this, which will therefore include your name and contact details for legal compliance reasons. If you wish to have any part of the information I hold about you removed please write to me at the above address.

Amendments

If I change this policy, which I may do occasionally, this page will be updated as appropriate. So to ensure that you are happy with any changes, you should check this page from time to time. This policy is effective from 1 September 2018.