General Data Protection Regulation Policy (GDPR)
GENERAL DATA PROTECTION REGULATION POLICY (GDPR)
1.1 WHAT DATA DOES Ellie Bath Bomb COLLECT?
When an order is placed via our website (either www.elliebathomb.co.uk or www.etsy.com/uk/shop/EllieBathBomb we ask for the following information in order to process your items and dispatch them to you –
1.2 HOW DO WE COLLECT THIS DATA?
This data is supplied to Ellie Bath Bomb at the checkout process from STRIPE merchant services. We receive the details you select at the time of your ordering. Information is them stored on our website account, so we can book couriers and dispatch your parcel to the correct address. We receive an email via STRIPE confirming a purchase has been made and the address you have requested we send the items to.
1.3 WHY DO WE COLLECT THIS DATA?
We require your full name and address so that we can send your parcel to the correct place of residence once it has been completed. We also ask for your email address so we can get in touch with you should there be a problem and this is also required by our courier company APC. We also ask for a contact telephone number – this is required by our courier company APC in case of any issues with delivery and for text / email updates on parcel tracking.
1.4 DO WE SHARE THIS DATA?
Your name, address, email and telephone number are shared with the following –
UPS, ROYALMAIL, DPD couriers – name, address, email and tel number
Hermes couriers – name, address and email
We do not share your data with any other outside individuals.
2. USING YOUR DATA FOR MARKETING
2.1 OPTING IN
We require your permission to send any marketing or promotional emails. People must subscribe to our mailing list of their own volition in order for us to use the date you supply. If you do not subscribe, your email address will never be used for this purpose.
2.2 OPTING OUT
If you subscribe to our mailing list but decide you no longer wish to, you can unsubscribe at any time by clicking the unsubscribe button on any newsletters we send. Alternatively you can email firstname.lastname@example.org and ask us to unsubscribe. Once removed you will no longer receive any marketing material.
3. HOW DO WE KEEP YOUR DATA SECURE?
3.1 DATA STORED DIGITALLY
The information collected during the checkout process is stored on our website server. Our websites are hosted through WordPress and they employ the following security measures to ensure all of the data collected is secure –
* WordPress employ full time security consultants, dedicated to the security of customer information
* WordPress is Payment Card Industry Data Security Standards (PCI DSS) compliant and is accredited as a level 1 service provider and merchant. This standard helps create a secure environment by increasing card holder data, thus reducing credit card fraud. They regularly perform internal security audits to maintain ISO/PCI security certifications.
* WordPress signup and login services are completed through a secure server (HTTPS/SSL)
* WordPress uses cryptography hash functions to protect information. Passwords are stored as a hash digest and in the event of a security breach, original passwords cannot be recovered from the servers.
*Wix.com is certified under the EU-US Privacy Shield Framework and the Swiss-US privacy shield framework as set forth by the U.S Department of Commerce, regarding the collection, use and retention of personal information transferred from the European Union and Switzerland to the United States, and therefore adheres to the Privacy Shield Principles.
* WordPress is currently developing the tools to allow the right to access and the right to be forgotten, which will meet the GDPR requirements.
We do not store or print out your information, other than for the use of courier labels and a copy of your invoice contained with your parcel. We do not keep paper copies of personal information or orders.
We employ security measures on all of our devices to ensure data is stored securely. All laptops and mobile phones
are security password protected.
3.2 DATA STORED AS A HARD COPY
We do not store any hard copies of invoices / orders / personal information. We print out a copy of your invoice which we place in your box with your order. All information relating to your order is stored digitally with STRIPE merchant services and WordPress hosting.
4. REQUESTING A COPY OF THE DATA WE HOLD
4.1 THE PROCESS
You can request a copy of all the data we currently hold on file for you. We are legally required to provide this to you free of charge and within a month of the original request. Currently we do not hold any customers details on file.
5. REQUESTING WE DELETE ALL DATA WE HOLD
5.1 THE PROCESS
If you want us to delete all information we have on file, we are legally required to do so, should you request it. See above.