♥ Your Privacy Is Very Important To Us ♥
SECTION 1 – WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
SECTION 2 – CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at firstname.lastname@example.org or mailing us at:
Sticky Chocolate Ltd
21 St Thomas Road
Lytham Saint Annes
Lancs FY8 1JL
SECTION 3 – DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 4 – SECURE PAYMENT
Payments for orders are processed securely via PayPal.
The Payment Card Industry Data Security Standard (PCI DSS) is a standard mandated by the card schemes to increase controls on cardholder data to reduce the risk of fraud. It applies to small businesses as well as larger service providers including PayPal:
- Compliance is a requirement laid down by the card schemes (Visa, MasterCard, Amex etc.) and by using PayPal for payment processing, Sticky Chocolate Ltd is compliant.
- Security: PCI compliance ensures we have procedures in place to protect payment information. Compliance protects our reputation and builds trust with you, our customer.
- Compliance helps us reduce risk of liability in the event of fraud. It also reduces the risk of severe business disruption in the event of a security problem.
PCI DSS requirements help ensure the secure handling of credit card information by our store and its service providers. PayPal handles the card information on our behalf.
SECTION 5 – THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their Privacy Policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 – SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your debit or credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption
Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 7 – COOKIES
To serve you faster and with better quality, we use “cookies”. Cookies are small bits of code, usually stored on a user’s computer hard drive, which enable a Website or service to “personalize” itself for each user by uniquely identifying your browser.
A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Further guidance on how to control cookies in your browser can be found on the Information Commissioner’s Office website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
Here is a list of cookies that we use
We’ve listed them here so you that you can choose if you want to opt-out of cookies or not:
- Google Analytics Cookies: these are set for monitoring and tracking visitors behaviour on the site. Google Analytics cookie usage on websites can be found here: developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
- Limit Login Attempts Cookies: This is used by the Limit login attempts plugin to provide brute force security in logins by monitoring user cookies.
- WooCommerce Cookies: these are used by the WooCommerce plugin to track visitors and their purchased items in the cart.
- WordPress Cookies: these are used by WordPress as tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters to authenticate logged-in visitors, password authentication and user verification.
SECTION 8 – AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your country of residence, or that you are the age of majority in your country of residence and you have given us your consent to allow any of your minor dependents to use this site.
Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
SECTION 10 – What Is The Legal Basis For Processing The Data?
Data collected is done so on the basis of legitimate interest for the business activities of Sticky Chocolate Ltd, included also Recital 47 of the GDPR, “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.”
SECTION 11 – Who We Share Your Data With & How It Will Be Used
We will share your data with GDPR compliant Data Controllers for the legitimate business interests of Sticky Chocolate Ltd.
Data will be processed for the legitimate business interests of Sticky Chocolate Ltd.
We don’t share your data with third-parties in a way as to reveal any of your personal information like email, name, etc. However, some data is transferred and/or stored with third-party services we use, like cloud-based services and payment processors. This is done to provide you with a better overall service and user experience.
Here are the services we use to make our own service better for you:
- PayPal: we use PayPal as our payment processor. During checkout, a client will provide login information and credit card info. This information is processed directly within the PayPal payment gateway – we do not save this data on our website.
Section 12 – How Long We Retain Your Data
Data will be stored for the duration of a clients life with Sticky Chocolate Ltd and where data must be stored longer to fulfill duties of care and within the law.
If you leave a comment on our website, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Section 13 – What Data Breach Procedures We Have In Place
In case of a data breach, system administrators will immediately go through affected users and will attempt to reset passwords if needed after informing the user.
Section 14 – What Rights You Have Over Your Data
All data subjects have the right of portability and disclosure of the data held by Sticky Chocolate Ltd upon submission of a Subject Access Request and the right of erasure if outside of the legitimate business interest of Sticky Chocolate Ltd.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.
You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
For such requests, please email us here: email@example.com
If you believe that any information we are holding on you is incorrect or incomplete, please write to us at the address below or email us as soon as possible. We will promptly correct any information found to be incorrect.
Section 15 – How Can You, The Data Subject, Raise A Complaint?
We suggest all complaints are forwarded to the ICO: ico.org.uk/concerns
Section 16 – Where We Send Your Data
Visitor comments may be checked through an automated spam detection service.
Section 17 – WooCommerce Online Store Website
WooCommerce itself does not receive or store usage data but it does collect information about you during the checkout process on our store:
What We Collect & Store:
While you visit our website, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping/delivery address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order
When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for a minimum of 5 years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.
We will also store comments or reviews, if you choose to leave them.
Who On Our Team Has Access
Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:
- Order information like what was purchased, when it was purchased and where it should be sent, and
- Customer information like your name, email address, and billing and shipping information.
Our team members have access to this information to help fulfill orders, process refunds and support you.
What We Share With Others
We share information with third parties who help us provide our orders and store services to you.
We accept payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information.
Information shared with a payment provider to process payments includes:
- City/State/Zip or Postcode
- Unique payment identifier
- Payment provider identifier
QUESTIONS & CONTACT INFORMATION
If you would like to access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at firstname.lastname@example.org or by mail at:
Sticky Chocolate Ltd
FAO: Privacy Compliance Officer
21 St Thomas Road
Lytham Saint Annes
Lancs FY8 1JL
This policy is effective from 1 January 2016
Last updated on 21 March 2020