Here at Caterpillar Cross Stitch, we understand that privacy is important to you and that you care about how your data is used. We respect and value the privacy of all of our customers and we only collect and use personal data as is described here and in a way that is consistent with the General Data Protection Regulation (GDPR) and your rights under the law.
Information About Us
Limited Company Name: Concord Legal Limited T/A Caterpillar Cross Stitch registered in England (Company Number 8347850).
Postal and Trading Address: Unit 51, De Montfort Business Centre, Warwickshire, CV8 1DE
Data Protection Officer and Regulator: Sally Wilson
Email Address: firstname.lastname@example.org
Telephone Number: 07834906193
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
What This Policy Covers
This policy explains what data we hold, how we use your data, how it is collected, how it is held, how long it is held, the legal basis for using it and it also explains your rights under the law relating to your personal data.
What Is Personal Data
Personal data is defined by the GDPR EU Regulation 2016/679 as any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. Simply put, personal data is data about you that enables you to be identified. Personal data can be your name, gender, date of birth and contact details but it also covers other information such as financial, transactional, useage, marketing and communications or technical data. The personal data we hold is covered below.
What Are Your Rights
Under the GDPR, you have certain rights which we always work to uphold.
For more information please visit: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
How We Collect Data
Direct Interactions - by filling in forms on our website or by communicating with us by post, phone, email or otherwise, including when you order products, create an account, subscribe to newsletters, request materials are sent to you, entering a competition or providing feedback.
Our website is hosted by Shopify and they store your data on a secure server.
We may receive personal data about you from various third parties and public sources for example Google based outside the EU, data from providers of technical, payment and delivery services for example PayPal based outside the EU, identity and contact data from sources such as Companies House and the Electoral Register based inside the EU and contact information from Mailchimp, an automated marketing service provider based in the USA.
How We Use Data
Where you have provided us with your data, we may use this data to provide you with products, to notify you of any changes, to ensure effective presentation of the content within our products and site for you and for your device and to obtain your feedback.
Where you have indicated to us that you are happy for us to do so, we may also use this data to provide you with information about other products we offer that are similar to those that you have already enquired about or received from us.
If you are an existing customer (prior to 25th May 2018) or have already given us consent to do so, we may contact you by email with information and news about products similar to those which you have previously bought from us or have indicated that you are interested in.
We will only use your personal data when legally permitted for example, where we need to perform the contract between us, where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests or where we need to comply with a legal or regulatory obligation.
We do not generally rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email. You have the right to withdraw consent to marketing at any time by contacting us using the details above.
We will get your express consent before we share your personal data with any third party for marketing purposes. You can request at any time that we stop sending you marketing emails (by contacting us using the details above).
Where you opt out of receiving marketing emails, this does not apply to personal data provided to us as a result of a purchase or other transactions. We will only use your personal data for the purposes for which we collected it. If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground of processing. We may process your personal data without your knowledge or consent where this is required or permitted by law.
We may share your personal data with our suppliers and sub-contractors to allow us to fulfil your product order only where they are under a duty to deal with your personal data in accordance with the law in force at the time. We may also share your data with third parties that assist us in the improvement and optimisation of our site.
We use third party processors and as such may share some or all of the data we hold about you with them. We have to ensure third parties we use comply with the law and treat your data with the care and respect it deserves. For more information about what the third parties we use do with your data, please refer to their own policies.
We will disclose your personal data to third parties in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
Where We Store Data
All data you provide to us is stored on our secure servers or on secure servers operated by a third party. Unfortunately, the transmission of data via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot completely guarantee the security of your data transmitted to our site. Any transmission is at your own risk. Once we have received your data, we will use strict procedures and security features to try to prevent unauthorised access.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data only to those employees, agents, contractors and essential other third parties who have a business need to access the data. They will only process your personal data in accordance with our instructions and they are subject to a duty of confidentiality.
We have procedures to deal with any suspected data breach and we will notify you and any applicable regulator of a breach where we are legally required to do so.
We will not store your personal data for any longer than is necessary. If you are a user of our services, then your data will be held for as long as you continue to use our services. In determining the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
You will not have to pay to access your personal data (or to exercise any of your other rights) however, we may charge a reasonable fee if your request is unfounded, repetitive or excessive, or we may refuse to comply with your request.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to it. We will endeavor to provide a response to all legitimate requests within 28 days. It may take us longer if your request is particularly complex or you have made a number of requests.
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
Changes To This Policy
By using our website, you (the visitor) agree to allow third parties to process your IP address, in order to determine your location for the purpose of currency conversion. You also agree to have that currency stored in a session cookie in your browser (a temporary cookie which gets automatically removed when you close your browser). We do this in order for the selected currency to remain selected and consistent when browsing our website so that the prices can convert to your (the visitor) local currency.