2. In purchasing we will securely store only the pertinent details required. This will be email, name and postal address in order to ship product.
Your consent is given upon completed transaction. Should you wish removed from history or to have what information our organisation holds, you can email us (ICO 2.6)
3. In signing-up for newsletter (all purchasers will be automatically added) you agree to receive not more than one promotional per month. You can unsubscribe at any time! Any issues contact us direct.
4. Our business is registered with Information Commissioner’s Office (00017938523) and we have carried out self-assessment also, to ensure data is safe and processed appropriately and safely.
5. Under no circumstances will we ever share any data we hold to any 3rd Parties.
6. Our website uses google analytics. This is small code that allows us to improve our website and business as a whole. E.g. the google keyword, or the Instagram link that brought user to site. It will also tell us summary of time spent on site and if visitor purchased.
a. We do not store this information. We can access google account, to see where user (estimated) is accessing the website from, and if first or repeat visit.
b. We are against data harvesting and only use this to give us a sense of whether we need to change site layout, Search Engine Wording, or to see if any paid marketing we embark upon, has increased visitor numbers to our website.
c. The pop-up notification on first entering site outlines this use of Google Analytics and also Cookies. (ICO 2.8).
7. We see the purchase of, or signing-up to newsletter as ‘legitimate interest’ for lawful processing of data. (ICO 1.7) Meeting GDPR requirement.
8. (ICO 2.1) We are hereby stating all privacy rights and usage of information.
a. We will not use any individual’s information, apart from email for newsletter.
b. Individuals may contact company and we will show what we hold and if required can be expunged from records (2.3 and 2.5).
9. Woolly Willow Ltd has a data protection policy. We will review annually, or as matter of urgency should any customer/client contact us in regards any aspect of the GDPR legislation or with any concerns or queries. We will handle only basic information that cannot be used to profile customers, will be securely and responsibly handled, that our IT systems are up to date and meet insurance requirements and also we have not ulterior motive (e.g. passing or selling of details) in our use of your data, and only store for 1) shipping product and 2) newsletter, as per point 7 above.
10. Our Data Protection (ICO 3.4) policy ensures we comply with minimising what is stored, our uses and also that we use industry standard Information Systems. E.g. WordPress, Avast Antivirus, Avast Cloud, Windows 10. We do not print or store customers information/data out with the WordPress system. Our WordPress install has firewall and antivirus software constantly running, as well as being hosted on industry leading servers. We use reputable firm: Namecheap servers, Namecheap Professional Cloud Email, and Secure Socket layer to give (to our knowledge) the safest way and transparent way (to our customers) of operating the business.
11. Data Protection Impact Assessment (ICO3.5) any known breach or reports of spam coming from our email or website, will result in us taking mailboxes/website offline. Personally contacting customers to inform them (ICO4.2). See point 13.
12. Data Protection Officer – not require but volunteered (ICO3.6) – is Andrew Whiteford who will manage data (ICO3.7). Andrew has a Business Information Technology Degree and has worked in IT for over 15 years. Any breach will be investigated and reported to and full cooperation with ICO and customers (ICO 4.2)
13. International Transfers – we will not be transferring data to any 3rd party, with the EU or outwith. We may have overseas customers, their data will be handled as per above statements.
14. Our ICO summary on self-assessment (after registering the business informing the ICO of what data we collect and how we use it), their recommendations were:
a. Ask individuals to opt-in (cookies and google analytics handled at page load)
b. Use plain and clear language (Achieved above)
c. Specify why you need data (point 1, 2 and 6).
d. Inform individuals they can withdraw consent ( Point 2).
e. We have performed Risk Analysis and Assessment and appointed Data Protection officer. (point 13)
We believe that the above is a thorough break-down and is a reassurance of the integrity of our company, and that trust can be agreed in how we handle any information that is processed or stored.
Any queries or comments contact us or email: firstname.lastname@example.org