Updated: 24 May 2018
1) how to contact us
2) what personal information we collect
3) how and why this information is collected
4) third party organisations
5) your rights when it comes to your personal information
7) how we keep your information secure & confidential
8) how long your information is kept for
1) Contact Us
Firstly, we think it is important to highlight that you can contact us if you have any queries relating to our use of your personal data, or any other data protection questions. You can do so either by email at: email@example.com or by mail at: Christmas Eve Boxes, 41 Chatsworth Avenue, Carlton, Nottingham NG4 3JL. We would like to stress that we keep your information confidential and do not pass on any of your information outside of the Third Party organisations associated with us, which are documented in this policy.
2) Personal Information We Collect
2.1 Registering on our website stores your Billing Information – First name, Last Name, Company, Email Address, Address, City, Post code, Country, Telephone Number & Password on our website (Registering on our website is not a requirement – you are able to checkout on our website as a guest). To create an account, you must OPT-IN to do so, by ticking the check box on the checkout page.
2.2 Making a purchase directly on our website provides us with:
– Billing Information – First name, Last Name, Company, Email Address, Address, City, Post code, Country, Telephone Number
– Shipping Information – First name, Last Name, Company, Email Address, Address, City, Post code, Country, Telephone Number
– Choice Of Payment Information – Stripe Payment Transaction or Paypal
– IP Address
2.3 Making a purchase over the telephone provides us with:
– Billing Information – First name, Last Name, Company, Email Address, Address, City, Post code, Country, Telephone Number, Fax Number
– Shipping Information – First name, Last Name, Company, Email Address, Address, City, Post code, Country, Telephone Number, Fax Number
– Payment Information – 16 Digit Card Number, Name On Card, Expiration Date, Card Security Code (CSC)
2.4 Visiting our website, we may collect information on your browsing behaviour and devices you have used to access our website (including your IP address, browser type & mobile device identifiers) – This is elaborated in our “Third Party Organisations” section.
3) How & Why This Information Is Collected
3.1 Online Order Purchases
– You provide this information to us by filling out the appropriate forms on the website, when placing your order with us. We use this information internally so that we can send your goods to the address provided. Your email address and telephone number are used to update you on your order.
3.2 Telephone Order Purchases
– You provide this information to us verbally, when placing your order with us. We use this information internally so that we can send your goods to the address provided. Your email address and telephone number are used to update you on your order. You will also provide us with your payment information verbally. This is so we can charge your payment method with the agreed total sum for the goods ordered via our online payment gateway with Stripe.
3.3 Internal reporting, insights & analysis
3.4 Newsletter Promotions
We make it clear to users how they can receive our newsletter and users must use the checkbox provided to opt-in to receiving the Newsletter. The information gathered here is your First Name, Last Name and Email Address. The Data Handler for this information is Mailchimp. More information is provided in the “Third Party Organisations” section.
4) Third Party Organisations
Your personal information that we collect is confidential and information is only disclosed to a third party in the following circumstances:
When placing an order either through our website or over the telephone, we use Stripe as our primary payment method to handle the transaction. Stripe will collect the Billing Information that you provided to us and process the payment transaction via their secure payment gateway. More information can be found on the Stripe website – https://stripe.com/gb
PayPal is a secondary payment method used to handle our payment transactions. It is only applicable to orders placed through the website (we do not process telephone orders through PayPal) and you can make the choice of payment method when you reach the checkout page on the website. Paypal will collect the Billing Information that you provided to us and process the payment via their secure payment gateway. More information can be found on the Secure Trading website – https://www.paypal.com
5) Your Rights When It Comes To Your Personal Information
You have the rights to request a copy of any personal information we hold on you, if requested in writing. Under the General Data Protection Regulation (GDPR), you now have the rights to the following:
5.1 Right to Correct
You can have your information rectified if it is inaccurate or incomplete
5.2 Right to Erase
Certain personal information can be removed from our systems. However it is noted that at least one form of contact method is required to be kept on file incase we need to contact you for any reason relating to your order.
5.3 Right to Restrict Our Use Of Your Information
You have the right to block us from using your personal information, or limit the way in which we can use it.
5.4 Right to data portability
You can request that we move, copy or transfer your personal information.
5.5 Right to object
You can object our use of your personal information including where we use it for our interests. We will stop processing your personal information for our analytical purposes.
The information is collected by Google Analytics and no personally identifiable information (such as your name, email address or IP address) is collected – it is all annoymous.
7) How We Keep Your Information Confidential And Secure
Your information is stored on our secure servers based in the United Kingdom and we take all steps necessary to ensure your data is secure.
7.1 Network Security
We have monitoring tools to alert us to any unauthorised access on our network and systems
7.2 SSL Encryption
The front-end and back-end of our website has an SSL certificate installed – this can be visible by the green padlock. This ensures the data transmitted & received is encrypted.
Any information sent within the enquiry form on our website is received to our Email inbox. Access to this account is strictly for Christmas Eve Boxes employees only. Employees have been given training in how to keep this information confidential.
7.4 Firewalls & Anti-Virus
We use up-to-date Anti-Virus & Firewall software to ensure any computers accessing sensitive information is secure.
7.5 PCI DSS
We comply with the Payment Card Industry Data Security Standards (PCI DSS) in relation to debit & credit card payments made on our website.
7.6 Two Factor Authentication
Access to our payment gateways require Two-Factor Authentication to log in – another level of security.
7.7 Secure Premises
Our offices & warehouse are protected by alarm & CCTV systems.
7.8 Telephone Orders
Any sensitive information taken on paper documents is shredded immediately after it is inputted onto our website.
We make every effort to ensure that this website is free from viruses or defects. However, we cannot guarantee that your use of this website or any websites accessible through it won’t cause damage to your computer. It is your responsibility to ensure that the right equipment is available to use the website and screen out anything that may damage it. We shall not be liable to any person for any loss or damage which may arise to computer equipment as a result of using this website.
8) How Long Your Information Is Kept For
We will keep your order history within the system of our website until we deem it safe to remove – please note that we need to retain some information incase of product recalls. We may also keep this information on backup or archival media for tax, legal or regulatory purposes.
Order History is currently kept on our website 24/05/2018 to present.
Any orders before this point are currently archived offline on a media format.