Hello! This page gives you details on how I collect, use, and protect
your data when you visit my shop (lupin.bigcartel.com), make a purchase from
me, or contact me about your order.
If you have any questions about this policy or want to contact me (Laura Howard) about the use of your data, please get in touch at firstname.lastname@example.org.
Data collected when you make a purchase from my shop:
If you make a purchase from my shop I collect information (provided by you) in order to be able to complete that transaction: e.g. your name, email address, postal address, etc. I also use this data to keep necessary records for my business. My legal basis for processing this data is legitimate interests.
Please note: you may also submit financial information (such as your credit card details) during the payment process via Paypal but I never have access to this information.
Data collected when you visit my shop:
Big Cartel shares some of this information with me in aggregate, so I can get an overview of how much traffic my shop is getting, which pages or items are most popular, etc, so I can better manage my shop and my business as a whole. My legal basis for processing this data is legitimate interests.
You can decline the cookies used in my shop using your web browser if you wish, but it may affect your experience. You can learn more about cookies at www.allaboutcookies.org.
Data collected when you contact me:
If you contact me directly - for example, by sending me an email or messaging me on social media - I will receive the information provided in the message format (e.g. your name, email address, social media username) and any additional info you include in the message itself. I will use this information to reply to your message(s) and to provide you with good customer service. My legal basis for processing this data is legitimate interests.
Please note: If you leave a comment on my blog or social media feeds, remember that any personal information you provide is publicly visible and may be viewed by anyone.
I am legally required to keep transaction-related data for six years for tax purposes. I will retain other data for as long as necessary for managing my business, giving good customer service, etc, and always for as little time as possible.
Third party services:
I use various third party services to host my shop and blog, process transactions, manage my newsletter, back-up my data, etc. I will only share data with these services to the extent that this is required for the running of my business / the use of the services. For example, if you subscribe to my newsletter via MailChimp then that info will be stored by MailChimp so I can use their service to send and manage my newsletters.
Here's a list of the third-party services I currently use for my business: Paypal, Etsy, Big Cartel, Google (Blogger, Google Analytics & Gmail), MailChimp, Dropbox, Facebook, Instagram, Twitter.
Please note that I may very occasionally also be required to share data with third parties when I am legally required to do so, for example if I am contacted by the police investigating illegal activity.
Recent data protection legislation has strengthened your rights in relation to your personal data. Your rights now include the right to be informed, the right of access to your data, the right to rectify errors, the right to erase your data, the right to restrict processing, the right to data portability, and the right to object. Visit the Information Commissioner's Office website (www.ico.org.uk) to read more about these rights and how they apply to different types of data processing.
There will be no fee to exercise any of these rights and I will carry out your request within a month. If your request is excessive or repetitive I reserve my right under the current data protection legislation to charge a reasonable fee, take a reasonable amount of additional time to carry out your request, or, in extreme circumstances, refuse to carry out the request.
You also have the right to complain to the ICO here in the UK (www.ico.org.uk) about my handling of your data. If you have an issue, please do contact me first so we can resolve things. You can also contact me (at email@example.com) if you wish to exercise any of your rights - for example, if you would like me to delete certain data I hold, or update your contact information.