PERSONAL DATA WE COLLECT
When you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers, Pay Pal Information), email address, and phone number. We refer to this information as “Order Information.”
The legal basis for collecting this data is ‘by way of contract’ – we collect this order information in order to provide a product to the customer.
Use of Order Information
We use the Order Information that we collect generally to fulfill any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations).
Additionally, we use this Order Information to: communicate with you or screen our orders for potential risk or fraud.
Storage of Order Information
Order information is stored securely in Shopify. Please read the Shopify privacy statement here: shopify.com/legal/privacy
When you make an order, you can opt-in to hear more information from us. If you opt-in, we keep your name and email address in a separate subscriber database. We refer to this information as “Subscriber Information.”
The legal basis for collecting this data is ‘by way of consent’.
Use of Subscriber Information
We keep this data in order to send you information and advertising communications relating to our products or services.
Storage of Subscriber Information
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.” We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit allaboutcookies.org
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
The legal basis for collecting this data is ‘legitimate interests’.
Use of Device Information
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
Storage of Tracking Information
Tracking Information is stored securely in Shopify and Google Analytics. Please read the privacy statement for Shopify here: shopify.com/legal/privacy and the privacy statement for Google Analytics here: google.com/intl/en/policies/privacy
ABOUT ALL PERSONAL DATA
Sharing your personal data
We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store--you can read more about how Shopify uses your Personal Information here: shopify.com/legal/privacy.
We also use Google Analytics to help us understand how our customers use the Site - you can read more about how Google uses your Personal Information here: google.com/intl/en/policies/privacy/
You can also opt-out of Google Analytics here: tools.google.com/dlpage/gaoptout
Otherwise, we do not share your information with outside organisations.
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
Do Not Track
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
When you place an order through the Site, we will maintain your Order Information in order to provide you with the product. After that point, we will keep this information for our records unless and until you ask us to delete this information. See our contact details at the bottom of this policy. Equally we will keep your Subscriber Information on the subscriber database unless you unsubscribe by clicking the link on our newsletters or by emailing us at email@example.com.
Security, quality and risk management activities
We take the security of all the data we hold very seriously and have security measures in place to protect our and our clients’ information (including personal data).
We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
Individuals who are European resident have certain rights over their personal data and data controllers are responsible for fulfilling these rights. These rights are listed below:
Access to personal data - You have a right of access to personal data held by us as a data controller.
Amendment of personal data - You have a right to update personal data submitted to us. Once we are informed that any personal data processed by us is no longer accurate, we will make corrections based on your updated information.
Withdrawal of consent - Where we process personal data based on consent, individuals have a right to withdraw consent at any time.
Other data subject rights - This privacy statement is intended to provide information about what personal data we collect about you and how it is used. As well as rights of access and amendment referred to above, individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion, to restrict or object to our processing of personal data and the right to data portability.
Complaints - We hope that you won’t ever need to, but if you do want to complain about our use of personal data, you have the right to do so and we will look into and respond to any complaints we receive.
You also have the right to lodge a complaint with the Information Commissioner's Office (“ICO”) (the UK data protection regulator). For further information on your rights and how to complain to the ICO, please refer to the ICO website.
European residents please note that your information will be transferred outside of Europe, including to Canada and the United States.
How to exercise your individual rights
To exercise any of the above rights, please do so by email to: firstname.lastname@example.org
or in writing to:
Festival of the Spoken Nerd
F2 Church House
Changes to this privacy statement
We recognise that transparency is an ongoing responsibility so we will keep this privacy statement under regular review. This privacy statement was last updated on 23 May 2018.
Data controller and contact information
If you have any questions about this privacy statement or how and why we process personal data, please contact us at the contact details above.