Privacy tenets we stand by
- We do not and will not share, rent or sell your personal information to any party that is not directly related to the process of fulfilling an order you have placed with us, without your express consent. We explain below what the process involves.
- Your name, email address, phone number and shipping address are confidential and will only be used for the purposes of fulfilling any order you place with us, or to reply to your questions.
- We will not send you any marketing communications unless you have specifically expressed a wish to receive such correspondence.
- You have a right to view any information we hold as a result of previous contact or previous orders, and to request that it be moved, corrected, amended or deleted.
- We work hard to ensure our policies and systems are up to date and reflect all the latest security and data protection legislation so that your transactions and any data you share with us, are secure.
This policy aims to cover the following key points:
- What information we collect about you and how we use it
- How we share your information (third party apps)
- How long we retain your information
- Your rights
- Our obligations
- More information
1. What information we collect about you and how we use it
1.1. Essential information we collect about you and how we use it
In operating our online store, it is essential for us to capture some information about your device, such as your IP address and information related to your visit when you browse our store. For example, this might include a time-stamp, the last page or product you visited, any referring links or the indication that you logged in. We do that in order to:
- remember who you are after you log in so that you do not need to authenticate at each click;
- monitor if our website is running with the high performance we are dedicated to providing;
- let you browse between products without having to start back from the home page at each click;
- remember if you put something in your shopping cart before you decide to checkout; and
- control that your data is processed securely.
1.2. Information you expressly provide and how we use it
1.2.1. On placing an online order
If you buy something from our online shop, we will need some specific information about you. To fully process your order and ship the merchandise you selected, we need your personal data such as your first and last name, your email address, your shipping and billing addresses, and a phone number. By placing an order on our website your consent to us receiving this information is implicit.
We will use your contact and order information to send you communications related to the processing of your order. We will ask you to provide this information in our “checkout page” before you finalise your purchase.
If you have completed a purchase, we may sometimes send an email to ask you to review the product you bought. We want to be sure that whether you love your purchase or found an issue you wish to raise, you can share your opinion with other customers.
If a manufacturer alerted us to any safety issues regarding our products we would contact you to let you know of this and potentially, to arrange a recall.
1.2.2. On shopping with us in person
We do not retain any of your details when you shop with us in person from our shop, the exception to this is when you leave with us any items to be repaired, where we do require some of your contact details in order to update you about your repair. Once the repair is returned, your data is disposed of securely.
Our credit card payments provider will retain email addresses/phone numbers previously entered to enable receipts to be sent to you the next time you shop with us and pay using the same credit card. We do not have access to any of these details.
1.2.3. On creating an online account with us
1.2.2. On signing up to our email newsletter
You may opt in to receive our newsletter by email. We only send a handful of newsletters in a year, but receiving these is entirely your choice. We will not add you to our mailing list without your express consent.
2. How we share your information (third party apps)
We use a number of carefully selected companies to help us run our business and placing an order with us may mean that your information is used by these third party providers to enable us to process your order and payments, or to send you relevant marketing communications that you have signed up for:
- Website hosts/E-commerce providers: We use an external provider to run our store, BigCommerce. BigCommerce is based in the US and is a participant in the EU-US Privacy Shield Framework and committed to providing best-in-class service and data protection. You can check its participation in the Privacy Shield here on the official site of The International Trade Administration (ITA), U.S. Department of Commerce. Our site is protected by strong 2048-bit SSL Certificate encryption, so your transactions are secure.
- Other E-commerce providers: As well as BigCommerce, we also sometimes use other specialised external providers to sell our products, companies such as eBay, Etsy and Amazon.
- Payment: We use Stripe and Paypal to process online payments, and SquarePOS in the shop. Our website is PCI-DSS compliant (a very strict industry standard with requirements for the security of credit card information), and we use only these accredited companies to process your credit card information. These companies operate servers out of the US and also must adhere to the EU-US Privacy Shield Framework.
- Email marketing: We use Mailchimp to manage and distribute our email marketing campaigns.
Partnering with highly respected external companies allows us to focus on what we do best: selling great products and getting them to you in extra quick time. If you wish to acquaint yourself with these companies’ own privacy policies we have added links to each company’s homepage, simply click on their name and you will be taken straight there.
3. How long do we keep your data?
We keep your data for as long as you have an account with us. We may also keep some data for security investigations. Most importantly, we have specific obligations for fraud detection and tax reasons. Therefore, we might need to retain certain data even if you ask to delete it.
Once you visit our website, it will ask your browser to check if a cookie of the same web address already exists. If your browser locates the correct cookie, the website recognises you and can offer a tailored experience.
There are two main types of cookie used on our website:
- A session cookie that stays on your browser until you end the session, this is to enable you to stay logged in, navigate the website and complete your tasks smoothly, for example remembering the items you have in your cart.
- A persistent cookie is one that stays on your browser for a pre-determined period of time set by our website hosts or until you delete it. This cookie enables the website to recognise you and save your site preferences, such as login, language and currency preferences, cart details and personalised recommendations even if you close the session. This cookie would - for example - remember the items you put in your cart some days ago even if you closed your browser in between.
You are able to delete cookies from your own browser.
5. Your rights in regards to your data
You have specific rights that we are duty bound to enforce without undue delay: these are to access, correct, erase and port your data, and to object to its use. To explain these in a bit more detail:
- Access – you have the right to see what information we hold about you
- Correct – you may put right any incorrect data we hold about you
- Erasure – you have the right to have your data deleted*
- Port – you have the right to receive your data in a portable digital format
- Object – you have the right to object to our keeping any data
- We have the obligation to respond and act on the above without delay
A number of the above actions may be carried out on the website directly. However, if you cannot exercise your choice on your account page or if you do not have an account with us, please get in touch with us – our contact details are at the end of this policy. We will be more than happy to help.
*please note our obligations section below – it may not always be possible to delete data if this is requested by relevant authorities regarding legal obligations, tax and revenue obligations and fraud detection. Any instance of this would be treated on a case-by-case basis and we would seek professional advice.
6. Our obligations to you
Do we have any legal obligations to adhere to when handling your personal data? Yes, many:
- Primarily we need to ensure your data is kept secure and handled sensitively. The first step of this obligation for us means we need to ensure that our own IT equipment is secured by up-to-date password-protected systems and that we keep these free of bugs with robust and current anti-virus software.
- We have developed internal office processes specifically designed to keep your information safe.
- We have an obligation to use only reputable systems and service providers (ie. website hosts, email campaign handlers, payment gateways etc.) which can all prove their own adherence to data protection regulations.
- We have an obligation to present our policy in this regard in a clear and transparent matter, to inform you of what we do with your data
- We have an obligation to allow you to view the data we hold and change it, move it or delete it, as required.
- We have an obligation to only send you our general communications once you have expressly requested to receive such communications, and to enable you to change this request at any time. This does not apply to communications relating to your orders.
- However, alongside the above obligations to keep your data private, we might need to share some of your personal information with relevant authorities in order to comply with applicable legal obligations, tax and revenue obligations and fraud detection.
7. Who can you reach out to for privacy matters at Jasmin Studio Crafts?
You can contact us by email at firstname.lastname@example.org or telephone: 020 80908443
8. Where can you go for more information?
If you have any questions or comments please get in touch with us as detailed above. Alternatively, you may wish to contact our supervisory authority, https://ico.org.uk/. The Information Commissioners’ Office handle all matters relating to data and data protection for the UK.
9. Can this policy change?