GDPR (General Data Protection Regulations) are a new set of laws designed to safeguard your personal data.
As a result, we will:
- build compliant privacy settings into our websites – and have them switched on by default
- regularly conduct privacy impact assessments
- strengthen the way we seek permission to use your data
- document the ways we use your personal data
- improve the way we communicate any data breaches
This new legislation puts your privacy first. Your data will be protected. Our practices will be transparent.
It also tells you the choices you have related to your data and how to contact us.
WHAT DATA DO WE COLLECT?
We request personal data to provide you with products and services you request. For example, we request your data when you buy The Cotton Story, contact us, request to receive marketing communications, create an account, take part in physical events, competitions and surveys and when you use our site.
Your personal data includes:
- your contact details including your name, email address, telephone number and shipping and billing addresses
- login and account information, including screen name, password and unique user ID
- personal data, including gender, date of birth and purchase history
- personal marketing preferences, especially the receipt of email
When you interact with The Cotton Story online, technical data is collected from your device and web browser.
This data includes:
- device IDs and network access
- cookies and pixel tags. These are outlined in more detail below
- IP addresses, data identifying your web browser and version, plug-in types and versions and operating system
- information about your visit. This is outlined in more detail below
WHAT AND HOW DO WE USE YOUR DATA?
To provide you with a product service:
- take your order and fulfil it effectively
- populate your account with a profile and order history
- provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about
- ensure that content is presented in the most effective manner for you and for your computer
- notify you about changes to our services e.g. a new fulfilment option
To optimise our marketing activities
When you give us consent, we send you marketing communications and news about The Cotton Story's products, services, events and other promotions. You can opt-out at any time after you have given your consent.
If you are an existing customer of The Cotton Story (for example, if you have placed an order with us), we may use the contact details you provided to send you marketing communications about similar products or services where permitted by applicable law (unless you have opted-out). In other cases, we ask for your consent to send you marketing information.
To administer and optimise our products and services
We process and analyse data so that with can improve our service
SHARING YOUR DATA
We can share your personal information with data processors, including:
- our business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
- advertisers and advertising networks that require the data to select and serve relevant adverts to you and others
- analytics and search engine providers that assist us in the improvement and optimisation of our site.
We can disclose your personal information to third parties if:
- we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets
- The Cotton Story Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets
- we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions or to protect the rights, property, or safety of The Cotton Story Limited, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
MANAGING AND SECURING YOUR DATA
The data that we collect from you may be transferred to and stored at a destination outside the European Economic Area ("EEA").
It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.
By submitting your personal data, you agree to this transfer, storing or processing.
Shopify’s Terms of Service and Privacy Statement can be found at http://www.shopify.com/legal.
We also use various other technologies to store information when you visit our site.
Where you have chosen a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Any payment transactions will be encrypted using secure socket layer technology (SSL) and stored with an AES-128 encryption, through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction.
You have the right to request
- access to your personal data
- an electronic copy of your personal data
- correction of your personal data if it is incomplete or inaccurate
- deletion or restriction of your personal data in certain circumstances provided by applicable law. These rights are not absolute.
Where we have obtained your consent to use your personal data, you have the right to withdraw your consent at any time. You have the right to ask us not to process your personal data for marketing purposes. We inform you (before collecting your data) that we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking or not checking certain boxes on the forms we use to collect your data.
If you like would to request a copy of your personal data or exercise any of your other rights, please contact us using the contact details below.
INFORMATION ABOUT YOUR VISITS
We collect information about your site visit, including:
- the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time)
- products you viewed or searched for
- page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs)
COOKIES AND PIXEL TAGS
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive. Pixel tags (also called clear GIFs, web beacons, or simply pixels are small blocks of code on a webpage that allow websites to do things like reading and place cookies. The resulting connection can include information such as the person's IP address, the time the person viewed the pixel and the type of browser being used.
Cookies and tags help us to provide you with a good experience of The Cotton Story; our site and our marketing.
The cookies we use are:
- session_id Purpose Unique token, sessional, allows Shopify to store information about your session (referrer, landing page, etc.)
- shopify_visit No data held, persistent for 30 minutes from the last visit, used by Our website provider’s internal stats tracker to record the number of visits.
- shopify_uniq No data held, expires midnight (relative to the visitor) of the next day, counts the number of visits to a store by a single customer.
- Cart Unique token, persistent for 2 weeks, stores information about the contents of your cart.
- secure_session_id Unique token, sessional
- storefront_digest Unique token, indefinite if the shop has a password, this is used to determine if the current visitor has access
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own Privacy Policies and that we do not accept any responsibility or liability for these Policies. Please check these policies before you submit any personal data to these websites.
For a full list of cookies used by Google Analytics visit: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
CHANGES TO THIS POLICY
If you contact us with a complaint, we will aim to resolve the issue, in the right way and as quickly as appropriately possible. You also have the right to lodge a complaint with the relevant supervisory authority in the country where you live.
Policies updated: 31 May 2018