THE EU GENERAL DATA PROTECTION REGULATION (GDPR)
What is GDPR?
The GDPR is the European Union’s new data privacy law. It provides you with specific rights over your personal data including a right to access, correct, delete and restrict processing of your data. These regulations were approved by the European Union (EU) Parliament on 14th April 2016. They come / came into effect on 25th May 2018.
How does GDPR help protect your personal data?
The GDPR applies to the processing of data carried out both by organisations who operate within the EU and to organisations outside the EU who offer goods or Services to individuals within the EU. Under GDPR all European organisations who collect, store and/or process your personal information must adhere to each of the regulations covered by GDPR which apply to their business and the way it handles your personal data. GDPR regulations specifically require that we (and other companies) take steps to help secure your data rights and to protect your data.
Our store has been designed to conform to the regulations detailed under GDPR from the date of launch of the site. Further details on the GDPR and how it protects personal data on the web are available at https://ico.org.uk.
What information do we collect about you and how do we use it?
When you purchase something from our store, as part of the buying and selling process, we collect any personal information you give us such as your name, address and email address. When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system which also enables us to optimise the way our site displays on your device. If you consent we may also send you emails about our store, new Products, our periodic newsletter and other updates.
How do we get your consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or to return something you have purchased, we assume that you have consented to our collection of the personal information you have given us for the specific purpose of actioning your request. If we ask for your personal information for a secondary reason, such as sending you marketing information, we will either ask you directly for your express consent, or we will provide you with an opportunity to say no and refuse your consent for us using your information for that purpose.
How do I withdraw my consent?
If, after you give your consent (opt-in), you subsequently change your mind, at any time you may withdraw your consent for us to contact you, to continue collecting personal information or to use or disclose it or you may ask us to delete your information from our records. If you wish to do so just contact our Data Protection Officer (DPO) at email@example.com or write to us with your request at: Fifteen Degrees LTD, c/o LB Group, Swift House, Ground Floor Chelmsford, CM1 1GU, United Kingdom.
We respect your privacy and take our responsibilities for your personal information seriously, however should we be required to do so by law or should you infringe our Terms of Service it may be necessary to disclose your personal information in order to help resolve the issue.
Our store is hosted on Shopify Inc. who operate and utilise data centres and cloud service providers located outside of Europe in order to provide us with the online e-commerce platform that allows us to sell our Products and Services to you. Shopify process data about European residents through their Irish affiliate, Shopify International Ltd. They do transfer European personal data outside of Europe through mechanisms approved by the European Commission including the EU-U.S. Privacy Shield and European Commission decision 2002/2/EC. Your data is stored through Shopify’s data storage, databases and the Shopify application. They protect your personal data by storing it on a secure server behind a firewall.
SHOPIFY PAYMENT GATEWAYS
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands such as Visa, Mastercard and American Express. PCI-DSS requirements help ensure the secure handling of your credit card information by our store and service providers. Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After the transaction is complete, your purchase transaction information is deleted.
If you would like more details on Shopify’s Terms of Service or Privacy Statement they can be found at www.shopify.com/legal/terms and www.shopify.com/legal/privacy respectively.
THIRD PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to enable them to perform the Services they provide to us. However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand how your personal information will be handled by these providers. In particular, please remember that certain providers may be located at facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the Services of a third-party service provider, please note that your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities reside. As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
When you click on links in our store, they may direct you away from our site. We are unable to accept responsibility for the privacy practices of other sites over which we have no control and we would encourage you to read their privacy statements before divulging any personal data or transacting with the site.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure your data is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional widely accepted industry standards.
MARKETING COMMUNICATIONS AND SOCIAL MEDIA
To improve our marketing communications, we use a similar technology to cookies to confirm whether you have opened a marketing email or clicked on a link in the email. This information helps us to measure the value of our communications and to provide you with relevant content.
If you have given us your email address or mobile phone number, we may supply this data to digital advertising or social media companies who work on our behalf, such as Facebook, Instagram and Google. This is so we can show you advertising via these sites that is tailored to your interests and your purchase history. At our request, Facebook, Instagram and Google may also use this data to identify individuals with similar characteristics to our customers and then serve our advertising to these individuals. The data we provide to these organisations is limited to email address or mobile phone number and is always provided in an encrypted format. If you would prefer not to see targeted advertising from us on social media, please refer to the instructions provided by the website or app, for example on Facebook, Twitter, Instagram, and Google. This activity may occasionally target Fifteen Degrees Limited customers on social media platforms with products from our other brands – For example JetFuel.
Cookies are small files stored on your computer by sites you visit which are designed to hold pieces of information specific to a particular site visitor and the website they are visiting. These cookies can be accessed either by the web-server (a computer that runs websites) or the site visitor’s computer. They allow the server to deliver a page of information which is tailored to a particular user during that visit and future visits to the site. We use certain cookies for this purpose. The cookies we use are listed below so you that you can choose if you want to opt-out of allowing cookies from our site to be stored on your computer:
- Session_id, unique token, sessional - allows Shopify to store information about your session (referrer, landing page, etc),
- Shopify_visit, no data held – a cookie which is persistent for 30 minutes from the last visit and used by our website provider’s internal stats tracker to record the number of visits,
- Shopify_uniq, no data held – this expires at midnight (relative to the visitor) of the next day and counts the number of visits to a store by a single customer,
- Cart, unique token - a cookie which is persistent for 2 weeks and stores information about the contents of your shopping cart,
- Secure_session_id, unique token – only retained for that browser session and is then deleted,
- Storefront_digest, unique token – this is retained indefinitely if the shop has a password and is used to determine if the current visitor has validated access to the store.
The policies used to control cookie stored on your computer are set in your browser. You can typically modify the way cookies are handled on your computer by going to the settings menu in your browser and then looking for the ‘cookies’ options under your content settings.
AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your country, state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any of the personal information we have about you, register a complaint, or would simply like more information please contact our Data Processing Officer (DPO) at firstname.lastname@example.org or write to us with your request at: Fifteen Degrees LTD, c/o LB Group, Swift House, Ground Floor Chelmsford, CM1 1GU, United Kingdom.