Privacy and Security
- Who we are
Craftyangel is the trading name of Angela Hounsell, a sole trader in the UK. You can find out how to make contact in Section 9 below.
- Your Privacy
In the course of trading, we will collect and process personal information about you. Personal information includes any information allowing us to identify you as an individual, for example, your name, your email address or your telephone number.
We are committed to protecting your privacy. We will use your personal information in accordance with all applicable laws and regulations that relate to data protection and privacy, including the EU General Data Protection Regulation (GDPR).
This document tells you:
- what personal information we collect;
- why we collect this information;
- how we will use it;
- how long we will keep it;
- who else will see it;
- how you can contact us;
- your rights in relation to the personal information that we hold, including your rights to change, delete and see your information.
When using our website (craftyangel.co.uk) or those used by our service providers, we may also place cookies on your device.
- What information do we collect?
We collect the following types of information:
(a) Information we collect when you register with us
When you make an online purchase or sign up for our newsletter, we will ask you for a number of pieces of information which may include;
- your name;
- your postal and billing addresses;
- your email address;
- your telephone number;
- social media applications;
- a password - please keep this safe;
- whether you would like to receive information from us via email, post or customised online advertising;
- when placing an order, our third party payment services will also ask for your payment card number, expiry date and CVV number.
(b) Information we collect about how you use our website
When you shop with us online and browse our website we may collect:
- information about any devices you have used (including the manufacturer, model and operating system, IP address, browser type and mobile device identifiers);
- cookies and information about your online browsing and purchasing behaviour and history on our website, your location & your product selection;
- Why do we ask for this information?
When you place an online order we need your contact and payment information to enable us to take payment and fulfil your order. You can browse our website and make purchases in our bricks-and-mortar shop without providing us with any of this information. When you want to place an order via the website, we ask you to login or register so you can open a customer profile and retrieve it from any of your devices.
You may also opt to provide us with personal information via our newsletter sign-up option. No purchase or account is required for this feature.
We may ask for your permission to send you marketing and promotional material using your address, telephone number, email address, SMS, and social media platforms. If you give permission, you will be able to withdraw it at any time by:
- logging into your account and updating your preferences
- emailing firstname.lastname@example.org
- telephoning 01763 271991
- writing to us at Craftyangel, Unit 2b, Hyde Hall Farm, Sandon, Herts. SG9 0RU
- How do we use your personal information
We have set out below the purposes for which we use your personal information. We are also required by law to state a "legal basis for processing", i.e. to tell you on what grounds we are allowed to use your information, and this is also set out below. The legal basis for each purpose is that we have your consent for the use of your personal information, or that we need to use your personal information in order to perform a contract with you, or that the use of your personal information is necessary for our legitimate interests (in which case we will explain what those interests are).
PURPOSE OF PROCESSING
Our legal basis
Communicate with you about your order for a service or a product;
Contractual necessity - we use your personal information in order to meet our obligations under our contract with you (for example, to deliver a product you have ordered).
Notify you about changes to our services and to otherwise communicate with you. For example, we will use your contact details in order to respond to any queries that you submit to us;
Legitimate interests - we use your personal information to keep you up to date with information about our services, and to respond to your queries.
Send you information about products and services, including free gifts, special offers and discounts; this will normally be in the form of a newsletter. Content will normally also be available via our social media platforms.
Legitimate interests - we use your personal information to send you this information. In some cases (such as where we're required to do so by law) we will also ask for your consent before sending you this information.
Carry out security checks to protect against fraudulent transactions and to prevent and detect criminal activity;
Legitimate interests - we use your personal information to protect against unlawful activities. In some cases we may also be under a legal obligation to disclose your personal information (for example, to law enforcement agencies).
Address any claims made against us.
Legitimate interests - we use your personal information to address any claims you make against us. In some cases we may also be under a legal obligation to disclose your personal information (for example, in connection with legal proceedings).
Our website is not intended for use by children and we do not knowingly collect data relating to children.
- How long do we keep your personal information?
We are required by law to keep your personal information only for as long as is necessary for the purposes for which we are using it. The period for which we keep your personal information will be determined by a number of criteria, including the purposes for which we are using the information, the amount and sensitivity of the information, the potential risk from any unauthorised use or disclosure of the information, and our legal and regulatory obligations.
- Who do we share your personal information with?
We do not share or sell your information with other parties other than those with legitimate need for the undertaking of business and/or payment processing.
We may disclose your personal information to third parties, including in the following circumstances:
- We use third parties to carry out certain activities on our behalf that involve the processing of personal information. For example, we may engage third party service providers to process payments and refunds, deliver packages & send postal mail, and email. These third parties have access to personal information needed to perform their functions, but may not use it for other purposes. We may use the information we receive from third parties for purposes such as credit checking and fraud prevention.
- We may pass personal information to external agencies and organisations (including the police and other law enforcement agencies) for the purpose of preventing and detecting fraud (including fraudulent transactions) and criminal activity. These external agencies may check the information we give them against public and private databases and may keep a record of such checks to use in future security checks. We may also disclose personal information to the police and other law enforcement authorities in connection with the prevention and detection of crime.
- We may pass personal information to our insurers in the event that a claim is made or could be made against us.
- We may pass your personal information to third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation (including in connection with a court order), or in order to enforce or apply any agreements we have with or otherwise concerning you (including agreements between you and us (or one or more of our affiliates); or to protect our rights, property or safety or those of our customers, employees or other third parties.
Specific third parties who have access to your information are;
- Shopify, Paypal & ApplePay
Our website www.craftyangel.co.uk is a Shopify e-commerce website.
Our online payment system options use Shopify, PayPal & ApplePay. When you place an order with us they receive your name, email address, phone number, billing address, shipping address and payment details. Craftyangel DOES NOT receive or store any payment (credit/debit card) details. This information allows your order to be processed, shipped out to you, and allows us to get in touch with you should there be any problems.
Our in-store point-of-sale payment method is via iZettle. When you make an in-store purchase, they receive and authorise your card payment details. iZettle does not require any other personal information to process a purchase in this way. Craftyangel DOES NOT receive or store any payment (credit/debit card) details. This information allows your order to be processed, and the goods taken from the store.
Craftyangel uses 1&1 for our web-domain and email hosting. If you contact us on any email address ending in @craftyangel.co.uk, your email address and email content will be stored on 1&1’s servers. When you place an online shop order, we receive a confirmation email to our email@example.com address. In this email we receive your name, email address, phone number, billing address and shipping address, payment method (no details), as well as the details of your order.
Mailchimp is a marketing automation platform, and we use it to send out our newsletter. When you subscribe to our newsletter, Mailchimp stores your name, email address and marketing permissions. This information and your marketing preferences can be updated at any time by clicking the link in the footer of any Craftyangel newsletter email.
Links to external sites
Please note that third party websites and applications are not under our control. When you click through to these websites or access these applications you leave the area controlled by us. We do not accept responsibility or liability for any issues arising in connection with the third party's use of your data (including your personal information).
Where will your personal information be processed?
Your personal information may be transferred to, and stored and processed in, one or more countries outside the European Economic Area (EEA), including countries which do not provide equivalent protection for personal information. In these circumstances, we will take reasonable steps to ensure that your personal information is adequately protected in accordance with the law. In relation to data stored and processed outside the EEA:
- Your rights
You have the right to ask us to:
- Confirm what personal information we hold about you and provide you with a copy of that data;
- Correct any personal information that is inaccurate;
- Remove your personal information where there is no good reason for us to continue to hold that data;
- Temporarily stop using your information if you are questioning our right to use that data;
- Stop using your personal information unless we can demonstrate a valid reason why we need to continue to hold that data e.g. to support a product warranty;
- Stop using your personal information to send you marketing materials such as our newsletter, marketing emails, discounts or vouchers.
- Provide you with the personal information that you have provided to us, in a structured and commonly-used electronic format, or transmit that information directly to another company if that is technically feasible. This applies where we are using your personal information on the basis of your consent or because it is necessary to perform a contract with you (see How do we use your personal information, above).
For security purposes, we may request proof of identity before we are able to disclose your personal information to you or comply with other requests.
We want to make sure that the personal information we hold about you and your preferences as to how we contact you are accurate and up to date. If any of the details are incorrect, please let us know (details below) and we will amend them.
You also have the right to make a complaint to the Information Commissioner's Office if you're not happy with how we've handled your personal information. You can contact the supervisory authority at: www.ico.org.uk
- How to contact us?
To update your details or ask for a copy of your personal information:
- You can call us on: 01763 271991
- You can email us at: firstname.lastname@example.org
- You can write to us at: Craftyangel, Unit 2b, Hyde Hall Farm, Sandon, Herts. SG9 0RU
- Protecting your personal information
The transmission of information via the internet is not completely secure; this risk is common across the internet and not specific to our services. We cannot guarantee the security of your data (including your personal information) transmitted to our services; any transmission is at your own risk.
It is important for you to protect against unauthorised access to your password and to your computing device. Be sure to sign off and close your browser when you have finished your session. This will help to ensure that others do not access your personal information if you share your computing device or use a computing device in a public place such as a library or internet cafe.
- Updates to this notice
We may update this notice from time to time. The latest version of this notice is posted on our website.