OUR CORE BELIEFS REGARDING USER PRIVACY AND DATA PROTECTION
User privacy and data protection are human rights.
We have a duty of care to the people within our data.
Data is a liability, it should only be collected and processed when absolutely necessary.
We loathe spam as much as you do!
We will never sell, rent or otherwise distribute or make public your personal information.
We comply with the following national and international legislation with regards to data protection and user privacy:
UK Data Protection Act 1988 (DPA)
EU Data Protection Directive 1995 (DPD)
EU General Data Protection Regulation 2018 (GDPR)
PERSONAL INFORMATION I COLLECT AND WHY I COLLECT IT
When you place an order via the shop on Heartizan.uk.com, Amazon.co.uk or thedruidskitchen.co.uk, we receive only the required information in order to process your order (your name, address and email). We do not receive any card or bank details.
When you place an order in person and pay by card your payment is processed by SumUp and we do not receive your card details. Your order form is kept for tax purposes for a period of 7 years and they securely disposed of.
When we take part in events as a seller there may be CCTV in operation at the venue. Please contact the venue directly for more information.
You will only be added to our mailing list if you ‘consent’ to receive news and marketing emails from us. If you choose to join our email newsletter, the email address that you submit to us will be forwarded to Seguno who provide us with email marketing services. We consider Seguno to be a third party data processor. The email address that you submit for purposes of newsletter sign up, will not be stored as hard copy or in any of our internal computer systems and will never be shared. Your email address will remain within Seguno database for as long as we continue to use Seguno services for email marketing or until you specifically request removal from the list. You can do this by easily unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list. We will also periodically check with you that you still want to hear form us. If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter. While your email address remains within the Seguno database, you will receive periodic (approximately one per month) newsletter style emails from us.
PERSONAL INFORMATION THIS WEBSITE COLLECTS AND WHY WE COLLECT IT
This website collects and uses personal information for the following reasons:
If you create an account on our website, we may need to collect personal information such as name, address, phone number and email. You may review, change, or remove this information through your account settings. You need to provide this information to enable us to provide you with the Services, for example if you purchase though our website we would need a physical postal address in order for us to deliver your parcel. Other website visitors may see ratings and reviews for items you purchased or sold and be able to view your profile name.
Site Visitation Tracking
This website may collect information (already held in the public domain) attributed to the IP address of the computer or device that is being used to access it. The information is supplied to us from McAfee Secure. The system does not use your IP address to identify you, the individual, in any way. No cookies are used. McAfee Secure service is used to protect our website from malicious IP addresses and keep your information safe.
Should you choose to add a comment to any posts that we have published on our blog, the name and email address you enter with your comment will be saved to this website’s database, along with your computer’s IP address and the time and date that you submitted the comment. This information is only used to identify you as a contributor to the comment section of the respective blog post and is not passed on to any of the third party data processors. Only your name will be shown on the public facing website, although if the supplied email address is linked to a Gravatar account, your Gravatar photo will also be displayed. Your comment and it’s associated personal data will remain on this site until we see fit to either 1.) remove the comment or 2.) remove the blog post. Should you wish to have the comment and it’s associated personal data deleted, please email us on firstname.lastname@example.org using the email address that you commented with. If you are under 16 years of age you MUST obtain parental consent before posting a comment on our blog.
NOTE: You should avoid entering personally identifiable information to the actual comment field of any blog post comments that you submit on this website.
Contact forms and email links
Should you choose to contact us using the contact form on our Contact Us page or an email, none of the data that you supply will be passed to / be processed by any of the third party data processors defined in section 5.0. We would suggest you always consider email as an insecure medium and not include personal, confidential or otherwise sensitive information within an email. Your data will only be held for as long as necessary in order to communicate with you and respond to your request.
HOW WE USE THE INFORMATION
The information you provide is used to fulfil your order on a ‘contract’ basis and is only used for the purpose of communicating with you regarding your purchase and for delivery of your items. Your personal information will not be added to our mailing list and you will not be contacted for marketing or advertising purposes unless you request us to do so.
SHARING WITH THIRD PARTIES
We will NEVER sell or rent your personal data. To process your order and to fulfil your contract with us, your information is shared with third parties for the purpose of delivery (Royal Mail, Hermes or DPD). We use a third party to process personal data on our behalf if you have chosen to subscribe to our newsletter.
It may be shared for compliance with legal, regulatory and law enforcement requests as appropriate and necessary. We will endeavour to notify you of any such requests We are not responsible for how these third parties process your data, please visit their websites to read their privacy policies.
HOW WE SECURE, STORE AND RETAIN DATA
We use Conscious Crafties, Etsy, Folksy, nuMonday, Ebay and Amazon websites to trade and complete your purchase. Your data is secured, stored and retained by these websites to complete your purchase. We do not hold hard copies of your data and any data collected is held only as long as is necessary to carry out your order and to maintain adequate and accurate business and financial records (7 years).
HOW YOU CAN ACCESS, UPDATE OR DELETE INFORMATION HELD ABOUT YOU
You have the right to access, update or ask us to delete your personal information. Please email our Data Controller found below. We are obliged by law to provide this service within 30 calendar days of your request free of charge. However, we have the right to refuse or charge for requests that are manifestly unfounded or excessive and repetitive.
We will report any unlawful data breach to any and all relevant persons and authorities within 72 hours of the breach, if it is apparent that personal data stored in an identifiable manner has been stolen. If you feel your data has been compromised you have a right to contact the Information Commissioners Office (ICO).
Our data controller is The Druid’s Kitchen
Whose registered and operating office is:
Flat 2, 38 Coltman Street, Hull, HU3 2SG