Privacy Policy

OUR CORE BELIEFS REGARDING USER PRIVACY AND DATA PROTECTION
User privacy and data protection are human rights.
We have a duty of care to the people within our data.
Data is a liability, it should only be collected and processed when absolutely necessary.
We loathe spam as much as you do!
We will never sell, rent or otherwise distribute or make public your personal information.

RELEVANT LEGISLATION
We comply with the following national and international legislation with regards to data protection and user privacy:
UK Data Protection Act 1988 (DPA)
EU Data Protection Directive 1995 (DPD)
EU General Data Protection Regulation 2018 (GDPR)

 

PERSONAL INFORMATION I COLLECT AND WHY I COLLECT IT

Order Processing
When you place an order via the shop on ConsciousCrafties.com, Etsy.com, nuMonday.com, Folksy.com, thedruidskitchen.co.uk, we receive only the required information in order to process your order (your name, address and email). We do not receive any card or bank details.

When you place an order in person and pay by card your payment is processed by SumUp and we do not receive your card details. Your order form is kept for tax purposes for a period of 7 years and they securely disposed of.

We use Paypal to process payments on some of the selling platforms we use. We do not receive your payment details. Please check PayPal’s privacy policy for more details

When we take part in events as a seller there may be CCTV in operation at the venue. Please contact the venue directly for more information.

 

Email newsletter
You will only be added to our mailing list if you ‘consent’ to receive news and marketing emails from us. If you choose to join our email newsletter, the email address that you submit to us will be forwarded to MailChimp who provide us with email marketing services. We consider MailChimp to be a third party data processor. The email address that you submit for purposes of newsletter sign up, will not be stored as hard copy or in any of our internal computer systems and will never be shared. Your email address will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing or until you specifically request removal from the list. You can do this by easily unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list. We will also periodically check with you that you still want to hear form us. If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter. While your email address remains within the MailChimp database, you will receive periodic (approximately one per month) newsletter style emails from us.

 

PERSONAL INFORMATION THIS WEBSITE COLLECTS AND WHY WE COLLECT IT
This website collects and uses personal information for the following reasons:

Account Registration

If you create an account on our website, we may need to collect personal information such as name, address, phone number and email. You may review, change, or remove this information through your account settings. You need to provide this information to enable us to provide you with the Services, for example if you purchase though our website we would need a physical postal address in order for us to deliver your parcel. Other website visitors may see ratings and reviews for items you purchased or sold and be able to view your profile name.

Site Visitation Tracking
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website. Although Google Analytics records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. Google Analytics also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor (see section 5.0). Google Analytics makes use of cookies, details of which can be found on Google Analytics developer guides. Disabling cookies on your internet browser will stop Google from tracking any part of your visit to pages within this website.

Website Security
This website may collect information (already held in the public domain) attributed to the IP address of the computer or device that is being used to access it. The information is supplied to us from McAfee Secure. The system does not use your IP address to identify you, the individual, in any way. No cookies are used. McAfee Secure service is used to protect our website from malicious IP addresses and keep your information safe.

Cookies
We use cookies to track use and allow customers to purchase from our website. Please note that these cookies do not contain or pass any personal, confidential or financial information or any other information that could be used to identify individual visitors or customers purchasing from our website. Please note that you are free to refuse cookies by disabling them in your browser settings. However, for purely technical reasons this may prevent you from purchasing from our website. This is because anonymous cookies are commonly used to keep track of the contents of customers shopping baskets during the checkout process. This facility ensures that the items added to (or removed from) your basket are accurately stated when you go to pay.

Blog Comments
Should you choose to add a comment to any posts that we have published on our blog, the name and email address you enter with your comment will be saved to this website’s database, along with your computer’s IP address and the time and date that you submitted the comment. This information is only used to identify you as a contributor to the comment section of the respective blog post and is not passed on to any of the third party data processors. Only your name will be shown on the public facing website, although if the supplied email address is linked to a Gravatar account, your Gravatar photo will also be displayed. Your comment and it’s associated personal data will remain on this site until we see fit to either 1.) remove the comment or 2.) remove the blog post. Should you wish to have the comment and it’s associated personal data deleted, please email us on thedruidskitchen@gmail.com using the email address that you commented with. If you are under 16 years of age you MUST obtain parental consent before posting a comment on our blog.

NOTE: You should avoid entering personally identifiable information to the actual comment field of any blog post comments that you submit on this website.

Contact forms and email links
Should you choose to contact us using the contact form on our Contact Us page or an email, none of the data that you supply will be passed to / be processed by any of the third party data processors defined in section 5.0. We would suggest you always consider email as an insecure medium and not include personal, confidential or otherwise sensitive information within an email. Your data will only be held for as long as necessary in order to communicate with you and respond to your request.

HOW WE USE THE INFORMATION
The information you provide is used to fulfil your order on a ‘contract’ basis and is only used for the purpose of communicating with you regarding your purchase and for delivery of your items. Your personal information will not be added to our mailing list and you will not be contacted for marketing or advertising purposes unless you request us to do so.

SHARING WITH THIRD PARTIES
We will NEVER sell or rent your personal data. To process your order and to fulfil your contract with us, your information is shared with third parties for the purpose of delivery (Royal Mail, Hermes or DPD). We use a third party to process personal data on our behalf if you have chosen to subscribe to our newsletter.
It may be shared for compliance with legal, regulatory and law enforcement requests as appropriate and necessary. We will endeavour to notify you of any such requests We are not responsible for how these third parties process your data, please visit their websites to read their privacy policies.

HOW WE SECURE, STORE AND RETAIN DATA
We use Conscious Crafties, Etsy, Folksy, nuMonday, Ebay and Amazon websites to trade and complete your purchase. Your data is secured, stored and retained by these websites to complete your purchase. We do not hold hard copies of your data and any data collected is held only as long as is necessary to carry out your order and to maintain adequate and accurate business and financial records (7 years).

HOW YOU CAN ACCESS, UPDATE OR DELETE INFORMATION HELD ABOUT YOU
You have the right to access, update or ask us to delete your personal information. Please email our Data Controller found below. We are obliged by law to provide this service within 30 calendar days of your request free of charge. However, we have the right to refuse or charge for requests that are manifestly unfounded or excessive and repetitive.

DATA BREACHES
We will report any unlawful data breach to any and all relevant persons and authorities within 72 hours of the breach, if it is apparent that personal data stored in an identifiable manner has been stolen. If you feel your data has been compromised you have a right to contact the Information Commissioners Office (ICO).

DATA CONTROLLER
Our data controller is The Druid’s Kitchen
Whose registered and operating office is:
76 Beck Road, Everthorpe, Brough, HU15 2JJ
Email: thedruidskitchen@gmail.com

CHANGES TO OUR PRIVACY POLICY
This privacy policy may change from time to time in line with legislation or industry developments. We will not explicitly inform our users of these changes. Instead, we recommend that you check this page occasionally for any policy changes. Specific policy changes and updates will be mentioned in the change log below:
Version 1.0 25th May 2018 – New Privacy Policy to be compliant with GDPR