What information do we collect?
Unless otherwise agreed with you, we will only collect basic personal data about you, which does not include any special categories of personal information about you (often known as ‘sensitive personal data’).
The personal information we hold about you is that which we collect directly from you, for example:
- Your company name, contact names, address, telephone number, fax number, website address, VAT number and email.
- When you purchase our products or services.
- When you register to receive information from us.
- Each time you interact with us, respond to communications or enter competitions.
- When you make enquiries or raise concerns with our customer service team.
On our website
We collect and store the information that you give us via forms on our site: such as your name, address, email address, phone number; or when communicating with us by email.
We do not receive or store any other personal data from our website, such as the internet protocol (IP) address used to connect your computer to the internet, your connection information such as browser type and version, your operating system and platform, cookie number, your activity on our website including the pages you have visited, the searches you made, products purchased, likes, comments and uploads.
We also do not store card details on our site, so there is no access to this information for us.
Why do we need your data
We need to know basic personal data to perform our necessary contractual obligations. If you do not provide this information, then we will be unable to provide the services you have requested. We will not collect any personal data from you that we do not need in order to provide the services we have agreed to provide you with.
We may store your personal information for the following reasons;
- To communicate with you about order processing and payment enquiries, and including responding to your enquiries (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests).
- To keep you informed of what's new in, of special offers, competitions and of any other information we think might be of interest in the pursuit of your crafting.
- To carry out anti-fraud and anti-money laundering checks and verifying your identity (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests).
- To keep record of your purchase for reference between ourselves and you, for example you need more yarn bought previously. This information is destroyed after 12 months but if you have registered to us we will hold on to your details until you say so.
- Our ‘legitimate interests’ as referred to above (and below) include our legitimate business purposes and commercial interests in operating our business in a customer-focused, efficient and sustainable manner, in accordance with all applicable legal and regulatory requirements.
How do we store your data?
All the personal data that we hold about you will be processed by our staff in the United Kingdom. Please be aware, that your information is stored in a cloud-based system which is data protected in its' own right.
Card details are stored separately within the card processors storage system.
How do we protect your data?
We take all reasonable steps to ensure that your personal data is processed securely and provide regular security checks and updates.
Emails and other electronic communications are not secure if they have not been encrypted. Your communications may pass through servers in a number of countries before they reach us. So, we do not accept responsibility for any unauthorised access to or loss of personal data that stems from a cause beyond our control. Nor can we be held responsible for the actions or omissions of other users or third parties who may misuse your personal data which they collect from the site.
How long do we hold your data for?
We will generally keep your personal data for a minimum of 12 months, after which time it will be destroyed if it is no longer required for the lawful purpose(s) for which it was obtained. If you consent to marketing then any information we use for this purpose will be kept with us until you notify us that you no longer wish to receive this information. More information on our retention schedule can be found by contacting our Compliance Officer.
Who do we share your data with?
We share your information only with parties relevant to processing your orders or to follow through lines of enquiry on your behalf, eg Royal Mail or any other courier as required. Or as required to IT personnel in the event of issues arising in the performance of the website.
We do not engage in sharing personal data for marketing or sales promotions by any other companies.
Processing outside the EU
The personal information that we collect from you, and which is shared with some fraud prevention agencies, may be transferred to and processed in a destination outside of the EEA. It may also be processed by staff operating outside the EEA who work for one of our suppliers. In these circumstances, your personal information will only be transferred on one of the following bases:
- The country that we send the data to has been is approved by the European Commission as providing an adequate level of protection for personal information; or
- The recipient has agreed standard contractual clauses with us, which have been approved by the European Commission, obliging the recipient to safeguard the personal information (in particular, our transfer of personal information to suppliers in India and the United States for marketing, IT development and IT testing purposes are protected in each case by the use of appropriate model clauses); or
- There exists another situation where the transfer is permitted under applicable data protection legislation (for example, where a third-party recipient of personal data in the United States has registered for the EU-US Privacy Shield).
To find out more about how your personal information is protected when it is transferred outside the EEA (and if you wish to obtain a copy of the appropriate and suitable safeguards), please contact our Compliance Officer, using the details above.
What are your rights?
Under the Data Protection Act 1998 you have the following rights:
- To obtain access to, and copies of, the personal information that we hold about you;
- To request that we cease processing your personal information if the processing is causing you damage or distress; and
- To require us not to send you marketing communications.
Now, under the GDPR, you will also have the following rights:
- To request us to erase your personal information;
- To request us to restrict or object to our data processing activities;
- To receive from us the personal information we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal information to another data controller; and
- To request us to correct the personal information we hold about you if it is incorrect.
Please note that these rights may be limited by data protection legislation, and we may be entitled to refuse requests where exceptions apply.
If you are not satisfied with how we are processing your personal information, you can make a complaint to the Information Commissioner.
You can find out more about your rights under data protection legislation from the Information Commissioner’s Office website: www.ico.org.uk.