The way your data are used by any organization is governed by the Data Protection Act 1998 and the EU General Data Protection Regulation (which remains in force during the Transition Period which ends 31st December 2020).
This privacy notice sets out how Little Conkers handles your personal data in accordance with these laws.
Your Data Controller
Firstly, you need to know who is the data controller and data protection officer for Little Conkers. Little Conkers is a one-woman business, so that would be me, Clare Trowbridge. You can contact me at any time to ask to see what data I hold about you, or about any other data protection issue.
E-mail me at: email@example.com
What data I collect and hold
The legal bases on which I receive and use your personal data are:
- I need the data in order to fulfil my contractual obligations to you, including fulfilling and shipping orders, providing a quotation prior to an order if requested, providing support on a purchased product if requested and if necessary processing returns and refunds;
- I need the data to comply with a legal obligation, including UK tax law in relation to providing evidence of my business income, and my obligations under the selling regulations of the platforms via which you have made a purchase (Etsy, The British Craft House).
The data I receive on customers includes names, addresses and e-mail addresses, but I never receive payment or banking details. These data come to me via Ravelry, Etsy, The British Craft House, Stripe and/or PayPal depending on where you make your purchase. As a customer using these platforms you have authorised these organizations to pass me the information necessary to fulfil an order. They have their own privacy notices with which you should familiarize yourself. I also receive personal data directly from some customers who e-mail me to discuss or place an order. I don’t receive any personal data on customers buying on LoveCrochet or Makerist.
I retain these data on customers in the form of e-mails from Etsy, The British Craft House, Ravelry, Stripe, PayPal or the individual concerned for the length of time required by the UK tax authorities (5 years after the 31 January submission deadline of the relevant tax year).
If any other scenario were to arise in the future which required the use or retention of your personal data, I would always obtain your full, informed consent in advance of proceeding.
I never have and never would use the e-mail addresses supplied by customers for any other purpose, such as marketing e-mails.
How I store your data
The e-mails described above containing personal data are stored on the servers of my e-mail provider and on my business computer which is password protected and kept updated with the latest operating system and app updates.
Fulfilling customer orders may also require personal data to be held in hard copy, in particular postal addresses on shipping manifests and proofs of posting from my shipping provider. These are kept in a lockable filing cabinet.
Sharing your data
The only circumstances in which I share your data will be in fulfilment of an order or in complying with the law, as given above in “What data I collect and hold”. I will never share your data with any other individual or organization.
Viewing and amending your data
You have the right to receive a copy of the personal data I hold about you at any time. To request this, please use the contact details above. I may need to ask you for information to satisfy myself of your identity before releasing any information to you.
I will reply to you as soon as possible and always within one month.
You have the right to request the correction or erasure of the data I hold on you, but the right of erasure does not apply where I am retaining data to comply with a legal obligation (see “What data I collect and hold” above).
You also have the right to complain to the UK’s national privacy authority ico.gov.uk if you believe there is a problem with the way I handle your data.
I run Little Conkers in as professional way as possible and I always aim to comply with the spirit and ethics of the law as well as its letter. This means I have always treated your personal data with as much care as I would want my own personal data to be treated.
I am a one-person business and strive to do everything correctly, but if you feel there is a problem with any of the above, it’s probably a genuine oversight on my part and I’d be glad to hear from you about it.
If you have any questions at all, please get in touch at firstname.lastname@example.org.
This page was last updated on: 17th March 2020