Privacy Notice

The way your data are used by any organization is governed by the Data Protection Act 1998 and the EU General Data Protection Regulation (which remains in force during the Transition Period which ends 31st December 2020).

This privacy notice sets out how Little Conkers handles your personal information in accordance with these laws.

Your Data Controller

Firstly, you need to know who is the data controller and data protection officer for Little Conkers. Little Conkers is a one-woman business, so that would be me, Clare Trowbridge. You can contact me at any time to ask to see what information I hold about you, or about any other data protection issue.

E-mail me at: contact@littleconkers.co.uk

What type of information Little Conkers has

I currently collect and process personal information including personal identifiers (such as names); contact information (such as physical addresses, phone numbers and e-mail addresses) and online identifiers (such as IP addresses and usernames).

I never receive payment or banking details; nor do I receive special category or sensitive data such as religious, medical or criminal offence information.

I do not knowingly hold personal information about children. My products and services are not intended for individuals under the age of 16. If I become aware that an individual under 16 has provided me with personal information, I will take steps to delete it. Please contact me if you believe that I have unintentionally collected information from an individual under 16.

Why I collect and process your information

The legal bases on which I receive and use your personal information are:

  1. I need the information in order to fulfil my contractual obligations to you, including fulfilling and shipping orders, providing a quotation prior to an order if requested, providing support on a purchased product if requested and, if necessary, processing returns and refunds;
  2. I need the information to comply with a legal obligation, including UK tax law in relation to providing evidence of my business income, and my obligations under the selling regulations of the platforms via which you may have made a purchase (such as Etsy, Ravelry or The British Craft House);
    and
  3. I need the information for the legitimate commercial interests of my business. This includes communicating with potential customers; marketing and offering relevant goods and services to potential customers and helping me to understand how users browse and interact with my website and the other online selling platforms I use (including Etsy, Ravelry and The British Craft House). These legitimate interests will only ever be what I believe to be reasonable and proportionate having carried out a Legitimate Interests Assessment, a record of which is available on request.

How I get the information

Most of the information is directly created by your interactions with me, my website or one of the online selling platforms I use. For example, data are created when you correspond with me via e-mail or social media; when you place an order or when you fill in a form.

Other data and metadata are indirectly created by processes on my website and the other online selling platforms as you visit them, including by cookies and analytics.

On first visiting my website users are informed of the use of cookies on the site and asked to consent to cookies being stored on their computers if they choose to continue to use the site. Consent is re-checked after 80 days. A list of the cookies used on my website is made available to users on my Use of Cookies page.

How I share and store your information

I share your personal information with third parties including the online selling platforms on which Little Conkers has a presence (Etsy, Ravelry, The British Craft House, etc); social media (Facebook, Twitter, etc); and payment services providers (PayPal, Stripe, etc). By ‘sharing’ I mean that my interactions with these sites may include data created by you or about you. In most cases the data is initially created on the third-party site and shared with me. Each of these platforms or services has a privacy policy detailing how they collect, process, store and share your data, to which you will have consented as a user of their platform or services.

Personal information entered on my own website may be shared with the third-party suppliers of my website software and plugins. Users of my website are informed of this the first time they visit my website. As far as possible I choose suppliers within the EEA so your personal information remains within the protection of the GDPR. Otherwise I try to choose suppliers based in countries with which the EU has an ‘adequacy decision’. I have checked that each of them has a privacy policy in place.

The following is a list of the suppliers of software and plugins to my website with whom your information may be shared. This list may change as my website develops.

Supplier/AuthorPrivacy Policy
Automattichttps://automattic.com/privacy/
Bootstrapped Ventureshttps://www.iubenda.com/privacy-policy/82708778/legal
Code Snippets Prohttps://codesnippets.pro
Colorlibhttps://colorlib.com/privacy-policy/
ExactMetricshttps://www.exactmetrics.com/privacy-policy/
Facebookhttps://www.facebook.com/privacy/explanation
IONOShttps://www.ionos.co.uk/terms-gtc/privacy-policy/
John Godleyhttps://profiles.wordpress.org/johnny5/#content-plugins
Quadlayershttps://quadlayers.com/policy/privacy/
Studio Wombathttps://www.studiowombat.com/privacy-policy/
Team Yoasthttps://yoast.com/privacy-policy/
WordPresshttps://wordpress.org/about/privacy/

I share data with the above third parties only to the extent required for the purposes and on the legal bases given above.

Your data may also be stored on the servers of my e-mail provider (1and1 IONOS Ltd, based within the EEA), my ‘cloud’ storage provider (Microsoft 365, based within the UK) and on my business computer, which is password protected and kept updated with the latest operating system and app updates.

In order to fulfil orders, I share your information with postal services or shipping providers (the Royal Mail for example) to the extent necessary to successfully deliver your purchase(s).

Fulfilling customer orders may also require your personal information to be held in hard copy, in particular postal addresses on shipping manifests and proofs of posting from my shipping providers. These are kept in a lockable filing cabinet.

I might be required to share your personal information with the police or regulatory authorities in relation to legal processes.

I retain all these data for the minimum length of time required to satisfy the purpose(s) for which they were collected or in fulfilment of my legal obligations. This includes my obligations to the UK tax authorities (who require records be kept for 5 years after the 31 January submission deadline of the relevant tax year).

Once the need to retain a piece of information has ended, I delete digital data and shred and recycle hard copy documents.

Changes to how I collect and process your information

I will update this document as often as necessary, whenever any of the above information changes. You are advised to check this document periodically to ensure you remain happy with how I am using your personal information.

I will not start using your personal information for substantively different purposes without making you aware of the change. For example, I would not start using your contact details to send you newsletters without seeking your prior consent.

Viewing and amending your information

You have the right to receive a copy of the personal information I hold about you at any time. To request this, please use the contact details above. I may need to ask you for information to satisfy myself of your identity before releasing any information to you.

I will reply to you as soon as possible and always within one month.

You have the right to request the correction, transfer or erasure of the information I hold on you, but the right of erasure does not apply where I am retaining information to comply with a legal obligation (see “Why I collect and process your information” above).

You also have the right to complain to the data protection authority in the UK, or in the country where you live or work, if you believe there is a problem with the way I handle your personal information. You can complain to the UK’s data protection authority, the Information Commissioner’s Office, at www.ico.org.uk.

Personal Note

I run Little Conkers in as professional a way as possible and I always aim to comply with the spirit and ethics of the law as well as its letter. This means I have always treated your personal data with as much care as I would want my own personal data to be treated. I believe my use of the data disclosed to me is fair and reasonable, and in no way beyond what might be expected for the running of my business.

I am a one-person business and strive to do everything correctly, but if you feel there is a problem with any of the above, it’s probably a genuine oversight on my part and I’d be glad to hear from you about it.

If you have any questions at all, please get in touch at contact@littleconkers.co.uk.

This page was last updated on: 27th June 2020