The cookies we use
We use the categorisation set out by the International Chamber of Commerce in their UK Cookie Guide.
We use three categories of cookies:
Strictly necessary cookies are essential for you to move around our website and to use its features, like our shopping basket and your account
Performance cookies using Google Analytics, set to anonymise the IP address for all hits, collect anonymous information about how you use our site, like which pages are visited most
Functionality cookies collect anonymous information that remember choices you make to improve your experience, like your text size or location
No cookies, please
You can opt out of all our cookies by blocking cookies in your browser. Find out how to control and delete cookies in your browser. But, if you choose to refuse all cookies, our website may not function for you as you or we would like it to.
Who are ‘we’?
In this policy, whenever you see the words ‘we’, ‘us’, ‘our’, Katy McNicoll’, it refers to Katy McNicoll.
How do we collect your data?
When you interact with us directly: This could be via specific activities such as signing up for our newsletter, placing an order, making an enquiry or entering a competition. This includes when you phone us, visit our website, make a purchase or get in touch through the post or in person.
When you interact with us through partners or suppliers working on our behalf: This could be if you make a purchase though one of the distributors working on our behalf.
When you visit our website: We gather general information which might include which pages you visit most often and which services, events or information is of most interest to you. We may also track which pages you visit when you click on links in emails from us. We also use “cookies” to help our site run effectively. There are more details below – see ‘Cookies’.
We use this information to personalise the way our website is presented when you visit to make improvements and to ensure we provide the best service and experience for you. Wherever possible we use anonymous information which does not identify individual visitors to our website.
From other information that is available to the public: In order to tailor our communications with you to your background and interests we may collect information about you from publicly available sources or through third party service providers.
What data do we collect?
Your personal data (any information which identifies you, or which can be identified as relating to you personally for example, name, address, phone number, bank details, email address) will be collected and used by us. We’ll only collect the personal data that we need
We collect personal data in connection with specific activities such as signing up for a newsletter, placing an order, conducting research
If you contact us, we may keep a record of that correspondence
Details of your visits to our Website including, but not limited to, traffic data, location data, weblogs and other communication data and the resources and links that you access
Information that we receive provided to us from third parties
Any other information which you may provide to us when using our Website
How we look after your personal data
We take looking after your information very seriously. We’ve implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.
Unfortunately the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information sent to us this way, we cannot guarantee the security of data transmitted to our site.
Our websites may contain links to other sites. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices employed by other sites. Please be aware that advertisers or Web sites that have links on our site may collect personally identifiable information about you. This privacy statement does not cover the information practices of those websites or advertisers.
Any debit or credit card details which we receive on our website are passed securely to Pay Pal our payment processing partners. Any debit or credit card details which we receive in other transactions are passed securely to other payment processing partners. All such transactions are managed according to the Payment Card Industry Security Standards.
How we use your data
In some cases, we will only use your personal information where we have your consent or because we need to use it to fulfil a contract with you (for example, because you have placed an order on our website).
However, there are other lawful reasons that allow us to process your personal information and one of those is called ‘legitimate business interests’. This means that the reason that we are processing information is because there is a legitimate business interest for us to process your information to help to keep you informed.
Whenever we process your Personal Information under the ‘legitimate interest’ lawful basis we make sure that we take into account your rights and interests and will not process your personal information if we feel that there is an imbalance.
Some examples of where we have a legitimate interest to process your personal information are where we contact you directly about our new or changed products or services, use your personal information for data analytics, conducting research to better understand who likely target markets are, improving our services, for our legal purposes (for example, dealing with complaints and claims), or for complying with guidance or legal requirements.
How we interact with you
We will only contact you about our work by phone, email or post unless you have told us that you would prefer not to hear from us in that way. You can update your choices or stop us sending you these communications at any time by contacting email@example.com or clicking the unsubscribe link at the bottom of the relevant communication.
How we share your information
The personal information we collect about you will mainly be used by our staff so that they can provide you with the right service.
We will never sell or share your personal information with organisations so that they can contact you for any marketing activities. Nor do we sell any information about your web browsing activity.
As part of our services we use a number of third party organisations to help (e.g. payment providers). These organisations act as data processors and are strictly controlled in how they may/may not use your data. Such selected third parties include business partners, suppliers and sub-contractors necessary for the performance of any contract we enter into with them or you.
We enter into contracts with these service providers that require them to comply with Data Protection Act 1998 and (from 25 May 2018) the EU General Data Protection Regulation 2016/679 (“Data Protection Law”) and ensure that they have appropriate controls in place to secure your information
If we go through a business transition such as a merger, acquisition by another company, or sale of all or a portion of our assets, your data may be one of the transferred assets
We may disclose your information if required to do so by law (for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority); or in order to enforce our conditions of sale and other agreements
How long do we keep your information?
How long we keep your information collected through our website depends on the context in which you provided it. In particular:
We keep the information that’s necessary for us to provide you with a service or product you have requested or purchased through this website for as long as it takes us to provide that service
We keep other information as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations
You have various rights in respect of the personal information we hold about you – these are set out in more detail below. If you wish to exercise any of these rights or make a complaint, you can do so by contacting Katy McNicoll, by email at firstname.lastname@example.org. You can also make a complaint to the data protection supervisory authority, the Information Commissioner’s Office, https://ico.org.uk/
Access to your personal information: You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge. Please make all requests for access in writing, and provide us with evidence of your identity
Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. Please contact us as noted above, providing details of your objection
Consent: If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time
Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you
Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it
Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred
Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it
No automated-decision making: Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We do not currently carry out any automated decision-making
Please note, some of these rights only apply in certain circumstances.