Last updated: 20th May 2018
This privacy notice describes how your personal data is collected, used and shared when you visit or make a purchase from our website www.kookytwo.co.uk, including any information you may provide through our site when you purchase a product or service, sign up to our newsletter or take part in a prize draw or competition.
We, KookyTwo are responsible for your personal data (referred to as “we”, “us” and “our” in this privacy notice). www.kookytwo.co.uk will be referred to as our “website” in the Privacy Notice.
We are committed to protecting and respecting privacy. We ask you read this carefully, it is important to know this Privacy Notice also applies to you when you sign up to receive email communications from us. We have included what is required under a law that protects your personal data, and we have tried to keep this as clear and transparent as possible. If you have any questions, please get in touch sending us an email at firstname.lastname@example.org.
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at email@example.com.
2. THE PERSONAL DATA WE COLLECT ABOUT YOU
Personal data means any information capable of identifying an individual. It does not include anonymised data.
We may collect and process certain types of personal data about you as follows:
- Identity Data may include your first name, maiden name, last name, username, marital status, title, date of birth and gender.
- Contact Data may include your billing address, delivery address, email address and telephone numbers.
- Financial Data may include your bank account and payment card details.
- Transaction Data may include details about payments between us and other details of purchases made by you.
- Technical Data may include your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
- Profile Data may include your username and password, purchases or orders, your interests, preferences, feedback and survey responses.
- Usage Data may include information about how you use this site, products and services.
- Marketing and Communications Data may include your preferences in receiving marketing communications from me and my third parties and your communication preferences.
We may also process Aggregated Data from your personal data, however this data does not reveal your identity and as such in itself is not personal data. An example of this is where we review your Usage Data to work out the percentage of website users using a specific feature of our site. If we link the Aggregated Data with your personal data so that you can be identified from it, then it is treated as personal data.
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information”.
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.
When you make a purchase or attempt to make a purchase through our website, we collect certain information from you including your name, billing address shipping address, payment information (including credit card numbers, email address and phone number. We refer to this information as “Order Information”. If this information is not provided, we may not be able to provide you with our products or services. For example, if you do not provide payment information, we will not be able to send our products and we will have to cancel your order. If this happens, we will notify you at the time.
We collect data about you through a variety of different methods including:
Direct interactions: You may provide data by filling in forms on this site (or otherwise) or by communicating with us by post, phone, email or otherwise, including when you:
- order our products or services;
- create an account on this site;
- subscribe to our services or publications;
- request marketing be sent to you;
- enter a competition, prize draw, promotion or survey; or
- give us feedback.
4. HOW WE USE YOUR PERSONAL DATA
We make every effort to keep your personal data secure and will never willingly sell your personal data to another company.
We will only use your personal data when legally permitted. The most common uses of your personal data are:
- Performance of Contract: Where we are required to fulfil your order. We use the Order Information to fulfil any orders placed through our website (including processing payment information, arranging shipping and providing you with invoices and/or order confirmation). For example, when you buy a necklace we require your personal information to process the order, send to you and respond to any requests you might have.
- Consent: We will rely on your consent to process your personal data in relation to sending marketing communications to you via email. You have the right to withdraw your consent to marketing at any time by emailing us at firstname.lastname@example.org or by using the unsubscribe link provided on any of our marketing emails.
- Legitimate Interest: We may have a legitimate interests in using your information in other ways, for example to improve our products, for effective running of business and website, marketing activities/research, data analysis, business development.
- Where we need to comply with a legal or regulatory obligation
We will not keep your personal data for longer than is necessary for the purpose for which we collect it unless we believe that the law or other regulation requires us to preserve it (for example, because of a request by a tax authority or in connection with any anticipated litigation).
Reasons for processing your personal data:
Below is a list of the ways we intend to use your personal data:
- To communicate with you;
- Screen our orders for potential risk or fraud;
- When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services;
- For internal record keeping and administration management;
- For quality control;
- To help us understand your needs and provide you with a better service;
- To deliver email marketing content: With your permission, we may periodically send you promotional emails about our store, new products and other information which we think you may find interesting;
- To deliver personalised marketing communications (offers, discounts and recommendations) based on shopping history, website browsing and other information you provide to us;
- To deliver relevant email marketing content and advertisements to you (Track conversions and measure and understand effectiveness of our advertising, platforms you may see advertising from us are Facebook, Instagram, Google, Twitter, LinkedIn);
- To contact you for market research purposes. We may contact you by email, phone, fax or mail;
- To improve our products and services;
- For website performance and improvements: ensure content is presented effectively and enable you to participate in the features of the website, when you choose to do so;
- To administer and protect our business and website (Including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data); and
- For data analytics: to enhance and improve our website, products/services, marketing, customer relationships and experiences.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our website (for example generating analytics about how customers browse and interact with the website, and to asses the success of our marketing and advertising campaigns.
You will receive marketing communications from us, if you:
- Are an existing customer
- Have provided us with your details when you registered for email marketing
- Have provided us with your details through a phone, email or event pop-up interaction
- In each case above, you have not opted out of receiving that marketing.
When placing an order, if you do not wish to be contacted for marketing purpose leave the box “Keep me up to date on news and exclusive offers” unticked.
Where you opt out of receiving our marketing communications, this will not apply to personal data provided to us as a result of a product/service purchase, product/service experience or other transactions.
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by using the links below:
- Facebook: https://www.facebook.com/settings/?tab=ads
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
6. HOW DO WE GET CONSENT?
- When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting personal data and using it for that specific reason only.
- When submitting an order, and you have ticked the “Keep me up to date on news and exclusive offers” you have opted-in to receive marketing.
- When providing us with your details and registering an interest in our newsletter, you expressed an interest in receiving marketing, we will then email and ask you to confirm your consent, with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you have the right to withdraw your consent to marketing at any time by emailing us at email@example.com or by using the unsubscribe link provided on any of our marketing emails.
If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground of processing.
We may process your personal data without your knowledge or consent where this is required or permitted by law.
7. DISCLOSURE OF YOUR PERSONAL DATA
We share your Personal Information with third parties to help us use your Personal Information, as described above.
For example, we use Shopify to power our online store--you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
We also use Google Analytics to help us understand how our customers use the Site -- you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/.
You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
We may have to share your personal data with other organisations as set out below:
- Outsourced team members, including virtual assistants and website designers.
- Service providers who provide IT and system administration services.
- Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
- Third parties to whom I may sell, transfer or merge parts of my business or my assets.
- Applications and tools that we use to run our business: these change regularly and as such are not listed here. Please email us at firstname.lastname@example.org if you require details of these.
We make every effort to keep your personal data secure and will never willingly sell your personal data to a third party.
We require all third parties to whom we transfer data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
We may disclose your personal information if we are required by law for legal or regulatory reasons or if we have to enforce our Terms of Service or any other agreements to protect our rights, property or our customers, etc. This may involve exchanging information with other companies and organisations for the purpose of fraud protection and credit risk reduction.
We do not send personal data to any social media sites that you link your account to, eg. Facebook, nor do we share that information with such sites. We do not collect personal data from those sites.
8. DATA RETENTION
When you place an order through our website, we will maintain your Order Information for our records unless and until you ask us to delete this information.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
By law, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for a specified number of years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data: see below for further information.
In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
9. YOUR LEGAL RIGHTS
You can access and update certain parts of your personal data by logging into your account.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the rights to:
Request access to your personal data.
- Request correction or update of your personal data.
- Request deletion of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Withdraw consent.
You can see more about these rights on the ICO website. (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/)
If you wish to exercise any of the rights set out above, please email us at email@example.com
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Additionally, if you are a European resident we note that we are processing your information in order to fulfil contracts we might have with you (for example if you make an order through our website), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
Your data is stored through Shopify’s data storage, databases and the general Shopify application.
11. DATA SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instruction and they are subject to a duty of confidentiality.
All payment transactions are stored on PayPal or Stripe’s hosting services.
If you have a username, password or other login details which enable you to access certain parts of the Website, you must not allow any other person to use them and must treat them as confidential!
If you believe or suspect that someone else knows your login details you must contact us at firstname.lastname@example.org as soon as possible.
12. THIRD-PARTY LINKS
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect of share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
13. COOKIES POLICY
14. DO NOT TRACK
Please note that we do not alter our website’s data collection and use practices when we see a Do Not Track signal from your browser.
15. AGE OF CONSENT
This site is not intended for individuals under the age of 16.
+ If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
17. RIGHT TO COMPLAIN
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at email@example.com.
18. QUESTIONS AND CONTACT INFORMATION
For more information contact us as follows:
Contact Details: Privacy compliance officer
Full name of legal entity: KookyTwo
Email address: firstname.lastname@example.org
Postal Address: 53 The Crofts, Hatch Warren, Basingstoke, Hampshire, RG22 4RE