- Who we are
- How we collect information
- What we use your information for
- Sharing your information
- Your information
- How long we keep your data
- Security and storage of information
- Transfers outside Europe
- Other Sites
- Further Information
1. Who we are
2. How we collect information
We will collect information from you if you:
- Place an order for products or services on our website, this will include your name (including business name, if applicable), address, contact details (including telephone number and email address) and your payment details;
- Register to use our website; this will include your name, address, email address and telephone number. We may also ask you to provide additional information and preferences on a voluntary basis;
- Complete online forms, take part in surveys, write posts or comments on our forums or blogs, enter any competitions or prize draws, download information on events or any other publications we provide to you from time to time;
- Provide your contact details to us when registering to attend any events we provide;
- Contact us offline for example by telephone, fax, email or post.
3. What we use your information for
We will use your information to provide any information and services that you have requested or any products that you have ordered. We may also contact you for feedback on your use of our products, services or our website.
We may use your information for marketing purposes as described in paragraph 5 below.
We may also use and analyse the information that we collect so that we can administer, support, improve and develop our website and the products and services we offer.
4. Sharing your information
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice, where there is a legal requirement, or in performance of our contractual requirements.
We utilise the data processors/controllers noted below who act on our behalf to provide the following third-party services for us: Amazon AWS
Amazon AWS act as a processor for us, providing our web hosting, website security, backups and SSL certificate to ensure that our platform and your personal information is secure, protected and monitored. Our agreement with them stipulates that they hold the data in the EU and do not transfer any of your data outside the EEA.
Shop Rocket & Stripe
Shoprocket provide the ecommerce platform used in our online shop. Stripe act as processors for us, providing our third-party card payment gateway services. The personal information you provide to us when placing an order is carried over to their secure site for processing of the payment. They also act in the capacity of data controller because you will provide some additional personal information and your credit/debit card details directly to them.
- We can view the cardholder contact details through our business account with the provider, but never have access to any payment details or login information. All payment processing is carried out on the provider’s secure site and is fully PCI compliant.
- By completing the payment process after an order, you are agreeing to have your personal information processed by Shop Rocket and Stripe. All payment functions are carried out on their secure site, which is PCI compliant and subject to their own terms and conditions; after which, you are redirected back to us.
Mailchimp provide the newsletter we use to contact you from time to time. They store name and email address and you are able to unsubscribe from a newsletter list by clicking the unsubscribe link in any newsletter email sent to you by us.
Where you have consented, we will use your personal information to contact you via email, SMS, telephone or post (depending on your preferences) with relevant information about The Wonky Food Co, our website, our products, services, offers and events.
You will also have the right at any time to stop us from contacting you for marketing purposes by:
- clicking on the ‘unsubscribe’ link in any marketing emails; or news letters
- sending an email to firstname.lastname@example.org
Stopping marketing messages from us will not end communications such as updates in relation to your order of.
7. Your information
If we hold any information about you which is incorrect or if there are any changes to your details, please let us know so that we can keep our records accurate and up to date.
If you would like to update your records or see a copy of the information that we hold about you, you can contact us at The Wonky Food Co, Woodstock Lodge, Blenheim Park, Woodstock, Oxon, OX20 1PS, or by email at email@example.com
If you request a copy of your information you will need to pay a statutory fee which is currently £10.
This website is not intended for children and we do not knowingly collect data relating to children. If you become aware that your child has provided us with information without your consent, contact us at firstname.lastname@example.org. We will delete such information from our files within a reasonable time.
9. How long we keep your data
We only ever retain personal information for as long as is necessary and we have review and retention policies in place to meet these obligations. We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be deleted, if it is no longer required.
10. Security and storage of information
We will keep your information secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing, and against its accidental loss, destruction or damage.
The personal information that we collect from you is stored by our providers outlined in paragraph 4, on secure servers protected through a combination of physical and electronic access controls, firewall technology and other security measures. We have put in place measures to guard against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Unfortunately, the internet itself is not always secure therefore, although we will do our best to protect your personal data, we cannot guarantee the security of your data which is transmitted to our website or other products and services via an internet or similar connection, and any transmission will be at your own risk.
If we have given you (or you have chosen) a password to access certain areas of our website, please keep this password safe; we will not share this password with anyone.
11. Transfers outside Europe
Personal data in the European Union is protected by data protection laws but other countries do not necessarily protect your personal data in the same way.
Some of our services or parts of them may be hosted in the United States and this means that we may transfer any information which is submitted by you through the website, product or service outside the European Economic Area (which means all the EU countries plus Norway, Iceland and Liechtenstein) ("EEA") to the United States.
When you send an email to us, this may be stored on email servers which are hosted in the United States, if we do this, we will take steps to ensure that our hosting provider uses the necessary level of protection for your information but if you do not want your information to be transferred outside the EEA you should not use our website, product or service or contact us via email.
12. Other Sites
If you follow a link from our website, product or service to another site or service, this policy will no longer apply. We are not responsible for the information handling practices of third party sites or services and we encourage you to read the privacy policies appearing on those sites or services.
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
We recommend that you check this page regularly to keep up-to-date.
14. Further Information
If you would like further information about data protection, or if you would like to view the register of Data Controllers, you can visit the Information Commissioner’s site at www.ico.gov.uk.
Thank you for visiting our website.