GDPR policy – how your personal data is used and stored
Personal information that this website collects and why we collect it. This website collects and uses personal information for the following reasons:
Contact forms and email links
Should you choose to contact us using the contact form on our contact us page or an email link, none of the data that you supply will be stored by this website or passed to / be processed by any third party data processor.
Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices.
We retain emails on our local computers containing the information you provide us with on our contact forms or email links indefinately unless the removal of the data is resquested. Emails may also be kept on our mail servers online and accessed using web mail. Google mail using Google Apps is an example of this.
We do this in order to reply to your enquiry. We may also send you emails using this information for the purposes of ,marketing or keeping you informed of matters relating to you.
If you do not want us to keep any of your details on file locally or on our mail servers you can contact us and request this data to be removed. We will need to know which email address to remove data for. We will remove your data within 48 hours.
We do not exchange, sell, rent or give away your email address or any other details we hold about you to other companies.
Shopping on this website
When you make a purchase and create an account on this website we ask you for personal details such as your name, address, telephone number and email address.
We do this so we can ship your order to you and also to keep you informed of any issues relating to your order. We may also send you emails using this information for the purposes of marketing or keeping you informed of matters relating to you.
This data is kept and stored online on this website indefinately unless it’s removal is requested .
If you wish to remove your details from this website please contact us with your name and email address used to create your account and we will remove all your personal data within 48 hours.
Your card information is never stored on our website. We use either PayPal or Stripe to process payments and when you enter your card information it is entered on their website and is processed by them and not us.
Third party data processors
We use the following third parties to process personal data on our behalf. Any third parties we use have been carefully chosen . These third parties are based in the USA and are EU-U.S Privacy Shield compliant.
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
The data controller of this website is Gwen Evans who should be contacted using our contact form here should you wish any / all of your data to be removed.
All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS
Contact us to ask us anything else about our data protection systems.