We are committed to protecting and respecting your privacy.
This Policy sets out the terms under which the personal data that you supply or which may be collected while you use the Website may be used. Personal data means any personal information which may be used to identify you, such as your name, telephone number, home address or email address.
This Policy as amended from time to time describes the type of personal data collected and ways in which your personal data may be used. By using the Website, you accept the terms of this Policy and you consent to the use of your personal data in accordance with this Policy. All your personal data shall be used in accordance with the Data Protection Act 1998 (“Act”).
If you do not agree to any of the above terms or this Policy, please refrain from using our Website. By visiting our Website you are accepting and consenting to the practices described in this Policy.
For the purpose of the Act, the data controller is Stone Hearts Club Ltd.
Information we may collect from you
We may collect and process the following personal data about you:
You may give us information about you by filling in forms on our Website or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our Website, subscribe to our service, search for a product, place an order on our Website, participate in discussion boards or other social media functions on our Website, enter a competition, promotion or survey, when you report a problem with our Website. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information, personal description, date of birth.
Upon visiting the Website we may automatically collect the following information:
- technical information, including the internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number;
We may receive information about you if you use any of the other websites we operate or the other services we provide. In this case we will use reasonable endeavours to inform you when we collect that data that it may be shared internally and combined with data collected on this Website. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
You may refuse to provide certain personal data; however the failure to provide requested personal data may result in your inability to use certain parts of the Website.
How we use this information
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
- to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
- to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your data (i.e. the order form OR registration form);
- to notify you about changes to our Website or services;
- to ensure that content from our site is presented in the most effective manner for you and for your computer.
- to administer our Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our Website to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you to participate in interactive features of our Website, when you choose to do so;
- as part of our efforts to keep our Website safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- to make suggestions and recommendations to you and other users of our Website about goods or services that may interest you or them.
We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Disclosure of your information
We may share your personal data with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may share your information with selected third parties including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with you.
- Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others.
- Analytics and search engine providers that assist us in the improvement and optimisation of our Website.
We may disclose your personal data to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If we or substantially all of our assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Website Use or Terms and Conditions of Supply [http://www.stoneheartsclub.com/terms-and-conditions] and other agreements; or to protect the rights, property, or safety of us, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We may use your personal data as set out above. Apart from this, your personal data will not be disclosed to other third parties or used in any other way (other than as described in this Policy), unless we obtain your prior consent to use it in this way or we are required to do so by law.
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.
How we protect your personal data
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at email@example.com.
Third party services and websites
Our Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Access to information
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.
Changes to our Policy
Any changes we may make to this Policy in the future will be posted on our Website and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to this Policy.
Questions, comments and requests regarding this Policy are welcomed and should be addressed to firstname.lastname@example.org.