1.0 TORIA’S TRINKETS CORE BELIEFS REGARDING USER PRIVACY AND DATA PROTECTION
User privacy and data protection are human rights.
We have a duty of care to the people with whom we hold data.
Data should only be collected and processed when absolutely necessary.
We at Toria’s Trinkets loathe spam as much as you do!
We will never sell, rent or otherwise distribute or make public your personal information.
2.0 RELEVANT LEGISLATION
We comply with the following national and international legislation with regards to data protection and user privacy:
UK Data Protection Act 1988 (DPA)
EU Data Protection Directive 1995 (DPD)
EU General Data Protection Regulation 2018 (GDPR)
3.0 PERSONAL INFORMATION WE COLLECT AND WHY WE COLLECT IT
3.1 Order Processing
When you place an order via my shop on the Toria’s Trinkets page on toriastrinkets.org we receive only the required information in order to process your order (your name, address and email). We do not receive any card or bank details.
4.0 HOW I USE THE INFORMATION
The information you provide is used to fulfill your order on a ‘contract’ basis and is only used for the purpose of communicating with you regarding your purchase and for delivery of your items. Your personal information will not be added to my mailing list and you will not be contacted for marketing or advertising purposes unless you request me to do so.
5.0 SHARING WITH THIRD PARTIES
We will NEVER sell or rent your personal data. To process your order and to fulfill your contract with us, your information is shared with third parties for the purpose of delivery (Royal Mail and courier services).
It may be shared for compliance with legal, regulatory and law enforcement requests as appropriate and necessary. We will endeavour to notify you of any such requests. We are not responsible for how these third parties process your data, please visit their websites to read their privacy policies.
6.0 HOW I SECURE, STORE AND RETAIN DATA
We use The toriastrinkets.org website to trade and complete your purchase. Your data is secured, stored and retained by Square or Paypal, who have their own GDPR policies, to complete your purchase. We do not hold hard copies of your data and any data collected is held only as long as is necessary to carry out your order and to maintain adequate and accurate business and financial records (7 years).
7.0 HOW YOU CAN ACCESS, UPDATE OR DELETE INFORMATION HELD ABOUT YOU
You have the right to access, update or ask us to delete your personal information. Please email our Data Controller found in section 9.0 below. We are obliged by law to provide this service within 30 calendar days of your request free of charge. However, we have the right to refuse or charge for requests that are manifestly unfounded or excessive and repetitive.
8.0 DATA BREACHES
We will report any unlawful data breach to any and all relevant persons and authorities within 72 hours of the breach, if it is apparent that personal data stored in an identifiable manner has been stolen. If you feel your data has been compromised you have a right to contact the Information Commissioners Office (ICO).
9.0 DATA CONTROLLER
Our data controller is: Victoria Munt
Whose registered and operating office is:
3 Winchester Court