Zella Ash Boutique is committed to keeping customer information secure and protecting your privacy. This policy describes how we collect and use personal information about you. Under the UK Data Protection Act 1998 and EU General Data Protection Regulation (GDPR), the data controller of your personal information collected by us is Zella Ash Boutique LTD, company registration number 10697795 (Company House). Zella Ash Boutique is registered on the ICO Data Protection Register; Registration Number ZA483409.
THE DATA WE MAY COLLECT ABOUT YOU
We may collect and process the following types of personal information:
- Personal contact details such as name, title, address, email address and telephone number
- Details of purchases and transactions
- Information submitted as part of a competition
- Information submitted as part of a survey
- Records of correspondence with you by telephone, email, live chat, social media or otherwise
- Details of your visits to the website, and information about how your device has interacted with our website, including search and browsing history, the pages accessed and links clicked
- Information collected automatically from your device, including IP address, device type, operating system, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information.
HOW YOUR DATA IS COLLECTED
We collect data from you when you register an account with us, subscribe to marketing communications from us, submit enquiries to us and/or purchase from us. We also collect information that you provide voluntarily to our customer services team, whether in writing, by telephone, email or live chat.
We also collect some information automatically using cookies to improve the shopping experience. By using our website you agree that we can place these types of cookies on your device and access them when you visit the site in the future.
Please note that if you do not have cookies enabled, you will be unable to place an order on our website.
Cookies cannot harm your computer, and you cannot be individually identified by them. For more information about cookies and how to control them please visit ico.org.uk/for-the-public/online/cookies/.
WHY WE COLLECT YOUR DATA
We collect and use your data in accordance with EU GDPR legislation where we have a legitimate interest to satisfy the following:
- To fulfil any orders placed with us
- To process refunds
- To create an account for you
- To communicate with you
- To send you marketing communications such as newsletters and catalogues or provide you with information about our products, offers or services that you request from us, or which we believe may be of interest you. (Please note you can opt out of these at any time: please see ‘Your rights in connection with your data’).
- To store information about your preferences to allow us to customise our website and marketing communications according to your interests
- To notify you about changes to our service
- To communicate with you if you have entered a competition with us
- To obtain and analyse your feedback as part of customer surveys
- To handle any disputes which we may have with you
- To comply with our legal obligations
HOW WE SECURE YOUR DATA
We have put in place the necessary and appropriate safeguards and access controls to ensure the security, integrity and privacy of the information you provide us with. Our website uses a Secure Socket Layer (SSL) encryption which encrypts your information to protect it from unauthorised use. No payment details are stored on our website. PayPal (Braintree) and Amazon Payments Europe receive encrypted information needed to verify and authorise your payment and to process your order. We retain your information whilst we have an ongoing legitimate business need to do so, but not for more than 10 years since your last order.
WHO WE MAY SHARE YOUR DATA WITH
We may share some of your data with, or obtain personal information from, the following third parties:
We share your personal information with third parties who provide services to us. The following activities involving the processing of personal information are carried out by third party service providers: website hosting, website analytics, payment processing, delivery, digital marketing, direct marketing, & IT services.
Any third party which processes your data for purposes described in this policy must also have the appropriate technical and organisational measures in place and must comply with the UK Data Protection Act 1998 and EU General Data Protection Regulation. Your data may also be accessed by and processed outside the European Economic Area and by staff operating outside the EEA who work for us or for one of our suppliers. Where your data is transferred outside of the EEA, we require that appropriate safeguards are in place.
Police or other regulatory or government authority
You should be aware that, if we are requested by the police or any other regulatory or government authority investigating suspected illegal activities to provide your personal information and /or user information, we are entitled do so.
YOUR RIGHTS IN CONNECTION WITH YOUR DATA
Under GDPR, you have the right to:
- Request access to a copy of the personal information we hold about you
- Request correction of any incomplete or inaccurate information we hold about you
- Request erasure of information where there is no good reason for continued processing
- Request restriction to suspend our processing of your personal information based on consent or our legitimate interest
- Request exclusion from automated decision making including profiling
- Opt out of marketing communications which we send you
- Opt out of third-party marketing communications If you want to request access, correction or erasure of your personal information, restriction or suspension of processing of your personal information or exclusion from automation, please contact us at firstname.lastname@example.org with your full name, telephone number, email, address and postcode along with an outline of your request. We’ll get back to you with an initial response within seven working days and will deal with your request within one month, though this can be extended by a further two months if the request is complex. If you do not want to receive newsletters or catalogues or for us to provide you with information about our products, offers or services, you can unsubscribe by contacting email@example.com or by clicking the unsubscribe link on any of our promotional emails. Please note that it can take up to 10 working days to fully remove you from our email or catalogue list, so you may continue to receive emails/mailings whilst your request is being processed. firstname.lastname@example.org In addition, you may find it useful to register with The Mailing Preference Service to be removed from all direct mailing lists at www.mpsonline.org.uk. Any promotional printed material is printed in advance and so you may receive a mailing while your request is being processed.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.