Little Bit Different Privacy Notice
This privacy notice will change from time to time – particularly if we change the way we collect or use your personal information, so do check back here every now and then. It was last updated on 21st May 2018.
At Little Bit Different, we fully understand how important privacy is to every one of our visitors and customers. We collect, use, store and retain your personal data in line with data protection legislation. This privacy notice aims to provide as much information as possible to help you understand how we look after your data, what your legal rights are in relation to that information – and how you can contact us if you have any questions or queries about how we look after your personal information.
How is your Personal Information Used – The Basics
There are a number of ways that your personal information will be collected when you make contact with Little Bit Different – mostly though it is so that we can respond to queries you send, or to process orders you have made.
You can contact us through
• Little Bit Different website (contact page)
• Our Facebook Page/Facebook Messenger
• Letter *We do not take orders through Twitter or Instagram – if you contact us there, we will give you our email details, or direct you to Etsy. Your details will be deleted from the message section of Twitter/Instagram when we receive your message on those other platforms.
When we receive your message, the details you provide will be kept keep them to answer your query or process your order.
If you purchase from us, these systems are used for processing payments:
• You will be sent an invoice via PayPal or Quickbooks
• You may purchase through The Little Bit Different shop on Etsy and our website
If you purchase from us, your order will be posted to you via Royal Mail. We don’t have a contract with Royal Mail – we use their standard mail service. Large orders and all wholesale orders will be sent via UPS who will be given your name, address and email via their website for the purpose of delivery.
Little Bit Different and Marketing Materials
Little Bit Different havs a newsletter and occasionally sends out marketing materials (wholesale customers). We will only send that information to those who have specifically asked to receive it. Information sent to us via the website contact form – or any of the methods mentioned above – are currently used only to answer the specific query or process order as applicable.
How your Personal Information is Used – The more technical bits
In this section, we try to explain they type of information we will collect or process, why we do that and how it is done. We can only process your information if we have a “legal basis” for doing that. There are 6 of those listed in the General Data Protection Regulation (GDPR). In this notice, we explain which of these apply in each case.
Here we go:
If you visit our website, we may process data about your use of the site (this is technically called “usage” data”). This would include information like what pages you visit, how long you spend on the site, if you got to our website through a link somewhere else (such as link from our Etsy shop) – or how often you visit our website. Our website platform is WordPress. This type of information is gathered to help to continuously improve the website and services. We currently have woocommerce google analytics intergration analytic software or plug-ins attached to the website. This gathers non personally identifying information (usage data).
Legal Basis – Legitimate Interest: administration of our website and services. Some usage information is also collected by Facebook and Etsy – to allow us to see where visitors are based and how they found those pages. We do not have access to the personal information gathered by these though – only the statistics.
Contact and Enquiry Information
We may process information about you to answer your query or process an order. This may include your name, address, email address, postal address and telephone number – depending on what information you provide to us. We will receive this either directly from you for example in an email, FB message, Etsy conversation or through the contact form on our website. In all cases we receive only the information you choose to provide – and it will be used to correspond with you until your query is resolved. (If correspondence leads to a purchase we will require and process further information – please see the section please see the section “Ordering and Purchasing Information”.
Legal Basis – Consent OR the performance of a contract between you and us, and/or taking steps, at your request to enter into a contract OR legitimate interests, in particular, managing relationships with our customers.
Feedback and Other Information That You Send to Us
We may process information you send to us for publication on our website – for example, if you email feedback on an order you have received, we may share this on our website and/or social media platforms. We will always ask you if it is OK to use you personal information in this way.
Legal basis – Consent: if you have sent this information by private communication channels (such as email) then we will ask for your consent to publish this. (NOTE – if you have posted the information on any of our public sites (social media channels) we do not require consent as you have chosen to make this public – and it is therefore exempt from data protection provisions. However, we will endeavour to contact you to check if it may be shared on other social media channels)
Ordering and Purchasing Information
You can order from us in two ways – by contacting us directly through one of our social media channels or our email address – or by making a purchase through our Etsy shop or website. If you wish to order through our social media channels you will be asked to provide (through a private message) your email address. This is so that we can generate an invoice, which will be sent via Paypal to the email address you provide.
Paypal will ask you for further contact details – such as your address, and for payment information (credit card or account details). If you order through Etsy, you do this directly through that site – and will be asked for the same type of information.
Little Bit Different does not receive any of your payment account details. We only receive the information we need to complete your order – the most important being your address, so that we can send your purchases to you.
Legal Basis – This processing is necessary for the performance of a contract between you and us, and/or taking steps, at your request to enter into a contract and our legitimate interests, in particular, managing our business appropriately.
We may process any of the personal information mentioned in this policy – where necessary – for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out of court procedure. We may process personal information for the purposes of obtaining or maintaining insurance coverage, or obtaining professional advice in relation to business risk – however, this is unlikely.
Legal Basis – Legitimate Interest: The protection and assertion of our legal rights, your legal rights and the rights of others; the protection of our business against business risk.
We may also process personal information where we are required to do so to comply with any legal obligations to which we are subject – or where it is necessary to protect our vital interests or the vital interests of anyone else. (As specified in relevant legislation).
Is your data transferred outside of the UK or EU?
Little Bit Different is based in the UK, and only accesses your information on devices in the UK. The Little Bit Different website is hosted here in the UK. However, my email system (Gmail) and the social media platforms are not all based in the UK/EU. This means that the data you provide may be held outside of the UK/EU – but I have made checks to make sure those companies comply are safe to use, and that they also comply with all the relevant information. (This means they either have server in the UK/EU – or they are part of an agreement called the “Privacy Shield”. I’ve included links to the privacy information for each of them at the end of this document.
How long do we keep data
How long we keep you data will depend on why we have it. Mostly – it’s not long – we only keep your data as long as we need to answer your query or process your order. If you are a regular customer, we may keep your address or email information longer, so we don’t need to keep asking you every time – but we will ask if that is OK – and you can ask us to remove your details at any time.
We are required to keep our invoices and details of sales etc – which might include your name and address, and sometimes your email address. This is a requirement – should we need to submit information to HMRC. But like everything else we do – that information is kept safe and secure and accessed only by Little Bit Different staff.
Data Protection legislation is in place to help protect your personal information – and give you control over how it is used. It gives you rights associated with your data, the main ones are listed below. They won’t always apply in every circumstance – but we will explain it to you if you choose to exercise any of your rights.
• Right to access – you can request copies of any information we hold about you
• Right to rectification – If you believe we have any of you details wrong, you can ask us to correct them
• Right to Erasure – You can ask us to delete any information we hold about you. This will apply only when we do not have a legal basis to retain that information.
• Right to Restrict or Object to Processing – this is controlling exactly what data we hold – you can ask us to stop using certain data or stop carrying out certain processes with your data.
• The right to complain to a “Supervisory Authority” – an organisation that oversees Data Protection. This could be the Authority where you live, where you work – or the one for the UK, where we are based, which is the Information Commissioners Office.
As I have already mentioned – where we rely on consent to process your data, you can withdraw that consent at any time.
This website is owned and operated by Victoria Isaac, candlemaker, who can be contacted through firstname.lastname@example.org – or by using the contact form on our website form. (A postal address can be provided on request). Victoria is also our data protection officer.
LINKS TO EXTERNAL PRIVACY INFORMATION
Facebook – https://www.facebook.com/about/privacy/update and more on https://www.facebook.com/about/privacy/update
Instagram is owned by Facebook, so you can find information on those same links
Twitter – https://gdpr.twitter.com/en.html and https://gdpr.twitter.com/en/dpa.html
Etsy – https://www.etsy.com/uk/legal/privacy/
PayPal – https://www.paypal.com/en/webapps/mpp/ua/privacy-full