Privacy statement of whatliesbeneath.me dated 05/10/2019.
We aim to fairly, ethically and responsibly conduct our business.
Who we are
Whatliesbeneath.me is owned by Sheer Innovations Ltd, a UK-registered company. Our company registration number is 5827655. Our registered address is: 14 Granby Close, Corby, Northants NN18 0AG United Kingdom.
Data collection and purpose
We collect the personal data that you may volunteer while using our services. This can include:
• your name
• your email address (for order process updates and marketing communications if you have opted into the mailing list)
• your billing and/or delivery address (for the purpose of fulfilling an order that you have placed)
• your IP address (to help prevent fraud, make sure our systems are secure, and to protect against fake accounts)
• your order history with us (for future reference in case of queries, refunds, returns, exchanges and the like. We keep permanent records of orders that have been placed, but this can be deleted on request.)
• details concerned with your subscription to our email mailing list (such as the IP number you used at the time of subscribing. This is used to verify that requests are genuine and that we do not send emails to people who have not opted in and do not want to receive them.)
We do not collect information about our visitors from other sources, such as public records or bodies, or private organisations.
We do not keep credit card numbers (- we never see them).
We do not see your password – all passwords are kept encrypted.
We do not knowingly collect personal data from children.
You do not need to provide specific consent during the ordering process in order for us to fulfil your order.
Our lawful basis for using personal data
Whenever we use your personal data we must have a legal basis for doing so. For example, this could be where you have asked us to provide a service (such as delivering an order, informing you of special offers and new products) or where we have a legitimate interest to do so, as defined by the General Data Protection Regulation. A legitimate interest is where we use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing. For example, we may send an email to notify that you that an order has been despatched, or we may need to take action to protect your account, prevent fraud, maintain security, and comply with legal requirements (eg keeping accountancy records in line with the demands of HMRC).
We have implemented security policies, rules and technical measures to protect the personal data that we have under our control from:
• unauthorised access
• improper use or disclosure
• unauthorised modification
• unlawful destruction or accidental loss
All of our employees and data processors, who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of our visitors’ personal data.
We work with several trusted third parties but we only supply information as necessary for them to provide the services you request, or as are needed on your behalf. Third parties are subject to strict data processing terms and conditions and are forbidden from using, sharing or retaining personal data for any other purpose. We work with the following companies:
Woocommerce – our ecommerce platform provider and web hosting company
Webmail – our email mailing list host
Microsoft – our email provider for day-to-day company emails
PayPal – our primary payment processing company
We only work with companies that have strict policies and processes for data security, and do not grant permission to any third party to communicate with you unless this is specifically required in order for us to provide a service. For example, if you are a PayPal customer, you can contact PayPal to discuss activity on your PayPal account connected with an order placed with us, but PayPal do not have permission to send marketing emails to our customers.
Access to the personal data we may hold about you
You have a right to be informed about the collection and use of your personal data and we will provide you with information regarding our purposes for processing it, our retention periods, and who it will be shared with, unless this requires disproportionate effort. The information we provide will be concise, transparent, intelligible, easily accessible, and in clear and plain language. We do not charge a fee for this.
You have a right to access any personal data we hold about you. This is referred to as a subject access request. You can make such a request verbally or in writing. We do not charge a fee for providing this information and will respond within one month.
You have a right to have inaccurate personal data rectified or completed. This can be requested either verbally or in writing, and we will respond within one month.
You have a right to have any personal data we hold about you permanently erased. This is also known as “the right to be forgotten”. This can be requested either verbally or in writing, and we will respond within one month.
You have the right to request the restriction or suppression of your personal data. When processing is restricted, we are permitted to store personal data, but not use it. This can be requested either verbally or in writing, and we will respond within one month.
You have a right to obtain and reuse your personal data for your own use across different services. This enables you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. This can be requested either verbally or in writing, and we will respond within one month.
You have the right to object to the processing of your personal data in certain circumstances, and an absolute right to stop your data being used for direct marketing purposes. This can be requested either verbally or in writing, and we will respond within one month. We will only send marketing emails if you have opted in to receive them, and every marketing email we send will contain an unsubscribe link in case you have changed your mind.
In the unlikely event of a personal data breach, we will report the breach to the relevant supervisory authority within 72 hours of becoming aware of the breach. If required, we will also inform the individuals concerned without delay. We will keep a record of any personal data breaches, regardless of whether there is a legal requirement to notify.
Kerrin Walder, data controller
Address: 14 Granby Close, Corby, Northants NN18 0AG UK
Phone number : 44 33 3303 4631
Email address : firstname.lastname@example.org
Our promises to you:
• to respect your privacy at all times
- we will never send you unsolicited correspondence by post
• you can easily erase your account at any time or ask us to delete your details
• we will never sell your personal data
• we are committed to keeping your personal data safe and secure, and will only work with trusted partners who share these values
• we will not use your personal data in any unexpected ways
- your contact details will remain in our system until you no wish them to be
• we respect your rights and will always try to accommodate any request you have in line with the legal and operational responsibilities of running a business
- we will only send marketing information (for example, about new products and special offers) if you have opted in to our mailing list
- to make privacy and security a fundamental part of our business