Privacy / Cookie Notice
Summary of how we use your data
- Grace & Thorn uses your personal data to manage and administer your orders or account and and to keep in contact with you for these purposes.
- Some data is shared with external marketing services (mailchimp), who use your data to send weekly email marketing newsletters and reference location where applicable. We rely on your consent for this to be sent and you can withdraw this consent at any time.
What does this policy cover?
This policy describes how Grace & Thorn (also referred to as “we” or “us”) will make use of the data we handle in relation to our customers and clients.
It also describes your data protection rights, including a right to object to some of the processing which we carry out. More information about your rights, and how to exercise them, is set out in the “What rights do I have?” section.
What information do we collect?
We collect and process personal data from you when you process an order through our e-commerce site. This includes:
- your name
- your gender
- your billing address, email address and phone number
- The shipping address, name and phone number of intended recipient
- your payment details, as far as method of payment and last 4 digits of card supplied.
- your marketing preferences, including any consents you have given us
When you submit to subscribe to our newsletter through our ecommerce site, this will collect the following personal data:
- your name
- your email address
How do we use this information, and what is the legal basis for this use?
We process this personal data for the following purposes:
- To put through an order through our ecommerce site. This includes:
- taking payments
- communicating with you
- providing and arranging the delivery or other provision of products or services;
- Where you give us consent:
- we will send you direct marketing or promotional material by email
- on other occasions where we ask you for consent, we will use the data for the purpose which we explain at that time.
- For purposes which are required by law:
- we maintain accounting records in order to meet specific legal requirements; we may respond to requests by government or
- law enforcement authorities conducting an investigation.
What information do we receive from third parties?
Sometimes, we receive information about you from third parties.
For example, we will be notified by our payment platform regarding any fraud detected on your payment and have access to a fraud analysis report on each transaction, including the IP address of the payment.
Withdrawing consent or otherwise objecting to direct marketing
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out below in the “How do I get in touch with you?” section.
What rights do I have?
You have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.
To exercise any of these rights, you can get in touch with us using the details set out below. If you have unresolved concerns, you have the right to complain to the Information Commissioner’s Office.
We will inform you which information is mandatory when it is collected. If this is not provided, we may not be able to provide you with appropriate assistance, services or support.
How do I get in touch with Grace & Thorn?
We hope that we can satisfy queries you may have about the way we process your data. If you have any concerns about how we process your data, or would like to opt out of direct marketing, you can get in touch at email@example.com or by writing to 338 Hackney Road, London E2 7AX
How long will you retain my data?
We process the majority of your data for as long as you are an active customer.
Where we process personal data for marketing purposes or with your consent, we process the data unless you ask us to stop, when we will only process the data for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data indefinitely so that we can respect your request in future.
We will retain information held to maintain statutory records inline with appropriate statutory requirements or guidance.
A cookie is a piece of information in the form of a very small text file that is placed on an internet user’s computer hard drive. It is generated by a web page server, which is the computer that operates a website. The information the cookie contains is set by the server and can be used whenever the user visits the site. A cookie can be thought of as an internet user’s identification card, which tells a website when the user has returned.
Cookies used on our website
These are the kinds of cookies used by the Grace and Thorn website:
- Technical cookies
These are cookies essential for the correct functioning of our website and are necessary to enable you to navigate the website and use its features.
- Analytics Cookies
These cookies are used to retrieve information about our website’s usage. They allow us to perform anonymous statistical analysis, in order to improve the user’s experience, including information about pages visited and our website’s entry points.
Our website uses the following analytics cookies:
- Google Analytics
- Cookies for third party software
These cookies are necessary to implement specific functionalities provided by third parties, such as social network shares and maps.
- Profiling cookies
These are cookies used to create user profiles, in order to deliver content and services tailored to the user’s browsing preferences. Unless the user has declined the use of these cookies, our website uses:
- Google Adwords (with support from Google Analytics)
Google Adwords allows us to service the user with adverts tailored to their interests.
- Configuring your browser used to visit the website
- Changing third-party service cookie settings
For more information on how to disable cookies in your browser, please visit www.aboutcookies.org.